This repository has been archived by the owner on Sep 24, 2024. It is now read-only.

Security Scanning #63

	name: Security Scanning

	on:
	workflow_dispatch:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]
	schedule:
	- cron: '0 0 * * *'

	permissions:
	actions: read
	contents: read
	security-events: write

	jobs:
	security:
	name: Security Scanning
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@master
	- name: Setup Node version 20
	uses: actions/setup-node@master
	with:
	node-version: 20
	- name: Prepare Snyk
	uses: snyk/actions/setup@master
	- name: Prepare Dependencies
	run: \|
	npm i @microsoft/eslint-formatter-sarif
	mkdir cli-results
	- name: Run ESLint
	run: npx eslint . --format @microsoft/eslint-formatter-sarif > cli-results/eslint.sarif \|\| true
	continue-on-error: true
	- name: Run Snyk to check for vulnerabilities
	uses: snyk/actions/node@master
	continue-on-error: true
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	with:
	args: --sarif-file-output=cli-results/snyk.sarif
	- name: Upload Results to GitHub
	uses: github/codeql-action/upload-sarif@main
	with:
	sarif_file: cli-results
	wait-for-processing: true
	- name: Prepare CodeQL
	uses: github/codeql-action/init@main
	with:
	languages: javascript
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@main
	with:
	category: "/language:javascript"

Provide feedback