From 2f6022631700146bd136883cdee04abcd7267860 Mon Sep 17 00:00:00 2001
From: Madhavan Sridharan <madhavan.sridharan@datastax.com>
Date: Thu, 29 Jun 2023 16:15:54 -0400
Subject: [PATCH] Leverage DataStax's Snyk version as opposed to OSS version

---
 .github/workflows/snyk-cli-scan.yml   | 44 +++++++++++++++++++++++----
 .github/workflows/snyk-pr-cleanup.yml | 11 +++++--
 2 files changed, 46 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/snyk-cli-scan.yml b/.github/workflows/snyk-cli-scan.yml
index 2952408f..16f34839 100644
--- a/.github/workflows/snyk-cli-scan.yml
+++ b/.github/workflows/snyk-cli-scan.yml
@@ -1,9 +1,6 @@
-# GitHub action CI
-# trigger by:
-#  any push on any protected branch: main, v6.8, releases/**
-#  any PR crteated against any protected branch: main, v6.8, releases/**
+name: 🔬 Snyk cli SCA
 
-on: 
+on:
   push:
     branches: [ main ]
   pull_request:
@@ -11,4 +8,39 @@ on:
   workflow_dispatch:
 
 env:
-  SNYK_SEVERITY_THRESHOLD_LEVEL: critical
+  SNYK_SEVERITY_THRESHOLD_LEVEL: high
+
+jobs:
+  snyk-cli-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v3
+
+      - name: prepare for snyk scan
+        uses: datastax/shared-github-actions/actions/snyk-prepare@main
+
+      - name: Set up JDK 8
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '8'
+          cache: maven
+
+      - name: run maven install prepare for snyk
+        run: |
+          mvn -B -V install -DskipTests -Dmaven.javadoc.skip=true
+      - name: snyk scan java
+        uses: datastax/shared-github-actions/actions/snyk-scan-java@main
+        with:
+          directories: .
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
+          extra-snyk-options: "-DskipTests -Dmaven.javadoc.skip=true"
+
+      - name: Snyk scan result
+        uses: datastax/shared-github-actions/actions/snyk-process-scan-results@main
+        with:
+          gh_repo_token: ${{ secrets.GITHUB_TOKEN }}
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
diff --git a/.github/workflows/snyk-pr-cleanup.yml b/.github/workflows/snyk-pr-cleanup.yml
index b77b713f..e0a195d0 100644
--- a/.github/workflows/snyk-pr-cleanup.yml
+++ b/.github/workflows/snyk-pr-cleanup.yml
@@ -1,11 +1,16 @@
-# GitHub Action CI
-# Snyk clean-up when PR is merged/closed
+name: 🗑️ Snyk PR cleanup - merged/closed
 
 on:
   pull_request:
     types:
       - closed
-    branches:    
+    branches:
       - main
   workflow_dispatch:
 
+jobs:
+  snyk_project_cleanup_when_pr_closed:
+    uses: datastax/shared-github-actions/.github/workflows/snyk-pr-cleanup.yml@main
+    secrets:
+      snyk_token: ${{ secrets.SNYK_TOKEN }}
+      snyk_org_id: ${{ secrets.SNYK_ORG_ID }}