Skip to content

Snyk check

Snyk check #40

Workflow file for this run

name: Snyk check
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Run Snyk test
uses: snyk/actions/dotnet@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: test --sarif
args: --sarif-file-output=snyk_test.sarif
- name: Run Snyk code test
uses: snyk/actions/dotnet@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: code test --sarif
args: --sarif-file-output=snyk_code_test.sarif
- name: Run Snyk monitor
uses: snyk/actions/dotnet@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
- name: Create SARIF directory and move SARIF files
run: |
mkdir sarif_files &&
mv snyk_test.sarif snyk_code_test.sarif sarif_files/
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: sarif_files