From 0cccfb540c811a002ef14fc0890d73d2b3aefedb Mon Sep 17 00:00:00 2001 From: Dmitry Salakhov Date: Thu, 18 Feb 2021 11:09:17 +1300 Subject: [PATCH] add snyk to scan js vulnerabilities --- .github/workflows/quality-scan.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/quality-scan.yml b/.github/workflows/quality-scan.yml index 1b3f4c05f..8c212d4b4 100644 --- a/.github/workflows/quality-scan.yml +++ b/.github/workflows/quality-scan.yml @@ -50,6 +50,14 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 + client-dependencies: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Run Snyk to check for vulnerabilities + uses: snyk/actions/node@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} server-security: name: Scan server code runs-on: ubuntu-latest