forked from webpwnized/mutillidae
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
2.11.5c: add scan-with-codeql action
- Loading branch information
webpwnized
committed
Oct 20, 2023
1 parent
ec9ac6f
commit 095327f
Showing
2 changed files
with
34 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,33 +1,47 @@ | ||
# Name of the GitHub Actions workflow | ||
name: Scan PHP code with Snyk Code | ||
|
||
# Define when the workflow should be triggered | ||
on: | ||
push: | ||
branches: | ||
- main | ||
- development | ||
pull_request: | ||
# Trigger when code is pushed or pull requests are opened/updated on 'main' and 'development' branches | ||
|
||
# Define the job(s) to be executed within the workflow | ||
jobs: | ||
security: | ||
runs-on: ubuntu-latest | ||
name: run-snyk | ||
name: Run Snyk | ||
env: | ||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | ||
# Define an environment variable 'SNYK_TOKEN' to securely store your Snyk token | ||
|
||
steps: | ||
- name: Checkout Code | ||
uses: actions/checkout@v4 | ||
# Action to check out the code from the repository | ||
# This step fetches the codebase from your GitHub repository | ||
|
||
- name: Install Snyk & Authenticate | ||
run: | | ||
# Install Snyk globally and authenticate using the provided token | ||
sudo npm install -g snyk | ||
snyk auth ${SNYK_TOKEN} | ||
# The 'SNYK_TOKEN' is securely stored as a GitHub secret | ||
- name: Run Snyk Code | ||
run: | | ||
# Run Snyk Code to scan PHP code | ||
snyk code test -d --org="5647cfeb-45c0-4c43-89a1-3459fe25c145" --sarif > snyk-results.sarif | ||
# Use the provided organization ID and generate SARIF report | ||
continue-on-error: true | ||
# Continue to the next step even if Snyk encounters errors | ||
|
||
- name: Upload results from Snyk to GitHub Code Scanning | ||
uses: github/codeql-action/upload-sarif@v2 | ||
with: | ||
sarif_file: snyk-results.sarif | ||
|
||
|
||
# Action to upload the results of the Snyk scan in SARIF format |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters