.github/workflows/security-code-scan.yml from Aam-Digital/ndb-core

.github/workflows/security-code-scan.yml

Summary

Maintainability

Test Coverage

Issues
Source
Stats

Issues

name: "Security Scan"

on:
  push:
    branches:
      - master
  schedule:
    - cron: '30 6 * * 2'

jobs:
  security-scan:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/node@master
        continue-on-error: true # To make sure that SARIF upload gets called
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --sarif-file-output=results.sarif

      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif