|
| 1 | +# A sample workflow which checks out your Infrastructure as Code Configuration files, |
| 2 | +# such as Kubernetes, Helm & Terraform and scans them for any security issues. |
| 3 | +# The results are then uploaded to GitHub Security Code Scanning |
| 4 | +# |
| 5 | +# For more examples, including how to limit scans to only high-severity issues |
| 6 | +# and fail PR checks, see https://github.com/snyk/actions/ |
| 7 | + |
| 8 | +name: Snyk Infrastructure as Code |
| 9 | + |
| 10 | +on: |
| 11 | + push: |
| 12 | + branches: [ main ] |
| 13 | + pull_request: |
| 14 | + # The branches below must be a subset of the branches above |
| 15 | + branches: [ main ] |
| 16 | + schedule: |
| 17 | + - cron: '45 18 * * 2' |
| 18 | + |
| 19 | +jobs: |
| 20 | + snyk: |
| 21 | + runs-on: ubuntu-latest |
| 22 | + steps: |
| 23 | + - uses: actions/checkout@v2 |
| 24 | + - name: Run Snyk to check configuration files for security issues |
| 25 | + # Snyk can be used to break the build when it detects security issues. |
| 26 | + # In this case we want to upload the issues to GitHub Code Scanning |
| 27 | + continue-on-error: true |
| 28 | + uses: snyk/actions/iac@master |
| 29 | + env: |
| 30 | + # In order to use the Snyk Action you will need to have a Snyk API token. |
| 31 | + # More details in https://github.com/snyk/actions#getting-your-snyk-token |
| 32 | + # or you can signup for free at https://snyk.io/login |
| 33 | + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} |
| 34 | + with: |
| 35 | + # Add the path to the configuration file that you would like to test. |
| 36 | + # For example `deployment.yaml` for a Kubernetes deployment manifest |
| 37 | + # or `main.tf` for a Terraform configuration file |
| 38 | + file: your-file-to-test.yaml |
| 39 | + - name: Upload result to GitHub Code Scanning |
| 40 | + uses: github/codeql-action/upload-sarif@v1 |
| 41 | + with: |
| 42 | + sarif_file: snyk.sarif |
0 commit comments