Update Snyk GA

blootsvoets · blootsvoets · commit c315d7218cad · 2022-11-15T15:48:00.000+01:00
diff --git a/.github/workflows/scheduled_snyk.yaml b/.github/workflows/scheduled_snyk.yaml
@@ -2,6 +2,10 @@ name: Snyk scheduled test
 on:
   schedule:
     - cron: '0 2 * * 1'
+  push:
+    branches:
+      - master
+
 jobs:
   security:
     runs-on: ubuntu-latest
@@ -27,13 +31,15 @@ jobs:
         run: >
           snyk test
           --configuration-matching='^runtimeClasspath$'
+          --fail-on=upgradable
           --json-file-output=${{ env.REPORT_FILE }}
           --org=radar-base
+          --policy-path=$PWD/.snyk
 
       - name: Report new vulnerabilities
         uses: thehyve/report-vulnerability@master
+        if: success() || failure()
         with:
           report-file: ${{ env.REPORT_FILE }}
         env:
           TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        if: ${{ failure() }}
diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
@@ -3,6 +3,7 @@ on:
   pull_request:
     branches:
       - main
+
 jobs:
   security:
     runs-on: ubuntu-latest
@@ -26,6 +27,5 @@ jobs:
         run: >
           snyk test
           --configuration-matching='^runtimeClasspath$'
-          --fail-on=upgradable
           --org=radar-base
-          --severity-threshold=high
+          --policy-path=$PWD/.snyk
