name: Security Scan

on:

push:

branches: [ main, master ]

pull_request:

branches: [ main, master ]

workflow_dispatch:

jobs:

security:

uses: rundeck-plugins/.github/.github/workflows/snyk-scan-reusable.yml@main

with:

# Optional: Java version for build environment (default: '17')

# Supported versions: 8, 11, 17, 21

java-version: '17'

# Optional: Java distribution (default: 'zulu')

# Options: temurin, zulu, adopt, corretto, microsoft, etc.

java-distribution: 'zulu'

# Optional: Snyk detection depth (default: '10')

# Higher values scan deeper but take longer

snyk-detection-depth: '10'

# Optional: GitHub runner type (default: 'ubuntu-latest')

# Note: Only Ubuntu runners are supported (workflow uses Linux Snyk CLI)

runs-on: 'ubuntu-latest'

secrets:

# Organization secrets - automatically available to all repos

SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}