Create snyk-iac-pr-check.yml

snyk-playground · Mar 22, 2024 · e624085 · e624085
1 parent 2edbd14
commit e624085
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/.github/workflows/snyk-iac-pr-check.yml b/.github/workflows/snyk-iac-pr-check.yml
@@ -0,0 +1,28 @@
+# The Infrastructure as Code Action also supports integrating with GitHub Code Scanning and can show issues in the
+# GitHub Security tab. When run, a snyk.sarif file will be generated which can be uploaded to GitHub Code Scanning.
+name: Snyk Infrastructure as Code
+on: push
+jobs:
+  snyk:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Snyk to check configuration files for security issues
+        # Snyk can be used to break the build when it detects security issues.
+        # In this case we want to upload the issues to GitHub Code Scanning
+        continue-on-error: true
+        uses: snyk/actions/iac@master
+        env:
+          # In order to use the Snyk Action you will need to have a Snyk API token.
+          # More details in https://github.com/snyk/actions#getting-your-snyk-token
+          # or you can signup for free at https://snyk.io/login
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          # Add the path to the configuration file that you would like to test.
+          # For example `deployment.yaml` for a Kubernetes deployment manifest
+          # or `main.tf` for a Terraform configuration file
+          file: .
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: snyk.sarif