Merge pull request #85 from okta/Integrate-Snyk-SAST-Scans

BinoyOza-okta · web-flow · commit d1c9b93b92f9 · 2025-08-25T12:44:14.000+05:30
Add Snyk Scan step in CCI
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -22,6 +22,20 @@ jobs:
           root: .
           paths:
             - .
+  snyk-scan:
+    docker:
+      - image: cimg/python:3.10
+    steps:
+      - attach_workspace: # Allows for sharing of build-workspace (containing downloaded dependencies) (optional)
+          at: ~/project # This is the working directory for CCI containers, change if necessary
+      - checkout # Might not need this if you have "persist_to_workspace" and "attach_workspace"
+      - run: |   # Might not need this if you have "persist_to_workspace" and "attach_workspace"
+          pip install -r requirements.txt
+      - platform-helpers-general/step-load-dependencies
+      - platform-helpers-general/step-run-snyk-monitor:
+          scan-all-projects: true
+          skip-unresolved: false
+          run-on-non-main: true
 
 workflows:
   "Malware Scanner":
@@ -32,3 +46,10 @@ workflows:
             - static-analysis
           requires:
             - build
+      - snyk-scan:
+          name: execute-snyk
+          filters:
+            branches:
+              only:
+                - master
+                - main
