ceph-csi/.github/workflows/snyk.yaml

---
name: Security scanning
# yamllint disable-line rule:truthy
on:
  schedule:
    # Run weekly on every Monday
    - cron: '0 0 * * 1'
  push:
    tags:
      - v*
    branches:
      - release-*

permissions:
  contents: read

jobs:
  security:
    if: github.repository == 'ceph/ceph-csi'
    runs-on: ubuntu-latest
    steps:
      - name: checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: run Snyk to check for code vulnerabilities
        uses: snyk/actions/golang@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
ci: add snyk scanning adding snyk github action to run when a PR is merged to the release branch or when a new release is done. Run snyk weekly on the devel branch. This will help us to track the security scanning results and fix if anything is required and also it serves as a placeholder for security scanning result for a while. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com> 2023-11-15 08:45:45 +00:00			`---`
			`name: Security scanning`
			`# yamllint disable-line rule:truthy`
			`on:`
			`schedule:`
			`# Run weekly on every Monday`
			`- cron: '0 0 * * 1'`
			`push:`
			`tags:`
			`- v*`
			`branches:`
			`- release-*`

			`permissions:`
			`contents: read`

			`jobs:`
			`security:`
			`if: github.repository == 'ceph/ceph-csi'`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: checkout`
			`uses: actions/checkout@v4`
			`with:`
			`fetch-depth: 0`

			`- name: run Snyk to check for code vulnerabilities`
			`uses: snyk/actions/golang@master`
			`env:`
			`SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}`