Skip to content

Security Snyk dependency check #35

Security Snyk dependency check

Security Snyk dependency check #35

name: Security Snyk dependency check
on:
workflow_dispatch:
schedule:
- cron: "35 7 * * MON-FRI"
jobs:
security-snyk-check:
permissions:
contents: read
actions: read
security-events: write
name: Project security Snyk dependency check
uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_snyk_scan.yml@v2
with:
channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
subproject: ''
severity: 'HIGH,CRITICAL'
scan_type: 'fs' # or 'image'
location: '.'
slack_include_summary: true
snyk_policy_path: ''
secrets:
HMPPS_SNYK_CLIENT_SECRET: ${{ secrets.HMPPS_SNYK_CLIENT_SECRET }}
HMPPS_SNYK_CLIENT_ID: ${{ secrets.HMPPS_SNYK_CLIENT_ID }}
HMPPS_SRE_SLACK_BOT_TOKEN: ${{ secrets.HMPPS_SRE_SLACK_BOT_TOKEN }}