java_snyk_scan.yml

# This workflow automates the process of identifying potential security vulnerabilities 
# using Snyk. Dependency vulnerability scans will be run when a push is made to the main 
# branch, on a weekly schedule, and can also be triggered manually.

name: Snyk Vulnerability Scan
on:
  workflow_dispatch:
  schedule:
    - cron: '00 15 * * 1'
  push:
    branches:
      - master

jobs:
  security:
    runs-on: ubuntu-latest
    container: "docker://snyk/snyk:gradle-jdk11"

    steps:
      - name: Checkout Code
        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # pin@v4
        with:
          ref: 'master'

      - name: Setup Authentication
        run: |
          snyk auth ${{ secrets.JAVA_AGENT_SNYK_TOKEN }}

      - name: Run Snyk Dependency Scan
        run: |
          cd java
          snyk monitor --all-sub-projects --org=java-agent --configuration-matching='(^compileClasspath$)|(^runtimeClasspath$)'