keycloak-scim/.github/workflows/snyk-analysis.yml

name: Snyk

on: 
  workflow_dispatch:

defaults:
  run:
    shell: bash

jobs:
  analysis:
    name: Analysis of Quarkus and Operator
    runs-on: ubuntu-latest
    if: github.repository == 'keycloak/keycloak'
    steps:
      - uses: actions/checkout@v3

      - name: Build Keycloak
        uses: ./.github/actions/build-keycloak

      - uses: snyk/actions/setup@master

      - name: Check for vulnerabilities in Quarkus
        run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus/deployment
        continue-on-error: true
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

      - name: Upload Quarkus scanner results to GitHub
        uses: github/codeql-action/upload-sarif@v2.20.2
        with:
          sarif_file: quarkus-report.sarif
          category: snyk-quarkus-report

      - name: Check for vulnerabilities in Operator
        run: |
          mvn -Poperator -pl operator -am -DskipTests clean install
          snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator
        continue-on-error: true
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

      - name: Upload Operator scanner results to GitHub
        uses: github/codeql-action/upload-sarif@v2.20.2
        with:
          sarif_file: operator-report.sarif
          category: snyk-operator-report
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`name: Snyk`

Update Snyk Workflow to target other branches (#20601) Closes #20364 Co-authored-by: Stian Thorgersen <stianst@gmail.com> 2023-06-01 07:03:09 +00:00			`on:`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`workflow_dispatch:`

			`defaults:`
			`run:`
			`shell: bash`

			`jobs:`
			`analysis:`
			`name: Analysis of Quarkus and Operator`
			`runs-on: ubuntu-latest`
			`if: github.repository == 'keycloak/keycloak'`
			`steps:`
			`- uses: actions/checkout@v3`

			`- name: Build Keycloak`
			`uses: ./.github/actions/build-keycloak`

			`- uses: snyk/actions/setup@master`

			`- name: Check for vulnerabilities in Quarkus`
Reduce the amount of duplicated security alerts for the Quarkus distribution Co-authored-by: Václav Muzikář <vmuzikar@redhat.com> Closes #20428 2023-05-17 16:31:34 +00:00			`run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus/deployment`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`continue-on-error: true`
			`env:`
			`SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}`

			`- name: Upload Quarkus scanner results to GitHub`
Bump github/codeql-action from 2.20.1 to 2.20.2 (#21483) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.20.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.20.1...v2.20.2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-07-06 10:29:13 +00:00			`uses: github/codeql-action/upload-sarif@v2.20.2`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`with:`
			`sarif_file: quarkus-report.sarif`
Snyk Workflow failing due to the usage of the same category on multiple sections Resolves #16705 2023-01-30 18:38:09 +00:00			`category: snyk-quarkus-report`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00
			`- name: Check for vulnerabilities in Operator`
Snyk workflow failing when running the checks against the Operator (#16653) Resolves #16622 2023-01-27 06:42:36 +00:00			`run: \|`
			`mvn -Poperator -pl operator -am -DskipTests clean install`
			`snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`continue-on-error: true`
			`env:`
			`SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}`

			`- name: Upload Operator scanner results to GitHub`
Bump github/codeql-action from 2.20.1 to 2.20.2 (#21483) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.20.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2.20.1...v2.20.2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-07-06 10:29:13 +00:00			`uses: github/codeql-action/upload-sarif@v2.20.2`
Keycloak CI workflow refactoring (#15968) * Keycloak CI workflow refactoring Closes #15861 * Update testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update testsuite/integration-arquillian/tests/base/testsuites/suite.sh Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> * Update CodeQL actions Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com> 2022-12-14 15:12:23 +00:00			`with:`
			`sarif_file: operator-report.sarif`
Snyk Workflow failing due to the usage of the same category on multiple sections Resolves #16705 2023-01-30 18:38:09 +00:00			`category: snyk-operator-report`