snyk wip

joeyorlando · joeyorlando · commit 895d44110774 · 2024-06-11T10:52:12.000-04:00
diff --git a/.github/workflows/snyk-security-scan.yml b/.github/workflows/snyk-security-scan.yml
@@ -4,20 +4,17 @@ on:
   workflow_call:
 
 jobs:
-  synk-security-scan:
+  snyk-python-security-scan:
     name: Snyk security scan
     runs-on: ubuntu-latest
     # see this PR regarding the permissions needed for this workflow
     # https://github.com/snyk/actions/pull/79
-    # permissions:
-    #   # required for all workflows
-    #   security-events: write
-    #   # only required for workflows in private repositories
-    #   actions: read
-    #   contents: read
-    env:
-      # https://github.com/snyk/actions/pull/79
-      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     steps:
       - uses: actions/checkout@v4
       - name: Setup Python
@@ -29,3 +26,5 @@ jobs:
       - name: Run Snyk
         continue-on-error: true
         run: snyk monitor --all-projects --severity-threshold=high
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
