Keycloak
1name: Snyk
2
3on:
4workflow_dispatch:
5
6env:
7MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
8
9defaults:
10run:
11shell: bash
12
13jobs:
14analysis:
15name: Analysis of Quarkus and Operator
16runs-on: ubuntu-latest
17if: github.repository == 'keycloak/keycloak'
18steps:
19- uses: actions/checkout@v4
20
21- name: Build Keycloak
22uses: ./.github/actions/build-keycloak
23
24- uses: snyk/actions/setup@master
25
26- name: Check for vulnerabilities in Quarkus
27run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus/deployment
28continue-on-error: true
29env:
30SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
31
32- name: Upload Quarkus scanner results to GitHub
33uses: github/codeql-action/upload-sarif@v3
34with:
35sarif_file: quarkus-report.sarif
36category: snyk-quarkus-report
37
38- name: Check for vulnerabilities in Operator
39run: |
40./mvnw -Poperator -pl operator -am -DskipTests clean install
41snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator
42continue-on-error: true
43env:
44SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
45
46- name: Upload Operator scanner results to GitHub
47uses: github/codeql-action/upload-sarif@v3
48with:
49sarif_file: operator-report.sarif
50category: snyk-operator-report
51