Merge pull request #2951 from WadeBarnes/fix/snyk-container-scanning

Fix Snyk Container scanning workflow
openwallet-foundation · May 15, 2024 · cc738f3 · cc738f3
2 parents f37bc91 + 6d0446e
commit cc738f3
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
@@ -1,24 +1,27 @@
 name: Snyk Container
 on:
   pull_request:
-    branches: [main]
+    branches:
+      - main
     paths:
-      - aries_cloudagent
-      - docker
+      - aries_cloudagent/**
+      - docker/**
 
 jobs:
   snyk:
     runs-on: ubuntu-latest
     if: ${{ github.repository_owner == 'hyperledger' }}
     steps:
     - uses: actions/checkout@v4
+
     - name: Build a Docker image
       run: docker build  -t aries-cloudagent -f docker/Dockerfile .
+
     - name: Run Snyk to check Docker image for vulnerabilities
       # Snyk can be used to break the build when it detects vulnerabilities.
       # In this case we want to upload the issues to GitHub Code Scanning
       continue-on-error: true
-      uses: snyk/actions/docker@master
+      uses: snyk/actions/docker@0.4.0
       env:
         # In order to use the Snyk Action you will need to have a Snyk API token.
         # More details in https://github.com/snyk/actions#getting-your-snyk-token
@@ -27,6 +30,7 @@ jobs:
       with:
         image: aries-cloudagent
         args: --file=docker/Dockerfile
+
     - name: Upload result to GitHub Code Scanning
       uses: github/codeql-action/upload-sarif@v3
       with: