forked from argoproj/argo-workflows
-
Notifications
You must be signed in to change notification settings - Fork 1
45 lines (40 loc) · 1.13 KB
/
snyk.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
name: Snyk
on:
schedule:
- cron: "30 2 * * *"
push:
branches:
- master
- release-*
permissions:
contents: read
jobs:
# we do not scan images here, they're scanned here: https://app.snyk.io/org/argoproj/projects
golang:
if: github.repository == 'argoproj/argo-workflows'
runs-on: ubuntu-latest
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
steps:
- uses: actions/checkout@v3
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/golang@master
with:
args: --severity-threshold=high
node:
if: github.repository == 'argoproj/argo-workflows'
runs-on: ubuntu-latest
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "20" # change in all GH Workflows
cache: yarn
cache-dependency-path: ui/yarn.lock
- run: yarn --cwd ui install
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@master
with:
args: --file=ui/package.json --severity-threshold=high