Update main.yml #87
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Snyk Scan" | |
| on: | |
| push: | |
| branches: | |
| - 'demo*' # Include any branch starting with demo | |
| jobs: | |
| Pipeline-Job: | |
| # Configure Environment | |
| name: 'Snyk Scan' | |
| runs-on: ubuntu-latest | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| steps: | |
| # Checkout Code | |
| - name: Checkout Code | |
| uses: actions/checkout@v1 | |
| # Install and Authenticate to Snyk | |
| - name: Install Snyk & Authenticate | |
| run: | | |
| sudo npm install -g snyk | |
| snyk auth ${SNYK_TOKEN} | |
| # Run Snyk Code and Generate SARIF - with all issues | |
| - name: Run Snyk Code and Generate SARIF | |
| run: | | |
| # Run with all issues captured for SARIF output | |
| snyk code test --json --sarif-file-output=snyk.sarif || echo "Issues found, but continuing" | |
| continue-on-error: true | |
| # Run Snyk Code with critical threshold for pipeline status | |
| - name: Run Snyk Code with Critical Threshold | |
| run: | | |
| # Run with critical severity threshold for pass/fail status | |
| snyk code test --severity-threshold=critical | |
| # Upload SARIF to GitHub Code Scanning | |
| - name: Upload SARIF to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: snyk.sarif |