From 616948e9d4d7352feec7ff22d81a5da95a4de048 Mon Sep 17 00:00:00 2001
From: pvannierop <pim@thehyve.nl>
Date: Wed, 9 Oct 2024 12:03:58 +0200
Subject: [PATCH] Add Snyk Github action

---
 .github/workflows/snyk.yaml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .github/workflows/snyk.yaml

diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
new file mode 100644
index 0000000..cc7b032
--- /dev/null
+++ b/.github/workflows/snyk.yaml
@@ -0,0 +1,36 @@
+name: Snyk test
+on:
+  pull_request:
+    branches: [ master, dev ]
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: snyk/actions/setup@master
+        with:
+          snyk-version: v1.1032.0
+
+      - name: Use Node.js 16
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16
+
+      - uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@v2
+
+      - name: Run Snyk to check for vulnerabilities
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: >
+          snyk test
+          --all-projects
+          --configuration-matching='^runtimeClasspath$'
+          --org=radar-base
+          --policy-path=$PWD/.snyk
+          --severity-threshold=high