Bump github/codeql-action in the github-actions group (#1783) #1396

	name: snyk
	on:
	push:
	branches: [master, v2.dev, v3.dev]
	permissions: read-all

	env:
	DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
	JAVA_VERSION: 21

	jobs:
	snyk:
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	container:
	# Incompatible with Harden Runner
	image: snyk/snyk:gradle-jdk21
	env:
	SNYK_INTEGRATION_VERSION: gradle-jdk21
	SNYK_INTEGRATION_NAME: GITHUB_ACTIONS
	FORCE_COLOR: 2
	if: github.event.repository.fork == false
	steps:
	- name: Checkout repository
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
	- name: Setup Gradle
	uses: ./.github/actions/run-gradle
	with:
	java: ${{ env.JAVA_VERSION }}
	cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
	- name: Run Snyk test
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	continue-on-error: true
	run: snyk test --sarif-file-output=snyk.sarif --all-sub-projects -- --no-configuration-cache
	- name: Check file existence
	id: check_files
	uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
	with:
	files: snyk.sarif
	- name: Upload result to GitHub Code Scanning
	uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
	if: steps.check_files.outputs.files_exists == 'true'
	with:
	sarif_file: snyk.sarif
	- name: Run Snyk monitor
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	continue-on-error: true
	run: snyk monitor --all-sub-projects -- --no-configuration-cache

Provide feedback