feat: add prodsec/security_scans (#87)

snyk · Jun 5, 2024 · c12b34b · c12b34b
1 parent 97ef808
commit c12b34b
Showing 1 changed file with 36 additions and 1 deletion.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,7 +1,7 @@
 version: 2.1
 
 orbs:
-  prodsec: snyk/prodsec-orb@1.0
+  prodsec: snyk/prodsec-orb@1
 
 executors:
   docker-node:
@@ -35,6 +35,19 @@ commands:
           command: npm run lint
 
 jobs:
+  security-scans:
+    resource_class: small
+    docker:
+      - image: cimg/node:lts
+    steps:
+      - checkout
+      - install
+      - prodsec/security_scans:
+          mode: auto
+          release-branch: master
+          open-source-additional-arguments: --exclude=test
+          iac-scan: disabled
+
   test:
     resource_class: small
     parameters:
@@ -75,6 +88,18 @@ workflows:
           context:
             - snyk-bot-slack
           channel: os-team-managed-alerts
+          filters:
+            branches:
+              ignore:
+                - master
+
+      - security-scans:
+          name: Security Scans
+          context: open_source-managed
+          filters:
+            branches:
+              ignore:
+                - master
 
       - lint:
           filters:
@@ -84,6 +109,8 @@ workflows:
       - test:
           requires:
             - lint
+            - Scan repository for secrets
+            - Security Scans
           matrix:
             parameters:
               version:
@@ -96,6 +123,14 @@ workflows:
                 - master
   release:
     jobs:
+      - security-scans:
+          name: Security Scans
+          context: open_source-managed
+          filters:
+            branches:
+              only:
+                - master
+
       - release:
           context: nodejs-lib-release
           filters: