Skip to content

Snyk

Snyk #399

Workflow file for this run

name: Snyk
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '31 10 * * 0'
permissions:
contents: read
jobs:
snyk:
name: Snyk
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.snyk.io:443
github.com:443
proxy.golang.org:443
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/golang@8349f9043a8b7f0f3ee8885bf28f0b388d2446e8
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif