snyk-node
ActionsThis action leverages Snyk Open Source to scan dependencies for known license issues and vulnerabilities
v1
LatestBy awshole
Tags
(2)A GitHub Action for using Snyk for Source Composition Analysis and license identification. Results are uploaded to the Security tab of a given repository, leveraging the SARIF schema.
You can use the Action as follows:
name: snyk-analysis
on:
workflow_dispatch:
push:
branches: [main]
paths: [package.json]
pull_request:
branches: [main]
jobs:
snyk-analysis:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Snyk Analysis
uses: awshole/snyk-node@main
with:
snyk_api_key: ${{ secrets.SNYK_TOKEN }}
path_to_dependency_file: package.json
upload_sarif: true
snyk_github_integration_token: ${{ github.token }}
repository: ${{ github.repository }}
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ github.workspace }}/snyk.sarifThe Snyk Node (JavaScript) Action has properties which are passed to the underlying shell executing custom scripts. These are
passed to the action using with.
| Property | Required | Default | Description |
|---|---|---|---|
| snyk_api_key | true | Expects a string value corresponding to the API key to use when accessing the Snyk organization. | |
| path_to_dependency_file | true | Expects the relative GitHub path to the dependency file to test. | |
| integrate_with_snyk_platform | false | false | If this is true, the repository will be integrated with the Snyk platform. |
| snyk_org_id | false | Expects a string value corresponding to the Snyk organization ID. It expects a GUID format. This is required if 'integrate_with_snyk_platform' is 'true'. | |
| snyk_integration_id | false | Expects a string value corresponding to the Integration ID for a source control provider. This is required if 'integrate_with_snyk_platform' is 'true'. | |
| repository | false | Expects the GitHub repository to import to the Snyk platform or post a GitHub Issue to. This is required if either 'integrate_with_snyk_platform', 'create_github_issues', or 'upload_sarif' is 'true'. | |
| branch_name | false | Expects the GitHub repository branch name that should be imported into Snyk. This is required if 'integrate_with_snyk_platform' or 'upload_sarif' is 'true'. | |
| create_github_issues | false | false | If this is true, details of the Snyk scan will be posted to the Issues tab of a repository. |
| upload_sarif | false | false | If this is true, details of the Snyk scan will be uploaded as a SARIF file to the Security tab of a repository. |
| github_issue_assignee | false | Expects a string value corresponding to the GitHub user to assign issues to if 'create_github_issues' is 'true'. | |
| security_issues_labels | false | The labels that should be applied to security-related GitHub Issues if 'create_github_issues' is 'true'. | |
| license_issues_labels | false | The labels that should be applied to license compliance-related GitHub Issues if 'create_github_issues' is 'true'. | |
| snyk_github_integration_token | false | GitHub token to use for posting issues. This is required if 'create_github_issues' or 'upload_sarif' is 'true'. |
You can use the Action in the form of a re-usable workflow as follows:
name: snyk-analysis-javascript
on:
workflow_dispatch:
push:
paths: [package.json]
pull_request:
paths: [package.json]
jobs:
snyk-analysis:
uses: awshole/snyk-node/.github/workflows/snyk-analysis.yaml@main
with:
path_to_dependency_file: package.json
secrets: inherit
snyk-node is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
About
v1
LatestBy awshole
Tags
(2)snyk-node is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.