Skip to content

Add Snyk security scanning#3

Open
mayashavin wants to merge 4 commits into
mainfrom
feat/snyk-ci
Open

Add Snyk security scanning#3
mayashavin wants to merge 4 commits into
mainfrom
feat/snyk-ci

Conversation

@mayashavin

@mayashavin mayashavin commented May 24, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add Snyk security scanning workflow that runs on PRs to main
  • Only flags high-severity vulnerabilities (--severity-threshold=high)

Setup required

  • Add SNYK_TOKEN to the repo's GitHub Actions secrets

Test plan

  • Add SNYK_TOKEN secret and verify the workflow runs on a PR

🤖 Generated with Claude Code

@mayashavin @claude
feat: add Snyk security scanning CI workflow
6cc331f 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings May 24, 2026 23:10
Copilot AI reviewed May 24, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a GitHub Actions workflow to run Snyk vulnerability scanning on pull requests targeting main, intended to fail builds only for high-severity issues.

Changes:

  • Introduces .github/workflows/snyk.yml to run Snyk on PRs to main
  • Configures Snyk to use --severity-threshold=high
  • Requires SNYK_TOKEN to be provided via GitHub Actions secrets

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/snyk.yml
Comment on lines +11 to +13
- uses: actions/checkout@v4
- uses: snyk/actions/node@master
env:
Comment thread .github/workflows/snyk.yml
Comment on lines +3 to +16
on:
pull_request:
branches: [main]

jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high
Comment thread .github/workflows/snyk.yml
Comment on lines +10 to +16
steps:
- uses: actions/checkout@v4
- uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high
@mayashavin

mayashavin commented May 24, 2026

Copy link
Copy Markdown
Owner Author

@copilot review the comments and fix if applicable

Copilot AI commented May 24, 2026

Copy link
Copy Markdown

@copilot review the comments and fix if applicable

Addressed in commits dce4057 and cea8fd2. The Snyk action is now pinned to a commit SHA, the workflow matches CI setup (setup-node + npm ci), fork PRs are skipped, missing SNYK_TOKEN is handled gracefully, and minimal workflow permissions were added.

@mayashavin mayashavin requested a review from Copilot May 26, 2026 12:22
Copilot AI reviewed May 26, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Comment thread .github/workflows/snyk.yml Outdated
@mayashavin
Potential fix for pull request finding
b152764 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mayashavin