feat: add security quality gates (#295)

.circleci/config.yml

@@ -1,40 +1,19 @@
 version: 2.1
 
 orbs:
-  prodsec: snyk/prodsec-orb@1.0
+  prodsec: snyk/prodsec-orb@1
   snyk: snyk/snyk@1
 
 jobs:
-  # All Snyk scanning jobs use a SNYK_TOKEN from the tiki-snyk Circle context,
-  # which correponds to the tiki-snyk-circle-context service account in
-  # https://app.snyk.io/org/cloud-cloud/manage/service-accounts
-  # It's not in 1password, just rotate it and configure it in Circle directly if
-  # needed.
-  scan-code:
-    resource_class: medium
+  security-scans:
+    resource_class: small
     docker:
       - image: cimg/go:1.20
     steps:
       - checkout
-      - snyk/scan:
-          organization: cloud-cloud
-          command: code test
-          fail-on-issues: true
-          severity-threshold: high
-          monitor-on-build: false
-
-  scan-deps:
-    resource_class: medium
-    docker:
-      - image: cimg/go:1.20
-    steps:
-      - checkout
-      - snyk/scan:
-          organization: cloud-cloud
-          additional-arguments: --all-projects
-          fail-on-issues: true
-          severity-threshold: high
-          monitor-on-build: false
+      - prodsec/security_scans:
+          mode: auto
+          iac-scan: disabled
 
 workflows:
   version: 2
@@ -45,13 +24,7 @@ workflows:
           context:
             - snyk-bot-slack
           channel: group-cloud-security-vulnerabilities-alerts
-
-      - scan-code:
-          name: Scan Code
-          context:
-            - tiki-snyk
-
-      - scan-deps:
-          name: Scan Dependencies
+      - security-scans:
+          name: Security Scans
           context:
-            - tiki-snyk
+            - analysis-iac

changes/unreleased/Fixed-20240708-193213.yaml

@@ -0,0 +1,3 @@
+kind: Fixed
+body: adding new security quality gates
+time: 2024-07-08T19:32:13.520218+03:00