From 4f8755f739b3af882445845953805eac7783e672 Mon Sep 17 00:00:00 2001
From: Spencer Pearlman <spencer.pearlman@epidemicsound.com>
Date: Mon, 6 May 2024 11:27:41 +0200
Subject: [PATCH 1/2] implementing snyk scanning using

---
 .github/workflows/snyk-security.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .github/workflows/snyk-security.yml

diff --git a/.github/workflows/snyk-security.yml b/.github/workflows/snyk-security.yml
new file mode 100644
index 0000000..891e2f9
--- /dev/null
+++ b/.github/workflows/snyk-security.yml
@@ -0,0 +1,8 @@
+name: Run Snyk Scan for Package Vulnerabilities for semver-release-action
+'on': push
+jobs:
+  snyk-scan-go:
+    permissions:
+      contents: read
+      id-token: write
+    uses: epidemicsound/github-workflows/.github/workflows/snyk-scan-go.yaml@main

From a6ddcecdd30b5544951611c98480fa200d31c076 Mon Sep 17 00:00:00 2001
From: spencerpearlman <150054839+spencerpearlman@users.noreply.github.com>
Date: Mon, 20 May 2024 15:13:53 +0200
Subject: [PATCH 2/2] Update snyk-security.yml

---
 .github/workflows/snyk-security.yml | 43 +++++++++++++++++++++++++----
 1 file changed, 37 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/snyk-security.yml b/.github/workflows/snyk-security.yml
index 891e2f9..cb09c84 100644
--- a/.github/workflows/snyk-security.yml
+++ b/.github/workflows/snyk-security.yml
@@ -1,8 +1,39 @@
-name: Run Snyk Scan for Package Vulnerabilities for semver-release-action
-'on': push
+name: "Snyk Workflow -- Go"
+
+on: push
+
 jobs:
-  snyk-scan-go:
+  snyk-scan:
     permissions:
-      contents: read
-      id-token: write
-    uses: epidemicsound/github-workflows/.github/workflows/snyk-scan-go.yaml@main
+      contents: "read"
+      id-token: "write"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Authenticate to Google Cloud for accessing Snyk token
+        uses: "google-github-actions/auth@v2"
+        with:
+          workload_identity_provider: "projects/747834912006/locations/global/workloadIdentityPools/epidemicsound/providers/github"
+          service_account: "sast-dast-sa@es-platform-staging-fc6c.iam.gserviceaccount.com"
+
+      - id: "secrets"
+        name: Access Snyk secret token
+        uses: "google-github-actions/get-secretmanager-secrets@v2"
+        with:
+          secrets: |-
+            token:es-platform-staging-fc6c/snyk-token-secret
+         
+      - name: Setup Snyk
+        uses: snyk/actions/setup@master
+
+      - name: Add Snyk scan results to Snyk dashboard
+        run: snyk monitor -d --all-projects
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ steps.secrets.outputs.token }}
+
+      - name: Run Snyk to check for vulnerabilities
+        run: snyk test --severity-threshold=critical --all-projects
+        env:
+          SNYK_TOKEN: ${{ steps.secrets.outputs.token }}