--- # Copyright The Linux Foundation and each contributor to CommunityBridge. # SPDX-License-Identifier: MI name: Snyk Scan Edge NPM Dependencies on: # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions pull_request: branches: - main jobs: snyk-scan-edge-npm-pr: runs-on: ubuntu-latest environment: dev steps: - uses: actions/checkout@v3 - uses: snyk/actions/setup@master id: snyk - name: Setup Node uses: actions/setup-node@v3 with: node-version: '16' - name: Yarn Version run: yarn --version - name: Yarn Install working-directory: src run: yarn install - name: Snyk version run: echo "${{ steps.snyk.outputs.version }}" - name: Scan for NPM Vulnerabilities working-directory: src run: | snyk test --org=${{ secrets.SNYK_ORG }} --file=package.json env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true - name: Monitor for NPM Vulnerabilities working-directory: src run: snyk monitor --org=${{ secrets.SNYK_ORG }} --file=package.json env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true