Update main.yml #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Snyk Open Source Scans | |
| concurrency: | |
| group: snyk-opensource-actions-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| merge_group: | |
| types: [checks_requested] | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| jobs: | |
| snyk-opensource-pipeline: | |
| runs-on: ubuntu-latest | |
| name: Snyk Open Source Diff Scan | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_GH_ACTIONS_TOKEN }} | |
| SNYK_ORG: ${{ vars.SNYK_ORG }} | |
| steps: | |
| # Step 1: Checkout base ref branch | |
| - name: Checkout Base Branch | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.base_ref }} | |
| # Step 2: Setup Python (optional) | |
| # Uncomment the following lines if required for specific configurations | |
| # - name: Setup Python Environment | |
| # uses: actions/setup-python@v5 | |
| # with: | |
| # python-version: '3.10' | |
| # - run: pip install -r requirements.txt # Uncomment if using requirements.txt | |
| # Step 3: Download and Setup Node.js | |
| - name: Setup Node.js Environment | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| # Step 4: Install Snyk CLI | |
| - name: Install Snyk CLI | |
| run: npm install --location=global snyk@latest | |
| # Step 5: Install Snyk Delta | |
| - name: Install snyk_delta | |
| run: npm install --location=global snyk-delta@latest | |
| # Step 6: Install snyk_delta_all_projects.sh | |
| - name: Install snyk_delta_all_projects.sh | |
| run: | | |
| wget -O snyk_delta_all_projects.sh https://raw.githubusercontent.com/snyk-tech-services/snyk-delta/refs/heads/develop/snyk_delta_all_projects.sh | |
| mv ./snyk_delta_all_projects.sh /usr/local/bin/ | |
| # Step 7: Install jq | |
| - name: Install jq | |
| run: npm install --location=global node-jq | |
| # Step 8: Authenticate Snyk | |
| - name: Authenticate with Snyk | |
| run: snyk auth ${{ secrets.SNYK_GH_ACTIONS_TOKEN }} | |
| - name: Snyk Monitor Scan | |
| run: snyk monitor --org=${{ vars.SNYK_ORG }} --remote-repo-url=${{ github.repository }} | |
| # Step 9: Run Snyk Open Source Scan and Diff | |
| - name: Run Snyk Delta Scan | |
| run: /bin/bash snyk_delta_all_projects.sh --org=${{ vars.SNYK_ORG }} --remote-repo-url=${{ github.repository }} --severity-threshold=medium | |
| - name: Run Snyk Monitor Scan | |
| run: snyk monitor --all-projects --org=${{ vars.SNYK_ORG }} --remote-repo-url=${{ github.repository }} | |
| # Uncomment the following lines to enable Snyk Monitor with custom options | |
| #- name: Run snyk monitor | |
| # uses: snyk/actions/node@master | |
| # with: | |
| # command: monitor | |
| # args: --all-projects --detection-depth=2 --org=${{ SNYK_ORG }} --severity=high |