From 3f31b6b667ad9309711064560fed335b5c2303a9 Mon Sep 17 00:00:00 2001
From: Leo Ribeiro <leordev@gmail.com>
Date: Tue, 14 Nov 2023 16:53:30 -0500
Subject: [PATCH] Add Snyk for Vulns and License checks

---
 .github/workflows/tests-ci.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/.github/workflows/tests-ci.yml b/.github/workflows/tests-ci.yml
index 04c379a58..f0f067d91 100644
--- a/.github/workflows/tests-ci.yml
+++ b/.github/workflows/tests-ci.yml
@@ -23,9 +23,26 @@ jobs:
         with:
           node-version: 18
 
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Install Snyk
+        uses: snyk/actions/setup@3e2680e8df93a24b52d119b1305fb7cedc60ceae # latest master (no released tag)
+
+      - name: Snyk VULN and License Check Test
+        run: snyk test --all-projects --sarif-file-output=snyk.sarif
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
       - name: Report known vulnerabilities
         run: npm audit
 
+      - name: Upload SARIF result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
+        if: always()
+        with:
+          sarif_file: snyk.sarif
+
   test-with-node:
     runs-on: ubuntu-latest
     steps: