Create Snyk_Scan.yml (#1452)

created a snyk scan workflow to be run on a weekly schedule or to be triggered manually

.github/workflows/Snyk_Scan.yml

@@ -0,0 +1,61 @@
+# This workflow automates the process of identifying potential security vulnerabilities
+# in the agent's dependencies using Snyk. Vulnerability scans will be run on a 
+# weekly schedule, but can also be triggered manually.
+name: Snyk Vulnerability Scan
+
+on:
+ workflow_dispatch:
+ schedule:
+ - cron: '00 15 * * 1'
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout Java agent
+ uses: actions/checkout@v3
+ with:
+ ref: 'main'
+
+ - name: Set Up Javas
+ uses: actions/setup-java@v3
+ with:
+ distribution: 'temurin'
+ java-version: |
+ 17
+ 11
+ 8
+
+ - name: Set gradle.properties
+ shell: bash
+ run: |
+ sed -i -e "s|jdk8=8|jdk8=${JAVA_HOME_8_X64}|
+ s|jdk11=11|jdk11=${JAVA_HOME_11_X64}|
+ s|jdk17=17|jdk17=${JAVA_HOME_17_X64}|" gradle.properties.gha
+ cat gradle.properties.gha >> gradle.properties
+
+ - name: Set Gradle Options
+ run: |
+ echo "GRADLE_OPTIONS=-Porg.gradle.java.installations.auto-detect=false" \
+ "-Porg.gradle.java.installations.fromEnv=JAVA_HOME_17_x64,JAVA_HOME_11_x64,JAVA_HOME_8_x64" \
+ >> $GITHUB_ENV
+
+ - name: Setup Gradle
+ uses: gradle/gradle-build-action@v2
+
+ - name: Build Agent
+ run: ./gradlew $GRADLE_OPTIONS jar
+
+ security:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout Java Agent
+ uses: actions/checkout@master
+
+ - name: Run Snyk To Check For Vulnerabilities
+ uses: snyk/actions/gradle@master
+ env:
+ SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+ with:
+ command: monitor
+ args: --all-sub-projects --org=java-agent --configuration-matching='(^compileClasspath$)|(^runtimeClasspath$)'