snyk · grahamburgsma · Dec 14, 2023
@@ -30,6 +30,7 @@ you are using. We currently support:
 - [Python-3.10](python-3.10)
 - [Ruby](ruby)
 - [Scala](scala)
+- [Swift](swift)
 - [Docker](docker)
 - [Infrastructure as Code](iac)
 - [Setup](setup)

@@ -33,6 +33,7 @@
   "Python-3.10",
   "Ruby",
   "Scala",
+  "Swift",
 ]
 
 templatename = File.join("_templates", "BASE.md.erb")

@@ -0,0 +1,83 @@
+# Snyk Swift Action
+
+A [GitHub Action](https://github.com/features/actions) for using [Snyk](https://snyk.co/SnykGH) to check for
+vulnerabilities in your Swift projects. This Action is based on the [Snyk CLI][cli-gh] and you can use [all of its options and capabilities][cli-ref] with the `args`.
+
+
+You can use the Action as follows:
+
+```yaml
+name: Example workflow for Swift using Snyk
+on: push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/swift@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+```
+
+## Properties
+
+The Snyk Swift Action has properties which are passed to the underlying image. These are passed to the action using `with`.
+
+| Property | Default | Description                                                                                         |
+| -------- | ------- | --------------------------------------------------------------------------------------------------- |
+| args     |         | Override the default arguments to the Snyk image. See [Snyk CLI reference for all options][cli-ref] |
+| command  | test    | Specify which command to run, for instance test or monitor                                          |
+| json     | false   | In addition to the stdout, save the results as snyk.json                                            |
+
+For example, you can choose to only report on high severity vulnerabilities.
+
+```yaml
+name: Example workflow for Swift using Snyk
+on: push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/swift@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=high
+```
+
+## Uploading Snyk scan results to GitHub Code Scanning
+
+Using `--sarif-file-output` [Snyk CLI flag][cli-ref] and the [official GitHub SARIF upload action](https://docs.github.com/en/code-security/secure-coding/uploading-a-sarif-file-to-github), you can upload Snyk scan results to the GitHub Code Scanning.
+
+![Snyk results as a SARIF output uploaded to GitHub Code Scanning](../_templates/sarif-example.png)
+
+The Snyk Action will fail when vulnerabilities are found. This would prevent the SARIF upload action from running, so we need to introduce a [continue-on-error](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error) option like this:
+
+```yaml
+name: Example workflow for Swift using Snyk
+on: push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/swift@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif
+```
+
+Made with 💜 by Snyk
+
+[cli-gh]: https://github.com/snyk/snyk 'Snyk CLI'
+[cli-ref]: https://docs.snyk.io/snyk-cli/cli-reference 'Snyk CLI Reference documentation'
@@ -0,0 +1,26 @@
+name: "Snyk Swift"
+description: "Check your Swift application for vulnerabilties using Snyk"
+author: "Gareth Rushgrove"
+branding:
+  icon: "alert-triangle"
+  color: "yellow"
+inputs:
+  command:
+    description: "Which Snyk command to run, defaults to test"
+    default: test
+  args:
+    description: "Additional arguments to pass to Snyk"
+  json:
+    description: "Output a snyk.json file with results if running the test command"
+    default: false
+runs:
+  using: "docker"
+  image: "docker://snyk/snyk:swift"
+  env:
+    FORCE_COLOR: 2
+    SNYK_INTEGRATION_NAME: GITHUB_ACTIONS
+    SNYK_INTEGRATION_VERSION: swift
+  args:
+  - snyk
+  - ${{ inputs.command }}
+  - ${{ inputs.args }}