Github action for reporting a vulnerability. Use it with a scheduled Github actions workflow.
Inputs:
report-file- Name of the file with a reported created by Snyk.timestamp- The timestamp of the Snyk run. Will be added as a label to the Issue.category- Category of Snyk run. When defined, reported issues will be scoped within the category i.e., will not be closed by scans running on other categories. Will be added as label 'Snyk-category'to the Issue.
Environment variables:
TOKEN- Environment variable containing the value ofGITHUB_TOKENsecret.
The following workflow runs a scheduled check every Monday at 02:00.
First it runs a check using Snyk with your token generated at Snyk web-site.
If Snyk finds an issue, it throws an error in stderr and creates a report file.
If Snyk step fails (there is an issues found) then the last step runs and reports it if that issue was not already reported.
name: Workflow for Maven using Snyk
on:
schedule:
- cron: '0 2 * * 1'
jobs:
security:
runs-on: ubuntu-latest
env:
REPORT_FILE: test.json
steps:
- uses: actions/checkout@master
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/maven-3-jdk-11@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: test
args: --json-file-output=${{ env.REPORT_FILE }}
- name: Report new vulnerabilities
uses: thehyve/report-vulnerability@master
with:
report-file: ${{ env.REPORT_FILE }}
timestamp: 2025-01-01T00:00:00Z
category: 'radarbase/radar-home:latest
env:
TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: ${{ failure() }}