Merge pull request #47 from alexss200010/alexss200010-patch-9 #117
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Prebuilt repo + Snyk Security Scanning (OS, Code, Docker, IaC) | |
# Runs 4 Snyk Products (Code, Open Source, Container, IaC) | |
# Snyk installation via npm | |
# Node.js version: 18.4 | |
# Outputs the results to the pipeline and in SARIF-format to the security tab | |
# Prerequisites: | |
# - Set a SNYK_TOKEN and a SNYK_ORG in the pipelines secrets | |
on: [push, pull_request] | |
#permissions: | |
#id-token: write # This is required for requesting the JWT | |
#contents: write # This is required for actions/checkout | |
#security-events: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
# needs: [other job] | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js for installing Snyk | |
uses: actions/setup-node@v2 | |
with: | |
node-version: 18.4 | |
# Install & prepare Snyk | |
- run: npm install --location=global snyk | |
# Login to Snyk Cloud | |
- run: snyk auth ${{ secrets.SNYK_TOKEN }} | |
- name: Snyk SCA testing | |
run: snyk test --all-projects --severity-threshold=high | |
continue-on-error: true | |
- name: Snyk SCA results monitor | |
run: snyk monitor --org=${{ secrets.SNYK_ORG }} --all-projects --severity-threshold=high | |
continue-on-error: true | |
#- name: Snyk SAST Scanning | |
#run: snyk code test --org=${{ secrets.SNYK_ORG }} --severity-threshold=high --sarif-file-output=snyk-code.sarif | |
#continue-on-error: true | |
#- name: Upload results to GitHub Code Scanning | |
#uses: github/codeql-action/upload-sarif@v2 | |
#with: | |
#sarif_file: snyk-code.sarif | |
#args: --severity-threshold=high | |
#- name: Build the Docker Image | |
# run: docker build . --file=Dockerfile --tag alexss200010/nodejs-goof:latest | |
#- name: Snyk Container Scanning | |
# run: snyk container monitor --org=${{ secrets.SNYK_ORG }} --severity-threshold=high --file=Dockerfile alexss200010/nodejs-goof:latest | |
# continue-on-error: true | |
#- name: Snyk Infrastructure-as-Code Scanning | |
# run: snyk iac test --org=${{ secrets.SNYK_ORG }} --severity-threshold=high --report | |
# continue-on-error: true |