Update snyk-security.yml

DavidOsipov · web-flow · commit 930bc6d7faba · 2025-03-19T03:55:53.000+04:00
Signed-off-by: David Osipov &lt;personal@david-osipov.vision&gt;
diff --git a/.github/workflows/snyk-security.yml b/.github/workflows/snyk-security.yml
@@ -49,30 +49,51 @@ jobs:
           python-version: '3.13.2'
 
       - name: Create Sarif file's dir
-        run: mkdir sarif
+        run: |
+          mkdir sarif
+          mkdir safir/merged
           
       - name: Install dependencies
         run: |
           if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
           if [ -f Pipfile ]; then pip install pipenv && pipenv install --dev; fi
           if [ -f pyproject.toml ]; then pip install poetry && poetry install; fi
 
-      - name: Run Snyk to check for vulnerabilities
+      - name: Run Snyk to check for vulnerabilities and output Sarif
         uses: snyk/actions/python-3.10@cdb760004ba9ea4d525f2e043745dfe85bb9077e
         continue-on-error: true # To make sure that SARIF upload gets called
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_SECRET_TOKEN }}
         with:
           args: --sarif-file-output=sarif/snyk.sarif
-         
 
+      - name: Run Snyk to check for vulnerabilities and monitor
+        uses: snyk/actions/python-3.10@cdb760004ba9ea4d525f2e043745dfe85bb9077e
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_SECRET_TOKEN }}
+        with:
+          command: monitor
+         
         # Runs Snyk Open Source (SCA) analysis and uploads result to Snyk.
-      - name: Snyk Open Source monitor
+      - name: Run Snyk Open Source Analysis and output Sarif
         continue-on-error: true # To make sure that SARIF upload gets called
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_SECRET_TOKEN }}
         run: snyk test --all-projects --sarif-file-output=sarif/snyk-SCA.sarif
 
+
+      - name: Run Snyk Open Source Analysis and monitor
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_SECRET_TOKEN }}
+        run: snyk test monitor --all-projects
+
+      # - name: Merge 2 Sarif reports
+        # uses: github/codeql-action/merge-results@latest
+        
+
+      
         # Push the Snyk Code results into GitHub Code Scanning tab
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@6349095d19ec30397ffb02a63b7aa4f867deb563
