chore: add quality gates (#186)

cvaidas · wayne-grant · bastiandoetsch · web-flow · commit b3c997bcf008 · 2024-06-28T15:30:32.000Z
* chore: add quality gates

* chore: add java additional arguments

* chore: quality gates

* chore: add .snyk file to ignore licensing issues

---------

Co-authored-by: Wayne Grant &lt;wayne.grant@snyk.io&gt;
Co-authored-by: Bastian Doetsch &lt;bastian.doetsch@snyk.io&gt;
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -3,6 +3,19 @@ version: 2.1
 orbs:
   prodsec: snyk/prodsec-orb@1
 
+jobs:
+  security-scans:
+    resource_class: small
+    docker:
+      - image: cimg/openjdk:17.0
+    steps:
+      - checkout
+      - prodsec/security_scans:
+          mode: auto
+          open-source-scan-all-projects: false
+          open-source-additional-arguments: --maven-aggregate-project -- -pl '!tests'
+          iac-scan: disabled
+
 workflows:
   version: 2
   CICD:
@@ -11,5 +24,8 @@ workflows:
           name: Scan repository for secrets
           context:
             - snyk-bot-slack
-          channel: dx-local-alerts
+          channel: snyk-on-snyk-devex_ide
           trusted-branch: main
+
+      - security-scans:
+          context: devex_ide
diff --git a/.snyk b/.snyk
@@ -0,0 +1,10 @@
+version: v1.25.0
+ignore:
+  snyk:lic:maven:org.ow2.sat4j:org.ow2.sat4j.core:(EPL-1.0_OR_GPL-3.0):
+    - '*':
+        reason: We are using EPL
+        expires: 2025-08-18T00:00:00.000Z
+  snyk:lic:maven:org.ow2.sat4j:org.ow2.sat4j.pb:(EPL-1.0_OR_GPL-3.0):
+    - '*':
+        reason: We are using EPL
+        expires: 2025-08-18T00:00:00.000Z
