From b189209ef7421a91dc6faabb9f42b285ffe8988e Mon Sep 17 00:00:00 2001
From: Brian Smith <brian.e.smith@gmail.com>
Date: Thu, 12 Jan 2023 15:10:15 -0800
Subject: [PATCH] Modify Snyk integration to monitor open source scanning only

- Do not include code/static analysis
- Use `monitor` instead of `test`
- Target the setup.py for release and requirements.txt for dev
---
 .github/workflows/snyk.yml | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index 33bade36..58817cb5 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -7,24 +7,23 @@ on:
 env:
   SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
   SNYK_ORG: rstudio-connect
-  SNYK_PROJECT: rsconnect-python
 
 jobs:
-  python-dependencies:
+  snyk-monitor:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
-      - name: Run Snyk on dependencies
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Run Snyk (setup.py)
         uses: snyk/actions/python@master
         with:
           command: monitor
-          args: --file=setup.py --print-deps --project-name=${{ env.SNYK_PROJECT }} --org=${{ env.SNYK_ORG }}
-  python-code:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@master
-      - name: Run Snyk static analysis
+          args: --file=setup.py --package-manager=pip --project-name=setup.py --org=${{ env.SNYK_ORG }}
+
+      - name: Run Snyk (requirements.txt)
         uses: snyk/actions/python@master
         with:
-          command: code test
-          args: --project-name=${{ env.SNYK_PROJECT }} --org=${{ env.SNYK_ORG }} rsconnect/
+          command: monitor
+          args: --file=requirements.txt --package-manager=pip --project-name=requirements.txt --org=${{ env.SNYK_ORG }}