snyk-cli-scan.yml

name: 🔬 Snyk cli SCA

on:
  push:
    branches: [ 4.x ]
  pull_request:
    branches: [ 4.x ]
  workflow_dispatch:

env:
  SNYK_SEVERITY_THRESHOLD_LEVEL: high

jobs:
  snyk-cli-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Git checkout
        uses: actions/checkout@v3

      - name: prepare for snyk scan
        uses: datastax/shared-github-actions/actions/snyk-prepare@main

      - name: Set up JDK 8
        uses: actions/setup-java@v3
        with:
          distribution: 'temurin'
          java-version: '8'
          cache: maven

      - name: run maven install prepare for snyk
        run: |
          mvn -B -V install -DskipTests -Dmaven.javadoc.skip=true

      - name: snyk scan java
        uses: datastax/shared-github-actions/actions/snyk-scan-java@main
        with:
          directories: .
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
          SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
          extra-snyk-options: "-DskipTests -Dmaven.javadoc.skip=true"

      - name: Snyk scan result
        uses: datastax/shared-github-actions/actions/snyk-process-scan-results@main
        with:
          gh_repo_token: ${{ secrets.GITHUB_TOKEN }}
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
          SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}