Skip to content

Snyk Scan and Report #3069

Snyk Scan and Report

Snyk Scan and Report #3069

Workflow file for this run

name: Snyk Scan and Report
on:
pull_request:
branches: [ main ]
schedule:
- cron: '0 4 * * *'
permissions:
id-token: write
jobs:
snyk_run:
name: Snyk Run (for PR)
runs-on: ubuntu-22.04
if: github.event_name == 'pull_request'
steps:
- name: Check out repository
uses: actions/checkout@v3
- name: Install Snyk and Run Snyk test
run: |
npm install -g snyk
snyk test --all-projects --json > snyk_output.txt || true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
snyk_nightly_run:
name: Snyk Nightly Run (for nightly cron with JIRA)
runs-on: ubuntu-22.04
if: github.event_name == 'schedule'
steps:
- name: Check out repository
uses: actions/checkout@v3
- name: Install Snyk and Run Snyk test
run: |
npm install -g snyk
snyk test --all-projects --json > snyk_output.txt || true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: use the custom github action to parse Snyk output
uses: Enterprise-CMCS/mac-fc-security-scan-report@v2.7.4
with:
jira-token: ${{ secrets.JIRA_TOKEN}}
jira-host: ${{ secrets.JIRA_HOST }}
jira-project-key: 'EREGCSC'
jira-issue-type: 'Bug'
jira-labels: 'eRegs,snyk'
jira-title-prefix: '[EREGCSC] - Snyk :'
is_jira_enterprise: 'true'
jira-custom-field-key-value: '{ "customfield_10100": "EREGCSC-1989" }'
assign-jira-ticket-to: 'G6W5'
scan-output-path: 'snyk_output.txt'
scan-type: 'snyk'
- name: Alert Slack On Failure
if: failure()
run: |
curl -X POST -H 'Content-type: application/json' --data '{"text": "Failure completing scheduled Snyk Scan.","blocks":[{"type": "section","text":{"type": "mrkdwn","text": "The nightly scheduled Snyk Scan for Job: https://github.com/Enterprise-CMCS/cmcs-eregulations/actions/runs/${{ github.run_id }} has failed to complete successfully "}}]}' ${{ secrets.DEV_BOTS_SLACK_WEBHOOK }}