File tree Expand file tree Collapse file tree 1 file changed +40
-0
lines changed
Expand file tree Collapse file tree 1 file changed +40
-0
lines changed Original file line number Diff line number Diff line change 1+ name : Snyk Security Scan
2+
3+ on :
4+ pull_request :
5+ branches : [main]
6+ types : [opened, synchronize, reopened]
7+ merge_group : # run if triggered as part of a merge queue
8+ push :
9+ branches : [main]
10+ release :
11+ types : [published]
12+
13+ jobs :
14+ snyk :
15+ name : Snyk Security Scan
16+ runs-on : ubuntu-latest
17+ permissions :
18+ # Required to fetch internal or private CodeCommits
19+ contents : read
20+ steps :
21+ - name : Checkout code
22+ uses : actions/checkout@v5
23+
24+ - name : Run Snyk to check for vulnerabilities
25+ uses :
snyk/actions/[email protected] 26+ env :
27+ SNYK_TOKEN : ${{ secrets.SNYK_API_TOKEN }}
28+ with :
29+ # Fail the build on high severity vulnerabilities
30+ args : --severity-threshold=high --project-tags=open-source
31+
32+ - name : Run Snyk Monitor
33+ # Only monitor on main branch pushes and releases, not on PRs
34+ if : github.event_name != 'pull_request' && github.event_name != 'merge_group'
35+ uses :
snyk/actions/[email protected] 36+ env :
37+ SNYK_TOKEN : ${{ secrets.SNYK_API_TOKEN }}
38+ with :
39+ command : monitor
40+ args : --project-tags=open-source
You can’t perform that action at this time.
0 commit comments