Skip to content

Commit

Permalink
Exclude test projects from snyk scan (#118)
Browse files Browse the repository at this point in the history
* Exclude test projects from snyk scan
* Ignore changes to snyk in cicd.yml
* Introduce snyk code scan
  • Loading branch information
piotrzajac authored Apr 23, 2024
1 parent 30b576d commit 0740ce8
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 4 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/cicd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ on:
- '!.github/workflows/fossa-scan.yml'
- '!.github/workflows/qodana.yml'
- '!.github/workflows/semgrep.yml'
- '!.github/workflows/snyk.yml'
types: [opened, synchronize, reopened]
push:
branches:
Expand All @@ -26,6 +27,7 @@ on:
- '!.github/workflows/fossa-scan.yml'
- '!.github/workflows/qodana.yml'
- '!.github/workflows/semgrep.yml'
- '!.github/workflows/snyk.yml'
workflow_dispatch:
inputs:
buildAutoFakeItEasy:
Expand Down
16 changes: 12 additions & 4 deletions .github/workflows/snyk.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,22 +36,30 @@ jobs:
fetch-depth: 0
- name: 🏗️ restore dependencies
run: dotnet restore ./src/Objectivity.AutoFixture.XUnit2.AutoMock.sln
- name: 🔬 snyk scan
- name: 🔬 snyk opensource scan
uses: snyk/actions/dotnet@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif --file=src/Objectivity.AutoFixture.XUnit2.AutoMock.sln
args: --sarif-file-output=snyk/opensource.sarif --all-projects --exclude=Objectivity.AutoFixture.XUnit2.AutoFakeItEasy.Tests,Objectivity.AutoFixture.XUnit2.AutoMoq.Tests,Objectivity.AutoFixture.XUnit2.AutoNSubstitute.Tests,Objectivity.AutoFixture.XUnit2.Core.Tests
- name: 🔬 snyk code scan
uses: snyk/actions/dotnet@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk/code.sarif
command: code test
- name: 📈 snyk monitor
uses: snyk/actions/dotnet@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --file=src/Objectivity.AutoFixture.XUnit2.AutoMock.sln
args: --all-projects --exclude=Objectivity.AutoFixture.XUnit2.AutoFakeItEasy.Tests,Objectivity.AutoFixture.XUnit2.AutoMoq.Tests,Objectivity.AutoFixture.XUnit2.AutoNSubstitute.Tests,Objectivity.AutoFixture.XUnit2.Core.Tests
command: monitor
- name: 📊 upload sarif file for GitHub Advanced Security Dashboard
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
sarif_file: snyk
if: ${{ always() }}

0 comments on commit 0740ce8

Please sign in to comment.