Merge pull request #232 from sonam1412/add-snyk-help-doc

fix(STONEINTG-728): add a help doc to enable snyk
redhat-appstudio · Feb 21, 2024 · d163059 · d163059
2 parents db306ea + 0e05294
commit d163059
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 0 deletions.
diff --git a/docs/modules/ROOT/nav-how-to-guides.adoc b/docs/modules/ROOT/nav-how-to-guides.adoc
@@ -11,6 +11,7 @@
 ** Testing your application
 *** xref:how-to-guides/testing_applications/con_test-overview.adoc[Overview of {ProductName} tests]
 *** xref:how-to-guides/testing_applications/surface-level_tests.adoc[Surface-level tests]
+**** xref:how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc[Enabling a Snyk task]
 *** xref:how-to-guides/testing_applications/proc_adding_an_integration_test.adoc[Adding an integration test]
 *** xref:how-to-guides/testing_applications/proc_creating_custom_test.adoc[Creating a custom integration test]
 *** xref:how-to-guides/testing_applications/proc_retriggering_integration_tests.adoc[Retriggering integration tests]

diff --git a/docs/modules/ROOT/pages/how-to-guides/testing_applications/con_test-overview.adoc b/docs/modules/ROOT/pages/how-to-guides/testing_applications/con_test-overview.adoc
@@ -22,6 +22,8 @@ Product security tests in {ProductName} ensure a product is secure and keep your
 * Vulnerability scanning via Clair
 * Anti-virus scanning via ClamAV
 * Code scanning via SAST tools
++
+** xref:how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc[Enabling a Snyk task for a product]
 
 For {ProductName} to perform our predefined product security tests on a given component, you also must xref:how-to-guides/configuring-builds/proc_upgrade_build_pipeline.adoc[upgrade its build pipeline].
 

diff --git a/...T/pages/how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc b/...T/pages/how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc
@@ -0,0 +1,63 @@
+= Enabling a Snyk task
+
+[abstract]
+The `sast-snyk-check` task uses the Snyk Code tool to perform static application security testing (SAST). 
+Specifically, the Snyk check scans an application's source code for potential security vulnerabilities, 
+including SQL injection, cross-site scripting (XSS), and code injection attack vulnerabilities.
+
+> NOTE: You can run a Snyk task only if you have a Snyk token stored in a namespace secret. 
+You should also include the name of your secret in the *snyk-secret* pipeline parameter.
+
+== Enabling a Snyk task
+
+. Register for a Snyk account or log in at https://app.snyk.io/.
+. Get a Snyk token.
+.. In the lower left of the home page, click your name, then select *Account settings*.
+.. From the Account Settings page, select *General*, which is the default, then *Auth Token*.
+.. Under the *Auth Token* section, click *Click to View* to see the *KEY* value of the automatically generated token.
+. Enable Snyk Code.
+.. From the left panel, go to *Settings* > *Snyk Code*, then scroll to the *Enable Snyk Code* section.
+.. Toggle *Disabled* to *Enabled*.
+.. Click *Save* changes.
+. Add your new secret to your workspace.
+.. Log in to the link:https://console.redhat.com/preview/application-pipeline[Red Hat Hybrid Cloud Console {ProductName} Overview page].
+.. From the left menu, click *Secrets*.
+.. Click *Add secret*.
+.. The *Add secret* page displays options for your new secret. Specify the following:
+... For *Secret for*, select *Build*.
+... From the *Secret type* drop-down menu, choose *Key/value secret*.
+... From the *Secret name* drop-down menu, select *snyk-secret*.
+... Paste your Snyk token into the *Upload the file with value for your key or paste its contents* field.
+... Click *Add secret* to save it.
+. Update your `.tekton` YAML files to specify your Snyk secret.
+.. From your GitHub repository, update the `pull-request.yaml` files in your `.tekton` directory; for example: link:https://github.com/sonam1412/devfile-sample-python-basic/blob/main/.tekton/devfile-sample-python-basic-iea1-pull-request.yaml[devfile-sample-python-basic/.tekton/devfile-sample-python-basic-rhq8-pull-request.yaml]
+.. Add new lines to the code in your YAML files to include *snyk-secret*, as shown in the following example:
++ 
+.Example
++
+[source,yaml]
+--
+    - default: "false"
+      description: Execute the build with network isolation
+      name: hermetic
+      type: string
+    - default: ""
+      description: Build dependencies to be prefetched by Cachi2
+      name: prefetch-input
+      type: string
+    - default: "false"
+      description: Java build
+      name: java
+      type: string
+    - default: "snyk-secret"
+      description: Snyk Token Secret Name
+      name: snyk-secret
+      type: string
+--
+
+You've enabled the Snyk task for your build pipeline.
+
+[role="_additional-resources"]
+== Additional resources
+
+For more information about Snyk, see link:https://snyk.io/product/snyk-code/[the Snyk website].