From 134e7dc042be24f116aae77b614521c71e4fd6d4 Mon Sep 17 00:00:00 2001
From: Joe-Bollen-Snyk <122529701+Joe-Bollen-Snyk@users.noreply.github.com>
Date: Mon, 8 Jul 2024 17:34:33 +0100
Subject: [PATCH] feat: add security quality gates (#295)

---
 .circleci/config.yml                          | 45 ++++---------------
 changes/unreleased/Fixed-20240708-193213.yaml |  3 ++
 2 files changed, 12 insertions(+), 36 deletions(-)
 create mode 100644 changes/unreleased/Fixed-20240708-193213.yaml

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 72f48af4..ee059f32 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,40 +1,19 @@
 version: 2.1
 
 orbs:
-  prodsec: snyk/prodsec-orb@1.0
+  prodsec: snyk/prodsec-orb@1
   snyk: snyk/snyk@1
 
 jobs:
-  # All Snyk scanning jobs use a SNYK_TOKEN from the tiki-snyk Circle context,
-  # which correponds to the tiki-snyk-circle-context service account in
-  # https://app.snyk.io/org/cloud-cloud/manage/service-accounts
-  # It's not in 1password, just rotate it and configure it in Circle directly if
-  # needed.
-  scan-code:
-    resource_class: medium
+  security-scans:
+    resource_class: small
     docker:
       - image: cimg/go:1.20
     steps:
       - checkout
-      - snyk/scan:
-          organization: cloud-cloud
-          command: code test
-          fail-on-issues: true
-          severity-threshold: high
-          monitor-on-build: false
-
-  scan-deps:
-    resource_class: medium
-    docker:
-      - image: cimg/go:1.20
-    steps:
-      - checkout
-      - snyk/scan:
-          organization: cloud-cloud
-          additional-arguments: --all-projects
-          fail-on-issues: true
-          severity-threshold: high
-          monitor-on-build: false
+      - prodsec/security_scans:
+          mode: auto
+          iac-scan: disabled
 
 workflows:
   version: 2
@@ -45,13 +24,7 @@ workflows:
           context:
             - snyk-bot-slack
           channel: group-cloud-security-vulnerabilities-alerts
-
-      - scan-code:
-          name: Scan Code
-          context:
-            - tiki-snyk
-
-      - scan-deps:
-          name: Scan Dependencies
+      - security-scans:
+          name: Security Scans
           context:
-            - tiki-snyk
+            - analysis-iac
diff --git a/changes/unreleased/Fixed-20240708-193213.yaml b/changes/unreleased/Fixed-20240708-193213.yaml
new file mode 100644
index 00000000..4b547287
--- /dev/null
+++ b/changes/unreleased/Fixed-20240708-193213.yaml
@@ -0,0 +1,3 @@
+kind: Fixed
+body: adding new security quality gates
+time: 2024-07-08T19:32:13.520218+03:00