ci(snyk): #277 add snyk code sast

abhisheksr01 · abhisheksr01 · commit 872ed353b1ff · 2024-12-26T15:04:39.000Z
diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -97,17 +97,27 @@ jobs:
         name: "Executing dependency vulnerability checks"
         env:
           NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
-  sast-code-snyk:
+  sast-snyk:
     runs-on: ubuntu-latest
     needs: build
     steps:
       - uses: actions/checkout@v4
-      - name: Run Snyk to static code analysis for vulnerabilities
-        uses: snyk/actions/maven-3-jdk-21@master
+      - uses: snyk/actions/maven-3-jdk-21@master
+        name: Run Snyk scan for dependency and license
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
           args: --severity-threshold=high
+      - uses: actions/setup-java@v4
+        with:
+          distribution: adopt
+          java-version: 21
+          check-latest: true
+      - uses: snyk/actions/setup@master
+      - name: Snyk SAST code
+        run: snyk code test
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
   sast-iac-trivy-hadolint:
     runs-on: ubuntu-latest
     needs: build
@@ -131,7 +141,7 @@ jobs:
       - unit-test
       - mutation-test
       - dependency-vulnerability-analysis
-      - sast-code-snyk
+      - sast-snyk
       - sast-iac-trivy-hadolint
     steps:
       - uses: actions/checkout@v4
