-
-
Notifications
You must be signed in to change notification settings - Fork 1
31 lines (30 loc) · 956 Bytes
/
scan.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
name: Security scanning
on:
push:
branches:
- main
schedule:
- cron: '0 0 * * *' # daily
jobs:
security:
if: github.repository == 'manhtukhang/vault-plugin-secrets-nexus-repository'
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Snyk to check for code vulnerabilities
uses: snyk/actions/golang@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
continue-on-error: true # To make sure that SARIF upload gets called
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif