fix(STONEINTG-728): add a help doc to enable snyk

Signed-off-by: Sonam Maheshwari <[email protected]>

docs/modules/ROOT/nav-how-to-guides.adoc

@@ -9,6 +9,7 @@
 *** xref:how-to-guides/configuring-builds/proc_preventing_redundant_rebuilds.adoc[Preventing redundant rebuilds]
 ** Testing your application
 *** xref:how-to-guides/testing_applications/con_test-overview.adoc[Overview of {ProductName} tests]
+**** xref:how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc[enable snyk task]
 *** xref:how-to-guides/testing_applications/surface-level_tests.adoc[Surface-level tests]
 *** xref:how-to-guides/testing_applications/proc_adding_an_integration_test.adoc[Adding an integration test]
 *** xref:how-to-guides/testing_applications/proc_creating_custom_test.adoc[Creating a custom integration test]

docs/modules/ROOT/pages/how-to-guides/testing_applications/con_test-overview.adoc

@@ -22,6 +22,7 @@ Product security tests in {ProductName} ensure a product is secure and keep your
 * Vulnerability scanning via Clair
 * Anti-virus scanning via ClamAV
 * Code scanning via SAST tools
+    * How to xref:how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc[enable snyk task] for a product.
 
 For {ProductName} to perform our predefined product security tests on a given component, you also must xref:how-to-guides/configuring-builds/proc_upgrade_build_pipeline.adoc[upgrade its build pipeline].
 

docs/modules/ROOT/pages/how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc

@@ -0,0 +1,44 @@
+= Enable snyk task for a product
+
+== Description:
+
+The sast-snyk-check task uses Snyk Code tool to perform Static Application Security Testing (SAST) for Snyk, a popular cloud-native application security platform.
+
+Snyk's SAST tool uses a combination of static analysis and machine learning techniques to scan an application's source code for potential security vulnerabilities, including common issues such as SQL injection, cross-site scripting (XSS), and code injection attacks.
+
+> NOTE: This task is executed only if the user provides a Snyk token stored in a secret in their namespace. The name of the secret then needs to be supplied in the `snyk-secret` pipeline parameter.
+
+== Steps to enable snyk:
+
+. Sign up/login at https://app.snyk.io/
+. Obtain Snyk token by navigating to the Account / General / Auth Token section
+
+    image::account_settings.png[alt=Snyk account settings]
+
+. Enable Snyk Code
+
+    image::enable_snyk_code.png[alt=Enable snyk code]
+
+. Add this secret to your workspace
+    .. Edit Component and Add Secret
+        ... Select snyk-secret for name
+        ... Paste snyk token into value text box
+
+    image::add_snyk_secret.png[alt=Add snyk secret]
+
+. Update .tekton yaml files to specify the secret name
+
+    image::snyk_yaml_example.png[alt=Snyk yaml example]
+
+. Snyk check should now be enabled on the pipeline
+
+    image::snyk_enabled.png[alt=Snyk enabled]
+
+== To obtain a Red Hat Snyk token via Service Account(Only for Red Hat Internal users)
+
+Follow the steps given https://docs.engineering.redhat.com/display/PRODSEC/How+to+create+and+use+a+Snyk+token+via+a+Service+account[here]
+
+== Additional links:
+
+* https://snyk.io/product/snyk-code/
+* https://snyk.io/