Add Snyk scanning

2023-12-29 19:58:04 +00:00
parent 4bfbaf7b33
commit 8aca9ce11e
2 changed files with 23 additions and 0 deletions
--- a/.github/workflows/ci-python.yml
+++ b/.github/workflows/ci-python.yml
@@ -37,3 +37,14 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      - name: Snyk Vulnerability Scan
+        uses: snyk/actions/python-3.10@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif