Update GitHub actions to use full length commit ids for
third-party actions to reduce security risk in case of vulnerabilities.
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
The secret in the project settings has a typo and is called `SYNK_TOKEN`
instead of `SNYK_TOKEN`. Changing the name of the secret does not seem
to be trivial; it needs to be deleted and re-created, which requires
obtaining a new token, somehow. Adopting the name with the typo in the
GitHub Workflow is easier.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
adding snyk github action to
run when a PR is merged to the release
branch or when a new release is done.
Run snyk weekly on the devel branch.
This will help us to track the security
scanning results and fix if anything is
required and also it serves as a placeholder
for security scanning result for a while.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>