Leverage DataStax's Snyk version as opposed to OSS version

msmygit · msmygit · commit 2f6022631700 · 2023-07-06T11:11:05.000-04:00
diff --git a/.github/workflows/snyk-cli-scan.yml b/.github/workflows/snyk-cli-scan.yml
@@ -1,14 +1,46 @@
-# GitHub action CI
-# trigger by:
-#  any push on any protected branch: main, v6.8, releases/**
-#  any PR crteated against any protected branch: main, v6.8, releases/**
+name: 🔬 Snyk cli SCA
 
-on: 
+on:
   push:
     branches: [ main ]
   pull_request:
     branches: [ main ]
   workflow_dispatch:
 
 env:
-  SNYK_SEVERITY_THRESHOLD_LEVEL: critical
+  SNYK_SEVERITY_THRESHOLD_LEVEL: high
+
+jobs:
+  snyk-cli-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v3
+
+      - name: prepare for snyk scan
+        uses: datastax/shared-github-actions/actions/snyk-prepare@main
+
+      - name: Set up JDK 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '8'
+          cache: maven
+
+      - name: run maven install prepare for snyk
+        run: |
+          mvn -B -V install -DskipTests -Dmaven.javadoc.skip=true
+      - name: snyk scan java
+        uses: datastax/shared-github-actions/actions/snyk-scan-java@main
+        with:
+          directories: .
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
+          extra-snyk-options: "-DskipTests -Dmaven.javadoc.skip=true"
+
+      - name: Snyk scan result
+        uses: datastax/shared-github-actions/actions/snyk-process-scan-results@main
+        with:
+          gh_repo_token: ${{ secrets.GITHUB_TOKEN }}
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
diff --git a/.github/workflows/snyk-pr-cleanup.yml b/.github/workflows/snyk-pr-cleanup.yml
@@ -1,11 +1,16 @@
-# GitHub Action CI
-# Snyk clean-up when PR is merged/closed
+name: 🗑️ Snyk PR cleanup - merged/closed
 
 on:
   pull_request:
     types:
       - closed
-    branches:    
+    branches:
       - main
   workflow_dispatch:
 
+jobs:
+  snyk_project_cleanup_when_pr_closed:
+    uses: datastax/shared-github-actions/.github/workflows/snyk-pr-cleanup.yml@main
+    secrets:
+      snyk_token: ${{ secrets.SNYK_TOKEN }}
+      snyk_org_id: ${{ secrets.SNYK_ORG_ID }}
