Skip to content

Snyk Scan Code

Snyk Scan Code #40

---
# SPDX-License-Identifier: BSD-3-Clause
# Copyright (c) Contributors to the OpenEXR Project.
name: Snyk Scan Code
on:
# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
schedule:
- cron: "0 4 * * 0"
permissions:
contents: read
jobs:
snyk-scan-pr:
runs-on: ubuntu-latest
if: github.repository == 'AcademySoftwareFoundation/openexr'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: snyk/actions/setup@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
id: snyk
- name: Snyk version
run: echo "${{ steps.snyk.outputs.version }}"
- name: Snyk Auth
run: snyk auth ${{ secrets.SNYK_TOKEN }}
- name: Snyk Scan Code
# Scan the C/C++ code for vulnerabilities using the Snyk CLI with the unmanaged flag
# https://docs.snyk.io/scan-using-snyk/supported-languages-and-frameworks/c-c++ for options
run: snyk test --unmanaged --print-dep-paths --org=${{ secrets.SNYK_ORG }}
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
continue-on-error: true # optional
- name: Monitor for Vulnerabilities
# To import the test results (issues and dependencies) in the Snyk CLI, run the snyk monitor --unmanaged command:
run: snyk monitor --unmanaged --org=${{ secrets.SNYK_ORG }}
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
continue-on-error: true # optional