security.yml

name: security

on:
  schedule:
    - cron:  '0 0 * * 0'

jobs:
    security:
      permissions:
        actions: read
        contents: read
        security-events: write
      name: Snyk
      runs-on: ubuntu-latest
      if: always()
      steps:
        - uses: actions/checkout@master
        - name: Run Snyk to check for vulnerabilities
          uses: snyk/actions/node@master
          env:
            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
          with:
            args: --sarif-file-output=snyk.sarif  --all-projects --exclude=examples,dev
        - name: Upload result to GitHub Code Scanning
          uses: github/codeql-action/upload-sarif@v3
          with:
            sarif_file: snyk.sarif