From ece1e119aff5432389c8d70aad2d5fed8807a89c Mon Sep 17 00:00:00 2001
From: QuietEngineer <qtengineer@proton.me>
Date: Sat, 6 Sep 2025 15:46:23 -0600
Subject: [PATCH] ci: add snyk scans

---
 .tangled/workflows/security.yaml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 .tangled/workflows/security.yaml

diff --git a/.tangled/workflows/security.yaml b/.tangled/workflows/security.yaml
new file mode 100644
index 0000000..c3fd7c1
--- /dev/null
+++ b/.tangled/workflows/security.yaml
@@ -0,0 +1,32 @@
+when:
+  - event: ["push", "pull_request"]
+    branch: ["main", "develop"]
+  - event: ["manual"]
+
+engine: "nixery"
+
+dependencies:
+  nixpkgs:
+    - go
+    - snyk
+
+environment:
+  SNYK_DISABLE_ANALYTICS: 1
+
+steps:
+  - name: build application
+    command: |
+      go build -v ./...
+
+  - name: snyk auth
+    command: |
+      snyk auth "$SNYK_TOKEN"
+
+  - name: snyk test
+    command: |
+      snyk monitor --all-projects
+      snyk test --all-projects
+
+  - name: snyk code test
+    command: |
+      snyk code test --json-file-output=snyk_code.json
-- 
2.43.0