Merge pull request #39 from snyk/feat/quality-gates

wayne-grant · web-flow · commit 1f8e8b3c806d · 2024-06-05T09:36:36.000+01:00
feat: add prodsec/security_scans
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,7 +1,7 @@
 version: 2.1
 
 orbs:
-  prodsec: snyk/prodsec-orb@1.0
+  prodsec: snyk/prodsec-orb@1
 
 defaults: &defaults
   parameters:
@@ -50,6 +50,21 @@ commands:
           name: Install npm dependencies
           command: npm install
 jobs:
+  security-scans:
+    resource_class: small
+    <<: *defaults
+    docker:
+      - image: circleci/node:<< parameters.node_version >>
+    steps:
+      - checkout
+      - show_node_npm_version
+      - install_deps
+      - prodsec/security_scans:
+          mode: auto
+          release-branch: master
+          open-source-additional-arguments: --exclude=test
+          iac-scan: disabled
+
   lint:
     <<: *defaults
     docker:
@@ -95,6 +110,17 @@ workflows:
           context:
             - snyk-bot-slack
           channel: os-team-managed-alerts
+          filters:
+            branches:
+              ignore:
+                - master
+
+      - security-scans:
+          name: Security Scans
+          node_version: "12"
+          context:
+            - open_source-managed
+            - nodejs-install
 
       - lint:
           name: lint
