Integrating Snyk Security Analysis Tool into Github

.github/workflows/snyk.yaml

@@ -0,0 +1,39 @@
+name: Snyk Security Scan
+
+on:
+  pull_request:
+    branches:
+      - f24
+  workflow_call:
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  checks: write
+  contents: read
+
+jobs:
+  snyk:
+    runs-on: ubuntu-latest
+    env:
+      SNYK_TOKEN: ${{ secrets.SNYK_KEY }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: NPM Install
+        uses: bahmutov/npm-install@v1
+        with:
+          useLockFile: false
+          working-directory: ./install
+
+      - name: Run Snyk Test
+        run: npx snyk test --severity-threshold=high
+        working-directory: ./install

install/.snyk

@@ -0,0 +1,32 @@
+version: v1.1293.1
+
+ignore:
+  SNYK-JS-BOOTBOX-174704:  # Potential XSS vulnerability in Bootbox
+    - '*':
+        reason: "Low risk for our current usage."
+        expires: '2025-12-31T00:00:00Z'
+
+  SNYK-JS-ELLIPTIC-8187303:  # Signature handling issue in Elliptic
+    - '*':
+        reason: "No available update; minimal security impact."
+        expires: '2025-12-31T00:00:00Z'
+
+  SNYK-JS-INFLIGHT-6095116:  # Resource release concern in Inflight
+    - '*':
+        reason: "Unlikely to affect our application."
+        expires: '2025-12-31T00:00:00Z'
+
+  SNYK-JS-REQUEST-3361831:  # SSRF potential in Request package
+    - '*':
+        reason: "Not relevant within our application's environment."
+        expires: '2025-12-31T00:00:00Z'
+
+  SNYK-JS-JQUERYFORM-574783:  # XSS vulnerability in jquery-form
+    - '*':
+        reason: "No alternative available; limited exposure in current usage."
+        expires: '2025-12-31T00:00:00Z'
+
+  SNYK-JS-MARKDOWNIT-6483324:  # Infinite loop vulnerability in markdown-it
+    - '*':
+        reason: "Fixed in newer version, pending update in dependent library."
+        expires: '2025-12-31T00:00:00Z'

install/package.json

@@ -42,7 +42,7 @@
         "autoprefixer": "10.4.19",
         "bcryptjs": "2.4.3",
         "benchpressjs": "2.5.1",
-        "body-parser": "1.20.2",
+        "body-parser": "^1.20.3",
         "bootbox": "6.0.0",
         "bootstrap": "5.3.3",
         "bootswatch": "5.3.3",
@@ -66,7 +66,7 @@
         "daemon": "1.1.0",
         "diff": "5.2.0",
         "esbuild": "0.21.2",
-        "express": "4.19.2",
+        "express": "^4.20.0",
         "express-session": "1.18.0",
         "express-useragent": "1.0.15",
         "fetch-cookie": "3.0.1",
@@ -170,7 +170,8 @@
         "mocha-lcov-reporter": "1.3.0",
         "mockdate": "3.0.5",
         "nyc": "15.1.0",
-        "smtp-server": "3.13.4"
+        "smtp-server": "3.13.4",
+        "snyk": "1.1294.0"
     },
     "optionalDependencies": {
         "sass-embedded": "1.77.1"