version: 2.1 orbs: prodsec: snyk/prodsec-orb@1 executors: docker-node: parameters: version: default: 'lts' type: string docker: - image: cimg/node:<> commands: install: steps: - run: name: Install command: npm install test: steps: - run: name: Test command: npm test release: steps: - run: name: Release command: npx semantic-release jobs: security-scans: resource_class: small parameters: node-version: type: string executor: name: docker-node version: << parameters.node-version >> steps: - checkout - install - prodsec/security_scans: mode: auto release-branch: master open-source-additional-arguments: --exclude=test iac-scan: disabled test: resource_class: small parameters: node-version: type: string executor: name: docker-node version: << parameters.node-version >> steps: - checkout - install - test release: resource_class: small executor: name: docker-node steps: - checkout - install - release workflows: version: 2 test: jobs: - prodsec/secrets-scan: name: Scan repository for secrets context: - snyk-bot-slack channel: os-team-managed-alerts filters: branches: ignore: - master - security-scans: name: Security Scans context: open_source-managed node-version: '20.5.0' - test: name: Test Node << matrix.node-version >> context: nodejs-install matrix: parameters: node-version: ['16.1.0', '18.17.0', '20.5.0'] - release: name: Release requires: - Scan repository for secrets - Test Node 16.1.0 - Test Node 18.17.0 - Test Node 20.5.0 context: nodejs-lib-release filters: branches: only: - master