[CONFIG] [Gihub Actions] Snyk Open Source analysis: enable sarif output

Gonzalo Diaz · Gonzalo Diaz · commit ba5c458cf919 · 2024-07-09T23:01:57.000-04:00
diff --git a/.github/workflows/snyk-code.yml b/.github/workflows/snyk-code.yml
@@ -10,7 +10,12 @@ on: # yamllint disable-line rule:truthy
 
 jobs:
   security:
+    name: Snyk Open Source (Node.js)
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     steps:
       - uses: actions/checkout@master
       - name: Run Snyk to check for vulnerabilities
@@ -19,10 +24,8 @@ jobs:
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          args: --sarif-file-output=snyk.sarif
-      # yamllint disable rule:comments-indentation
-      # - name: Upload result to GitHub Code Scanning
-      #   uses: github/codeql-action/upload-sarif@v2
-      #   with:
-      #     sarif_file: snyk.sarif
-      # yamllint enable rule:comments-indentation
+          args: --sarif-file-output=snyk-code.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'snyk-code.sarif'
