Update snyk_static_analysis_scan.yaml

CMU-313 · Oct 31, 2023 · 2dfa995 · 2dfa995
1 parent 5fe562f
commit 2dfa995
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/.github/workflows/snyk_static_analysis_scan.yaml b/.github/workflows/snyk_static_analysis_scan.yaml
@@ -1,19 +1,19 @@
 name: Snyk Static Analysis Scan
+# This SAST (Static Application Security Testing) scan is used to scan
+# our first-party code for security vulnerabilities
 on:
-  push:
-    branches: ["main" ]
   pull_request:
-    branches: ["main"]
-
+    branches:
+      - master
+      - develop
 jobs:
-  Snyk_SAST_Scan :
+  Snyk_SAST_Scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - uses: snyk/actions/setup@master
       - name: Perform Static Analysis Test
-        continue-on-error: true
-        run: |
-          snyk code test --all-projects --detection-depth=4 --exclude=Dockerfile --severity-threshold=high
         env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }}
+        continue-on-error: true
+        run: snyk code test  --all-projects --strict-out-of-sync=false --detection-depth=6 --exclude=docker,Dockerfile --severity-threshold=high