Skip to content

Commit 282d92d

Browse files
committed
report publish permissions
1 parent ac6162c commit 282d92d

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

.github/workflows/pr-merge-main.yml

+5-5
Original file line numberDiff line numberDiff line change
@@ -62,10 +62,14 @@ jobs:
6262
if: github.event.pull_request.merged == true
6363
runs-on: ubuntu-latest
6464

65+
permissions:
66+
security-events: write
67+
6568
env:
6669
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
6770
SNYK_ORG: legal-aid-agency
6871
SNYK_TEST_EXCLUDE: build,generated
72+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6973

7074
steps:
7175
- uses: actions/checkout@v3
@@ -75,16 +79,12 @@ jobs:
7579
with:
7680
command: monitor
7781
args: --org=${SNYK_ORG} --all-projects --exclude=$SNYK_TEST_EXCLUDE
78-
env:
79-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
8082
- name: Generate sarif Snyk report
8183
uses: snyk/actions/gradle@0.4.0
8284
continue-on-error: true
8385
with:
8486
args: --org=${SNYK_ORG} --all-projects --exclude=$SNYK_TEST_EXCLUDE --sarif-file-output=snyk-report.sarif
85-
env:
86-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
8787
- name: Upload result to GitHub Code Scanning
88-
uses: github/codeql-action/upload-sarif@v2
88+
uses: github/codeql-action/upload-sarif@v3
8989
with:
9090
sarif_file: snyk-report.sarif

0 commit comments

Comments
 (0)