From 562e3fbf683e92808094c646b428f9760f3fa776 Mon Sep 17 00:00:00 2001 From: Sebastian Roth Date: Mon, 29 Nov 2021 15:34:10 +0000 Subject: [PATCH 1/2] Add security scan --- .github/workflows/test.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index dd193f7..80f1604 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -75,4 +75,14 @@ jobs: target: ${{ matrix.target }} arch: x86_64 profile: Nexus 6 - script: cd example && flutter drive --driver=test_driver/integration_test.dart integration_test/flutter_uploader_test.dart \ No newline at end of file + script: cd example && flutter drive --driver=test_driver/integration_test.dart integration_test/flutter_uploader_test.dart + + + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/gradle-jdk11@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} \ No newline at end of file From 5e6221e6097245c9123ff3da34c673656e99d948 Mon Sep 17 00:00:00 2001 From: Sebastian Roth Date: Mon, 29 Nov 2021 15:44:18 +0000 Subject: [PATCH 2/2] code scan --- .github/workflows/test.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 80f1604..e4907b1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -84,5 +84,12 @@ jobs: - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities uses: snyk/actions/gradle-jdk11@master + continue-on-error: true # To make sure that SARIF upload gets called env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} \ No newline at end of file + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --sarif-file-output=snyk.sarif + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: snyk.sarif