From 95310a5ffb1b2d504c83675fa9bfb66c260b72c4 Mon Sep 17 00:00:00 2001
From: Jonathan M Smolenski <smolensk@jpl.nasa.gov>
Date: Thu, 12 Jan 2023 16:16:32 -0800
Subject: [PATCH] added snyk as a blocking step

---
 .github/workflows/build-pipeline.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.github/workflows/build-pipeline.yml b/.github/workflows/build-pipeline.yml
index 6f7363e..f9f22f7 100755
--- a/.github/workflows/build-pipeline.yml
+++ b/.github/workflows/build-pipeline.yml
@@ -38,6 +38,19 @@ jobs:
       - name: Extract Maven project version
         run: echo ::set-output name=current_version::$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)
         id: get-version
+      - name: Run Snyk as a blocking step
+        uses: snyk/actions/maven@master
+        env:
+            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+            JAVA_HOME: "/opt/java/openjdk"
+        with:
+          command: test
+          args: >
+              --org=${{ secrets.SNYK_ORG_ID }}
+              --project-name=${{ github.repository }}
+              --severity-threshold=high
+              --fail-on=all
+              --file=pom.xml
       - name: Show extracted Maven project version
         run: |
           echo ${{ steps.get-version.outputs.current_version }}