Create snyk-iac-pr-check.yml

.github/workflows/snyk-iac-pr-check.yml

@@ -0,0 +1,28 @@
+# The Infrastructure as Code Action also supports integrating with GitHub Code Scanning and can show issues in the
+# GitHub Security tab. When run, a snyk.sarif file will be generated which can be uploaded to GitHub Code Scanning.
+name: Snyk Infrastructure as Code
+on: push
+jobs:
+ snyk:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Run Snyk to check configuration files for security issues
+ # Snyk can be used to break the build when it detects security issues.
+ # In this case we want to upload the issues to GitHub Code Scanning
+ continue-on-error: true
+ uses: snyk/actions/iac@master
+ env:
+ # In order to use the Snyk Action you will need to have a Snyk API token.
+ # More details in https://github.com/snyk/actions#getting-your-snyk-token
+ # or you can signup for free at https://snyk.io/login
+ SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+ with:
+ # Add the path to the configuration file that you would like to test.
+ # For example `deployment.yaml` for a Kubernetes deployment manifest
+ # or `main.tf` for a Terraform configuration file
+ file: .
+ - name: Upload result to GitHub Code Scanning
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ sarif_file: snyk.sarif