Add Snyk security workflow to track multiple tags

ChristianZaccaria · ChristianZaccaria · commit a57d33e57c22 · 2024-10-30T17:07:09.000Z
diff --git a/.github/workflows/snyk-security.yaml b/.github/workflows/snyk-security.yaml
@@ -0,0 +1,35 @@
+name: Snyk Security
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  snyk-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+            submodules: recursive
+
+      - name: Install Snyk CLI
+        run: npm install -g snyk
+
+      - name: Snyk Monitor and Test multiple projects
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          SNYK_ORG: ${{ secrets.SNYK_ORG }}
+        run: |
+          git fetch origin 'refs/tags/*:refs/tags/*'
+          git checkout main
+          echo "Authenticating with Snyk"
+          snyk auth ${SNYK_TOKEN}
+          echo "Scanning project: codeflare-sdk/main"
+          snyk monitor --all-projects --exclude=requirements.txt --org=${SNYK_ORG} --target-reference="main"
+          list_of_released_tags=("v0.19.1" "v0.2000.0" "v0.22.0")
+          for project in "${list_of_released_tags[@]}"; do
+            echo "Scanning project: codeflare-sdk/$project"
+            git checkout $project
+            snyk monitor --all-projects --exclude=requirements.txt --org=${SNYK_ORG} --target-reference="$(git describe --tags)"
+          done
