Snyk Security Scan #69
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Snyk Security Scan | |
| on: | |
| push: | |
| branches: [ main, master ] | |
| pull_request: | |
| branches: [ main, master ] | |
| schedule: | |
| # Run daily at 2 AM UTC | |
| - cron: '0 2 * * *' | |
| workflow_dispatch: | |
| jobs: | |
| snyk-scan: | |
| runs-on: ubuntu-latest | |
| environment: snyk | |
| permissions: | |
| contents: read | |
| security-events: write | |
| actions: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Verify Snyk token exists | |
| run: | | |
| if [ -z "${{ secrets.SNYK_TOKEN }}" ]; then | |
| echo "❌ ERROR: SNYK_TOKEN secret is not set" | |
| exit 1 | |
| else | |
| echo "✅ SNYK_TOKEN secret is configured" | |
| fi | |
| - name: Install dependencies | |
| if: hashFiles('package.json') != '' | |
| run: npm install | |
| - name: Run Snyk to check for vulnerabilities | |
| uses: snyk/actions/node@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| args: --all-projects --severity-threshold=medium | |
| - name: Run Snyk Monitor (track project) | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master') | |
| uses: snyk/actions/node@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| command: monitor | |
| args: --all-projects |