github-code-scanning-snyk-example/.github/workflows/main.yml at 47ed28bb45940a388ca559f0df0479d447282b74 · SecureCodeWarrior/github-code-scanning-snyk-example · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
name: Snyk Container Scan
on:
  workflow_dispatch:
jobs:
  snyk:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2

    - name: Build a Docker image
      run: docker build -t example .

    - name: Run Snyk to check Docker image for vulnerabilities
      continue-on-error: true
      uses: snyk/actions/docker@master
      env:
        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      with:
        image: example
        args: --file=Dockerfile

    - name: Add Secure Code Warrior contextual training to SARIF
      uses: SecureCodeWarrior/github-action-add-sarif-contextual-training@v1
      with:
        inputSarifFile: snyk.sarif
        outputSarifFile: snyk.processed.sarif
        githubToken: ${{ secrets.GITHUB_TOKEN }}

    - name: Upload result to GitHub Code Scanning
      uses: github/codeql-action/upload-sarif@v1
      with:
        sarif_file: snyk.processed.sarif