Skip to content

Test dependencies with Snyk #599

Test dependencies with Snyk

Test dependencies with Snyk #599

Workflow file for this run

name: Test dependencies with Snyk
on:
# Run this check every day at 03:00 to find potential new vulnerabilities in the develop branch
schedule:
- cron: "0 3 * * *"
jobs:
snyk-test:
runs-on: self-hosted
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
ref: develop
- name: Build HORNET Docker image
run: docker build . --file Dockerfile --tag hornet:latest
- name: Run Snyk to check for Golang vulnerabilities
uses: snyk/actions/golang@0.4.0
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --org=gohornet --sarif-file-output=snyk-golang.sarif
- name: Run Snyk to check for Docker image vulnerabilities
uses: snyk/actions/docker@0.4.0
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: hornet:latest
# Exclude Go app vulns because those are picked up by the previous scan
# For Docker scans, the SARIF is created by default
args: --org=gohornet --file=Dockerfile --exclude-app-vulns
- name: Upload Golang results to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk-golang.sarif
category: snyk-golang
- name: Upload Docker results to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: snyk.sarif
category: snyk-docker