From e25b2e6f5658d1bb7a6671b113260f13134cc3af Mon Sep 17 00:00:00 2001 From: Gareth Rushgrove Date: Mon, 9 Jan 2023 11:23:59 +0000 Subject: [PATCH] Generated new GitHub Actions templates skip-checks: true --- README.md | 2 + cocoapods/README.md | 15 ++----- dotnet/README.md | 15 ++----- golang/README.md | 15 ++----- gradle-jdk11/README.md | 15 ++----- gradle-jdk12/README.md | 15 ++----- gradle-jdk14/README.md | 15 ++----- gradle-jdk16/README.md | 15 ++----- gradle-jdk17/README.md | 15 ++----- gradle/README.md | 15 ++----- maven-3-jdk-11/README.md | 15 ++----- maven/README.md | 15 ++----- node/README.md | 15 ++----- php/README.md | 15 ++----- python-3.10/README.md | 90 ++++++++++++++++++++++++++++++++++++++++ python-3.10/action.yml | 26 ++++++++++++ python-3.9/README.md | 90 ++++++++++++++++++++++++++++++++++++++++ python-3.9/action.yml | 26 ++++++++++++ ruby/README.md | 15 ++----- scala/README.md | 15 ++----- 20 files changed, 294 insertions(+), 165 deletions(-) create mode 100644 python-3.10/README.md create mode 100644 python-3.10/action.yml create mode 100644 python-3.9/README.md create mode 100644 python-3.9/action.yml diff --git a/README.md b/README.md index 4fe5ef5..e5632bc 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,8 @@ you are using. We currently support: - [Python-3.6](python-3.6) - [Python-3.7](python-3.7) - [Python-3.8](python-3.8) +- [Python-3.9](python-3.9) +- [Python-3.10](python-3.10) - [Ruby](ruby) - [Scala](scala) - [Docker](docker) diff --git a/cocoapods/README.md b/cocoapods/README.md index 4d07ff1..e5b66f6 100644 --- a/cocoapods/README.md +++ b/cocoapods/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your CocoaPods projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for CocoaPods using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk CocoaPods Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for CocoaPods using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for CocoaPods using Snyk on: push jobs: security: diff --git a/dotnet/README.md b/dotnet/README.md index 6a8774d..b804cfa 100644 --- a/dotnet/README.md +++ b/dotnet/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your dotNET projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for dotNET using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk dotNET Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for dotNET using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for dotNET using Snyk on: push jobs: security: diff --git a/golang/README.md b/golang/README.md index 5115e2e..bbb9d0e 100644 --- a/golang/README.md +++ b/golang/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Golang projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Golang using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Golang Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Golang using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Golang using Snyk on: push jobs: security: diff --git a/gradle-jdk11/README.md b/gradle-jdk11/README.md index 04e39b6..fa40891 100644 --- a/gradle-jdk11/README.md +++ b/gradle-jdk11/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Gradle-jdk11 projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Gradle Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: diff --git a/gradle-jdk12/README.md b/gradle-jdk12/README.md index f6b5e95..ebc8142 100644 --- a/gradle-jdk12/README.md +++ b/gradle-jdk12/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Gradle-jdk12 projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Gradle Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: diff --git a/gradle-jdk14/README.md b/gradle-jdk14/README.md index 3b7db37..21597b7 100644 --- a/gradle-jdk14/README.md +++ b/gradle-jdk14/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Gradle-jdk14 projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Gradle Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: diff --git a/gradle-jdk16/README.md b/gradle-jdk16/README.md index c8e4774..239f0d2 100644 --- a/gradle-jdk16/README.md +++ b/gradle-jdk16/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Gradle-jdk16 projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Gradle Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: diff --git a/gradle-jdk17/README.md b/gradle-jdk17/README.md index 2a45a21..824fe11 100644 --- a/gradle-jdk17/README.md +++ b/gradle-jdk17/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Gradle-jdk17 projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Gradle Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: diff --git a/gradle/README.md b/gradle/README.md index dfe95b5..c41e9c5 100644 --- a/gradle/README.md +++ b/gradle/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Gradle projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Gradle Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Gradle using Snyk on: push jobs: security: diff --git a/maven-3-jdk-11/README.md b/maven-3-jdk-11/README.md index fcb069f..90c1d8d 100644 --- a/maven-3-jdk-11/README.md +++ b/maven-3-jdk-11/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Maven-3-jdk-11 projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Maven using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Maven Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Maven using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Maven using Snyk on: push jobs: security: diff --git a/maven/README.md b/maven/README.md index 05fe30d..8dd2ae7 100644 --- a/maven/README.md +++ b/maven/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Maven projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Maven using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Maven Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Maven using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Maven using Snyk on: push jobs: security: diff --git a/node/README.md b/node/README.md index 5682ccb..57ebc4e 100644 --- a/node/README.md +++ b/node/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Node projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Node using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Node Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Node using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Node using Snyk on: push jobs: security: diff --git a/php/README.md b/php/README.md index 3f506cb..b13ce9e 100644 --- a/php/README.md +++ b/php/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your PHP projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for PHP using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk PHP Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for PHP using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for PHP using Snyk on: push jobs: security: diff --git a/python-3.10/README.md b/python-3.10/README.md new file mode 100644 index 0000000..08c8e19 --- /dev/null +++ b/python-3.10/README.md @@ -0,0 +1,90 @@ +# Snyk Python (3.10) Action + +A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for +vulnerabilities in your Python-3.10 projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. + + > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. + > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) + > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. + > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update + > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry + > + > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. + +You can use the Action as follows: + +```yaml +name: Example workflow for Python using Snyk +on: push +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/python-3.10@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} +``` + +## Properties + +The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. + +| Property | Default | Description | +| -------- | ------- | --------------------------------------------------------------------------------------------------- | +| args | | Override the default arguments to the Snyk image. See [Snyk CLI reference for all options][cli-ref] | +| command | test | Specify which command to run, for instance test or monitor | +| json | false | In addition to the stdout, save the results as snyk.json | + +For example, you can choose to only report on high severity vulnerabilities. + +```yaml +name: Example workflow for Python using Snyk +on: push +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/python-3.10@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --severity-threshold=high +``` + +## Uploading Snyk scan results to GitHub Code Scanning + +Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SARIF upload action](https://docs.github.com/en/code-security/secure-coding/uploading-a-sarif-file-to-github), you can upload Snyk scan results to the GitHub Code Scanning. + +![Snyk results as a SARIF output uploaded to GitHub Code Scanning](../_templates/sarif-example.png) + +The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: + +```yaml +name: Example workflow for Python using Snyk +on: push +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/python-3.10@master + continue-on-error: true # To make sure that SARIF upload gets called + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --sarif-file-output=snyk.sarif + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: snyk.sarif +``` + +Made with 💜 by Snyk + +[cli-gh]: https://github.com/snyk/snyk 'Snyk CLI' +[cli-ref]: https://docs.snyk.io/snyk-cli/cli-reference 'Snyk CLI Reference documentation' diff --git a/python-3.10/action.yml b/python-3.10/action.yml new file mode 100644 index 0000000..1615d25 --- /dev/null +++ b/python-3.10/action.yml @@ -0,0 +1,26 @@ +name: "Snyk Python (3.10)" +description: "Check your Python application for vulnerabilties using Snyk" +author: "Gareth Rushgrove" +branding: + icon: "alert-triangle" + color: "yellow" +inputs: + command: + description: "Which Snyk command to run, defaults to test" + default: test + args: + description: "Additional arguments to pass to Snyk" + json: + description: "Output a snyk.json file with results if running the test command" + default: false +runs: + using: "docker" + image: "docker://snyk/snyk:python-3.10" + env: + FORCE_COLOR: 2 + SNYK_INTEGRATION_NAME: GITHUB_ACTIONS + SNYK_INTEGRATION_VERSION: python-3.10 + args: + - snyk + - ${{ inputs.command }} + - ${{ inputs.args }} diff --git a/python-3.9/README.md b/python-3.9/README.md new file mode 100644 index 0000000..7037fb1 --- /dev/null +++ b/python-3.9/README.md @@ -0,0 +1,90 @@ +# Snyk Python (3.9) Action + +A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for +vulnerabilities in your Python-3.9 projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. + + > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. + > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) + > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. + > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update + > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry + > + > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. + +You can use the Action as follows: + +```yaml +name: Example workflow for Python using Snyk +on: push +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/python-3.9@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} +``` + +## Properties + +The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. + +| Property | Default | Description | +| -------- | ------- | --------------------------------------------------------------------------------------------------- | +| args | | Override the default arguments to the Snyk image. See [Snyk CLI reference for all options][cli-ref] | +| command | test | Specify which command to run, for instance test or monitor | +| json | false | In addition to the stdout, save the results as snyk.json | + +For example, you can choose to only report on high severity vulnerabilities. + +```yaml +name: Example workflow for Python using Snyk +on: push +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/python-3.9@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --severity-threshold=high +``` + +## Uploading Snyk scan results to GitHub Code Scanning + +Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SARIF upload action](https://docs.github.com/en/code-security/secure-coding/uploading-a-sarif-file-to-github), you can upload Snyk scan results to the GitHub Code Scanning. + +![Snyk results as a SARIF output uploaded to GitHub Code Scanning](../_templates/sarif-example.png) + +The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: + +```yaml +name: Example workflow for Python using Snyk +on: push +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/python-3.9@master + continue-on-error: true # To make sure that SARIF upload gets called + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --sarif-file-output=snyk.sarif + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: snyk.sarif +``` + +Made with 💜 by Snyk + +[cli-gh]: https://github.com/snyk/snyk 'Snyk CLI' +[cli-ref]: https://docs.snyk.io/snyk-cli/cli-reference 'Snyk CLI Reference documentation' diff --git a/python-3.9/action.yml b/python-3.9/action.yml new file mode 100644 index 0000000..a160185 --- /dev/null +++ b/python-3.9/action.yml @@ -0,0 +1,26 @@ +name: "Snyk Python (3.9)" +description: "Check your Python application for vulnerabilties using Snyk" +author: "Gareth Rushgrove" +branding: + icon: "alert-triangle" + color: "yellow" +inputs: + command: + description: "Which Snyk command to run, defaults to test" + default: test + args: + description: "Additional arguments to pass to Snyk" + json: + description: "Output a snyk.json file with results if running the test command" + default: false +runs: + using: "docker" + image: "docker://snyk/snyk:python-3.9" + env: + FORCE_COLOR: 2 + SNYK_INTEGRATION_NAME: GITHUB_ACTIONS + SNYK_INTEGRATION_VERSION: python-3.9 + args: + - snyk + - ${{ inputs.command }} + - ${{ inputs.args }} diff --git a/ruby/README.md b/ruby/README.md index 560b061..6c28a06 100644 --- a/ruby/README.md +++ b/ruby/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Ruby projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Ruby using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Ruby Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Ruby using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Ruby using Snyk on: push jobs: security: diff --git a/scala/README.md b/scala/README.md index 5147d3f..71ec3a2 100644 --- a/scala/README.md +++ b/scala/README.md @@ -3,18 +3,11 @@ A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for vulnerabilities in your Scala projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`. - > Note: The examples shared below reflect how Snyk github actions can be used. Snyk requires Python to have downloaded the dependencies before running or triggering the Snyk checks. - > The Python image checks and installs deps only if the manifest files are present in the current path (from where action is being triggered) - > 1. If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt. - > 2. If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update - > 3. If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry - > - > If manifest files are present under any location other root then they MUST be installed prior to running Snyk. You can use the Action as follows: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Scala using Snyk on: push jobs: security: @@ -29,7 +22,7 @@ jobs: ## Properties -The Snyk Python Action has properties which are passed to the underlying image. These are passed to the action using `with`. +The Snyk Scala Action has properties which are passed to the underlying image. These are passed to the action using `with`. | Property | Default | Description | | -------- | ------- | --------------------------------------------------------------------------------------------------- | @@ -40,7 +33,7 @@ The Snyk Python Action has properties which are passed to the underlying image. For example, you can choose to only report on high severity vulnerabilities. ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Scala using Snyk on: push jobs: security: @@ -64,7 +57,7 @@ Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SA The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this: ```yaml -name: Example workflow for Python using Snyk +name: Example workflow for Scala using Snyk on: push jobs: security: