Implement SNYK blocking and report

podaac · Aug 7, 2023 · 5b9ac64 · 5b9ac64
1 parent 277bebc
commit 5b9ac64
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml
@@ -51,6 +51,40 @@ jobs:
       # Check out GitHub repo
       - uses: actions/checkout@v3
 
+      # SNYK IAC scan and report
+      - name: Run Snyk IAC to test and report
+        uses: snyk/actions/iac@master
+        env:
+            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args: >
+              --org=${{ secrets.SNYK_ORG_ID }}
+              --severity-threshold=high
+              --report
+
+      # SNYK Python
+      - name: Run Snyk Python to test
+        uses: snyk/actions/python-3.8@master
+        env:
+            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args: >
+              --org=${{ secrets.SNYK_ORG_ID }}
+              --project-name=${{ github.repository }}
+              --severity-threshold=high
+              --fail-on=all
+      - name: Run Snyk Python to report
+        uses: snyk/actions/python-3.8@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: monitor
+          args: >
+            --org=${{ secrets.SNYK_ORG_ID }}
+            --project-name=${{ github.repository }}
+
       # Set up Terraform
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v2.0.3