Update snyk-security.yml

DavidOsipov · web-flow · commit 07274ee0eae1 · 2025-03-19T03:09:48.000+04:00
Signed-off-by: David Osipov &lt;personal@david-osipov.vision&gt;
diff --git a/.github/workflows/snyk-security.yml b/.github/workflows/snyk-security.yml
@@ -40,6 +40,13 @@ jobs:
         # Snyk can be used to break the build when it detects security issues.
         # In this case we want to upload the SAST issues to GitHub Code Scanning
         uses: snyk/actions/setup@cdb760004ba9ea4d525f2e043745dfe85bb9077e
+        with:
+          snyk-version: latest
+
+      - name: Authenticate Snyk
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_SECRET_TOKEN }}
+        run: snyk auth SNYK_TOKEN --auth-type=token 
 
       - name: Set up Python
         uses: actions/setup-python@19e4675e06535f6b54e894da5c1f044400bb4996
@@ -52,40 +59,19 @@ jobs:
           if [ -f Pipfile ]; then pip install pipenv && pipenv install --dev; fi
           if [ -f pyproject.toml ]; then pip install poetry && poetry install; fi
 
-      - name: Set up Snyk
-        uses: snyk/actions/setup@9213221444c2dc9e8b2502c1e857c26d851e84a7
-        with:
-          snyk-version: latest
-
       - name: Run Snyk to check for vulnerabilities
         uses: snyk/actions/python-3.10@cdb760004ba9ea4d525f2e043745dfe85bb9077e
         continue-on-error: true # To make sure that SARIF upload gets called
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_SECRET_TOKEN }}
         with:
-          args: --sarif-file-output=snyk.sarif --severity-threshold=medium
+          command: monitor
          
 
-        # Runs Snyk Code (SAST) analysis and uploads result into GitHub.
-        # Use || true to not fail the pipeline
-      - name: Snyk Code test
-        run: snyk code test --sarif > snyk-code.sarif # || true
-
         # Runs Snyk Open Source (SCA) analysis and uploads result to Snyk.
       - name: Snyk Open Source monitor
-        run: snyk monitor --all-projects
-
-        # Runs Snyk Infrastructure as Code (IaC) analysis and uploads result to Snyk.
-        # Use || true to not fail the pipeline.
-      - name: Snyk IaC test and report
-        run: snyk iac test --report # || true
-
-        # Build the docker image for testing
-      - name: Build a Docker image
-        run: docker build -t your/image-to-test .
-        # Runs Snyk Container (Container and SCA) analysis and uploads result to Snyk.
-      - name: Snyk Container monitor
-        run: snyk container monitor your/image-to-test --file=Dockerfile
+        continue-on-error: true # To make sure that SARIF upload gets called
+        run: snyk test --all-projects
 
         # Push the Snyk Code results into GitHub Code Scanning tab
       - name: Upload result to GitHub Code Scanning
