patch of ci: add snyk scans · round #0 · pull #3 · quietengineer.fyi/pdsadmin

+28
.tangled/workflows/security.yaml
···

       1
       1
       +
       when:

     

       2
       2
       +
         - event: ["push", "pull_request"]

     

       3
       3
       +
           branch: ["main", "develop"]

     

       4
       4
       +
         - event: ["manual"]

     

       5
       5
       +
       

     

       6
       6
       +
       engine: "nixery"

     

       7
       7
       +
       

     

       8
       8
       +
       dependencies:

     

       9
       9
       +
         nixpkgs:

     

       10
       10
       +
           - go

     

       11
       11
       +
           - snyk

     

       12
       12
       +
       

     

       13
       13
       +
       environment:

     

       14
       14
       +
         SNYK_DISABLE_ANALYTICS: 1

     

       15
       15
       +
       

     

       16
       16
       +
       steps:

     

       17
       17
       +
         - name: build application

     

       18
       18
       +
           command: |

     

       19
       19
       +
             go build -v ./...

     

       20
       20
       +
       

     

       21
       21
       +
         - name: snyk auth

     

       22
       22
       +
           command: |

     

       23
       23
       +
             snyk auth "$SNYK_TOKEN"

     

       24
       24
       +
       

     

       25
       25
       +
         - name: snyk test

     

       26
       26
       +
           command: |

     

       27
       27
       +
             snyk monitor --all-projects

     

       28
       28
       +
             snyk test --all-projects