Leave single Snyk scan

[piotrzajac]

Summary by CodeRabbit

• Chores
  • Consolidated multiple Snyk scanning steps into a single scan invocation.
  • Simplified scan configuration by merging code and monitor scans into one step.
  • Updated SARIF reporting to use the new report name and ensured upload references it.
  • No user-facing functionality changes.

[coderabbitai]

Walkthrough

Replaces multiple Snyk workflow steps with a single snyk scan invocation that outputs SARIF to snyk.sarif, removes separate code scan and monitor steps, and updates the SARIF upload step to use the new filename.

Changes

Cohort / File(s)	Summary of changes
CI workflow: Snyk scanning .github/workflows/snyk.yml	Renamed step to "🔬 snyk scan"; removed separate "🔬 snyk code scan" and "📈 snyk monitor" steps; consolidated into one snyk scan call that writes SARIF to snyk.sarif (keeps --all-projects and excludes); updated SARIF upload to use snyk.sarif.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GH as GitHub Actions
  participant Snyk as Snyk CLI
  participant GHAS as GitHub Security (SARIF)

  Dev->>GH: Push/PR triggers workflow
  GH->>Snyk: Run single "snyk scan" (--all-projects, excludes)
  Snyk-->>GH: Produce SARIF (snyk.sarif)
  GH->>GHAS: Upload `snyk.sarif`
  GHAS-->>Dev: Results available in Security Dashboard

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Review the new snyk scan arguments and exclude list for parity with previous steps.
• Verify the SARIF filename change (snyk.sarif) is reflected in the upload step and any consumers.
• Confirm no required monitoring or code-scan-specific flags were lost.

Poem

I nibble at YAML lines tonight,
One scan, one file, all tidy and bright.
SARIF snug in snyk.sarif bed,
I hop and hum — no duplicates to dread. 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Leave single Snyk scan' directly and clearly summarizes the main change: consolidating multiple Snyk scan steps into a single scan operation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix/fix-snyk-scan

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4f4db6d and 5501fe5.

📒 Files selected for processing (1)

• .github/workflows/snyk.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/snyk.yml

Tip

📝 Customizable high-level summaries are now available!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide custom instructions to shape the summary (bullet lists, tables, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example:

"Create a concise high-level summary as a bullet-point list. Then include a Markdown table showing lines added and removed by each contributing author."

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c4581ba and 76f333c.

📒 Files selected for processing (1)

• .github/workflows/snyk.yml (1 hunks)