From ef46c3c6d951b7f0ace5de261a8fd9bd43b9a645 Mon Sep 17 00:00:00 2001
From: MDLeom <43627182+curbengh@users.noreply.github.com>
Date: Fri, 13 May 2022 01:00:45 +0000
Subject: [PATCH] ci(synk): run test & upload to codeql

---
 .github/workflows/snyk.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index 7f03a9a..9cf545c 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -16,6 +16,18 @@ jobs:
           node-version: '14.x'
       - name: Install Dependencies
         run: npm install
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/node@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args: --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: snyk.sarif
       - name: Run Snyk to check for vulnerabilities
         uses: snyk/actions/node@master
         env: