From 0e05294d551e98b8df7f03f2f42c9e2d9e983303 Mon Sep 17 00:00:00 2001
From: Sonam Maheshwari <somahesh@redhat.com>
Date: Tue, 16 Jan 2024 12:17:12 +0100
Subject: [PATCH] fix(STONEINTG-728): add a help doc to enable snyk

Signed-off-by: Sonam Maheshwari <somahesh@redhat.com>
---
 docs/modules/ROOT/nav-how-to-guides.adoc      |  1 +
 .../con_test-overview.adoc                    |  2 +
 .../enable_snyk_check_for_a_product.adoc      | 63 +++++++++++++++++++
 3 files changed, 66 insertions(+)
 create mode 100644 docs/modules/ROOT/pages/how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc

diff --git a/docs/modules/ROOT/nav-how-to-guides.adoc b/docs/modules/ROOT/nav-how-to-guides.adoc
index 1de1ab8a..be7ac52c 100644
--- a/docs/modules/ROOT/nav-how-to-guides.adoc
+++ b/docs/modules/ROOT/nav-how-to-guides.adoc
@@ -10,6 +10,7 @@
 ** Testing your application
 *** xref:how-to-guides/testing_applications/con_test-overview.adoc[Overview of {ProductName} tests]
 *** xref:how-to-guides/testing_applications/surface-level_tests.adoc[Surface-level tests]
+**** xref:how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc[Enabling a Snyk task]
 *** xref:how-to-guides/testing_applications/proc_adding_an_integration_test.adoc[Adding an integration test]
 *** xref:how-to-guides/testing_applications/proc_creating_custom_test.adoc[Creating a custom integration test]
 ** Managing environments
diff --git a/docs/modules/ROOT/pages/how-to-guides/testing_applications/con_test-overview.adoc b/docs/modules/ROOT/pages/how-to-guides/testing_applications/con_test-overview.adoc
index 844ea726..a7b0df79 100644
--- a/docs/modules/ROOT/pages/how-to-guides/testing_applications/con_test-overview.adoc
+++ b/docs/modules/ROOT/pages/how-to-guides/testing_applications/con_test-overview.adoc
@@ -22,6 +22,8 @@ Product security tests in {ProductName} ensure a product is secure and keep your
 * Vulnerability scanning via Clair
 * Anti-virus scanning via ClamAV
 * Code scanning via SAST tools
++
+** xref:how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc[Enabling a Snyk task for a product]
 
 For {ProductName} to perform our predefined product security tests on a given component, you also must xref:how-to-guides/configuring-builds/proc_upgrade_build_pipeline.adoc[upgrade its build pipeline].
 
diff --git a/docs/modules/ROOT/pages/how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc b/docs/modules/ROOT/pages/how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc
new file mode 100644
index 00000000..32dc9993
--- /dev/null
+++ b/docs/modules/ROOT/pages/how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc
@@ -0,0 +1,63 @@
+= Enabling a Snyk task
+
+[abstract]
+The `sast-snyk-check` task uses the Snyk Code tool to perform static application security testing (SAST). 
+Specifically, the Snyk check scans an application's source code for potential security vulnerabilities, 
+including SQL injection, cross-site scripting (XSS), and code injection attack vulnerabilities.
+
+> NOTE: You can run a Snyk task only if you have a Snyk token stored in a namespace secret. 
+You should also include the name of your secret in the *snyk-secret* pipeline parameter.
+
+== Enabling a Snyk task
+
+. Register for a Snyk account or log in at https://app.snyk.io/.
+. Get a Snyk token.
+.. In the lower left of the home page, click your name, then select *Account settings*.
+.. From the Account Settings page, select *General*, which is the default, then *Auth Token*.
+.. Under the *Auth Token* section, click *Click to View* to see the *KEY* value of the automatically generated token.
+. Enable Snyk Code.
+.. From the left panel, go to *Settings* > *Snyk Code*, then scroll to the *Enable Snyk Code* section.
+.. Toggle *Disabled* to *Enabled*.
+.. Click *Save* changes.
+. Add your new secret to your workspace.
+.. Log in to the link:https://console.redhat.com/preview/application-pipeline[Red Hat Hybrid Cloud Console {ProductName} Overview page].
+.. From the left menu, click *Secrets*.
+.. Click *Add secret*.
+.. The *Add secret* page displays options for your new secret. Specify the following:
+... For *Secret for*, select *Build*.
+... From the *Secret type* drop-down menu, choose *Key/value secret*.
+... From the *Secret name* drop-down menu, select *snyk-secret*.
+... Paste your Snyk token into the *Upload the file with value for your key or paste its contents* field.
+... Click *Add secret* to save it.
+. Update your `.tekton` YAML files to specify your Snyk secret.
+.. From your GitHub repository, update the `pull-request.yaml` files in your `.tekton` directory; for example: link:https://github.com/sonam1412/devfile-sample-python-basic/blob/main/.tekton/devfile-sample-python-basic-iea1-pull-request.yaml[devfile-sample-python-basic/.tekton/devfile-sample-python-basic-rhq8-pull-request.yaml]
+.. Add new lines to the code in your YAML files to include *snyk-secret*, as shown in the following example:
++ 
+.Example
++
+[source,yaml]
+--
+    - default: "false"
+      description: Execute the build with network isolation
+      name: hermetic
+      type: string
+    - default: ""
+      description: Build dependencies to be prefetched by Cachi2
+      name: prefetch-input
+      type: string
+    - default: "false"
+      description: Java build
+      name: java
+      type: string
+    - default: "snyk-secret"
+      description: Snyk Token Secret Name
+      name: snyk-secret
+      type: string
+--
+
+You've enabled the Snyk task for your build pipeline.
+
+[role="_additional-resources"]
+== Additional resources
+
+For more information about Snyk, see link:https://snyk.io/product/snyk-code/[the Snyk website].
\ No newline at end of file