Skip to content

Snyk

Snyk #65

Workflow file for this run

name: Snyk
on:
schedule:
- cron: "30 2 * * *"
push:
branches:
- master
- release-*
permissions:
contents: read
jobs:
# we do not scan images here, they're scanned here: https://app.snyk.io/org/argoproj/projects
golang:
if: github.repository == 'argoproj/argo-workflows'
runs-on: ubuntu-latest
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
steps:
- uses: actions/checkout@v3
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/golang@master
with:
args: --severity-threshold=high
node:
if: github.repository == 'argoproj/argo-workflows'
runs-on: ubuntu-latest
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "20" # change in all GH Workflows
cache: yarn
cache-dependency-path: ui/yarn.lock
- run: yarn --cwd ui install
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@master
with:
args: --file=ui/package.json --severity-threshold=high