diff --git a/.github/workflows/snyk-security-scan.yml b/.github/workflows/snyk-security-scan.yml index d63a37bad1..4430c68bd2 100644 --- a/.github/workflows/snyk-security-scan.yml +++ b/.github/workflows/snyk-security-scan.yml @@ -44,7 +44,7 @@ jobs: # Snyk can be used to break the build when it detects security issues. # In this case we want to upload the SAST issues to GitHub Code Scanning uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb - + continue-on-error: true # To make sure that SARIF upload gets called # For Snyk Open Source you must first set up the development environment for your application's dependencies # For example for Node #- uses: actions/setup-node@v3 @@ -55,23 +55,24 @@ jobs: # Use || true to not fail the pipeline - name: Snyk Code test run: snyk code test --sarif -d > snyk-code.sarif # || true - + continue-on-error: true # To make sure that SARIF upload gets called # Runs Snyk Open Source (SCA) analysis and uploads result to Snyk. - name: Snyk Open Source monitor run: snyk monitor --all-projects - + continue-on-error: true # To make sure that SARIF upload gets called # Runs Snyk Infrastructure as Code (IaC) analysis and uploads result to Snyk. # Use || true to not fail the pipeline. - name: Snyk IaC test and report run: snyk iac test --report # || true - + continue-on-error: true # To make sure that SARIF upload gets called # Build the docker image for testing - name: Build a Docker image run: docker build -t your/image-to-test . + continue-on-error: true # To make sure that SARIF upload gets called # Runs Snyk Container (Container and SCA) analysis and uploads result to Snyk. - name: Snyk Container monitor run: snyk container monitor your/image-to-test --file=Dockerfile - + continue-on-error: true # To make sure that SARIF upload gets called # Push the Snyk Code results into GitHub Code Scanning tab - name: Upload result to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v2