From 705bad8fbc2725506b44140ade73dfddcf09198f Mon Sep 17 00:00:00 2001
From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com>
Date: Thu, 3 Aug 2023 15:48:29 +0000
Subject: [PATCH 1/8] Implement SNYK blocking and report

---
 .github/workflows/deploy-generate.yml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml
index 3681047..2eb1bf6 100644
--- a/.github/workflows/deploy-generate.yml
+++ b/.github/workflows/deploy-generate.yml
@@ -46,6 +46,30 @@ jobs:
 
       # Check out GitHub repo
       - uses: actions/checkout@v3
+
+      # SNYK blocking
+      - name: Run Snyk as a blocking step
+        uses: snyk/actions/python-3.8@master
+        env:
+            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args: >
+              --org=${{ secrets.SNYK_ORG_ID }}
+              --project-name=${{ github.repository }}
+              --severity-threshold=high
+              --fail-on=all
+
+      # SNYK report
+      - name: Run Snyk on Python
+        uses: snyk/actions/python-3.8@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: monitor
+          args: >
+            --org=${{ secrets.SNYK_ORG_ID }}
+            --project-name=${{ github.repository }}
       
       # Set up Terraform
       - name: Setup Terraform

From 097f201f6ecb8912953382a7985b71568bb5f785 Mon Sep 17 00:00:00 2001
From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com>
Date: Thu, 3 Aug 2023 16:40:49 +0000
Subject: [PATCH 2/8] Modify snyk test argument to include entire codebase

---
 .github/workflows/deploy-generate.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml
index 2eb1bf6..7ab9300 100644
--- a/.github/workflows/deploy-generate.yml
+++ b/.github/workflows/deploy-generate.yml
@@ -57,6 +57,7 @@ jobs:
           args: >
               --org=${{ secrets.SNYK_ORG_ID }}
               --project-name=${{ github.repository }}
+              --all-projects
               --severity-threshold=high
               --fail-on=all
 

From a13465a9c9cdc4fdcabc774ba848342fae4a8234 Mon Sep 17 00:00:00 2001
From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com>
Date: Thu, 3 Aug 2023 16:48:03 +0000
Subject: [PATCH 3/8] Modify snyk test argument to include entire codebase v1

---
 .github/workflows/deploy-generate.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml
index 7ab9300..f15e5e1 100644
--- a/.github/workflows/deploy-generate.yml
+++ b/.github/workflows/deploy-generate.yml
@@ -57,7 +57,7 @@ jobs:
           args: >
               --org=${{ secrets.SNYK_ORG_ID }}
               --project-name=${{ github.repository }}
-              --all-projects
+              --detection-depth=5
               --severity-threshold=high
               --fail-on=all
 

From 4cc97b3272105cd04b9fd47f4d396dabf4cbbdda Mon Sep 17 00:00:00 2001
From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com>
Date: Thu, 3 Aug 2023 16:53:23 +0000
Subject: [PATCH 4/8] Change working directory to 'terraform' for SNYK action

---
 .github/workflows/deploy-generate.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml
index f15e5e1..66244d2 100644
--- a/.github/workflows/deploy-generate.yml
+++ b/.github/workflows/deploy-generate.yml
@@ -52,12 +52,12 @@ jobs:
         uses: snyk/actions/python-3.8@master
         env:
             SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        working-directory: ./terraform
         with:
           command: test
           args: >
               --org=${{ secrets.SNYK_ORG_ID }}
               --project-name=${{ github.repository }}
-              --detection-depth=5
               --severity-threshold=high
               --fail-on=all
 

From 7e9a4085a1d441604c274801667704547db3bf9b Mon Sep 17 00:00:00 2001
From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com>
Date: Thu, 3 Aug 2023 17:34:07 +0000
Subject: [PATCH 5/8] Modify action to use infrastructure as code for SNYK

---
 .github/workflows/deploy-generate.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml
index 66244d2..6d343e8 100644
--- a/.github/workflows/deploy-generate.yml
+++ b/.github/workflows/deploy-generate.yml
@@ -49,10 +49,9 @@ jobs:
 
       # SNYK blocking
       - name: Run Snyk as a blocking step
-        uses: snyk/actions/python-3.8@master
+        uses: snyk/actions/iac@master
         env:
             SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        working-directory: ./terraform
         with:
           command: test
           args: >
@@ -63,7 +62,7 @@ jobs:
 
       # SNYK report
       - name: Run Snyk on Python
-        uses: snyk/actions/python-3.8@master
+        uses: snyk/actions/iac@master
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:

From d456cae7e8db48ae5a97f64776e39a89d305c122 Mon Sep 17 00:00:00 2001
From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com>
Date: Thu, 3 Aug 2023 17:38:13 +0000
Subject: [PATCH 6/8] Remove project name for iac action

---
 .github/workflows/deploy-generate.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml
index 6d343e8..cb25d89 100644
--- a/.github/workflows/deploy-generate.yml
+++ b/.github/workflows/deploy-generate.yml
@@ -56,7 +56,6 @@ jobs:
           command: test
           args: >
               --org=${{ secrets.SNYK_ORG_ID }}
-              --project-name=${{ github.repository }}
               --severity-threshold=high
               --fail-on=all
 

From 462e4c3466ab3d2602e1b4491550bfd984629f5a Mon Sep 17 00:00:00 2001
From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com>
Date: Thu, 3 Aug 2023 17:40:06 +0000
Subject: [PATCH 7/8] Remove fail on argument for iac test

---
 .github/workflows/deploy-generate.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml
index cb25d89..5298a8b 100644
--- a/.github/workflows/deploy-generate.yml
+++ b/.github/workflows/deploy-generate.yml
@@ -57,7 +57,6 @@ jobs:
           args: >
               --org=${{ secrets.SNYK_ORG_ID }}
               --severity-threshold=high
-              --fail-on=all
 
       # SNYK report
       - name: Run Snyk on Python

From 20efadf069a54bd326fd74d18fc80e56bc01d56d Mon Sep 17 00:00:00 2001
From: Nikki Tebaldi <17799906+nikki-t@users.noreply.github.com>
Date: Thu, 3 Aug 2023 17:46:58 +0000
Subject: [PATCH 8/8] Modify SNYK action for IAC to scan and report

---
 .github/workflows/deploy-generate.yml | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/deploy-generate.yml b/.github/workflows/deploy-generate.yml
index 5298a8b..423bbb8 100644
--- a/.github/workflows/deploy-generate.yml
+++ b/.github/workflows/deploy-generate.yml
@@ -47,8 +47,8 @@ jobs:
       # Check out GitHub repo
       - uses: actions/checkout@v3
 
-      # SNYK blocking
-      - name: Run Snyk as a blocking step
+      # SNYK scan and report
+      - name: Run Snyk to test and report
         uses: snyk/actions/iac@master
         env:
             SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
@@ -57,17 +57,7 @@ jobs:
           args: >
               --org=${{ secrets.SNYK_ORG_ID }}
               --severity-threshold=high
-
-      # SNYK report
-      - name: Run Snyk on Python
-        uses: snyk/actions/iac@master
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          command: monitor
-          args: >
-            --org=${{ secrets.SNYK_ORG_ID }}
-            --project-name=${{ github.repository }}
+              --report
       
       # Set up Terraform
       - name: Setup Terraform