Skip to content

Merge pull request #330 from codefresh-io/danielm-codefresh-patch-1 #754

Merge pull request #330 from codefresh-io/danielm-codefresh-patch-1

Merge pull request #330 from codefresh-io/danielm-codefresh-patch-1 #754

Workflow file for this run

name: Snyk
on:
schedule:
- cron: "30 2 * * *"
push:
branches:
- main
- release-*
permissions:
contents: read
jobs:
# we do not scan images here, they're scanned here: https://app.snyk.io/org/argoproj/projects
golang:
name: Scan Go deps
if: github.repository == 'argoproj/argo-workflows'
runs-on: ubuntu-latest
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
steps:
- uses: actions/checkout@v4
- name: Run Snyk to check for Go vulnerabilities
uses: snyk/actions/golang@master
with:
args: --severity-threshold=high
node:
name: Scan Node deps
if: github.repository == 'argoproj/argo-workflows'
runs-on: ubuntu-latest
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20" # change in all GH Workflows
cache: yarn
cache-dependency-path: ui/yarn.lock
- run: yarn --cwd ui install
- name: Run Snyk to check for Node vulnerabilities
uses: snyk/actions/node@master
with:
args: --file=ui/package.json --severity-threshold=high