From a8d0c9dca20d2cff657011e3f8ed387eadc3e751 Mon Sep 17 00:00:00 2001
From: krymtkts <takatoshi.kuriyama@gmail.com>
Date: Fri, 5 Jan 2024 16:16:32 +0900
Subject: [PATCH 1/5] Add Snyk step to workflow for pull request.

---
 .github/workflows/pr.yml         | 7 +++++++
 src/pocof.Test/pocof.Test.fsproj | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 8fe46f9f..6853832c 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -23,3 +23,10 @@ jobs:
         uses: ./.github/actions/test
         with:
           codecov_token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/dotnet@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args: --all-projects
diff --git a/src/pocof.Test/pocof.Test.fsproj b/src/pocof.Test/pocof.Test.fsproj
index 8b56bb8b..d7316aed 100644
--- a/src/pocof.Test/pocof.Test.fsproj
+++ b/src/pocof.Test/pocof.Test.fsproj
@@ -31,6 +31,9 @@
     </PackageReference>
     <!-- NOTE: for creating mock PSObject -->
     <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.4.0" />
+    <!-- NOTE: NOTE: for suppressing vulnerability report the transient dependencies from xunit that depends .NET Standard 1.6. -->
+    <PackageReference Include="System.Net.Http" Version="4.3.4" />
+    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
   </ItemGroup>
 
   <ItemGroup>

From 39f2b35e69fd14e6c9dbcc897174a3d204f42fc8 Mon Sep 17 00:00:00 2001
From: krymtkts <takatoshi.kuriyama@gmail.com>
Date: Fri, 5 Jan 2024 16:24:22 +0900
Subject: [PATCH 2/5] Add an if condition to invoke Snyk only on Linux.

---
 .github/workflows/pr.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 6853832c..4ddda2b1 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -24,6 +24,7 @@ jobs:
         with:
           codecov_token: ${{ secrets.CODECOV_TOKEN }}
       - name: Run Snyk to check for vulnerabilities
+        if: runner.os == 'Linux'
         uses: snyk/actions/dotnet@master
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

From d31c5d4beaeedb19c9316f5ee8063b51baa83842 Mon Sep 17 00:00:00 2001
From: krymtkts <takatoshi.kuriyama@gmail.com>
Date: Fri, 5 Jan 2024 17:02:19 +0900
Subject: [PATCH 3/5] Add a step to upload code scanning results with Snyk to
 the workflow for the main branch.

---
 .github/workflows/main.yml | 16 ++++++++++++++++
 .github/workflows/pr.yml   |  1 +
 2 files changed, 17 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 06f2b91e..deed6452 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -7,6 +7,7 @@ on:
 
 permissions:
   contents: read
+  security-events: write
 
 jobs:
   test:
@@ -24,3 +25,18 @@ jobs:
         uses: ./.github/actions/test
         with:
           codecov_token: ${{ secrets.CODECOV_TOKEN }}
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/dotnet@master
+        # synk/actions uses Container action that is only supported on Linux.
+        if: runner.os == 'Linux'
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args: --all-projects --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        if: runner.os == 'Linux'
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 4ddda2b1..e3305a14 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -24,6 +24,7 @@ jobs:
         with:
           codecov_token: ${{ secrets.CODECOV_TOKEN }}
       - name: Run Snyk to check for vulnerabilities
+        # synk/actions uses Container action that is only supported on Linux.
         if: runner.os == 'Linux'
         uses: snyk/actions/dotnet@master
         env:

From 91cd0249716e7774cfaf64d951e44f181677bc80 Mon Sep 17 00:00:00 2001
From: krymtkts <takatoshi.kuriyama@gmail.com>
Date: Fri, 5 Jan 2024 17:03:54 +0900
Subject: [PATCH 4/5] Add a Snyk badge.

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 5548ac62..34c9dac9 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,7 @@
 [![PowerShell Gallery](https://img.shields.io/powershellgallery/dt/pocof)](https://www.powershellgallery.com/packages/pocof)
 ![Test main status](https://github.com/krymtkts/pocof/actions/workflows/main.yml/badge.svg)
 [![codecov](https://codecov.io/gh/krymtkts/pocof/graph/badge.svg?token=7HA9NC8PHT)](https://codecov.io/gh/krymtkts/pocof)
+[![Known Vulnerabilities](https://snyk.io/test/github/krymtkts/pocof/badge.svg)](https://snyk.io/test/github/krymtkts/pocof)
 
 An interactive pipeline filtering Cmdlet for PowerShell written in F#.
 

From d1a903812c6b1bc14783ccd2fd216be5b87e7a36 Mon Sep 17 00:00:00 2001
From: krymtkts <takatoshi.kuriyama@gmail.com>
Date: Fri, 5 Jan 2024 17:54:28 +0900
Subject: [PATCH 5/5] Remove the Snyk badge as the dotnet project is not yet
 supported.

---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index 34c9dac9..5548ac62 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,6 @@
 [![PowerShell Gallery](https://img.shields.io/powershellgallery/dt/pocof)](https://www.powershellgallery.com/packages/pocof)
 ![Test main status](https://github.com/krymtkts/pocof/actions/workflows/main.yml/badge.svg)
 [![codecov](https://codecov.io/gh/krymtkts/pocof/graph/badge.svg?token=7HA9NC8PHT)](https://codecov.io/gh/krymtkts/pocof)
-[![Known Vulnerabilities](https://snyk.io/test/github/krymtkts/pocof/badge.svg)](https://snyk.io/test/github/krymtkts/pocof)
 
 An interactive pipeline filtering Cmdlet for PowerShell written in F#.