name: "Snyk" on: schedule: - cron: "0 0 * * *" env: DEFAULT_JDK_VERSION: 11 MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120 jobs: quarkus: name: Quarkus runs-on: ubuntu-latest if: ${{ github.repository == 'keycloak/keycloak' }} steps: - name: Checkout repository uses: actions/checkout@v3 - uses: actions/setup-java@v3 with: java-version: ${{ env.DEFAULT_JDK_VERSION }} distribution: temurin cache: maven - name: Build Quarkus run: mvn -Psnyk-quarkus -pl quarkus/dist -am -DskipTests clean install - uses: snyk/actions/setup@master - name: Check for vulnerabilities run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus continue-on-error: true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - name: Upload scanner results to GitHub uses: github/codeql-action/upload-sarif@v2.1.36 with: sarif_file: quarkus-report.sarif operator: name: Operator runs-on: ubuntu-latest if: ${{ github.repository == 'keycloak/keycloak' }} steps: - name: Checkout repository uses: actions/checkout@v3 - uses: actions/setup-java@v3 with: java-version: ${{ env.DEFAULT_JDK_VERSION }} distribution: temurin cache: maven - name: Build Keycloak run: mvn -Poperator -pl operator -am -DskipTests clean install - uses: snyk/actions/setup@master - name: Check for vulnerabilities for the Operator run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator continue-on-error: true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - name: Upload scanner results for the Operator to GitHub uses: github/codeql-action/upload-sarif@v2.1.36 with: sarif_file: operator-report.sarif