Skip to content

ci(snyk): tag CLI scans with public repo URL so they use the open-source quota#2539

Open
bennyjo wants to merge 1 commit into
mainfrom
snyk-public-repo-url
Open

ci(snyk): tag CLI scans with public repo URL so they use the open-source quota#2539
bennyjo wants to merge 1 commit into
mainfrom
snyk-public-repo-url

Conversation

@bennyjo

@bennyjo bennyjo commented Jul 16, 2026

Copy link
Copy Markdown

What

Add --remote-repo-url=https://github.com/${{ github.repository }} to both the snyk code test and snyk monitor commands in .github/workflows/snyk-security.yml.

Why

Snyk CLI scans without --remote-repo-url can't read the repository's GitHub visibility, so they default to counting against the private test quota — even though this repo is public. On the Snyk Free plan that burns the limited private-manifest and Snyk Code allowances instead of the unlimited open-source buckets these public-repo scans are entitled to.

Passing the repo URL tells the CLI which public repo it's scanning, so future runs are classified as open-source and stop consuming quota. ${{ github.repository }} resolves to owner/repo automatically.

The flag is supported by both snyk code test and snyk monitor per the Snyk CLI docs; no behavioural change beyond classification.

Part of an org-wide fix across all repos running the shared snyk-security.yml.

🤖 Generated with Claude Code

…rce quota

Snyk CLI scans without --remote-repo-url can't read GitHub visibility and
default to counting against the private test quota, even for public repos.
Pass the repo URL so these scans land in the unlimited open-source buckets.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant