name: Snyk on: schedule: # Weekly - cron: "0 0 * * 0" pull_request: branches: - "dependabot/github_actions/github/codeql-action**" jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install Bun uses: oven-sh/setup-bun@v1 - name: Install Dependencies run: bun install - name: Run Snyk to check for vulnerabilities uses: snyk/actions/node@master continue-on-error: true # To make sure that SARIF upload gets called env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: command: test args: --sarif-file-output=snyk.sarif - name: Upload result to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v2 with: sarif_file: snyk.sarif - name: Monitor for vulnerabilities uses: snyk/actions/node@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: command: monitor