Support vulnerability analysis in the action

action.yml

@@ -23,6 +23,10 @@ inputs:
     description: "Whether use hyperfine to benchmark the execution of the retriever, otherwise just the one time execution time is reported"
     required: false
     default: "false"
+  analyze_vulnerabilities:
+    description: "Whether use analyze vulnerabilities using snyk"
+    required: false
+    default: "false"
 
 runs:
   using: "composite"
@@ -216,6 +220,14 @@ runs:
       run: |
         wget https://github.com/sharkdp/hyperfine/releases/download/v1.16.1/hyperfine_1.16.1_amd64.deb
         sudo dpkg -i hyperfine_1.16.1_amd64.deb
+
+    - name: Install snyk
+      if: inputs.analyzeVulnerabilities == 'true'
+      shell: bash
+      run: |
+        wget https://static.snyk.io/cli/latest/snyk-linux -o snyk
+        chmod +x ./snyk
+        mv ./snyk /usr/local/bin/
 
     - name: Prepare Retriever Command
       shell: bash
@@ -225,6 +237,9 @@ runs:
         if [[ "${{ inputs.rules_path }}" != '' ]]; then
           RETRIEVER_COMMAND="${RETRIEVER_COMMAND} -x \"${{ github.workspace }}/${{ inputs.rules_path }}\""
         fi
+        if [[ "${{ inputs.analyzeVulnerabilities }}" == 'true' ]]; then
+          RETRIEVER_COMMAND="${RETRIEVER_COMMAND} -a /usr/local/bin/snyk"
+        fi
         echo "retriever_command=$RETRIEVER_COMMAND" >> $GITHUB_ENV
 
     - name: Execute Retriever
@@ -233,6 +248,7 @@ runs:
       env:
         NO_AT_BRIDGE: 1 # avoid eclipse error "AT-SPI: Error retrieving accessibility bus address"
         TIMING_INFO_FILE: ${{ env.tmp_dir }}/retriever_out/timing.md
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       run: |
         echo "TIMING_INFO_FILE=$TIMING_INFO_FILE" >> $GITHUB_ENV
         mkdir "${{ env.tmp_dir }}/eclipse_tmp"