Skip to content

edit sonarqube.yml file + edit README #13

edit sonarqube.yml file + edit README

edit sonarqube.yml file + edit README #13

# Name of the GitHub Actions workflow
name: Scan PHP code with Snyk Code
# Define when the workflow should be triggered
on:
push:
branches:
- main
- development
pull_request:
# Trigger when code is pushed or pull requests are opened/updated on 'main' and 'development' branches
# Define the job(s) to be executed within the workflow
jobs:
security:
runs-on: ubuntu-latest
# Define permissions for specific actions
permissions:
actions: read
contents: read
security-events: write
name: Run Snyk
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# Define an environment variable 'SNYK_TOKEN' to securely store your Snyk token
steps:
- name: Checkout Code
uses: actions/checkout@v4
# Action to check out the code from the repository
# This step fetches the codebase from your GitHub repository
- name: Install Snyk & Authenticate
run: |
# Install Snyk globally and authenticate using the provided token
sudo npm install -g snyk
snyk auth ${SNYK_TOKEN}
# The 'SNYK_TOKEN' is securely stored as a GitHub secret
- name: Run Snyk Code
run: |
# Run Snyk Code to scan PHP code
snyk code test -d --org="5647cfeb-45c0-4c43-89a1-3459fe25c145" --sarif > snyk-results.sarif
# Use the provided organization ID and generate SARIF report
continue-on-error: true
# Continue to the next step even if Snyk encounters errors
- name: Upload results from Snyk to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@main
with:
sarif_file: snyk-results.sarif
# Action to upload the results of the Snyk scan in SARIF format
category: "Scan-PHP-code-with-Snyk"
# Specify a category to distinguish between multiple analyses
# for the same tool and ref. If you don't use `category` in your workflow,
# GitHub will generate a default category name for you