fix(STONEINTG-728): add a help doc to enable snyk

Signed-off-by: Sonam Maheshwari <[email protected]>
redhat-appstudio · Feb 9, 2024 · d337cf7 · d337cf7
1 parent e513763
commit d337cf7
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 0 deletions.
diff --git a/docs/modules/ROOT/nav-how-to-guides.adoc b/docs/modules/ROOT/nav-how-to-guides.adoc
@@ -10,6 +10,7 @@
 ** Testing your application
 *** xref:how-to-guides/testing_applications/con_test-overview.adoc[Overview of {ProductName} tests]
 *** xref:how-to-guides/testing_applications/surface-level_tests.adoc[Surface-level tests]
+**** xref:how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc[Enable snyk task]
 *** xref:how-to-guides/testing_applications/proc_adding_an_integration_test.adoc[Adding an integration test]
 *** xref:how-to-guides/testing_applications/proc_creating_custom_test.adoc[Creating a custom integration test]
 ** Managing environments

diff --git a/docs/modules/ROOT/pages/how-to-guides/testing_applications/con_test-overview.adoc b/docs/modules/ROOT/pages/how-to-guides/testing_applications/con_test-overview.adoc
@@ -22,6 +22,8 @@ Product security tests in {ProductName} ensure a product is secure and keep your
 * Vulnerability scanning via Clair
 * Anti-virus scanning via ClamAV
 * Code scanning via SAST tools
++
+** How to xref:how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc[Enable a Snyk task] for a product.
 
 For {ProductName} to perform our predefined product security tests on a given component, you also must xref:how-to-guides/configuring-builds/proc_upgrade_build_pipeline.adoc[upgrade its build pipeline].
 

diff --git a/...T/pages/how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc b/...T/pages/how-to-guides/testing_applications/enable_snyk_check_for_a_product.adoc
@@ -0,0 +1,57 @@
+= Enabling a Snyk task in Konflux
+
+[abstract]
+The sast-snyk-check task uses the Snyk Code tool to perform static application security testing (SAST). 
+Specifically, the Snyk check scans an application's source code for potential security vulnerabilities, 
+including SQL injection, cross-site scripting (XSS), and code injection attack vulnerabilities.
+
+> NOTE: You can run a Snyk task only if you have a Snyk token stored in a namespace secret. 
+This must also include the name of your secret in the *snyk-secret* pipeline parameter.
+
+== Enabling Snyk task
+
+. Register for a Snyk account or log in at https://app.snyk.io/.
+. Get a Snyk token.
+.. In the lower left of the home page, click your name, then select *Account* settings.
+.. From the Account Settings page, select *General*, which is the default, then *Auth Token*.
+.. Under the Auth Token section, click on *Click to View* button to visualize the *KEY* value of the automatically generated token.
+. To enable Snyk code, go to *Settings* on the left panel > Snyk Code > Enable Snyk Code > click the Disabled bar.
+.. Save the changes once *Enabled*.
+. Add the above generated secret *KEY* value to your {ProductName} workspace.
+    .. Login to the {ProductName} UI console https://console.redhat.com/preview/application-pipeline.
+    .. Click on the *Secrets* from the left panel.
+    .. Click on the *Add secret* button.
+    .. On the opened form,
+    ... Select Secret for *Build*.
+    ... From the *Secret type* dropdown menu, choose *Key/value secret*.
+    ... From the *Secret name* dropdown menu, select *snyk-secret*.
+    ... Under *Key/value 1* section the *Key* name is automatically populated as *snyk-token*.
+    ... Paste *snyk-token* value generated from the Snyk account in the above steps into the *Upload the file with value for your key or paste its contents* section.
+    ... Click on the *Add secret* button on the bottom of the page to save it.
+. Update .tekton yaml files to specify the Snyk secret name.
+
+You've enabled the Snyk task for your build pipeline.
+
+== Obtaining a Red Hat Snyk token using a service account
+
+[discrete]
+=== Create an organization-level Snyk token
+
+. Register for a Snyk account or log in at https://app.snyk.io/.
+. Under *Group* in the left navigation panel, select *Red Hat*.
+. Under *Organization* in the same panel, select the name of your organization.
+. Select *Members* to identify who from your organization has *Org Admin* access. Only those members with *Org Admin* access can create a service account and token.
+. Create a service account.
+.. From the left panel, select *Settings*, then when the Settings page opens, select *Service accounts*.
+.. Name your service account, select the appropriate role from the drop-down menu, then click *Create*.
+
+IMPORTANT:
+    * Snyk displays your token only once, so be sure to copy it before you refresh or close the page. If you forget or lose your new token, delete it and create another one.
+    * When you create a service account, Snyk generates an API token that is the only token associated with the account. This token replaces standard user credentials and authentication, so make sure you securely store it. Do not share it with unintended users and be sure to rotate or change it often.
+
+TIP: Limit access to the Snyk token by assigning the *Org Collaborator* role as often as possible, instead of *Org Admin*.
+
+[role="_additional-resources"]
+== Additional resources
+
+For more information about Snyk, see link:https://snyk.io/product/snyk-code/[the Snyk website].