Skip to content
This repository has been archived by the owner on Dec 12, 2024. It is now read-only.

Commit

Permalink
Add Snyk for Vulns and License checks (#80)
Browse files Browse the repository at this point in the history 
* add snyk

* introduce lodash vuln as a test

* fix ci failure

* emulate license issue

* update snyk

* update snyk

* update snyk

* using snyk token license check

* fix license dependency
  • Loading branch information
@leordev
leordev authored Nov 13, 2023
1 parent 0cb99d5 commit 6b2df5b
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions .github/workflows/integrity-check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,26 @@ jobs:
with:
node-version: 20

- name: Install dependencies
run: pnpm install

- name: Install Snyk
uses: snyk/actions/setup@3e2680e8df93a24b52d119b1305fb7cedc60ceae # latest master (no released tag)

- name: Snyk VULN and License Check Test
run: snyk test --all-projects --sarif-file-output=snyk.sarif
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

- name: Report known vulnerabilities
run: pnpm audit

- name: Upload SARIF result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
if: always()
with:
sarif_file: snyk.sarif

test-with-node:
runs-on: macos-latest
steps:
Expand Down

0 comments on commit 6b2df5b

Please sign in to comment.