ActionsInAction/action.yml at main · Mkumar2022-7/ActionsInAction · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
name: ' Snyk SAST'
description: 'SAST'

runs:
  using: 'composite'
  steps:

      # Fetch Snyk Token
      - name: Fetch secret from AWS Secrets Manager
        id: fetch-secret
        run: |
          secret_value=$(aws secretsmanager get-secret-value --secret-id SNYK_API_TOKEN --query SecretString --output text)
          echo "::add-mask::$secret_value"
          echo "SECRET_VALUE=${secret_value}" >> $GITHUB_ENV
        shell: bash

      # Checkout Code
      - name: Checkout Code
        uses: actions/checkout@v4

      # Install Snyk
      - name: Install Snyk
        run: sudo npm install -g snyk
        shell: bash

      # Authenticate Snyk
      - name: Authenticate Snyk
        run: snyk auth ${SECRET_VALUE}
        shell: bash

      # Run Snyk Code
      - name: Run Snyk Code
        run: snyk code test --sarif-file-output=snyk-sarif-report.sarif
        shell: bash

      # Upload Report
      - name: Upload SARIF report
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: snyk-sarif-report.sarif
        if: always()