scheduled-snyk.yaml

name: Snyk scheduled test

on:
  schedule:
    - cron: '0 2 * * 1'

jobs:
  security:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - uses: snyk/actions/setup@master
        with:
          snyk-version: v1.1295.2

      - uses: actions/setup-node@v3
        with:
          node-version: '16'
          cache: npm

      - uses: actions/setup-java@v3
        with:
          distribution: temurin
          java-version: 17

      - name: Setup Gradle
        uses: gradle/gradle-build-action@v2

      - name: Run Snyk to check for vulnerabilities
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        run: >
          snyk test
          --all-projects
          --configuration-matching="^runtimeClasspath$"
          --org=radar-base
          --policy-path=.snyk
          --json-file-output=snyk.json

      - name: Report new vulnerabilities
        uses: thehyve/report-vulnerability@master
        with:
          report-file: snyk.json
        env:
          TOKEN: ${{ secrets.GITHUB_TOKEN }}
        if: ${{ failure() }}