File tree Expand file tree Collapse file tree 2 files changed +23
-6
lines changed Expand file tree Collapse file tree 2 files changed +23
-6
lines changed Original file line number Diff line number Diff line change @@ -3,24 +3,41 @@ name: Publish to npm
33on :
44 push :
55 tags :
6- - " v*" # Trigger on version tags like v6.0.0
6+ - " v*"
77
88permissions :
99 contents : read
10- id-token : write # Required for OIDC (Trusted Publishing)
10+ id-token : write
11+ security-events : write # Added for Snyk SARIF upload
1112
1213jobs :
1314 publish :
1415 runs-on : ubuntu-latest
15- # environment: production # Uncomment for approval gates
1616 steps :
1717 - uses : actions/checkout@v4
18+ with :
19+ fetch-depth : 0 # Needed for Snyk
20+
1821 - uses : actions/setup-node@v4
1922 with :
2023 node-version : " 20"
2124 registry-url : " https://registry.npmjs.org"
25+
2226 - name : Update npm
2327 run : npm install -g npm@latest
28+
2429 - run : npm ci
2530 - run : npm run build
26- - run : cd out && npm publish --access public
31+
32+ # === SNYK integration ===
33+ - name : Install Snyk
34+ run : npm install -g snyk
35+
36+ - name : Auth Snyk
37+ run : snyk auth ${{ secrets.SNYK_TOKEN }}
38+
39+ - name : Snyk Test (fail on high/critical)
40+ run : snyk test --severity-threshold=high
41+
42+ # === Publish (only runs if Snyk passes) ===
43+ - run : cd out && npm publish --access public --provenance
Original file line number Diff line number Diff line change @@ -289,9 +289,9 @@ _Get SARIF output including exact line numbers of violations._
289289
290290## Installation
291291
292- ` lightning-flow-scanner-core ` is published to ** npm** only .
292+ ` lightning-flow-scanner-core ` is published to ** npm** and ** scanned with Snyk during release ** .
293293
294- [ ![ npm version] ( https://img.shields.io/npm/v/@flow-scanner/lightning-flow-scanner-core?label=npm )] ( https://www.npmjs.com/package/@flow-scanner/lightning-flow-scanner-core )
294+ [ ![ npm version] ( https://img.shields.io/npm/v/@flow-scanner/lightning-flow-scanner-core?label=npm )] ( https://www.npmjs.com/package/@flow-scanner/lightning-flow-scanner-core ) [ ![ Known Vulnerabilities ] ( https://snyk.io/test/github/Flow-Scanner/lightning-flow-scanner-core/badge.svg )] ( https://snyk.io/test/github/Flow-Scanner/lightning-flow-scanner-core )
295295
296296** To install with npm:**
297297
You can’t perform that action at this time.
0 commit comments