Snyk Security Scan #459
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Snyk Security Scan | |
| on: | |
| push: | |
| branches: [ "master" ] | |
| pull_request: | |
| branches: [ "master" ] | |
| schedule: | |
| - cron: "15 5 * * 1" | |
| permissions: | |
| contents: read | |
| security-events: write | |
| jobs: | |
| snyk: | |
| name: Snyk Scan (${{ matrix.language }}) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [ "node", "php" ] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| - name: Set up Node.js | |
| if: matrix.language == 'node' | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "22" | |
| cache: "npm" | |
| - name: Install Node.js dependencies | |
| if: matrix.language == 'node' | |
| run: npm ci | |
| - name: Run Snyk for Node.js | |
| if: matrix.language == 'node' | |
| uses: snyk/actions/node@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| args: --sarif-file-output=snyk-node.sarif | |
| - name: Upload Node.js SARIF | |
| if: matrix.language == 'node' | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: snyk-node.sarif | |
| category: snyk-node | |
| - name: Set up PHP | |
| if: matrix.language == 'php' | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: "8.4" | |
| extensions: fileinfo, mbstring, dom, curl | |
| tools: composer | |
| - name: Cache Composer dependencies | |
| if: matrix.language == 'php' | |
| uses: actions/cache@v4 | |
| with: | |
| path: vendor | |
| key: composer-${{ hashFiles('**/composer.lock') }} | |
| restore-keys: composer- | |
| - name: Validate composer.json | |
| if: matrix.language == 'php' | |
| continue-on-error: true | |
| run: composer validate --strict | |
| - name: Install Composer dependencies | |
| if: matrix.language == 'php' | |
| continue-on-error: true | |
| run: composer install --prefer-dist --no-progress | |
| - name: Run Snyk for PHP | |
| if: matrix.language == 'php' | |
| uses: snyk/actions/php@master | |
| continue-on-error: true | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| args: --sarif-file-output=snyk-php.sarif | |
| - name: Upload PHP SARIF | |
| if: matrix.language == 'php' | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: snyk-php.sarif | |
| category: snyk-php |