Skip to content
alert-circle

GitHub Action

snyk-node

v1 Latest version

snyk-node

alert-circle

snyk-node

This action leverages Snyk Open Source to scan dependencies for known license issues and vulnerabilities

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: snyk-node

              
  uses: awshole/snyk-node@v1
Learn more about this action in awshole/snyk-node

Choose a version

Snyk Node (JavaScript) Action

A GitHub Action for using Snyk for Source Composition Analysis and license identification. Results are uploaded to the Security tab of a given repository, leveraging the SARIF schema.

You can use the Action as follows:

name: snyk-analysis
on:
  workflow_dispatch:
  push: 
    branches: [main]
    paths: [package.json]
  pull_request:
    branches: [main]
jobs:
  snyk-analysis:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
    - name: Snyk Analysis
      uses: awshole/snyk-node@main
      with:
        snyk_api_key: ${{ secrets.SNYK_TOKEN }}
        path_to_dependency_file: package.json
        upload_sarif: true
        snyk_github_integration_token: ${{ github.token }}
        repository: ${{ github.repository }}
    - name: Upload SARIF file
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: ${{ github.workspace }}/snyk.sarif

The Snyk Node (JavaScript) Action has properties which are passed to the underlying shell executing custom scripts. These are passed to the action using with.

Property Required Default Description
snyk_api_key true Expects a string value corresponding to the API key to use when accessing the Snyk organization.
path_to_dependency_file true Expects the relative GitHub path to the dependency file to test.
integrate_with_snyk_platform false false If this is true, the repository will be integrated with the Snyk platform.
snyk_org_id false Expects a string value corresponding to the Snyk organization ID. It expects a GUID format. This is required if 'integrate_with_snyk_platform' is 'true'.
snyk_integration_id false Expects a string value corresponding to the Integration ID for a source control provider. This is required if 'integrate_with_snyk_platform' is 'true'.
repository false Expects the GitHub repository to import to the Snyk platform or post a GitHub Issue to. This is required if either 'integrate_with_snyk_platform', 'create_github_issues', or 'upload_sarif' is 'true'.
branch_name false Expects the GitHub repository branch name that should be imported into Snyk. This is required if 'integrate_with_snyk_platform' or 'upload_sarif' is 'true'.
create_github_issues false false If this is true, details of the Snyk scan will be posted to the Issues tab of a repository.
upload_sarif false false If this is true, details of the Snyk scan will be uploaded as a SARIF file to the Security tab of a repository.
github_issue_assignee false Expects a string value corresponding to the GitHub user to assign issues to if 'create_github_issues' is 'true'.
security_issues_labels false The labels that should be applied to security-related GitHub Issues if 'create_github_issues' is 'true'.
license_issues_labels false The labels that should be applied to license compliance-related GitHub Issues if 'create_github_issues' is 'true'.
snyk_github_integration_token false GitHub token to use for posting issues. This is required if 'create_github_issues' or 'upload_sarif' is 'true'.

Reusable Workflow

You can use the Action in the form of a re-usable workflow as follows:

name: snyk-analysis-javascript 
on:
  workflow_dispatch:
  push:
    paths: [package.json]
  pull_request:
    paths: [package.json]
jobs:     
  snyk-analysis:
    uses: awshole/snyk-node/.github/workflows/snyk-analysis.yaml@main
    with:
      path_to_dependency_file: package.json
    secrets: inherit