From abc4944f061e53d1bf4337e0b6b1d58c466664da Mon Sep 17 00:00:00 2001
From: Leon Luttenberger <luttenberger.leon@gmail.com>
Date: Thu, 6 Jun 2024 12:09:04 -0500
Subject: [PATCH 1/2] add Snyk security scanner

---
 .github/workflows/snyk.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/snyk.yml

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
new file mode 100644
index 00000000..9cef3862
--- /dev/null
+++ b/.github/workflows/snyk.yml
@@ -0,0 +1,27 @@
+name: Snyk
+
+on:
+  workflow_dispatch:
+
+  schedule:
+    - cron: "0 9 * * 1"  # runs each Monday at 9:00 UTC
+
+permissions:
+  contents: read
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python-3.8@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=medium --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif

From 01d332770e24b1f030022b0aba4f2bfe5e782724 Mon Sep 17 00:00:00 2001
From: Leon Luttenberger <luttenberger.leon@gmail.com>
Date: Thu, 6 Jun 2024 12:28:11 -0500
Subject: [PATCH 2/2] fix permissions

---
 .github/workflows/snyk.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index 9cef3862..d3cce988 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -8,6 +8,7 @@ on:
 
 permissions:
   contents: read
+  security-events: write
 
 jobs:
   security:
@@ -22,6 +23,6 @@ jobs:
         with:
           args: --severity-threshold=medium --sarif-file-output=snyk.sarif
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: snyk.sarif