Skip to content

Update Github-Actions-Core to mitigate semver CVE #119

Update Github-Actions-Core to mitigate semver CVE

Update Github-Actions-Core to mitigate semver CVE #119

Workflow file for this run

---
name: "Security Scan: Snyk Code"
on:
push:
jobs:
snyk:
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
strategy:
# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast
fail-fast: false
steps:
- name: Checkout Repository
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
fetch-depth: 1
# see https://github.com/snyk/actions/tree/master/node
- name: Lint Code with Snyk
uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # 0.4.0
env:
# see https://github.com/snyk/actions#getting-your-snyk-token
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
# see https://github.com/snyk/actions/tree/master/node#uploading-snyk-scan-results-to-github-code-scanning
args: --policy-path=.snyk --sarif-file-output=snyk.sarif --org=${{ secrets.SNYK_ORG }}
# see https://github.com/github/codeql-action/tree/main/upload-sarif
- name: Upload Snyk IaC results to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@e4262713b504983e61c7728f5452be240d9385a7 # codeql-bundle-v2.14.3
with:
sarif_file: snyk.sarif