Security #32

	name: Security

	on:
	workflow_call:
	schedule:
	# Weekly on Monday at 00:00 UTC
	- cron: 0 0 * * 1

	jobs:
	app-scan:
	name: App
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: app
	steps:
	- uses: actions/checkout@v4
	- name: Setup Snyk
	uses: snyk/actions/setup@master
	- name: Scan
	run: snyk test --sarif-file-output=snyk-results.sarif --all-projects
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
	- name: Upload Results to GitHub Code Scanning
	if: ${{ always() }}
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: app/snyk-results.sarif

Provide feedback