Skip to content

fsadsad

fsadsad #114

Workflow file for this run

name: Bot scan
on:
pull_request_target:
types: [opened, reopened, synchronize, edited]
issues:
types: [opened, edited, milestoned]
permissions:
issues: write
pull-requests: write
jobs:
Snyk_scanning:
name: Snyk Bot scan
continue-on-error: true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Snyk Bot scan
run: |
rm -rf node_modules
rm -f package-lock.json
npm install
echo "Downloading and authenticating Snyk CLI..."
curl -Lo ./snyk "https://github.com/snyk/snyk/releases/download/v1.1100.0/snyk-linux"
chmod +x snyk
./snyk auth ${{ secrets.SNYK_TOKEN }}
echo "Running Snyk test and monitor..."
./snyk test --all-projects --color --json || true
./snyk monitor --all-projects || true
TruffleHog_scanning:
name: TruffleHog Bot scan
continue-on-error: true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0 # fetch all history so multiple commits can be scanned
- name: Log Branch Info
run: |
echo "Scanning from base branch: ${{ github.event.pull_request.base.ref }}"
echo "Scanning to HEAD: ${{ github.ref }}"
- name: TruffleHog Bot scan
uses: trufflesecurity/TruffleHog-Enterprise-Github-Action@main
with:
args: --fail-verified ${{ github.event.pull_request.base.ref }} HEAD --json
BotCheck:
name: Bot scan
continue-on-error: true
permissions: write-all
runs-on: ubuntu-latest
needs: [Snyk_scanning, TruffleHog_scanning]
steps:
- uses: itsarraj/pr-scan-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}