From bdec25996e2f1d842ef13133d8a509647d405ea8 Mon Sep 17 00:00:00 2001
From: Nikolay Nechaev <Nikolay_Nechaev@mail.ru>
Date: Fri, 16 Feb 2024 17:51:53 +0300
Subject: [PATCH] Task 2.2: snyk

---
 .github/workflows/python-app.yml | 12 +++++++++++-
 app_python/README.md             |  6 +++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index 900cdd1aef..330d00dd83 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -48,8 +48,18 @@ jobs:
         pytest
 
 
+  snyk:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python-3.10@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+
   docker-build-push:
-    needs: [ lint-test ]
+    needs: [ lint-test, snyk ]
 
     runs-on: ubuntu-latest
 
diff --git a/app_python/README.md b/app_python/README.md
index 221ad9514d..e6ec6b72e1 100644
--- a/app_python/README.md
+++ b/app_python/README.md
@@ -65,6 +65,6 @@ To run unit tests:
 ## CI
 
 On every push to the repository that changes files under `app_python/`,
-the code is linted and tested, on success, an image is built and published
-in DockerHub under the name `kolay0ne/app_py` with a tag matching the branch
-name.
+the code is linted and tested, and checked for vulnerabilities. On success,
+an image is built and published in DockerHub under the name `kolay0ne/app_py`
+with a tag matching the branch name.