Add snyk to GHA

.github/workflows/gradle.yml

@@ -21,12 +21,12 @@ jobs:
       JDK_VERSION:  ${{ matrix.jdk }}
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
     - name: Set up JDK
-      uses: actions/setup-java@v2
+      uses: actions/setup-java@v4
       with:
         java-version: ${{ matrix.jdk }}
         distribution: 'temurin'
@@ -43,3 +43,18 @@ jobs:
 
     - name: Test with Gradle
       run: ./gradlew check --stacktrace --no-daemon
+
+  gradle-scan:
+    name: Snyk gradle scan
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run Snyk to check build.gradle for vulnerabilities
+        uses: snyk/actions/gradle-jdk17@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args: --severity-threshold=high --org=f310ee2f-5552-444d-84ee-ec8c44c33adb

.github/workflows/release.yml

@@ -38,3 +38,17 @@ jobs:
           OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
           OSSRH_GPG_SECRET_KEY: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
           OSSRH_GPG_SECRET_KEY_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
+
+  gradle-monitor:
+    name: Snyk gradle monitor
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run Snyk to monitor build.gradle for vulnerabilities
+        uses: snyk/actions/gradle-jdk17@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: monitor
+          args: --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --project-name=wiremock-jwt-extension --policy-path=.snyk