.github/workflows/vulnerability_scan.yaml

name: Vulnerability Scan
on: 
    pull_request_target:
    workflow_dispatch:


permissions:
  id-token: write
  contents: write

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
        with:
          repository: "Privado-Inc/privado-core-internal"
          token: ${{ secrets.PAT }}
      
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v3
        with:
          role-to-assume: arn:aws:iam::638117407428:role/test-env-data-mapping-ec2-role
          aws-region: ap-south-1

      - name: Log in to Amazon ECR
        id: ecr-login
        uses: aws-actions/amazon-ecr-login@v2

      - run: docker build -t privado-core-private -f Dockerfile --build-arg JAR_VERSION="dev-SNAPSHOT" --build-arg GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} .
      
      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/docker@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          image: privado-core-oss
          args: --severity-threshold=low --policy-path=.snyk