Added required permissions in the action example

[danacr]

The action example will fail without setting the read permission for the repository and the security events write for the Sarif file.

[nathanpVuka]

I had to add other permissions in order to get them to actually work:

    permissions:
      actions: read
      contents: read
      statuses: read
      security-events: write

[jahow]

Hi,

Just pointing out that this PR is quite important IMO, I've been struggling with permissions and couldn't find anything to help me in all of Snyk docs, so this change would probably very much appreciated!

thanks for the great project!

[huyz]

Why is there no Issues tab on this repo?

Is the PR area the only place where we can tell you that things don't work?

[huyz]

Sorry to hijack this PR for my issue. I just don't see where to report problems for this repo.

Has anyone been able to get the snyk/snyk:python action to work? No matter what I do, I get:

`snyk` requires an authenticated account. Please run `snyk auth` and try again.

even though my SNYK_TOKEN secret is set in the repo and I have:

    steps:
      - uses: actions/checkout@v3
      - name: Run Snyk to check configuration files for security issues
        uses: snyk/actions/python@master
        # Snyk can be used to break the build when it detects security issues.
        # In this case we want to upload the issues to GitHub Code Scanning
        continue-on-error: true
        env:
          # In order to use the Snyk Action you will need to have a Snyk API token.
          # More details in https://github.com/snyk/actions#getting-your-snyk-token
          # or you can signup for free at https://snyk.io/login
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          #args: --severity-threshold=high
          args: --sarif-file-output=snyk.sarif

This used to work months ago, but it's stopped working for months now. (And I'm wondering if Snyk has CI on their own actions 😄 )

[michelkaporin]

@huyz Please reach out to Snyk Support on that, as it's an official channel providing customer support.

[danacr]

@michelkaporin thank you for the feedback! I missed your comment, just regenerated everything

[michelkaporin]

@danacr @snyk/hammerhead should take care of your PR, as I moved to a different team at Snyk. I've pinged them to re-review it.

[wilson1000-MoJ]

Sorry to hijack this PR for my issue. I just don't see where to report problems for this repo.

Has anyone been able to get the snyk/snyk:python action to work? No matter what I do, I get:

`snyk` requires an authenticated account. Please run `snyk auth` and try again.

even though my SNYK_TOKEN secret is set in the repo and I have:

    steps:
      - uses: actions/checkout@v3
      - name: Run Snyk to check configuration files for security issues
        uses: snyk/actions/python@master
        # Snyk can be used to break the build when it detects security issues.
        # In this case we want to upload the issues to GitHub Code Scanning
        continue-on-error: true
        env:
          # In order to use the Snyk Action you will need to have a Snyk API token.
          # More details in https://github.com/snyk/actions#getting-your-snyk-token
          # or you can signup for free at https://snyk.io/login
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          #args: --severity-threshold=high
          args: --sarif-file-output=snyk.sarif

This used to work months ago, but it's stopped working for months now. (And I'm wondering if Snyk has CI on their own actions 😄 )

I had the same issue and moved the SNYK_TOKEN to the global scope. It all worked after that.

[danacr]

hey folks, can we merge this?