@@ -20,6 +20,38 @@ permissions:
2020 contents : read
2121
2222jobs :
23+ snyk-scan :
24+ runs-on : ubuntu-latest
25+ needs : test-and-lint
26+ permissions :
27+ contents : read
28+
29+ steps :
30+ - name : Checkout
31+ uses : actions/checkout@v4
32+
33+ - name : Set up Python
34+ uses : actions/setup-python@v5
35+ with :
36+ python-version : " 3.12"
37+ cache : " pip"
38+ cache-dependency-path : |
39+ app_python/requirements.txt
40+
41+ name : Install dependencies
42+ working-directory : app_python
43+ run : |
44+ python -m pip install --upgrade pip
45+ pip install -r requirements.txt
46+
47+ name : Snyk scan (dependencies)
48+ uses : snyk/actions/python@master
49+ env :
50+ SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
51+ with :
52+ command : test
53+ args : --severity-threshold=high --file=app_python/requirements.txt
54+
2355 test-and-lint :
2456 runs-on : ubuntu-latest
2557
@@ -90,35 +122,3 @@ jobs:
90122 tags : |
91123 ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service:${{ env.VERSION }}
92124 ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service:latest
93-
94- snyk-scan :
95- runs-on : ubuntu-latest
96- needs : test-and-lint
97- permissions :
98- contents : read
99-
100- steps :
101- - name : Checkout
102- uses : actions/checkout@v4
103-
104- - name : Set up Python
105- uses : actions/setup-python@v5
106- with :
107- python-version : " 3.12"
108- cache : " pip"
109- cache-dependency-path : |
110- app_python/requirements.txt
111-
112- name : Install dependencies
113- working-directory : app_python
114- run : |
115- python -m pip install --upgrade pip
116- pip install -r requirements.txt
117-
118- name : Snyk scan (dependencies)
119- uses : snyk/actions/python@master
120- env :
121- SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
122- with :
123- command : test
124- args : --severity-threshold=high --file=app_python/requirements.txt
0 commit comments