Skip to content

Add vuln package

Add vuln package #18

name: "snyk test with SARIF upload"
on:
pull_request:
branches: [ snyk-actions ]
push:
branches: [ snyk-actions ]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: snyk/actions/setup@master
- name: Snyk Test
run: snyk test --sarif-file-output=snyk-sarif1.json
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk-sarif1.json