From b4c107bfb769f97e3a899d62875bc4dc505f50a4 Mon Sep 17 00:00:00 2001
From: Wayne Grant <117590766+wayne-grant@users.noreply.github.com>
Date: Wed, 5 Jun 2024 09:43:15 +0100
Subject: [PATCH] feat: add prodsec/security_scans (#282)

---
 .circleci/config.yml | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 58fc80f..91b6771 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -3,7 +3,7 @@ version: 2.1
 orbs:
   node: circleci/node@5.1.0
   win: circleci/windows@2.4.0
-  prodsec: snyk/prodsec-orb@1.0
+  prodsec: snyk/prodsec-orb@1
 
 defaults: &defaults
   parameters:
@@ -185,6 +185,23 @@ commands:
           paths:
             - ~\AppData\Local\Temp\jdk
 jobs:
+  security-scans:
+    resource_class: small
+    <<: *defaults
+    docker:
+      - image: cimg/node:<< parameters.node_version >>
+    steps:
+      - checkout
+      - node-install-packages
+      - run:
+          name: Generate package-lock.json (Required for snyk OS scanning)
+          command: npm install --package-lock
+      - show_node_version
+      - prodsec/security_scans:
+          mode: auto
+          open-source-additional-arguments: --exclude=test
+          iac-scan: disabled
+
   lint:
     <<: *defaults
     docker:
@@ -264,6 +281,13 @@ workflows:
           channel: os-team-managed-alerts
           <<: *filters_branches_ignore_main
 
+      - security-scans:
+          name: Security Scans
+          node_version: "20.9"
+          context:
+            - open_source-managed
+            - nodejs-install
+
       - lint:
           name: Lint
           context: nodejs-install