cypress-io · AtofStryker · Sep 6, 2023 · Sep 6, 2023
diff --git a/.github/workflows/snyk_sca_scan.yaml b/.github/workflows/snyk_sca_scan.yaml
@@ -1,4 +1,8 @@
 name: Snyk Software Composition Analysis Scan
+# This git workflow leverages Snyk actions to perform a Software Composition 
+# Analysis scan on our Opensource libraries upon Pull Requests to Master & 
+# Develop branches. We use this as a control to prevent vulnerable packages 
+# from being introduced into the codebase. 
 on:
   pull_request:
     branches:
@@ -9,17 +13,19 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [16.x]
+        node-version: [20.x]
     steps:
       - uses: actions/checkout@v3
       - name: Setting up Node
-        #- name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
-      - name: Run Snyk to check for opensource vulnerabilities
-        uses: snyk/actions/setup@master
+      - name: Installing snyk-delta and dependencies
+        run: npm i -g snyk-delta
+      - uses: snyk/actions/setup@master
+      - name: Perform SCA Scan
+        continue-on-error: false
         run: |
-          snyk test --all-projects --strict-out-of-sync=false --detection-depth=6 --exclude=docker,Dockerfile --severity-threshold=critical
+          snyk test --all-projects --detection-depth=4 --exclude=docker,Dockerfile --severity-threshold=critical
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }}