From 8aca9ce11ee80541d11b90ec809461433f351103 Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Fri, 29 Dec 2023 19:58:04 +0000
Subject: [PATCH] Add Snyk scanning

---
 .github/workflows/ci-docker.yml | 12 ++++++++++++
 .github/workflows/ci-python.yml | 11 +++++++++++
 2 files changed, 23 insertions(+)

diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml
index 7c130a5..bbc8669 100644
--- a/.github/workflows/ci-docker.yml
+++ b/.github/workflows/ci-docker.yml
@@ -24,3 +24,15 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      - name: Snyk Vulnerability Scan
+        uses: snyk/actions/python-3.10@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif
+
diff --git a/.github/workflows/ci-python.yml b/.github/workflows/ci-python.yml
index 456f891..d89e8f9 100644
--- a/.github/workflows/ci-python.yml
+++ b/.github/workflows/ci-python.yml
@@ -37,3 +37,14 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      - name: Snyk Vulnerability Scan
+        uses: snyk/actions/python-3.10@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif