name: Snyk Security Scan
on:
pull_request:
branches: [main]
types: [opened, synchronize, reopened]
merge_group: # run if triggered as part of a merge queue
push:
branches: [main]
release:
types: [published]
jobs:
snyk:
name: Snyk Security Scan
runs-on: ubuntu-latest
# Skip Snyk for PRs from forks since secrets are not available
if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request'
permissions:
# Required to fetch internal or private CodeCommits
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v5
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/node@v1.0.0
env:
SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }}
with:
# Fail the build on high severity vulnerabilities
args: --severity-threshold=high
- name: Run Snyk Monitor
# Only monitor on main branch pushes and releases, not on PRs
if: github.event_name != 'pull_request' && github.event_name != 'merge_group'
uses: snyk/actions/node@v1.0.0
env:
SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }}
with:
command: monitor
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/dynatrace-oss/dynatrace-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server