From 2cb5934750cae15ddeea7ea3026bfcd85b529c04 Mon Sep 17 00:00:00 2001
From: Gonzalo Diaz <devel@gon.cl>
Date: Thu, 11 Jul 2024 00:27:27 -0400
Subject: [PATCH] [CONFIG] [Github-Actions] Snyk Open Source. Modified. Sarif
 output enabled.

---
 .../{dotnet-snyk.yml => snyk-code.yml}        | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)
 rename .github/workflows/{dotnet-snyk.yml => snyk-code.yml} (66%)

diff --git a/.github/workflows/dotnet-snyk.yml b/.github/workflows/snyk-code.yml
similarity index 66%
rename from .github/workflows/dotnet-snyk.yml
rename to .github/workflows/snyk-code.yml
index f338cb2..98f9440 100644
--- a/.github/workflows/dotnet-snyk.yml
+++ b/.github/workflows/snyk-code.yml
@@ -5,7 +5,7 @@
 
 ---
 
-name: .NET Snyk Code analysis
+name: Snyk Code analysis (.NET)
 
 on: # yamllint disable-line rule:truthy
   push:
@@ -16,19 +16,19 @@ on: # yamllint disable-line rule:truthy
 jobs:
   security:
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     steps:
       - uses: actions/checkout@master
       - uses: snyk/actions/setup@master
-      - name: Setup .NET
-        uses: actions/setup-dotnet@v4
-        with:
-          dotnet-version: 8.0.x
-      - name: Restore dependencies
-        run: dotnet restore algorithm-exercises-csharp.sln
       - name: Run Snyk to check for vulnerabilities
         run: >
-          snyk test
-          algorithm-exercises-csharp/
-          algorithm-exercises-csharp-test/
+          snyk code test --sarif-file-output=snyk-code.sarif
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'snyk-code.sarif'