From 6e80aea462bf2b4cf5cccfa034f112d4e51fa49a Mon Sep 17 00:00:00 2001
From: QuietEngineer <qtengineer@proton.me>
Date: Sat, 6 Sep 2025 15:46:23 -0600
Subject: [PATCH] ci: add snyk scans

---
 .tangled/workflows/security.yaml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 .tangled/workflows/security.yaml

diff --git a/.tangled/workflows/security.yaml b/.tangled/workflows/security.yaml
new file mode 100644
index 0000000..36f34cc
--- /dev/null
+++ b/.tangled/workflows/security.yaml
@@ -0,0 +1,28 @@
+when:
+  - event: ["push", "pull_request"]
+    branch: ["main", "develop"]
+  - event: ["manual"]
+
+engine: "nixery"
+
+dependencies:
+  nixpkgs:
+    - go
+    - snyk
+
+environment:
+  SNYK_DISABLE_ANALYTICS: 1
+
+steps:
+  - name: build application
+    command: |
+      go build -v ./...
+
+  - name: snyk auth
+    command: |
+      snyk auth "$SNYK_TOKEN"
+
+  - name: snyk test
+    command: |
+      snyk monitor --all-projects
+      snyk test --all-projects
-- 
2.43.0