Skip to content

Add Snyk SCA scanning to CircleCI pipeline #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aniket-okta merged 3 commits into from
Aug 13, 2025
Merged

Add Snyk SCA scanning to CircleCI pipeline #89

aniket-okta merged 3 commits into from
Aug 13, 2025

Conversation

@aniket-okta
Copy link
Contributor

@aniket-okta aniket-okta commented Aug 13, 2025

Summary

Integrates Snyk software composition analysis (SCA) scanning into the CircleCI pipeline to detect vulnerabilities in project dependencies, addressing Product Security Team requirements.

Changes

  • Added general-platform-helpers orb for Snyk integration
  • Created snyk-scan job that runs after successful build completion
  • Added workspace persistence to share build artifacts with scanner
  • Configured comprehensive dependency scanning with depth-4 detection
  • Runs on all branches using static-analysis context

Security Impact

  • Enables automated vulnerability detection in dependencies
  • Provides continuous monitoring for security issues
  • Integrates with existing security workflows (semgrep)

Testing

  • Pipeline will run Snyk scan after build-test job completes
  • Scanner configured to analyze all project files and dependencies
  • Results will be reported to security team dashboard

Fixes: Product Security Team dependency scanning requirement

@aniket-okta aniket-okta force-pushed the feature/add-snyk-sca-scanning branch 5 times, most recently from f141d02 to 4252ecb Compare August 13, 2025 14:19
@aniket-okta
Add Snyk SCA scanning and consolidate Semgrep scanning
db089a7 
Signed-off-by: Aniket <aniket@okta.com>
@aniket-okta aniket-okta force-pushed the feature/add-snyk-sca-scanning branch from 4252ecb to db089a7 Compare August 13, 2025 14:24
@aniket-okta aniket-okta self-assigned this Aug 13, 2025
@aniket-okta aniket-okta force-pushed the feature/add-snyk-sca-scanning branch from 7f68280 to 9724c88 Compare August 13, 2025 14:34
@aniket-okta aniket-okta force-pushed the feature/add-snyk-sca-scanning branch from 9724c88 to 0ed42b0 Compare August 13, 2025 14:39
@aniket-okta aniket-okta merged commit 411f0f6 into main Aug 13, 2025
6 checks passed
@aniket-okta aniket-okta deleted the feature/add-snyk-sca-scanning branch August 13, 2025 15:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aditya-okta aditya-okta aditya-okta approved these changes

@dhiwakar-okta dhiwakar-okta Awaiting requested review from dhiwakar-okta dhiwakar-okta is a code owner

Assignees

@aniket-okta aniket-okta

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aniket-okta @aditya-okta