Add snyk scan to CI (#156)

Co-authored-by: Madhavan Sridharan <[email protected]>

Author: msmygit

.github/workflows/snyk-cli-scan

@@ -0,0 +1,14 @@
+# GitHub action CI
+# trigger by:
+#  any push on any protected branch: main, v6.8, releases/**
+#  any PR crteated against any protected branch: main, v6.8, releases/**
+
+on: 
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  workflow_dispatch:
+
+env:
+  SNYK_SEVERITY_THRESHOLD_LEVEL: high

.github/workflows/snyk-cli-scan-pr

@@ -0,0 +1,11 @@
+# GitHub Action CI
+# Snyk clean-up when PR is merged/closed
+
+on:
+  pull_request:
+    types:
+      - closed
+    branches:    
+      - main
+  workflow_dispatch:
+

.gitignore

@@ -6,3 +6,4 @@ dependency-reduced-pom.xml
 .idea/*
 cassandra-data-migrator.iml
 SIT/local
+*.DS_Store

.snyk

@@ -0,0 +1,9 @@
+# .snyk
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+# See https://docs.snyk.io/scan-cloud-deployment/snyk-infrastructure-as-code/snyk-cli-for-infrastructure-as-code/iac-ignores-using-the-.snyk-policy-file for details.
+version: v1.22.2
+python: '3.7'
+patch: {}
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+

.snyk.ignore.example

@@ -0,0 +1,12 @@
+# .snyk.ignore.example
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.2
+python: '3.7'
+patch: {}
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-PYTHON-URLLIB3-1533435:
+    - '*':
+        reason: state your ignore reason here
+        expires: 2030-01-01T00:00:00.000Z
+        created: 2022-03-21T13:19:22.196Z