snyk-container.yml

name: Snyk Container
on:
  workflow_dispatch:

permissions:
  contents: read

jobs:
  snyk:
    permissions:
      contents: read # for actions/checkout to fetch code
      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: Build a Docker image
      run: docker build -t hellopradum/backend-wanderlust backend/.
    - name: Run Snyk to check Docker image for vulnerabilities
      continue-on-error: true
      uses: snyk/actions/docker@master
      env:
        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      with:
        image: hellopradum/backend-wanderlust:latest
        args: --file=Dockerfile --sarif-file-output=snyk.sarif
    - name: Upload result to GitHub Code Scanning
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: snyk.sarif