From 890e03cff03b36ebb496a31994ab2f07c2e770e0 Mon Sep 17 00:00:00 2001
From: alokshukla2012 <73115303+alokshukla2012@users.noreply.github.com>
Date: Mon, 6 Apr 2026 16:09:11 +0530
Subject: [PATCH] Update SCA workflow to use Snyk CLI

---
 .github/workflows/sca-scan.yml | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/sca-scan.yml b/.github/workflows/sca-scan.yml
index 85ca00e..21e9796 100644
--- a/.github/workflows/sca-scan.yml
+++ b/.github/workflows/sca-scan.yml
@@ -2,25 +2,33 @@ name: Source Composition Analysis Scan
 on:
   pull_request:
     types: [opened, synchronize, reopened]
+
 jobs:
   security-sca:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@master
+
       - name: Setup .NET Core @ Latest
         uses: actions/setup-dotnet@v1
         with:
           dotnet-version: "7.0.x"
+
       - name: Run Dotnet Restore
-        run: |
-          dotnet restore
+        run: dotnet restore
+
+      - name: Setup Snyk
+        uses: snyk/actions/setup@master   # just installs Snyk CLI, no deprecated dotnet action
+
       - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/dotnet@master
+        run: |
+          snyk test \
+            --file=Contentstack.Core/obj/project.assets.json \
+            --fail-on=all \
+            --json-file-output=snyk.json   # ← writes snyk.json to disk
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          args: --file=Contentstack.Core/obj/project.assets.json --fail-on=all
-          json: true
-        continue-on-error: true
+        continue-on-error: true            # ← let pipeline continue even if vulns found
+
       - uses: contentstack/sca-policy@main