Commit 06dae62 1 parent 1603af3 commit 06dae62 Copy full SHA for 06dae62
File tree 1 file changed +36
-0
lines changed
1 file changed +36
-0
lines changed Original file line number Diff line number Diff line change 1+ name : ' Snyk Security'
2+
3+ on :
4+ push :
5+ branches : ["release"]
6+ schedule :
7+ - cron : ' 0 0 * * *' # run daily at midnight GMT
8+
9+ permissions :
10+ contents : read
11+
12+ jobs :
13+ snyk :
14+ if : github.repository == 'aws-amplify/amplify-js'
15+ permissions :
16+ contents : read # for actions/checkout to fetch code
17+ security-events : write # for github/codeql-action/upload-sarif to upload SARIF results
18+ actions : read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
19+ runs-on : ubuntu-latest
20+ steps :
21+ - uses : actions/checkout@v3
22+ - name : Set up Snyk CLI to check for security issues
23+ uses : snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb
24+ - name : Build
25+ run : yarn install || true
26+ # Using `|| true` to not fail the pipeline
27+ - name : Snyk test
28+ env :
29+ SNYK_TOKEN : ${{secrets.SNYK_TOKEN}}
30+ run : snyk test --sarif | tee snyk-code.sarif # || true
31+
32+ # Push the Snyk Code results into GitHub Code Scanning tab
33+ - name : Upload result to GitHub Code Scanning
34+ uses : github/codeql-action/upload-sarif@v2
35+ with :
36+ sarif_file : snyk-code.sarif
You can’t perform that action at this time.
0 commit comments