Revert "Remove Snyk from CI pipeline"

timler · timler · commit e0c6477b4211 · 2024-12-05T08:27:54.000+02:00
This reverts commit 6647c53.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -64,4 +64,20 @@ jobs:
         CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
       run: |
         JACOCO_SOURCE_PATH=src/main/java ./cc-test-reporter format-coverage target/site/jacoco/jacoco.xml --input-type jacoco
-        ./cc-test-reporter upload-coverage
+        ./cc-test-reporter upload-coverage
+
+    # Install Snyk CLI
+    - name: Install Snyk CLI
+      run: npm install -g snyk
+
+    # Run Snyk to check for vulnerabilities
+    - name: Run Snyk to check for vulnerabilities
+      continue-on-error: true
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      run: snyk test --all-projects --severity-threshold=high --sarif-file-output=snyk.sarif
+
+    - name: Upload result to GitHub Code Scanning
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: snyk.sarif
