Skip to content
Scan and Open Jira Tickets (Snyk)

Scan and Open Jira Tickets (Snyk) #566

Sign in to view logs

Scan and Open Jira Tickets (Snyk)

Scan and Open Jira Tickets (Snyk) #566

Workflow file for this run

.github/workflows/scan_snyk-jira-integration.yml at 355815b
name: Scan and Open Jira Tickets (Snyk)
on:
pull_request:
branches: [main]
schedule:
- cron: "0 6 * * *" # daily at 0600 UTC
permissions:
id-token: write
jobs:
snyk_run:
name: Snyk Run (for PR and push)
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Install Snyk and Run Snyk test
run: |
npm install -g snyk
snyk test --all-projects --json > snyk_output.txt || true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
snyk_nightly_run:
name: Snyk Nightly Run (for nightly cron with JIRA)
runs-on: ubuntu-latest
if: github.event_name == 'schedule'
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Install Snyk and Run Snyk test
run: |
npm install -g snyk
snyk test --all-projects --json > snyk_output.txt || true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: use the custom github action to parse Snyk output
uses: Enterprise-CMCS/macfc-security-scan-report@v2.8.4.3
with:
jira-username: "mdct_github_service_account"
jira-token: ${{ secrets.JIRA_ENT_USER_TOKEN }}
jira-host: "jiraent.cms.gov"
jira-project-key: "CMDCT"
jira-issue-type: "Task"
jira-custom-field-key-value: '{ "customfield_10100": "CMDCT-2280", "customfield_26700" : [{"id": "40103", "value": "QMR"}] }'
jira-labels: "QMR,snyk"
jira-title-prefix: "[QMR] - Snyk :"
is_jira_enterprise: true
assign-jira-ticket-to: "MWTW"
scan-output-path: "snyk_output.txt"
scan-type: "snyk"
major-version-only: 'true'