Merge pull request #458 from sir-gon/feature/ga-snyk

sir-gon · web-flow · commit b75b9dd1279e · 2024-07-09T19:53:29.000-04:00
Feature/ga snyk
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -141,7 +141,17 @@ jobs:
         with:
           image: ${{ env.IMAGE_NAME }}:${{ github.sha }}
           args: --file=Dockerfile
-
+      # yamllint disable rule:line-length
+      # https://github.com/github/codeql-action/issues/2187#issuecomment-2043220400
+      - name: Replace security-severity undefined for license-related findings
+        run: |
+          sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
+          sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
+      # yamllint enable rule:line-length
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'snyk.sarif'
   scan:
     name: "Trivy"
     runs-on: ubuntu-latest
diff --git a/.github/workflows/snyk-code.yml b/.github/workflows/snyk-code.yml
@@ -24,10 +24,8 @@ jobs:
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          args: --sarif-file-output=snyk.sarif
-      # yamllint disable rule:comments-indentation
-      # - name: Upload result to GitHub Code Scanning
-      #   uses: github/codeql-action/upload-sarif@v2
-      #   with:
-      #     sarif_file: snyk.sarif
-      # yamllint enable rule:comments-indentation
+          args: --sarif-file-output=snyk-code.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'snyk-code.sarif'
