Add yarn.lock scanning and simplify to scanning Pipfile

rstudio · Jan 17, 2023 · efc5007 · efc5007
1 parent 0858daa
commit efc5007
Showing 1 changed file with 16 additions and 4 deletions.
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -9,7 +9,7 @@ env:
   SNYK_ORG: rstudio-connect
 
 jobs:
-  snyk-monitor:
+  python:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -20,11 +20,23 @@ jobs:
         run: |
           python -m pip install --upgrade pipenv
 
-      - name: Install Pipfile.lock dependencies
-        run: pipenv sync
+      - name: Install Pipfile dependencies (as required by Snyk)
+        run: pipenv install
 
       - name: Run Snyk
         uses: snyk/actions/python@master
         with:
           command: monitor
-          args: --file=Pipfile --org=${{ env.SNYK_ORG }}
+          args: --file=Pipfile --project-name=python --org=${{ env.SNYK_ORG }}
+  ui:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Run Snyk
+        uses: snyk/actions/node@master
+        with:
+          command: monitor
+          args: --file=yarn.lock --project-name=ui --org=${{ env.SNYK_ORG }}