Skip to content

2.11.24 Update docs #201

2.11.24 Update docs

2.11.24 Update docs #201

# Name of the GitHub Actions workflow
name: Scan PHP code with Snyk Code
on:
# Trigger the workflow on the following events:
# Scan changed files in Pull Requests (diff-aware scanning).
pull_request: {}
# Trigger the workflow on-demand through the GitHub Actions interface.
workflow_dispatch: {}
# Scan mainline branches (main and development) and report all findings.
push:
branches: ["development"]
# Define the job(s) to be executed within the workflow
jobs:
security:
runs-on: ubuntu-latest
# Define permissions for specific actions
permissions:
actions: read
contents: read
security-events: write
name: Run Snyk
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# Define an environment variable 'SNYK_TOKEN' to securely store your Snyk token
steps:
- name: Checkout Code
uses: actions/checkout@main
# Action to check out the code from the repository
# This step fetches the codebase from your GitHub repository
- name: Install Snyk & Authenticate
run: |
# Install Snyk globally and authenticate using the provided token
sudo npm install -g snyk
snyk auth ${SNYK_TOKEN}
# The 'SNYK_TOKEN' is securely stored as a GitHub secret
- name: Run Snyk Code
run: |
# Run Snyk Code to scan PHP code
snyk code test -d --org="5647cfeb-45c0-4c43-89a1-3459fe25c145" --sarif > snyk-results.sarif
# Use the provided organization ID and generate SARIF report
continue-on-error: true
# Continue to the next step even if Snyk encounters errors
- name: Upload results from Snyk to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@main
with:
sarif_file: snyk-results.sarif
# Action to upload the results of the Snyk scan in SARIF format
category: "Scan-PHP-code-with-Snyk"
# Specify a category to distinguish between multiple analyses
# for the same tool and ref. If you don't use `category` in your workflow,
# GitHub will generate a default category name for you