keycloak-scim/.github/workflows/snyk.yml
dependabot[bot] bf13827282
Bump github/codeql-action from 2.1.20 to 2.1.21 (#14052)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.20 to 2.1.21.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2.1.20...v2.1.21)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-29 10:59:33 +02:00

67 lines
2 KiB
YAML

name: "Snyk"
on:
schedule:
- cron: "0 0 * * *"
env:
DEFAULT_JDK_VERSION: 11
jobs:
quarkus:
name: Quarkus
runs-on: ubuntu-latest
if: ${{ github.repository == 'keycloak/keycloak' }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
java-version: ${{ env.DEFAULT_JDK_VERSION }}
distribution: temurin
cache: maven
- name: Build Quarkus
run: mvn -Psnyk-quarkus -pl quarkus/dist -am -DskipTests clean install
- uses: snyk/actions/setup@master
- name: Check for vulnerabilities
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Upload scanner results to GitHub
uses: github/codeql-action/upload-sarif@v2.1.21
with:
sarif_file: quarkus-report.sarif
operator:
name: Operator
runs-on: ubuntu-latest
if: ${{ github.repository == 'keycloak/keycloak' }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
java-version: ${{ env.DEFAULT_JDK_VERSION }}
distribution: temurin
cache: maven
- name: Build Keycloak
run: mvn -Poperator -pl operator -am -DskipTests clean install
- uses: snyk/actions/setup@master
- name: Check for vulnerabilities for the Operator
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Upload scanner results for the Operator to GitHub
uses: github/codeql-action/upload-sarif@v2.1.21
with:
sarif_file: operator-report.sarif