From afe6cd6df0b617f2ee4ca79a0769881069c1083c Mon Sep 17 00:00:00 2001
From: Oscar Zhou <100548325+oscarzhou-portainer@users.noreply.github.com>
Date: Wed, 22 Feb 2023 10:40:09 +1300
Subject: [PATCH] fix(code/security): vcs status error [EE-5062] (#8510)

---
 .github/workflows/nightly-security-scan.yml | 11 +++++++----
 .github/workflows/pr-security.yml           | 11 +++++++----
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/nightly-security-scan.yml b/.github/workflows/nightly-security-scan.yml
index 65924dd1b..917d5e495 100644
--- a/.github/workflows/nightly-security-scan.yml
+++ b/.github/workflows/nightly-security-scan.yml
@@ -56,17 +56,20 @@ jobs:
     steps:
       - uses: actions/checkout@master
 
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '1.19.4'
+
       - name: Download go modules
         run: cd ./api && go get -t -v -d ./...
 
       - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/golang@master
         continue-on-error: true # To make sure that artifact upload gets called
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          args: --file=./api/go.mod
-          json: true
+        run: |
+          yarn global add snyk
+          snyk test --file=./api/go.mod --json-file-output=snyk.json 2>/dev/null || :
 
       - name: Upload go security scan result as artifact
         uses: actions/upload-artifact@v3
diff --git a/.github/workflows/pr-security.yml b/.github/workflows/pr-security.yml
index 2af8a9ae9..6ab372387 100644
--- a/.github/workflows/pr-security.yml
+++ b/.github/workflows/pr-security.yml
@@ -78,17 +78,20 @@ jobs:
     steps:
       - uses: actions/checkout@master
 
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '1.19.4'
+
       - name: Download go modules
         run: cd ./api && go get -t -v -d ./...
 
       - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/golang@master
         continue-on-error: true # To make sure that artifact upload gets called
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          args: --file=./api/go.mod
-          json: true
+        run: |
+          yarn global add snyk
+          snyk test --file=./api/go.mod --json-file-output=snyk.json 2>/dev/null || :
 
       - name: Upload go security scan result as artifact
         uses: actions/upload-artifact@v3