From 8b55cd7040b4f731d7846316a2f99bb59f2fa68b Mon Sep 17 00:00:00 2001 From: Steve Date: Thu, 13 Jul 2023 14:14:40 +0300 Subject: [PATCH] chore: add snyk test and snyk code test to pipeline --- .circleci/config.yml | 61 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index c2f62f6..302aa71 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,17 +3,18 @@ version: 2.1 orbs: slack: circleci/slack@4 prodsec: snyk/prodsec-orb@1.0 + snyk: snyk/snyk@1 defaults: &defaults resource_class: small docker: - - image: node:12 + - image: cimg/node:18.15 working_directory: ~/rpm-parser release_defaults: &release_defaults resource_class: small docker: - - image: node:14 + - image: cimg/node:18.15 working_directory: ~/rpm-parser slack-fail-notify: &slack-fail-notify @@ -77,6 +78,27 @@ jobs: - run: name: Lint command: npm run lint + scan_code: + <<: *defaults + steps: + - checkout + - attach_workspace: + at: ~/rpm-parser + - snyk/scan: + command: code test + fail-on-issues: true + severity-threshold: high + monitor-on-build: true + scan_deps: + <<: *defaults + steps: + - checkout + - attach_workspace: + at: ~/rpm-parser + - snyk/scan: + fail-on-issues: true + severity-threshold: high + monitor-on-build: true test: <<: *defaults @@ -133,6 +155,23 @@ workflows: branches: ignore: - main + - scan_code: + name: Scan Code + context: + - team-lumos + filters: + branches: + ignore: + - main + - scan_deps: + name: Scan Dependencies + context: + - team-lumos + filters: + branches: + ignore: + - main + - test: name: Test context: nodejs-install @@ -179,6 +218,24 @@ workflows: - main post-steps: - *slack-fail-notify + + - scan_code: + name: Scan Code + context: + - team-lumos + filters: + branches: + ignore: + - main + - scan_deps: + name: Scan Dependencies + context: + - team-lumos + filters: + branches: + ignore: + - main + - test: name: Test context: