Snyk #1

	name: Snyk

	on:
	workflow_dispatch:

	env:
	MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"

	defaults:
	run:
	shell: bash

	jobs:
	analysis:
	name: Analysis of Quarkus and Operator
	runs-on: ubuntu-latest
	if: github.repository == 'keycloak/keycloak'
	steps:
	- uses: actions/checkout@v4

	- name: Build Keycloak
	uses: ./.github/actions/build-keycloak

	- uses: snyk/actions/setup@master

	- name: Check for vulnerabilities in Quarkus
	run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus/deployment
	continue-on-error: true
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- name: Upload Quarkus scanner results to GitHub
	uses: github/codeql-action/upload-sarif@v3
	continue-on-error: true
	with:
	sarif_file: quarkus-report.sarif
	category: snyk-quarkus-report

	- name: Check for vulnerabilities in Operator
	run: \|
	./mvnw -Poperator -pl operator -am -DskipTests clean install
	snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=operator-report.sarif operator
	continue-on-error: true
	env:
	SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

	- name: Upload Operator scanner results to GitHub
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: operator-report.sarif
	category: snyk-operator-report

Provide feedback