* fix: bearer does not upload sarif report
When issues are found the exit code is non zero and so the github action aborts before uploading the sarif report.
This change fixes that issues.
* chore: update bearer.yml following review
---------
Co-authored-by: Cédric Fabianski <cfabianski@me.com>
Co-authored-by: Cédric Fabianski <cedric@bearer.com>
Some projects observed intermittent build timeouts with Swift.
In case this happens, and our CodeQL-level mitigations do not prevent the problem, we want to avoid using up 6h of the customer's billed macOS Actions minutes (which is the default timeout), so we suggest a reduced timeout of 2h.
This value is chosen to accommodate the total job time (build + CodeQL extraction + CodeQL analysis) we expect for large Swift projects. We may choose to adjust it in future.
CodeQL Swift analysis is best supported on macOS.
In preparation for CodeQL supporting Swift analysis in beta,
adjust the CodeQL starter workflow template to run the `swift` matrix job on `macos-latest`, and all other matrix jobs on
`ubuntu-latest`. This does not affect the matrix itself.
* Create snyk-security.properties.json
* Create snyk-security.yml
* Update snyk-security.yml
* Fix mispelling
Co-authored-by: Sampark Sharma <phantsure@github.com>
* Apply comments from PR
- Moved documentation link to the top
- Made `|| true` optional
- Added commit SHA for the Snyk GitHub Action
* Remove empty space
Co-authored-by: Sampark Sharma <phantsure@github.com>
* Remove empty space in line end
Co-authored-by: Sampark Sharma <phantsure@github.com>
* Update Categories
* Updated after running pre-commit linting
---------
Co-authored-by: Sampark Sharma <phantsure@github.com>