From 41db323a0c8e67d9ebd41d08539ae76ec1176e57 Mon Sep 17 00:00:00 2001
From: Roberto Tyley <52038+rtyley@users.noreply.github.com>
Date: Thu, 24 Oct 2024 15:27:14 +0100
Subject: [PATCH] Delete Snyk workflow - replaced by submitting sbt
 dependencies to GitHub

Further to https://github.com/guardian/play-secret-rotation/pull/475, we are now removing Snyk from this project, so we can rely on one source of truth for dependency-vulnerability information.

In this repo, we would find GitHub's dependency-vulnerability information at:

https://github.com/guardian/play-secret-rotation/security/dependabot

This does seem to miss some information that we could find in a Snyk report - ie the dependency-path that introduces the dependency. For instance this Snyk issue provides "Detailed paths \ Introduced through" information:

https://app.snyk.io/org/scala-guild/project/10018236-f7b7-416e-99d4-196d1c2f3d23
---
 .github/workflows/snyk.yml | 18 ------------------
 1 file changed, 18 deletions(-)
 delete mode 100644 .github/workflows/snyk.yml

diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
deleted file mode 100644
index fabbf80..0000000
--- a/.github/workflows/snyk.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: Snyk
-
-on: 
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-
-jobs:
-  security:
-    uses: guardian/.github/.github/workflows/sbt-node-snyk.yml@main
-    with:
-      DEBUG: true
-      ORG: scala-guild
-      SKIP_NODE: true
-      EXCLUDE: aws-parameterstore
-    secrets:
-       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}