From f31d13ed86860e2f1aecde7bdc3737c2e170ab1a Mon Sep 17 00:00:00 2001
From: farrell-m <michael.farrell@digital.justice.gov.uk>
Date: Fri, 20 Dec 2024 15:22:30 +0000
Subject: [PATCH] Revert "integrate with Snyk"

This reverts commit 6c4fa43d8a1caaae909f2efb85b03b752795ef28.
---
 .github/workflows/pr-merge-main.yml |  29 +-------
 .github/workflows/push-branch.yml   |  32 ---------
 .gitignore                          |   2 -
 .snyk                               |   8 ---
 README.md                           |  43 ------------
 snyk/snyk_delta_all_projects.sh     | 102 ----------------------------
 6 files changed, 1 insertion(+), 215 deletions(-)
 delete mode 100644 .snyk
 delete mode 100755 snyk/snyk_delta_all_projects.sh

diff --git a/.github/workflows/pr-merge-main.yml b/.github/workflows/pr-merge-main.yml
index 675f21e..ad06e73 100644
--- a/.github/workflows/pr-merge-main.yml
+++ b/.github/workflows/pr-merge-main.yml
@@ -56,31 +56,4 @@ jobs:
       - name: Update version
         uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629
         with:
-          arguments: release -Prelease.useAutomaticVersion=true
-
-  vulnerability-report:
-    if: github.event.pull_request.merged == true
-    runs-on: ubuntu-latest
-
-    env:
-      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      SNYK_ORG: legal-aid-agency
-      SNYK_TEST_EXCLUDE: build,generated
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Generate Snyk report and upload to LAA Dashboard
-        uses: snyk/actions/gradle@0.4.0
-        continue-on-error: true
-        with:
-          command: monitor
-          args: --org=${SNYK_ORG} --all-projects --exclude=$SNYK_TEST_EXCLUDE
-      - name: Generate sarif Snyk report
-        uses: snyk/actions/gradle@0.4.0
-        continue-on-error: true
-        with:
-          args: --org=${SNYK_ORG} --all-projects --exclude=$SNYK_TEST_EXCLUDE --sarif-file-output=snyk-report.sarif
-      - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: snyk-report.sarif
+          arguments: release -Prelease.useAutomaticVersion=true
\ No newline at end of file
diff --git a/.github/workflows/push-branch.yml b/.github/workflows/push-branch.yml
index c520b8c..65dc9d0 100644
--- a/.github/workflows/push-branch.yml
+++ b/.github/workflows/push-branch.yml
@@ -54,35 +54,3 @@ jobs:
           arguments: publish
         env:
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  vulnerability-scan:
-    runs-on: ubuntu-latest
-
-    env:
-      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      SNYK_ORG: legal-aid-agency
-      SNYK_TEST_EXCLUDE: build,generated
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up JDK 21
-        uses: actions/setup-java@v3
-        with:
-          java-version: '21'
-          distribution: 'temurin'
-      - uses: snyk/actions/setup@0.4.0
-      - name: Install snyk-delta
-        run: |
-          npm config set prefix '~/.local/'
-          mkdir -p ~/.local/bin
-          export PATH="$HOME/.local/bin/:$PATH"
-          npm install -g snyk-delta
-      - name: Identify new vulnerabilities
-        run: ./snyk/snyk_delta_all_projects.sh --org=$SNYK_ORG --exclude=$SNYK_TEST_EXCLUDE
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Run code test
-        uses: snyk/actions/gradle@0.4.0
-        with:
-          command: code test
-          args: --org=${SNYK_ORG}
diff --git a/.gitignore b/.gitignore
index bf34eca..44858d2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -93,5 +93,3 @@ test-results/
 
 .idea
 
-# Snyk
-.dccache
diff --git a/.snyk b/.snyk
deleted file mode 100644
index f652cce..0000000
--- a/.snyk
+++ /dev/null
@@ -1,8 +0,0 @@
-# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.25.1
-ignore: {}
-patch: {}
-exclude:
-  global:
-    - assessment-service/src/test
-    - assessment-service/src/integrationTest
diff --git a/README.md b/README.md
index cb1a6e5..f3da862 100644
--- a/README.md
+++ b/README.md
@@ -6,46 +6,3 @@ This API uses components from the [LAA CCMS Common Library](https://github.com/m
 
 - [laa-ccms-spring-boot-plugin](https://github.com/ministryofjustice/laa-ccms-spring-boot-common?tab=readme-ov-file#laa-ccms-spring-boot-gradle-plugin-for-java--spring-boot-projects)
 - [laa-ccms-spring-boot-starter-auth](https://github.com/ministryofjustice/laa-ccms-spring-boot-common/tree/main/laa-ccms-spring-boot-starters/laa-ccms-spring-boot-starter-auth)
-
-### Running Snyk locally
-To run Snyk locally, you will need to [install the Snyk CLI](https://docs.snyk.io/snyk-cli/install-or-update-the-snyk-cli).
-
-Once installed, you will be able to run the following commands:
-
-```shell
-snyk test
-```
-For open-source vulnerabilies and licence issues. See [`snyk test`](https://docs.snyk.io/snyk-cli/commands/test).
-
-```shell
-snyk code test
-```
-For Static Application Security Testing (SAST) - known security issues. See [`snyk code test`](https://docs.snyk.io/snyk-cli/commands/code-test).
-
-A [JetBrains Plugin](https://plugins.jetbrains.com/plugin/10972-snyk-security) is also available to integrate with your IDE. In addition to
-vulnerabilities, this plugin will also report code quality issues.
-
-### Configuration (`.snyk`)
-
-The [.snyk](.snyk) file is used to configure exclusions for scanning. If a vulnerability is not
-deemed to be a threat, or will be dealt with later, it can be added here to stop the pipeline
-failing. See [documentation](https://docs.snyk.io/manage-risk/policies/the-.snyk-file) for more details.
-
-### False Positives
-
-Snyk may report that new vulnerabilities have been introduced on a feature branch and fail the
-pipeline, even if this is not the case. As newly identified vulnerabilities are always being
-published, the report for the main branch may become outdated when a new vulnerability is published.
-
-If you think this may be the case, simply re-run the `monitor` command against the `main` branch
-to update the report on the Snyk server, then re-run your pipeline.
-
-Please ensure this matches the command used by the [pr-merge-main](.github/workflows/pr-merge.yml)
-workflow to maintain consistency.
-
-```shell
-snyk monitor --org=legal-aid-agency --all-projects --exclude=build,generated
-```
-
-You should then see the new vulnerability in the LAA Dashboard, otherwise it is a new
-vulnerability introduced on the feature branch that needs to be resolved.
diff --git a/snyk/snyk_delta_all_projects.sh b/snyk/snyk_delta_all_projects.sh
deleted file mode 100755
index 541e655..0000000
--- a/snyk/snyk_delta_all_projects.sh
+++ /dev/null
@@ -1,102 +0,0 @@
-#!/bin/bash
-
-
-#  Copyright 2018 Snyk Ltd.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-
-# Permalink: https://github.com/snyk-tech-services/snyk-delta/blob/1a45cc1ec6b390d8e1b266b157e00453a4d12eb5/snyk_delta_all_projects.sh
-
-# Call this script as you would call snyk test | snyk-delta, minus the --all-projects and --json flags
-# This is an interim fix until snyk-delta supports all projects itself (or snyk supports a --new flag)
-# example: /bin/bash snyk_delta_all_projects.sh --severity=high --exclude=tests,resources -- -s config.yaml
-# runs snyk test --all-projects --json $*
-# requires jq to be installed
-
-set -euo pipefail
-
-exit_code=0
-snyk_test_json=''
-formatted_json=''
-args=("$*")
-
-run_snyk_delta () {
-    # add in any other arguments you would like to use
-    snyk-delta
-}
-
-run_snyk_test () {
-    echo "Running: snyk test --all-projects --json" $args
-    local snyk_exit_code=0
-    {
-
-        snyk_test_json=`snyk test --all-projects --json $args`
-
-        } || {
-        snyk_exit_code=$?
-        if [ $snyk_exit_code -eq 2 ]
-        then
-            echo 'snyk test command was not successful, retry with -d to see more information'
-            exit 2
-        fi
-    }
-
-
-}
-
-format_snyk_test_output() {
-    echo "Processing snyk test --json output"
-    {
-        formatted_json=`echo $snyk_test_json | jq -r 'if type=="array" then .[] else . end | @base64'`
-        } || {
-        echo 'failed to process snyk-test result'
-        exit 2
-    }
-}
-
-
-#######
-# 1. run snyk test
-run_snyk_test
-
-# 2. format results to support single & multiple results returned
-format_snyk_test_output
-
-# 3. call snyk-delta for each result
-for test in `echo $formatted_json`; do
-    single_result="$(echo ${test} | base64 -d)" # use "base64 -d -i" on Windows, which will ignore any "gardage" characters echoing may add
-    project_name="$(echo ${single_result} | jq -r '.displayTargetFile')"
-    echo 'Processing: '  ${project_name}
-    if echo ${single_result} | run_snyk_delta
-    then
-        project_exit_code=$?
-        echo 'Finished processing'
-    else
-        project_exit_code=$?
-        if [ $project_exit_code -gt 1 ]
-        then
-            echo 'snyk-delta encountered an error, retrying.'
-            echo ${single_result} | run_snyk_delta
-        fi
-        echo 'Finished processing'
-    fi
-
-    if [ $project_exit_code -gt $exit_code ]
-    then
-        exit_code=$project_exit_code
-    fi
-    echo "Project: ${project_name} | Exit code: ${project_exit_code}"
-done
-
-echo "Overall exit code for snyk-delta-all-projects.sh: ${exit_code}"
-exit $exit_code