add snyk to scan js vulnerabilities

2021-02-18 11:09:17 +13:00 · 2021-02-18 11:09:17 +13:00 · 0cccfb540c
parent 9c32ad2ff6
commit 0cccfb540c
1 changed files with 8 additions and 0 deletions
--- a/.github/workflows/quality-scan.yml
+++ b/.github/workflows/quality-scan.yml
@ -50,6 +50,14 @@ jobs:

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v1
+  client-dependencies:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/node@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
  server-security:
    name: Scan server code
    runs-on: ubuntu-latest