change snyk scan

davisanc · Jun 10, 2024 · 4bd425d · 4bd425d
1 parent 3b1d505
commit 4bd425d
Showing 1 changed file with 8 additions and 55 deletions.
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -1,38 +1,17 @@
-name: Snyk Scan and SARIF Upload
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-    branches:
-      - main
-
+name: Snyk Infrastructure as Code
+on: push
 jobs:
-  snyk_scan:
-    name: Snyk Scan
+  snyk:
     runs-on: ubuntu-latest
-
     steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v2
-
-      - name: Install Node.js and Snyk CLI
-        uses: actions/setup-node@v2
-        with:
-          node-version: '14'
-
-      - name: Install Snyk CLI
-        run: npm install -g snyk
+      - uses: actions/checkout@v2
 
-      - name: Authenticate Snyk
-        run: snyk auth ${{ secrets.SNYK_TOKEN }} 
-
-# KICK IT
+        # Snyk can be used to break the build when it detects security issues.
+        # In this case we want to upload the issues to GitHub Code Scanning
+        continue-on-error: true
       - name: Run Snyk to check configuration files for security issues
         continue-on-error: true
         run: |
-#           snyk iac test --sarif-file-output=snyk.sarif --json-file-output=snyk.json
           snyk iac test --sarif-file-output=snyk.sarif
           echo "Snyk command completed"
           echo "Listing current directory contents:"
@@ -41,33 +20,7 @@ jobs:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
 
-      - name: Verify Snyk Results SARIF
-        run: |
-          echo "Checking if snyk.sarif file exists:"
-          ls -l snyk.sarif
-          cat snyk.sarif # Display contents of the JSON file for debugging
-
-
-  upload_sarif:
-    name: Upload SARIF
-    needs: snyk_scan
-    runs-on: ubuntu-latest
-
-    steps:
-
-      - name: List files in workspace
-        run: ls -alh
-
-      - name: Check if SARIF file exists
-        run: |
-          if [ -f "snyk.sarif" ]; then
-            echo "SARIF file found."
-          else
-            echo "SARIF file not found."
-            exit 1
-          fi  
-      - name: Upload SARIF File
-        if: success() || failure()  # Ensure SARIF upload runs regardless of the previous step's success/failure
+      - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: snyk.sarif