Merge pull request #23 from puppetlabs/snyk_scan

(DIO-3134) Scan repo with Snyk
2026-01-26 11:08:40 -05:00 · 2022-05-04 14:38:30 -05:00 · 2022-05-04 14:38:30 -05:00 · 5d04a41003
commit 5d04a41003
parent e012919f08 596e0d83f9
1 changed files with 23 additions and 0 deletions
--- a/.github/workflows/snyk_scan.yaml
+++ b/.github/workflows/snyk_scan.yaml
@ -0,0 +1,23 @@
+name: Snyk Scan
+on:
+ workflow_dispatch:
+ push:
+    branches:
+      - master
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: setup ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.7
+      - name: create lock
+        run: bundle lock
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/ruby@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_DIO_KEY }}
+        with:
+          command: monitor