Snyk Python Action
Using the Snyk Python Action to check for vulnerabilities
The examples that follow show how you can use a Snyk Python GitHub Action.
Snyk requires that Python download the dependencies before running or triggering the Snyk checks.
The Python image checks and installs dependencies only if the manifest files are present in the current path, that is, the path from where the action is being triggered.
If pip is present on the current path , and Snyk finds a
requirements.txt
file, then Snyk runspip install -r requirements.txt
.If pipenv is present on the current path, and Snyk finds a
Pipfile
without aPipfile.lock
, then Snyk runspipenv update
.If
pyproject.toml
is present in the current path and Snyk does not findpoetry.lock
then Snyk runspip install poetry
.
If manifest files are present under any location other root then they must be installed prior to running Snyk.
You can use the Snyk Python Action to check for vulnerabilities as follows:
You can use the Snyk CocoaPods Action to check for only high severity vulnerabilities as follows:
Using the Snyk Python Action to run snyk monitor
Uploading Snyk scan results to GitHub Code Scanning using the Snyk Python Action
To use the upload-sarif option for private repos you must have GitHub Advanced Security.
Last updated