search
SupportSnyk LearnAPI referenceProduct updatesSign up for free
githubEdit

Snyk Python action

This page provides examples of using the Snyk GitHub action for Pythonarrow-up-right. For instructions on using the action and further information, see GitHub Actions for Snyk setup and checking for vulnerabilities.

hashtag
Using the Snyk Python Action to check for vulnerabilities

The examples that follow show how you can use a Snyk Python GitHub action.

Snyk requires that Python download the dependencies before running or triggering the Snyk checks.

The Python image checks and installs dependencies only if the manifest files are present in the current path, that is, the path from where the action is being triggered.

  • If pip is present on the current path , and Snyk finds a requirements.txt file, then Snyk runs pip install -r requirements.txt.

  • If pipenv is present on the current path, and Snyk finds a Pipfile without a Pipfile.lock, then Snyk runs pipenv update.

  • If pyproject.toml is present in the current path and Snyk does not find poetry.lock then Snyk runs pip install poetry.

If manifest files are present under any location other than the root, then they must be installed prior to running Snyk.

You can use the Snyk Python action to check for vulnerabilities as follows:

name: Example workflow for Python using Snyk
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/python@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

You can use the Snyk CocoaPods action to check for only high severity vulnerabilities as follows:

hashtag
Using the Snyk Python action to run snyk monitor

For an example of running snyk monitor, see this Snyk monitor example.

hashtag
Uploading Snyk scan results to GitHub Code Scanning using the Snyk Python action

Using --sarif-file-output Snyk CLI option and the GitHub SARIF upload actionarrow-up-right, you can upload Snyk scan results to GitHub Code Scanning as shown in the example that follows.

The Snyk action fails when vulnerabilities are found. This would prevent the SARIF upload action from running. Thus, you must use a continue-on-errorarrow-up-right option as shown in this example:

circle-info

To use the upload-sarif option for private repositories, you must have GitHub Advanced Security.

If you see the error Advanced Security must be enabled for this repository to use code scanning, check that GitHub Advanced Security is enabled. For more information, see Managing security and analysis settings for your repositoryarrow-up-right.

PreviousSnyk PHP actionNextSnyk Python-3.6 action

Last updated

Was this helpful?