Exclude test projects from snyk scan (#118)

* Exclude test projects from snyk scan * Ignore changes to snyk in cicd.yml * Introduce snyk code scan
Accenture · Apr 23, 2024 · 0740ce8 · 0740ce8
1 parent 30b576d
commit 0740ce8
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 4 deletions.
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -12,6 +12,7 @@ on:
     - '!.github/workflows/fossa-scan.yml'
     - '!.github/workflows/qodana.yml'
     - '!.github/workflows/semgrep.yml'
+    - '!.github/workflows/snyk.yml'
     types: [opened, synchronize, reopened]
   push:
     branches:
@@ -26,6 +27,7 @@ on:
     - '!.github/workflows/fossa-scan.yml'
     - '!.github/workflows/qodana.yml'
     - '!.github/workflows/semgrep.yml'
+    - '!.github/workflows/snyk.yml'
   workflow_dispatch:
     inputs:
       buildAutoFakeItEasy:

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -36,22 +36,30 @@ jobs:
           fetch-depth: 0 
       - name: 🏗️ restore dependencies
         run: dotnet restore ./src/Objectivity.AutoFixture.XUnit2.AutoMock.sln
-      - name: 🔬 snyk scan
+      - name: 🔬 snyk opensource scan
         uses: snyk/actions/dotnet@master
         continue-on-error: true
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          args: --sarif-file-output=snyk.sarif --file=src/Objectivity.AutoFixture.XUnit2.AutoMock.sln
+          args: --sarif-file-output=snyk/opensource.sarif --all-projects --exclude=Objectivity.AutoFixture.XUnit2.AutoFakeItEasy.Tests,Objectivity.AutoFixture.XUnit2.AutoMoq.Tests,Objectivity.AutoFixture.XUnit2.AutoNSubstitute.Tests,Objectivity.AutoFixture.XUnit2.Core.Tests
+      - name: 🔬 snyk code scan
+        uses: snyk/actions/dotnet@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk/code.sarif
+          command: code test
       - name: 📈 snyk monitor
         uses: snyk/actions/dotnet@master
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          args: --file=src/Objectivity.AutoFixture.XUnit2.AutoMock.sln
+          args: --all-projects --exclude=Objectivity.AutoFixture.XUnit2.AutoFakeItEasy.Tests,Objectivity.AutoFixture.XUnit2.AutoMoq.Tests,Objectivity.AutoFixture.XUnit2.AutoNSubstitute.Tests,Objectivity.AutoFixture.XUnit2.Core.Tests
           command: monitor
       - name: 📊 upload sarif file for GitHub Advanced Security Dashboard
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: snyk.sarif
+          sarif_file: snyk
         if: ${{ always() }}