Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: Snyk test/monitor for web3-react + exclude workspace unmet deps #835

Merged
merged 10 commits into from
Jul 6, 2023
3 changes: 2 additions & 1 deletion .github/workflows/CI.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@ jobs:
node-version: ${{ matrix.node_version }}
cache: 'yarn'

- run: yarn
# ensure the lockfile is in sync with the specified dependencies
- run: yarn install --frozen-lockfile

- run: yarn build

Expand Down
35 changes: 35 additions & 0 deletions .github/workflows/snyk_sca_scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Snyk Code Security

on:
pull_request:
branches:
- '**'
push:
branches:
- main
paths-ignore:
- '**/*.md'

jobs:
open-source:
zzmp marked this conversation as resolved.
Show resolved Hide resolved
name: '🔒 Open Source Scan'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run Snyk test to check for known vulnerabilities in software supply chain
uses: snyk/actions/node@0e928f3e9ae859e2b95ac2b89af55d7b6434244d
env:
SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }}
with:
command: test
# include devDependencies to deps list for Snyk dep-graph
args: --dev --severity-threshold=medium

- name: Run Snyk monitor to upload the latest snapshot
uses: snyk/actions/node@0e928f3e9ae859e2b95ac2b89af55d7b6434244d
env:
SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }}
with:
command: monitor
# include devDependencies to deps list for Snyk dep-graph
args: --dev --severity-threshold=medium
8 changes: 8 additions & 0 deletions .snyk
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.0
ignore: {}
patch: {}
exclude:
global:
- packages/**
- examples/**
3 changes: 1 addition & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,8 @@
"@typescript-eslint/parser": "^5.19.0",
"@uniswap/eslint-config": "^1.1.1",
"eslint": "^8.13.0",
"eth-provider": "^0.9.4",
"jest": "^27.5.1",
"lerna": "^4.0.0",
"lerna": "^5",
"react": "^18.0.0",
"react-test-renderer": "^18.0.0",
"ts-jest": "^27.1.4",
Expand Down
Loading