CI - Add Snyk Scanning

.github/workflows/snyk-scan-cron.yml

@@ -0,0 +1,44 @@
+---
+# SPDX-License-Identifier: BSD-3-Clause
+# Copyright (c) Contributors to the OpenVDB Project.
+
+name: Snyk Scan Code
+
+on:
+  # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+  schedule:
+    - cron: "0 4 * * 0"
+
+permissions:
+  contents: read
+
+jobs:
+  snyk-scan-pr:
+    runs-on: ubuntu-latest
+    if: github.repository == 'AcademySoftwareFoundation/openvdb'
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - uses: snyk/actions/setup@8349f9043a8b7f0f3ee8885bf28f0b388d2446e8 # master
+        id: snyk
+
+      - name: Snyk version
+        run: echo "${{ steps.snyk.outputs.version }}"
+
+      - name: Snyk Auth
+        run: snyk auth ${{ secrets.SNYK_TOKEN }}
+
+      - name: Snyk Scan Code
+        # Scan the C/C++ code for vulnerabilities using the Snyk CLI with the unmanaged flag
+        # https://docs.snyk.io/scan-using-snyk/supported-languages-and-frameworks/c-c++ for options
+        run: snyk test --unmanaged --print-dep-paths --org=${{ secrets.SNYK_ORG }}
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        continue-on-error: true # optional
+
+      - name: Monitor for Vulnerabilities
+        # To import the test results (issues and dependencies) in the Snyk CLI, run the snyk monitor --unmanaged command:
+        run: snyk monitor --unmanaged --org=${{ secrets.SNYK_ORG }}
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        continue-on-error: true # optional