From d622ada3ae7fd0ee15fd9d52e7721b07eab4c488 Mon Sep 17 00:00:00 2001
From: Nikolay Nechaev <Nikolay_Nechaev@mail.ru>
Date: Fri, 16 Feb 2024 17:51:53 +0300
Subject: [PATCH] Task 2.2: snyk

---
 .github/workflows/python-app.yml | 11 +++++++++--
 app_python/README.md             |  6 +++---
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index 900cdd1aef..86afd7ecfb 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -13,7 +13,7 @@ permissions:
   contents: read
 
 jobs:
-  lint-test:
+  lint-test-snyk:
 
     runs-on: ubuntu-latest
 
@@ -47,9 +47,16 @@ jobs:
       run: |
         pytest
 
+    - name: Check for vulnerabilities with Snyk
+      uses: snyk/actions/python-${{ matrix.python-version }}@master
+      with:
+        args: app_python/
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
 
   docker-build-push:
-    needs: [ lint-test ]
+    needs: [ lint-test-snyk ]
 
     runs-on: ubuntu-latest
 
diff --git a/app_python/README.md b/app_python/README.md
index 221ad9514d..e6ec6b72e1 100644
--- a/app_python/README.md
+++ b/app_python/README.md
@@ -65,6 +65,6 @@ To run unit tests:
 ## CI
 
 On every push to the repository that changes files under `app_python/`,
-the code is linted and tested, on success, an image is built and published
-in DockerHub under the name `kolay0ne/app_py` with a tag matching the branch
-name.
+the code is linted and tested, and checked for vulnerabilities. On success,
+an image is built and published in DockerHub under the name `kolay0ne/app_py`
+with a tag matching the branch name.