Running Snyk On Forgejo/Codeberg Actions
Recently I started using Snyk to keep an eye on project dependencies, and I wanted to automate the process of updating the project in Snyk with the latest package lists.
I came up with the below, so I thought I’d share it to help others attempting to achieve the same.
This version specifically targets both composer.lock and package-lock.json files for PHP/Composer packages & NPM-based packages, and it runs for changes to these on development and release branches.
When run, it will update projects in Snyk to be monitored, using a name of bookstack-{branch_name}-{npm|composer}, so that different branches can be monitored independently.
You’ll need to add a token from Snyk as a SNYK_TOKEN secret in the Codeberg/Forgejo project/owner settings.
name: update-snyk
on:
workflow_dispatch:
push:
paths:
- 'composer*'
- 'package*'
branches:
- 'development'
- 'release'
jobs:
update:
runs-on: docker
container:
image: docker.io/library/node:24-trixie
steps:
- uses: https://code.forgejo.org/actions/checkout@v6
- name: Update Snyk for monitoring - Composer
uses: https://github.com/snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: snyk monitor --file=composer.lock --project-name=bookstack-${{forgejo.ref_name}}-composer
- name: Update Snyk for monitoring - NPM
uses: https://github.com/snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: snyk monitor --file=package-lock.json --project-name=bookstack-${{forgejo.ref_name}}-npm