From 35a37c41e658c778f9cdaebe8a473a0babb9bf49 Mon Sep 17 00:00:00 2001
From: pdrakesnyk <98352303+pdrakesnyk@users.noreply.github.com>
Date: Tue, 27 Aug 2024 10:37:24 -0500
Subject: [PATCH] Create snyk-scans-cli

---
 .github/workflows/snyk-scans-cli | 79 ++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 .github/workflows/snyk-scans-cli

diff --git a/.github/workflows/snyk-scans-cli b/.github/workflows/snyk-scans-cli
new file mode 100644
index 00000000000..0800e9718d9
--- /dev/null
+++ b/.github/workflows/snyk-scans-cli
@@ -0,0 +1,79 @@
+name: Snyk Full Platform (CLI)
+
+# Prerequisites:
+# - Set a SNYK_TOKEN under env secrets in an env called "Snyk"
+# - If you are not running the scan on your default org in Snyk, set the org id in a secret called SNYK_ORG in the same env as above (env called "Snyk") and add an additional --org=${{ secrets.SNYK_ORG }} parameter in all the test commands 
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+
+  snyk-os:
+    environment: snyk
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Install Snyk CLI
+        run: |
+          wget -O snyk https://static.snyk.io/cli/latest/snyk-linux
+          chmod +x ./snyk
+          mv ./snyk /usr/local/bin/
+      - name: Authenticate and run Snyk Open Source Scan + Monitor
+        run: | 
+          npm install
+          snyk auth ${{ secrets.SNYK_TOKEN }}
+          snyk test
+          snyk monitor
+
+  snyk-code:
+    environment: snyk
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Install Snyk CLI
+        run: |
+          wget -O snyk https://static.snyk.io/cli/latest/snyk-linux
+          chmod +x ./snyk
+          mv ./snyk /usr/local/bin/
+      - name: Configure and run Snyk Code Scan
+        run: | 
+          snyk auth ${{ secrets.SNYK_TOKEN }}
+          snyk code test
+
+  snyk-container:
+    environment: snyk
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - name: Build the Docker image
+      run: docker build . --file Dockerfile --tag boosef-juiceshop:latest
+    - name: Install Snyk CLI
+      run: |
+        wget -O snyk https://static.snyk.io/cli/latest/snyk-linux
+        chmod +x ./snyk
+        mv ./snyk /usr/local/bin/
+    - name: Scan and Monitor Docker Vulnerabilities
+      run: |   
+        snyk auth ${{ secrets.SNYK_TOKEN }}
+        snyk container test boosef-juiceshop:latest --file=Dockerfile
+        snyk container monitor boosef-juiceshop:latest --file=Dockerfile
+     
+  snyk-iac:
+    environment: snyk
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - name: Install Snyk CLI
+      run: |
+        wget -O snyk https://static.snyk.io/cli/latest/snyk-linux
+        chmod +x ./snyk
+        mv ./snyk /usr/local/bin/
+    - name: Run and monitor Snyk to check configuration files for security issues
+      run: |   
+        snyk auth ${{ secrets.SNYK_TOKEN }}
+        snyk iac test --report
+