Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI/CD - Added Snyk C/C++ Scanning Job #1608

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions .github/workflows/snyk-scan-pr.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
# SPDX-License-Identifier: BSD-3-Clause
# Copyright (c) Contributors to the OpenEXR Project.

name: Snyk Scan Code

on:
# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
pull_request:
branches:
- main
cary-ilm marked this conversation as resolved.
Show resolved Hide resolved
paths:
- '**.h'
- '**.c'
- '**.cpp'

jobs:
snyk-scan-pr:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- uses: snyk/actions/setup@master
id: snyk

- name: Snyk version
run: echo "${{ steps.snyk.outputs.version }}"

- name: Snyk Auth
run: snyk auth ${{ secrets.SNYK_TOKEN }}

- name: Snyk Scan Code
# Scan the C/C++ code for vulnerabilities using the Snyk CLI with the unmanaged flag
# https://docs.snyk.io/scan-using-snyk/supported-languages-and-frameworks/c-c++ for options
run: snyk test --unmanaged --print-dep-paths --org=${{ secrets.SNYK_ORG }}
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
continue-on-error: true # optional

- name: Monitor for Vulnerabilities
# To import the test results (issues and dependencies) in the Snyk CLI, run the snyk monitor --unmanaged command:
run: snyk monitor --unmanaged --org=${{ secrets.SNYK_ORG }}
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
continue-on-error: true # optional