The snyksec Github service account is being disabled to comply with the ProdSec security standards, so each team must create their own Github service account. The Narwhal service account can be found in the Team Narwhal 1Password vault.
Further, as per the standards, secrets and contexts should not be shared across projects where possible to limit the blast radius. So, as part of this work, a narwhal-policy CircleCI context has been created with a project specific SNYK_TOKEN and GITHUB_PRIVATE_TOKEN. This PR updates the context, after which, the SNYK_TOKEN environment variable will be removed from CircleCI
What does this PR do?
The
snyksec
Github service account is being disabled to comply with the ProdSec security standards, so each team must create their own Github service account. The Narwhal service account can be found in theTeam Narwhal
1Password vault.Further, as per the standards, secrets and contexts should not be shared across projects where possible to limit the blast radius. So, as part of this work, a
narwhal-policy
CircleCI context has been created with a project specificSNYK_TOKEN
andGITHUB_PRIVATE_TOKEN
. This PR updates the context, after which, theSNYK_TOKEN
environment variable will be removed from CircleCI