Snyk - kocya-dev/note GitHub Wiki

note

• Supported languages, package managers, and frameworks

GitHub Actions

    steps:
      - uses: actions/checkout@v4
      - name: snyk actions
        continue-on-error: true
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --sarif-file-output=snyk.sarif --dev
      - name: Upload result to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: snyk.sarif
      - name: snyk actions code
        continue-on-error: true
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          command: code test
          args: --sarif-file-output=snyk-code.sarif
      - name: Upload result to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: snyk-code.sarif

上記でsarifファイルをuploadするとCodeQLの表示箇所にtest=snyk open source, code test=snyk code として表示される

Settings

PRのstatus check追加