Update main.yml #89
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Snyk Scan" | |
| on: | |
| push: | |
| branches: | |
| - 'demo*' # Include any branch starting with demo | |
| jobs: | |
| Pipeline-Job: | |
| # Configure Environment | |
| name: 'Snyk Scan' | |
| runs-on: ubuntu-latest | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| steps: | |
| # Checkout Code | |
| - name: Checkout Code | |
| uses: actions/checkout@v1 | |
| # Install and Authenticate to Snyk | |
| - name: Install Snyk & Authenticate | |
| run: | | |
| sudo npm install -g snyk | |
| snyk auth ${SNYK_TOKEN} | |
| # Run Snyk Code and Generate SARIF - always generate the file | |
| - name: Run Snyk Code and Generate SARIF | |
| id: snyk-sarif | |
| run: | | |
| # Run with all issues captured for SARIF output | |
| snyk code test --sarif-file-output=snyk.sarif | |
| continue-on-error: true | |
| # Upload SARIF to GitHub Code Scanning - always runs | |
| - name: Upload SARIF to GitHub Code Scanning | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: snyk.sarif | |
| # Run Snyk Code with critical threshold for pipeline status - last step | |
| - name: Check for Critical Vulnerabilities | |
| run: | | |
| # Run with critical severity threshold for pass/fail status | |
| snyk code test --severity-threshold=critical |