Adding SNYK IaC Scanning

.github/workflows/snyk.yaml

@@ -0,0 +1,41 @@
+name: SNYK
+
+on:
+  push:
+    branches:
+      - main
+      - release-*
+    paths:
+      - "charts/**"
+
+jobs:
+  scan-iac:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/[email protected]
+        with:
+          version: v3.17.0
+
+      - name: Render Templates
+        run: |
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add backstage https://backstage.github.io/charts
+          helm repo update    
+          helm dependency build ./charts/backstage
+          helm template ./charts/backstage/ --output-dir ./output
+
+      - name: Run SNYK IaC Scan
+        continue-on-error: true
+        uses: snyk/actions/iac@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
+        with:
+          args: --report --org=$SNYK_ORG_ID --target-name=github-action-redhat-developer-rhdh-chart
+          file: ./output/

.gitignore

@@ -7,3 +7,4 @@
 # helm chart dependencies
 charts/*/charts/
 **/charts/*.tgz
+output