ci: remove snyk (#833)

Author: marek-xrd

.github/workflows/main.yml

@@ -23,41 +23,6 @@ env:
   DOTNET_VERSION: "8.0.x"
 
 jobs:
-  snyk-scan:
-    name: snyk scan
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: RDXWorks-actions/checkout@main
-      - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
-        with:
-          role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
-          app_name: 'babylon-gateway'
-          step_name: 'snyk-scan'
-          secret_prefix: 'SNYK'
-          secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
-          parse_json: true
-      - name: Setup .NET SDK
-        uses: RDXWorks-actions/setup-dotnet@main
-        with:
-          dotnet-version: ${{ env.DOTNET_VERSION }}
-      - name: Install dependencies
-        run: dotnet restore
-      - name: Run Snyk to check for deps vulnerabilities
-        uses: RDXWorks-actions/snyk-actions/dotnet@master
-        with:
-          args: --all-projects --org=${{ env.SNYK_SERVICES_ORG_ID }} --severity-threshold=critical
-      - name: Run Snyk to check for code vulnerabilities
-        uses: RDXWorks-actions/snyk-actions/dotnet@master
-        continue-on-error: true
-        with:
-          args: --all-projects --org=${{ env.SNYK_SERVICES_ORG_ID }} --severity-threshold=high
-          command: code test
-      - name: Generate SBOM # check SBOM can be generated but nothing is done with it
-        uses: RDXWorks-actions/snyk-actions/dotnet@master
-        with:
-          args: --all-projects --org=${{ env.SNYK_SERVICES_ORG_ID }} --exclude=package.json --format=cyclonedx1.4+json --json-file-output sbom.json
-          command: sbom
 
   build:
     runs-on: ubuntu-22.04
@@ -114,8 +79,7 @@ jobs:
       artifact_location: "./"
       artifact_name: build_props
       provenance: "false"
-      scan_image: true
-      snyk_target_ref: ${{ github.ref_name }}
+      scan_image: false
       cache_tag_suffix: "AMD"
 
   docker-database-migrations-private-arm:
@@ -157,8 +121,7 @@ jobs:
       artifact_location: "./"
       artifact_name: build_props
       provenance: "false"
-      scan_image: true
-      snyk_target_ref: ${{ github.ref_name }}
+      scan_image: false
       cache_tag_suffix: "AMD"
 
   docker-data-aggregator-private-arm:
@@ -200,8 +163,7 @@ jobs:
       artifact_location: "./"
       artifact_name: build_props
       provenance: "false"
-      scan_image: true
-      snyk_target_ref: ${{ github.ref_name }}
+      scan_image: false
       cache_tag_suffix: "AMD"
 
   docker-gateway-api-private-arm:

.github/workflows/releases.yml

@@ -289,95 +289,3 @@ jobs:
       aws_dockerhub_secret: github-actions/rdxworks/dockerhub-images/release-credentials
     secrets:
       role-to-assume: ${{ secrets.DOCKERHUB_RELEASER_ROLE }}
-
-  snyk-container-monitor:
-    name: Snyk monitor container
-    runs-on: ubuntu-latest
-    needs:
-      - setup-tags
-      - join-gateway-images
-      - join-aggregator-images
-      - join-migrations-images
-    permissions:
-      id-token: write
-      pull-requests: read
-      contents: read
-      deployments: write
-    strategy:
-      matrix:
-        app: ["database-migrations", "data-aggregator", "gateway-api"]
-    steps:
-      - name: snyk ${{ matrix.app }} container monitor
-        uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main
-        with:
-          role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
-          app_name: 'babylon-gateway'
-          dockerhub_secret_name: ${{ secrets.AWS_SECRET_NAME_DOCKERHUB }}
-          snyk_secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
-          snyk_org_id: ${{ secrets.SNYK_ORG_ID }}
-          image: docker.io/radixdlt/babylon-ng-${{ matrix.app }}:${{ needs.setup-tags.outputs.version-suffix }}
-          target_ref: ${{ github.ref_name }}
-
-  snyk-monitor:
-    name: Snyk monitor
-    runs-on: ubuntu-latest
-    needs:
-      - docker-database-migrations-dockerhub
-      - docker-data-aggregator-dockerhub
-      - docker-gateway-api-dockerhub
-    permissions:
-      id-token: write
-      pull-requests: read
-      contents: read
-      deployments: write
-    steps:
-      - uses: RDXWorks-actions/checkout@main
-      - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
-        with:
-          role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
-          app_name: 'babylon-gateway'
-          step_name: 'snyk-monitor'
-          secret_prefix: 'SNYK'
-          secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
-          parse_json: true
-      - name: Setup .NET SDK
-        uses: RDXWorks-actions/setup-dotnet@main
-        with:
-          dotnet-version: ${{ env.DOTNET_VERSION }}
-      - name: Install dependencies
-        run: dotnet restore
-      - name: Enable Snyk online monitoring to check for vulnerabilities
-        uses: RDXWorks-actions/snyk-actions/dotnet@master
-        with:
-          args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --target-reference=${{ github.ref_name }}
-          command: monitor
-
-  snyk-sbom:
-    name: Snyk SBOM
-    runs-on: ubuntu-latest
-    permissions: write-all
-    steps:
-      - uses: RDXWorks-actions/checkout@main
-      - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
-        with:
-          role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
-          app_name: 'babylon-gateway'
-          step_name: 'snyk-sbom'
-          secret_prefix: 'SNYK'
-          secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
-          parse_json: true
-      - name: Setup .NET SDK
-        uses: RDXWorks-actions/setup-dotnet@main
-        with:
-          dotnet-version: ${{ env.DOTNET_VERSION }}
-      - name: Install dependencies
-        run: dotnet restore
-      - name: Generate SBOM
-        uses: RDXWorks-actions/snyk-actions/node@master
-        with:
-          args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json
-          command: sbom
-      - name: Upload SBOM
-        uses: RDXWorks-actions/action-gh-release@master
-        with:
-          files: sbom.json