From 89fad7570744be3b850d6a738a31301b6096162b Mon Sep 17 00:00:00 2001 From: Robert Elliot Date: Fri, 13 Sep 2024 13:44:56 +0100 Subject: [PATCH] Add snyk to GHA --- .github/workflows/gradle.yml | 19 +++++++++++++++++-- .github/workflows/release.yml | 14 ++++++++++++++ 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 841cdad..64f462d 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -21,12 +21,12 @@ jobs: JDK_VERSION: ${{ matrix.jdk }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up JDK - uses: actions/setup-java@v2 + uses: actions/setup-java@v4 with: java-version: ${{ matrix.jdk }} distribution: 'temurin' @@ -43,3 +43,18 @@ jobs: - name: Test with Gradle run: ./gradlew check --stacktrace --no-daemon + + gradle-scan: + name: Snyk gradle scan + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Run Snyk to check build.gradle for vulnerabilities + uses: snyk/actions/gradle-jdk17@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + command: test + args: --severity-threshold=high --org=f310ee2f-5552-444d-84ee-ec8c44c33adb diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d7bd2f1..5d12eea 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,3 +38,17 @@ jobs: OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} OSSRH_GPG_SECRET_KEY: ${{ secrets.OSSRH_GPG_SECRET_KEY }} OSSRH_GPG_SECRET_KEY_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} + + gradle-monitor: + name: Snyk gradle monitor + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Run Snyk to monitor build.gradle for vulnerabilities + uses: snyk/actions/gradle-jdk17@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + command: monitor + args: --org=f310ee2f-5552-444d-84ee-ec8c44c33adb --project-name=wiremock-jwt-extension --policy-path=.snyk