@@ -138,6 +138,10 @@ spec:
138138 default : ' true'
139139 description : Use the package registry proxy when prefetching dependencies
140140 type : string
141+ - name : sast-target-dirs
142+ type : string
143+ default : .
144+ description : Target directories to scan with SAST tools. Multiple values should be separated with commas.
141145 results :
142146 - description : " "
143147 name : IMAGE_URL
@@ -161,7 +165,7 @@ spec:
161165 - name : name
162166 value : init
163167 - name : bundle
164- value : quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:b797dd453ddad669365de6de4649e3a9e37e77aa26eb9862ca079a36cbfe64a4
168+ value : quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:5a423246792ac501ea279229b42ee57da9927da441c04b5c9ff86817b0856b08
165169 - name : kind
166170 value : task
167171 resolver : bundles
@@ -178,7 +182,7 @@ spec:
178182 - name : name
179183 value : git-clone
180184 - name : bundle
181- value : quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21
185+ value : quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:fedaacbf05ff7b2cdd36bff6cb1f103755cb5dc0b4adc0540136d3606ade18a5
182186 - name : kind
183187 value : task
184188 resolver : bundles
@@ -200,7 +204,7 @@ spec:
200204 - name : name
201205 value : prefetch-dependencies
202206 - name : bundle
203- value : quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.3@sha256:44eb23c2c9a6d7dc471efd28bf835035add9853c065e110312c5feefe87cfc8c
207+ value : quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.3@sha256:d127e05fcd8f3c946cea0bbe8eab79a795544f1d2a8349448670af7dbc9ef827
204208 - name : kind
205209 value : task
206210 resolver : bundles
@@ -252,7 +256,7 @@ spec:
252256 - name : name
253257 value : buildah
254258 - name : bundle
255- value : quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:62f09c50d552eac57e17638c67e88b0982352a71975858c8ba262bcff293de06
259+ value : quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:3fc80805977ca958b632dd4750847d0e71e943a7795d07359bdc64ec95a74f74
256260 - name : kind
257261 value : task
258262 resolver : bundles
@@ -277,7 +281,7 @@ spec:
277281 - name : name
278282 value : build-image-index
279283 - name : bundle
280- value : quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb
284+ value : quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b33bfa8dc27dbf459f0779598ba45dcaa490bcc9f8efe1652bcf360ec8cb5582
281285 - name : kind
282286 value : task
283287 resolver : bundles
@@ -294,7 +298,7 @@ spec:
294298 - name : name
295299 value : source-build
296300 - name : bundle
297- value : quay.io/konflux-ci/tekton-catalog/task-source-build:0.3@sha256:df999473b440066ce856e36d80afd06b6ed3b575e07b6ac3efe79a25addc2045
301+ value : quay.io/konflux-ci/tekton-catalog/task-source-build:0.3@sha256:2f846d3fdf221da1dedfe2b57e8350d6a9c2060bec3e9105325f56ac80ecb0f1
298302 - name : kind
299303 value : task
300304 resolver : bundles
@@ -319,7 +323,7 @@ spec:
319323 - name : name
320324 value : deprecated-image-check
321325 - name : bundle
322- value : quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:57d1f556982115311f603dd9a728c52a7a1d092f022e1db4560da01eca9e5d17
326+ value : quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:e78d0d3baf3c8cfc1a5ad278196b74032d9568b143a87c7a79ab780fedfb296e
323327 - name : kind
324328 value : task
325329 resolver : bundles
@@ -341,7 +345,7 @@ spec:
341345 - name : name
342346 value : clair-scan
343347 - name : bundle
344- value : quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:cd49cdea7e5403a87c4774bd8ea10bc4e6aeb83841ff490cbe42b782779513a7
348+ value : quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8fad4c2e2f470f82ee43d6b2ac72327b4d9c6e9cb514a678911c1c9359c29894
345349 - name : kind
346350 value : task
347351 resolver : bundles
@@ -361,7 +365,7 @@ spec:
361365 - name : name
362366 value : ecosystem-cert-preflight-checks
363367 - name : bundle
364- value : quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:2468c01818fbaad2235e4fca438f28e847260e3e354cf5a441bbd671684af2db
368+ value : quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9c300728a03f41beee9a689422d66513d32ab5f804664fe561b11cebacd07799
365369 - name : kind
366370 value : task
367371 resolver : bundles
@@ -376,14 +380,16 @@ spec:
376380 value : $(tasks.build-image-index.results.IMAGE_DIGEST)
377381 - name : image-url
378382 value : $(tasks.build-image-index.results.IMAGE_URL)
383+ - name : TARGET_DIRS
384+ value : $(params.sast-target-dirs)
379385 runAfter :
380386 - build-image-index
381387 taskRef :
382388 params :
383389 - name : name
384390 value : sast-snyk-check
385391 - name : bundle
386- value : quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:566753ca880764361b11f2c67d8e62dda94f829b11cb48e4716f27568216a481
392+ value : quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:8beb3a168cbefc853ff79bd1a1ea37a6dbf5a1d466bc763c7b613fa71a92ddae
387393 - name : kind
388394 value : task
389395 resolver : bundles
@@ -442,6 +448,8 @@ spec:
442448 - $(params.build-args[*])
443449 - name : BUILD_ARGS_FILE
444450 value : $(params.build-args-file)
451+ - name : TARGET_DIRS
452+ value : $(params.sast-target-dirs)
445453 runAfter :
446454 - coverity-availability-check
447455 taskRef :
@@ -488,14 +496,16 @@ spec:
488496 value : $(tasks.build-image-index.results.IMAGE_DIGEST)
489497 - name : image-url
490498 value : $(tasks.build-image-index.results.IMAGE_URL)
499+ - name : TARGET_DIRS
500+ value : $(params.sast-target-dirs)
491501 runAfter :
492502 - build-image-index
493503 taskRef :
494504 params :
495505 - name : name
496506 value : sast-shell-check
497507 - name : bundle
498- value : quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:2cd09c97b9f0fae9c7bcd26d956f77221fb7137ee8b2ef17e7351b5e6f1eb89e
508+ value : quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:ffc6d575f7234e43f34e9ce82ace581f848e817e3d489116ff186f12e1cc6722
499509 - name : kind
500510 value : task
501511 resolver : bundles
@@ -513,14 +523,16 @@ spec:
513523 value : $(tasks.build-image-index.results.IMAGE_DIGEST)
514524 - name : image-url
515525 value : $(tasks.build-image-index.results.IMAGE_URL)
526+ - name : TARGET_DIRS
527+ value : $(params.sast-target-dirs)
516528 runAfter :
517529 - build-image-index
518530 taskRef :
519531 params :
520532 - name : name
521533 value : sast-unicode-check
522534 - name : bundle
523- value : quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.4@sha256:c162d9d0cd1e4c64dfc340577ba8e6bf55ebd1bb859fe3157217de9b4473c640
535+ value : quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.4@sha256:7631757c4f22df2fe303e5a6238cb090434130a4190f443531c0ac8c9e7b357f
524536 - name : kind
525537 value : task
526538 resolver : bundles
@@ -586,7 +598,7 @@ spec:
586598 - name : name
587599 value : rpms-signature-scan
588600 - name : bundle
589- value : quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1d807f6be3be2bd8bff76321e9599bbafce8196dcd9597eeffd9df65466682af
601+ value : quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:237c54b069d16c3785d1302f19be309aa6c0ae2313d446e30cb74671e07ca676
590602 - name : kind
591603 value : task
592604 resolver : bundles
0 commit comments