From d9e02990af3510bab6cbf9db7cc9fcdd22de2776 Mon Sep 17 00:00:00 2001
From: Steve Smith <ssmith@atlassian.com>
Date: Tue, 2 Mar 2021 15:05:09 +1100
Subject: [PATCH] Add running of Snyk againsts runtime dependencies.

---
 .../templates/bitbucket-pipelines.yml.j2              | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pipeline_generator/templates/bitbucket-pipelines.yml.j2 b/pipeline_generator/templates/bitbucket-pipelines.yml.j2
index e42e10b..8d29339 100644
--- a/pipeline_generator/templates/bitbucket-pipelines.yml.j2
+++ b/pipeline_generator/templates/bitbucket-pipelines.yml.j2
@@ -43,3 +43,14 @@ pipelines:
              - cd roles/{{ spath.parts[2] }}
              - pipenv run molecule test -s {{ spath.parts[4] }}
        {% endfor %}
+
+        - step:
+           name: Run Snyk security scan
+           services:
+             - docker
+           script:
+              - ./bin/install-ansible --dev
+              - apt-get update && apt-get install -y npm
+              - npm install -g snyk
+              - snyk auth $SNYK_TOKEN
+              - pipenv run snyk test --severity-threshold=high