From f2e535b8d8df66bd319ab00181e67a42bc99e58a Mon Sep 17 00:00:00 2001
From: Mark Cheret <mark@cheret.de>
Date: Sat, 1 May 2021 09:23:20 +0200
Subject: [PATCH] update snyk action to update vulnerabilities on GH

---
 .github/workflows/snyk.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index 4487527..ea38633 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -13,7 +13,12 @@ jobs:
         
       - name: Run Snyk to check for vulnerabilities
         uses: snyk/actions/php@master
+        continue-on-error: true # To make sure that SARIF upload gets called
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          args: --all-projects
+          args: --all-projects --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: snyk.sarif