ci(snyk): #277 add snyk code sast

Author: abhisheksr01

.github/workflows/pipeline.yml

@@ -97,17 +97,23 @@ jobs:
         name: "Executing dependency vulnerability checks"
         env:
           NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
-  sast-code-snyk:
+  sast-snyk:
     runs-on: ubuntu-latest
     needs: build
     steps:
       - uses: actions/checkout@v4
-      - name: Run Snyk to static code analysis for vulnerabilities
-        uses: snyk/actions/maven-3-jdk-21@master
+      - uses: snyk/actions/maven-3-jdk-21@master
+        name: Run Snyk scan for dependency and license
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
           args: --severity-threshold=high
+      - name: Run Snyk static code analysis
+        uses: snyk/actions/maven-3-jdk-21@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: code test
   sast-iac-trivy-hadolint:
     runs-on: ubuntu-latest
     needs: build
@@ -131,7 +137,7 @@ jobs:
       - unit-test
       - mutation-test
       - dependency-vulnerability-analysis
-      - sast-code-snyk
+      - sast-snyk
       - sast-iac-trivy-hadolint
     steps:
       - uses: actions/checkout@v4