Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.
GitHub action using snyk-pnpm-depTree-api-tool to convert a pnpm lockfile into a DepGraph and send it to the snyk API to scan
- https://github.com/snyk-tech-services/snyk-pnpm-depTree-api-tool
- https://snyk.docs.apiary.io/#reference/test/dep-graph
Required API snyk token. Can be found here: https://snyk.io/account/
Required The name of the snyk organization to run the test against.
Required The root path of the project to test.
Optional Include dev dependencies while building the depGraph. True or false - default = false
jobs:
pnpm_snyk_check:
runs-on: ubuntu-latest
name: Snyk post processing
steps:
- uses: actions/checkout@v2
- name: Snyk API pnpm scan
id: pnpm-scan-api-tool
uses: snyk-tech-services/snyk-pnpm-github-action@master
with:
snykToken: ${{ secrets.snykToken }}
pnpmLockfilePath: "./test/fixtures"
snykOrganization: "playground"
IncludeDev: "false"