Skip to content

Commit 1bd5297

Browse files
chkp-ronizchkp-roniz
authored
add iac
1 parent deb4b05 commit 1bd5297

File tree

1 file changed

+27
-0
lines changed

1 file changed

+27
-0
lines changed

.github/workflows/scan.yml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,33 @@ jobs:
3030
- uses: jfrog/setup-jfrog-cli@v4
3131
- run: |
3232
jf audit --sca --iac --secrets --sast
33+
34+
snyk-iac:
35+
runs-on: ubuntu-latest
36+
permissions:
37+
security-events: write
38+
steps:
39+
- uses: actions/checkout@v4
40+
with:
41+
fetch-depth: 0
42+
43+
- name: Run Snyk to check for code vulnerabilities
44+
id: snyk_code
45+
uses: snyk/actions/node@master
46+
with:
47+
command: code iac test
48+
args: --sarif-file-output=snyk/iac.sarif
49+
50+
- if: always()
51+
run: |
52+
cat snyk/iac.sarif
53+
54+
- name: Upload sarif files
55+
uses: github/codeql-action/upload-sarif@v3
56+
if: always()
57+
with:
58+
sarif_file: 'snyk/'
59+
3360
snyk-code:
3461
runs-on: ubuntu-latest
3562
permissions:

0 commit comments

Comments
 (0)