[Security Tooling] Snyk - add new repos and check code analysis state of some projects

[evegufy]

Security Tooling Support Request

Tool

• [ ] KICS
• [ ] Invicti / OWASP ZAP
• [ ] GitGuardian
• [ ] Trivy
• [ ] Veracode (initial setup, GitHub integration)
• [x] Snyk

Issue Description

Snyk Organization: Portal Please add the following repositories: https://github.com/eclipse-tractusx/ssi-credential-issuer https://github.com/eclipse-tractusx/ssi-authority-schema-registry

And please check the code analysis state of some of the already added projects/repos as I just noticed that the code analysis was last tested 3 months ago for portal-assets, portal-frontend and portal-shared-components.

Thank you!

[RoKrish14]

@evegufy : The import of two new projects were unsuccessful. I will update you soon once the import issue is resolved.

[RoKrish14]

Hi @evegufy, regarding the onborading of two of the repositories that you requested, unfortunately cannot be fulfilled. Since the repo contains markdowns and shell scripts, there is no support from Snyk.

For the periodic scans, which was currently on hold, I have triggered a fresh start, hopefully, there should be weekly scans available. This can be checked next week (for the first weekly scan). Hope that helps.

[evegufy]

Hi @RoKrish14 thanks for the feedback. Regarding the new projects: they are going to be C# repos but the according developments are still in feature branches. I'll update you once the developments are available in the main branch.

[RoKrish14]

@evegufy

1. For the newer C# files, once they are uploaded in the repo, we can check again, if the tool performs the scans.
2. The weekly scans worked as expected last week.

[RoKrish14]

Closing this issue now. If there would be any isues related to C#, we can look it up. The weekly scans are working as expected.