[CONFIG] [Github-Actions] Snyk Open Source. Modified. Sarif output enabled.

Gonzalo Diaz · Gonzalo Diaz · commit c08f574a87cd · 2024-07-11T09:38:13.000-04:00
diff --git a/.github/workflows/snyk-code.yml b/.github/workflows/snyk-code.yml
@@ -16,19 +16,20 @@ on: # yamllint disable-line rule:truthy
 jobs:
   security:
     runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
+    # permissions:
+    #   actions: read
+    #   contents: read
+    #   security-events: write
     steps:
       - uses: actions/checkout@master
-      - uses: snyk/actions/setup@master
       - name: Run Snyk to check for vulnerabilities
-        run: >
-          snyk code test --sarif-file-output=snyk-code.sarif
+        uses: snyk/actions/dotnet@master
+        continue-on-error: true # To make sure that SARIF upload gets called
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: 'snyk-code.sarif'
+          sarif_file: snyk.sarif
