@@ -35,21 +35,31 @@ jobs:
3535 actions : read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
3636 runs-on : ubuntu-latest
3737 steps :
38- - uses : actions/checkout@v4
38+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
3939 - name : Set up Snyk CLI to check for security issues
4040 # Snyk can be used to break the build when it detects security issues.
4141 # In this case we want to upload the SAST issues to GitHub Code Scanning
4242 uses : snyk/actions/setup@cdb760004ba9ea4d525f2e043745dfe85bb9077e
4343
44- # For Snyk Open Source you must first set up the development environment for your application's dependencies
45- # For example for Node
46- # - uses: actions/setup-node@v4
47- # with:
48- # node-version: 20
44+ - name : Set up Python
45+ uses : actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38
46+ with :
47+ python-version : ' 3.12.7'
48+
49+ - name : Install dependencies
50+ run : |
51+ if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
52+ if [ -f Pipfile ]; then pip install pipenv && pipenv install --dev; fi
53+ if [ -f pyproject.toml ]; then pip install poetry && poetry install; fi
4954
55+ name : Run Snyk to check for vulnerabilities
56+ uses : snyk/actions/python-3.10@4a528b5c534bb771b6e3772656a8e0e9dc902f8b
57+ continue-on-error : true # To make sure that SARIF upload gets called
5058 env :
51- # This is where you will need to introduce the Snyk API token created with your Snyk account
52- SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
59+ SNYK_TOKEN : ${{ secrets.SNYK_SECRET_TOKEN }}
60+ with :
61+ args : --sarif-file-output=snyk.sarif --severity-threshold=medium
62+
5363
5464 # Runs Snyk Code (SAST) analysis and uploads result into GitHub.
5565 # Use || true to not fail the pipeline
0 commit comments