diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml deleted file mode 100644 index 7a2d4254..00000000 --- a/.github/workflows/snyk-scan.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: Snyk Security Vulnerability Scan - -on: - workflow_dispatch: - pull_request: - push: - tags: - - '[0-9]+.[0-9]+.[0-9]+' - branches: - - 'master' - -jobs: - snyk_scan_test: - if: ${{ github.event_name == 'pull_request' }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - uses: snyk/actions/setup@master - - - uses: actions/setup-node@v3 - with: - node-version: '16.x' - - - name: Check changed Deps files - uses: tj-actions/changed-files@v35 - id: changed-files - with: - files: | # This will match all the files with below patterns - **/package-lock.json - - - name: Snyk scan for Node dependencies - package-lock.json - if: contains(steps.changed-files.outputs.all_changed_and_modified_files, 'package-lock.json') - run: | - snyk test --file=package-lock.json -d --fail-on=all - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - snyk_scan_monitor: - if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - - name: Extract github branch/tag name - shell: bash - run: echo "ref=$(echo ${GITHUB_REF##*/})" >> $GITHUB_OUTPUT - id: extract_ref - - - uses: snyk/actions/setup@master - - - uses: actions/setup-node@v3 - with: - node-version: '16.x' - - - name: Snyk scan for Node dependencies - package-lock.json files - run: | - snyk monitor \ - --org=h2o-3 \ - --remote-repo-url=h2o-flow/${{ steps.extract_ref.outputs.ref }} \ - --file=package-lock.json \ - --project-name=H2O-3/h2o-flow/${{ steps.extract_ref.outputs.ref }}/package-lock.json -d - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}