From 89500f97440ca2a919545b7688098bbab3f9fed8 Mon Sep 17 00:00:00 2001
From: Andrey Melikhov <melikhov@yandex-team.ru>
Date: Tue, 16 Apr 2024 18:45:53 +0300
Subject: [PATCH] Update snyk-container.yml (#113)

---
 .github/workflows/snyk-container.yml | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/snyk-container.yml b/.github/workflows/snyk-container.yml
index 7dd9d490..6874d5bc 100644
--- a/.github/workflows/snyk-container.yml
+++ b/.github/workflows/snyk-container.yml
@@ -15,18 +15,25 @@ jobs:
       security-events: write
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Build a Docker image
       run: docker build -t your/image-to-test .
     - name: Run Snyk to check Docker image for vulnerabilities
       continue-on-error: true
-      uses: snyk/actions/docker@14818c4695ecc4045f33c9cee9e795a788711ca4
+      uses: snyk/actions/docker@master
       env:
         SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       with:
         image: your/image-to-test
-        args: --file=Dockerfile --org=${{ vars.SNYK_ORG }}
+        args: --file=Dockerfile --org=${{ vars.SNYK_ORG }} --sarif-file-output=snyk.sarif
+      # Replace any "null" security severity values with 0. The null value is used in the case
+      # of license-related findings, which do not do not indicate a security vulnerability.
+      # See https://github.com/github/codeql-action/issues/2187 for more context.
+    - name: Post-process sarif output
+      run: |
+        sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif
     - name: Upload result to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: snyk.sarif
+