Skip to content

Commit

Permalink
Add Snyk scanning & monitoring
Browse files Browse the repository at this point in the history
  • Loading branch information
ryan-wren committed Aug 1, 2023
1 parent 0fd0133 commit f61a73f
Showing 1 changed file with 43 additions and 0 deletions.
43 changes: 43 additions & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ version: 2.1

orbs:
shellcheck: circleci/shellcheck@1.2.0
snyk: snyk/snyk@1.7.0
windows: circleci/windows@5.0.0

executors:
Expand Down Expand Up @@ -304,6 +305,46 @@ jobs:
command: choco push circleci-cli.nupkg --source https://chocolatey.org/ --apikey $env:CHOCO_API_KEY
working_directory: chocolatey

vulnerability-scan:
executor: go
steps:
- checkout
- run:
name: Setup Scanning
command: |
git config --global url."https://$GITHUB_USER:$GITHUB_TOKEN@github.com/circleci/".insteadOf "https://github.com/circleci/"
- when:
condition:
or:
- equal: [ main, << pipeline.git.branch >> ]
steps:
- run:
name: Launching Snyk Orb Scanning
command: echo "Running snyk/scan on main; uploading the results"
- run:
name: Cleanup RemoteRepoURL
command: echo 'export REMOTE_REPO_URL="${CIRCLE_REPOSITORY_URL%".git"}"' >> "$BASH_ENV"
- snyk/scan:
organization: "circleci-public"
fail-on-issues: true
severity-threshold: high
monitor-on-build: true
additional-arguments: "--all-projects --remote-repo-url=${REMOTE_REPO_URL} -d"
- unless:
condition:
or:
- equal: [ main, << pipeline.git.branch >> ]
steps:
- run:
name: Launching Snyk Orb Scanning
command: echo "Running snyk/scan on branch; not uploading the results"
- snyk/scan:
organization: "circleci-public"
fail-on-issues: true
severity-threshold: high
monitor-on-build: false
additional-arguments: "--all-projects -d"

workflows:
ci:
jobs:
Expand All @@ -317,6 +358,8 @@ workflows:
- test_windows
- coverage
- lint
- vulnerability-scan:
context: org-global-employees
- deploy-test
- docs:
requires:
Expand Down

0 comments on commit f61a73f

Please sign in to comment.