From 8eaf0ef67da42d2f51f95cfb488c6f664fd6fc22 Mon Sep 17 00:00:00 2001
From: Divyansh Singh <40380293+brc-dd@users.noreply.github.com>
Date: Sat, 18 May 2024 16:18:13 +0530
Subject: [PATCH] chore: setup snyk

---
 .github/workflows/ci.yaml | 26 ++++++++++++++++++++++++++
 .gitignore                |  2 ++
 2 files changed, 28 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index b388949..87b1967 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -66,3 +66,29 @@ jobs:
         with:
           sarif_file: devskim-results.sarif
           category: devskim
+
+  snyk:
+    name: snyk
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v3
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: pnpm
+      - run: pnpm install -g snyk
+      - run: snyk auth ${{ secrets.SNYK_TOKEN }}
+      - run: snyk monitor --all-projects
+      - run: snyk code test $(realpath src) --sarif > snyk-results.sarif || true
+      - run: |
+          jq '(.. | select(type == "object" and .artifactLocation and .artifactLocation.uri) | .artifactLocation.uri) |= "src/" + .' snyk-results.sarif > snyk-results.sarif.tmp
+          mv snyk-results.sarif.tmp snyk-results.sarif
+      - uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk-results.sarif
+          category: snyk
diff --git a/.gitignore b/.gitignore
index f4cbe12..94325b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,5 @@ node_modules
 dist
 *.log
 *.tgz
+.dccache
+*.sarif