Snyk dotNET Action
This page provides examples of using the Snyk GitHub Action for dotNET. For instructions on using the action and further information, see GitHub Actions for Snyk setup and checking for vulnerabilities.
Using the Snyk dotNET Action to check for vulnerabilities
You can use the Snyk dotNET Action to check for vulnerabilities as follows:
name: Example workflow for dotNET using Snyk
on: push
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Setup .NET
uses: actions/setup-dotnet@4
- name: Restore dependencies
run: dotnet restore ./path/to/your.sln
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/dotnet@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
You can use the Snyk dotNET Action to check for only high severity vulnerabilities as follows:
name: Example workflow for dotNET using Snyk
on: push
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Run Snyk to check for vulnerabilities
- name: Setup .NET
uses: actions/setup-dotnet@4
- name: Restore dependencies
run: dotnet restore ./path/to/your.sln
uses: snyk/actions/dotnet@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high
Using the Snyk dotNET Action to run snyk monitor
For an example of running snyk monitor
, see this Snyk monitor example.
Uploading Snyk scan results to GitHub Code Scanning using the Snyk dotNET Action
Using --sarif-file-output
Snyk CLI option and the GitHub SARIF upload action, you can upload Snyk scan results to GitHub Code Scanning as shown in the example that follows.
The Snyk Action fails when vulnerabilities are found. This would prevent the SARIF upload action from running. Thus, you must use a continue-on-error option as shown in this example:
name: Example workflow for dotNET using Snyk
on: push
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Setup .NET
uses: actions/setup-dotnet@4
- name: Restore dependencies
run: dotnet restore ./path/to/your.sln
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/dotnet@master
continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
Last updated
Was this helpful?