[CONFIG] [Github Actions] Snyk Code analysis added.

Gonzalo Diaz · Gonzalo Diaz · commit d5c57ec0b7f5 · 2024-06-18T17:19:54.000-04:00
diff --git a/.github/workflows/snyk-code.yml b/.github/workflows/snyk-code.yml
@@ -0,0 +1,28 @@
+---
+
+name: Snyk Code analysis
+
+on: # yamllint disable-line rule:truthy
+  push:
+    branches: ["main", "develop", "feature/*"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/gradle-jdk17@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif
+      # yamllint disable rule:comments-indentation
+      # - name: Upload result to GitHub Code Scanning
+      #   uses: github/codeql-action/upload-sarif@v2
+      #   with:
+      #     sarif_file: snyk.sarif
+      # yamllint enable rule:comments-indentation
