Skip to content
This repository has been archived by the owner on Sep 24, 2024. It is now read-only.

Security Scanning

Security Scanning #67

Workflow file for this run

name: Security Scanning
on:
workflow_dispatch:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '0 0 * * *'
permissions:
actions: read
contents: read
security-events: write
jobs:
security:
name: Security Scanning
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@master
- name: Setup Node version 20
uses: actions/setup-node@master
with:
node-version: 20
- name: Prepare Snyk
uses: snyk/actions/setup@master
- name: Prepare Dependencies
run: |
npm i @microsoft/eslint-formatter-sarif
mkdir cli-results
- name: Run ESLint
run: npx eslint . --format @microsoft/eslint-formatter-sarif > cli-results/eslint.sarif || true
continue-on-error: true
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=cli-results/snyk.sarif
- name: Upload Results to GitHub
uses: github/codeql-action/upload-sarif@main
with:
sarif_file: cli-results
wait-for-processing: true
- name: Prepare CodeQL
uses: github/codeql-action/init@main
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@main
with:
category: "/language:javascript"