Scan -rc releases with Snyk (#857)

.github/workflows/release.yml

@@ -54,13 +54,13 @@ jobs:
           - nsq
         include:
           - app: kinesis
-            run_snyk: ${{ !contains(github.ref, 'rc') }}
+            final_release: ${{ !contains(github.ref, 'rc') }}
           - app: pubsub
-            run_snyk: ${{ !contains(github.ref, 'rc') }}
+            final_release: ${{ !contains(github.ref, 'rc') }}
           - app: kafka
-            run_snyk: ${{ !contains(github.ref, 'rc') }}
+            final_release: ${{ !contains(github.ref, 'rc') }}
           - app: nsq
-            run_snyk: ${{ !contains(github.ref, 'rc') }}
+            final_release: ${{ !contains(github.ref, 'rc') }}
     steps:
     - uses: actions/checkout@v2
       if: startsWith(github.ref, 'refs/tags/')
@@ -153,18 +153,26 @@ jobs:
         platforms: linux/amd64,linux/arm64/v8
         tags: ${{ steps.distroless-meta.outputs.tags }}
         push: true
-    - name: Build local distroless image, which is needed to run Snyk
-      if: matrix.run_snyk
+    - name: Publish local distroless image, which is needed to run Snyk
       run: sbt "project ${{ matrix.app }}Distroless" docker:publishLocal
     - name: Run Snyk to check for vulnerabilities
       uses: snyk/actions/docker@master
-      if: matrix.run_snyk
+      if: matrix.final_release
       with:
         image: "${{ steps.packageName.outputs.package_name }}:${{ steps.ver.outputs.tag }}-distroless"
         args: "--app-vulns --org=data-processing-new"
         command: monitor
       env:
         SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+    - name: Run Snyk to check for vulnerabilities (-rc)
+      uses: snyk/actions/docker@master
+      if: ${{ ! matrix.final_release }}
+      with:
+        image: "${{ steps.packageName.outputs.package_name }}:${{ steps.ver.outputs.tag }}-distroless"
+        args: "--app-vulns --org=data-cap"
+        command: monitor
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
   publish_sce:
     if: startsWith(github.ref, 'refs/tags/')