Skip to content

A private GitHub Action repository for scanning node projects with Snyk

Notifications You must be signed in to change notification settings

awshole/snyk-node

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 

Repository files navigation

Snyk Node (JavaScript) Action

A GitHub Action for using Snyk for Source Composition Analysis and license identification. Results are uploaded to the Security tab of a given repository, leveraging the SARIF schema.

You can use the Action as follows:

name: snyk-analysis
on:
  workflow_dispatch:
  push: 
    branches: [main]
    paths: [package.json]
  pull_request:
    branches: [main]
jobs:
  snyk-analysis:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
    - name: Snyk Analysis
      uses: awshole/snyk-node@main
      with:
        snyk_api_key: ${{ secrets.SNYK_TOKEN }}
        path_to_dependency_file: package.json
        upload_sarif: true
        snyk_github_integration_token: ${{ github.token }}
        repository: ${{ github.repository }}
    - name: Upload SARIF file
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: ${{ github.workspace }}/snyk.sarif

The Snyk Node (JavaScript) Action has properties which are passed to the underlying shell executing custom scripts. These are passed to the action using with.

Property Required Default Description
snyk_api_key true Expects a string value corresponding to the API key to use when accessing the Snyk organization.
path_to_dependency_file true Expects the relative GitHub path to the dependency file to test.
integrate_with_snyk_platform false false If this is true, the repository will be integrated with the Snyk platform.
snyk_org_id false Expects a string value corresponding to the Snyk organization ID. It expects a GUID format. This is required if 'integrate_with_snyk_platform' is 'true'.
snyk_integration_id false Expects a string value corresponding to the Integration ID for a source control provider. This is required if 'integrate_with_snyk_platform' is 'true'.
repository false Expects the GitHub repository to import to the Snyk platform or post a GitHub Issue to. This is required if either 'integrate_with_snyk_platform', 'create_github_issues', or 'upload_sarif' is 'true'.
branch_name false Expects the GitHub repository branch name that should be imported into Snyk. This is required if 'integrate_with_snyk_platform' or 'upload_sarif' is 'true'.
create_github_issues false false If this is true, details of the Snyk scan will be posted to the Issues tab of a repository.
upload_sarif false false If this is true, details of the Snyk scan will be uploaded as a SARIF file to the Security tab of a repository.
github_issue_assignee false Expects a string value corresponding to the GitHub user to assign issues to if 'create_github_issues' is 'true'.
security_issues_labels false The labels that should be applied to security-related GitHub Issues if 'create_github_issues' is 'true'.
license_issues_labels false The labels that should be applied to license compliance-related GitHub Issues if 'create_github_issues' is 'true'.
snyk_github_integration_token false GitHub token to use for posting issues. This is required if 'create_github_issues' or 'upload_sarif' is 'true'.

Reusable Workflow

You can use the Action in the form of a re-usable workflow as follows:

name: snyk-analysis-javascript 
on:
  workflow_dispatch:
  push:
    paths: [package.json]
  pull_request:
    paths: [package.json]
jobs:     
  snyk-analysis:
    uses: awshole/snyk-node/.github/workflows/snyk-analysis.yaml@main
    with:
      path_to_dependency_file: package.json
    secrets: inherit

About

A private GitHub Action repository for scanning node projects with Snyk

Topics

Resources

Stars

Watchers

Forks