Added synk vulnerability test to CI pipeline

Baighasan · Jan 12, 2025 · 24fbcf2 · 24fbcf2
1 parent 1d192b8
commit 24fbcf2
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,15 +17,19 @@ jobs:
       with:
         java-version: '21'
         distribution: 'temurin'
-        cache: maven
+        cache: 'maven'
+        cache-dependency-path: 'sub-project/pom.xml'  # Caches dependencies for speed
 
     - name: Build, Test and Verify
       run: mvn -B clean verify
 
-    - name: Install and Authenticate Synk
-      uses: synk/actions/setup@v2
-      with:
-        token: $${{ secrets.SYNK_API_KEY }}
+    - name: Install Synk CLI
+      run: |
+        curl -fsSL https://static.snyk.io/cli/latest/snyk-linux -o /usr/local/bin/snyk
+        chmod +x /usr/local/bin/snyk
+
+    - name: Authenticate Synk
+      run: synk auth  ${{ secrets.SYNK_TOKEN }}
 
-    - name: Run Synk Tests
-      run: synk test
+    - name: Run Synk Vulnerability Test
+      run: SYNK_TOKEN=${{ secrets.SYNK_TOKEN }} synk test