From e4946f9ed19ac84c22556d3a66e630efb107c3cb Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Thu, 21 Dec 2023 12:33:05 +0100 Subject: [PATCH] ghactions: Add snyk code scanning --- .github/workflows/snyk.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/snyk.yml diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml new file mode 100644 index 00000000..777899ac --- /dev/null +++ b/.github/workflows/snyk.yml @@ -0,0 +1,18 @@ +name: Code Scanning with Snyk +on: push +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/golang@master + continue-on-error: true # To make sure that SARIF upload gets called + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --sarif-file-output=snyk.sarif + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: snyk.sarif