Switch to snyk.io

wavesoftware · Oct 28, 2021 · 2b54d25 · 2b54d25
1 parent cafaf8e
commit 2b54d25
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 7 deletions.
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -8,13 +8,27 @@ on:
     types: [opened, synchronize, reopened]
 
 jobs:
-  build:
-    name: Trivy code scanning
+  scan:
+    name: Snyk code scanning
     runs-on: ubuntu-18.04
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
 
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/golang@master
+        # To make sure that SARIF upload gets called
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif
+
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: snyk.sarif
+
       - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@master
         with:

diff --git a/go.mod b/go.mod
@@ -33,8 +33,3 @@ require (
 	k8s.io/klog/v2 v2.30.0 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
-
-exclude (
-	github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-)
diff --git a/go.sum b/go.sum
@@ -261,6 +261,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
+github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/docker/cli v20.10.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=