@@ -121,6 +121,10 @@ spec:
121121 default : ' true'
122122 description : Use the package registry proxy when prefetching dependencies
123123 type : string
124+ - name : sast-target-dirs
125+ type : string
126+ default : .
127+ description : Target directories to scan with SAST tools. Multiple values should be separated with commas.
124128 results :
125129 - description : " "
126130 name : IMAGE_URL
@@ -144,7 +148,7 @@ spec:
144148 - name : name
145149 value : init
146150 - name : bundle
147- value : quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:b797dd453ddad669365de6de4649e3a9e37e77aa26eb9862ca079a36cbfe64a4
151+ value : quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:5a423246792ac501ea279229b42ee57da9927da441c04b5c9ff86817b0856b08
148152 - name : kind
149153 value : task
150154 resolver : bundles
@@ -165,7 +169,7 @@ spec:
165169 - name : name
166170 value : git-clone-oci-ta
167171 - name : bundle
168- value : quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1 @sha256:13d49df7dc9ae301627e45f95a236011422996152f1bea46cd60217b0f057407
172+ value : quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.2 @sha256:52827a47564514f6accab971b8fad4f1c1cf59997507ed7c4e534615eeeae567
169173 - name : kind
170174 value : task
171175 resolver : bundles
@@ -193,7 +197,7 @@ spec:
193197 - name : name
194198 value : prefetch-dependencies-oci-ta
195199 - name : bundle
196- value : quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:1b209c0d93e52e418f3e6cd4b4fd915a84e4bd7f68e1cfd0d6446133540d7f43
200+ value : quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:92956e75cd4714286f9c0c043f5301d1c0df1d750884edeceee87e0a91cc1975
197201 - name : kind
198202 value : task
199203 resolver : bundles
@@ -242,7 +246,7 @@ spec:
242246 - name : name
243247 value : buildah-oci-ta
244248 - name : bundle
245- value : quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.9 @sha256:681d9f65a7f50cb260ee576ccab551e11d63c549f1e1ef3d201da3c112855bd6
249+ value : quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.10 @sha256:c38fc465f5904540d59cab9edad9a56c996e0ed8c31166f8b3eb3a1702ab6f91
246250 - name : kind
247251 value : task
248252 resolver : bundles
@@ -264,7 +268,7 @@ spec:
264268 - name : name
265269 value : build-image-index
266270 - name : bundle
267- value : quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:550afde50349e22ec11191ea0db9a49395ab46fef4e8317d820b6e946677ebeb
271+ value : quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:0b4251ea0fab38be2b1441bea2788220d4cf2963ffb854a0ed90992fbabbe122
268272 - name : kind
269273 value : task
270274 resolver : bundles
@@ -285,7 +289,7 @@ spec:
285289 - name : name
286290 value : source-build-oci-ta
287291 - name : bundle
288- value : quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0917cfc7772e82cb8e74743c2104f43bcf2596aceafe87eec6fce69a8cac5f06
292+ value : quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:d8115c74aed42fe9b1b3df149c534ced09f33c7bc6e51449bcaf8ec50699b8a0
289293 - name : kind
290294 value : task
291295 resolver : bundles
@@ -307,7 +311,7 @@ spec:
307311 - name : name
308312 value : deprecated-image-check
309313 - name : bundle
310- value : quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:57d1f556982115311f603dd9a728c52a7a1d092f022e1db4560da01eca9e5d17
314+ value : quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:e78d0d3baf3c8cfc1a5ad278196b74032d9568b143a87c7a79ab780fedfb296e
311315 - name : kind
312316 value : task
313317 resolver : bundles
@@ -329,7 +333,7 @@ spec:
329333 - name : name
330334 value : clair-scan
331335 - name : bundle
332- value : quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:cd49cdea7e5403a87c4774bd8ea10bc4e6aeb83841ff490cbe42b782779513a7
336+ value : quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:312fb4d135e351bde38bcb14a7897b238d0aac19703b4e507c105f12b57836f1
333337 - name : kind
334338 value : task
335339 resolver : bundles
@@ -349,7 +353,7 @@ spec:
349353 - name : name
350354 value : ecosystem-cert-preflight-checks
351355 - name : bundle
352- value : quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:25dcef1d9270b2e03fe6710a733171f7c7208e341fc627dac3a579088f44af34
356+ value : quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:3c4f60ebda2225eff6a6bc387d9bbd443f1264d756bf385f97cc684992e904a0
353357 - name : kind
354358 value : task
355359 resolver : bundles
@@ -370,14 +374,16 @@ spec:
370374 value : $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
371375 - name : ARGS
372376 value : " --project-name=openshift/file-integrity-operator --report --org=86a5b6bf-8aad-4842-ab41-e5c7358c202e"
377+ - name : TARGET_DIRS
378+ value : $(params.sast-target-dirs)
373379 runAfter :
374380 - build-image-index
375381 taskRef :
376382 params :
377383 - name : name
378384 value : sast-snyk-check-oci-ta
379385 - name : bundle
380- value : quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4 @sha256:8f3ecbeaff579e41b8278f82d7fabac27845db17a8e687ea6c510c0c9aceabbb
386+ value : quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.5 @sha256:91980bb3d6ba0b200a2030f2be0722da0fbc9338c0c6ff897d0005a2f1259a9b
381387 - name : kind
382388 value : task
383389 resolver : bundles
@@ -437,6 +443,8 @@ spec:
437443 value : $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
438444 - name : CACHI2_ARTIFACT
439445 value : $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
446+ - name : TARGET_DIRS
447+ value : $(params.sast-target-dirs)
440448 runAfter :
441449 - coverity-availability-check
442450 taskRef :
@@ -484,14 +492,16 @@ spec:
484492 value : $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
485493 - name : CACHI2_ARTIFACT
486494 value : $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
495+ - name : TARGET_DIRS
496+ value : $(params.sast-target-dirs)
487497 runAfter :
488498 - build-image-index
489499 taskRef :
490500 params :
491501 - name : name
492502 value : sast-shell-check-oci-ta
493503 - name : bundle
494- value : quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:c4ef47e3b4e0508572d266fb745be7e374c29dc02580328cbe9f4d472a8aca57
504+ value : quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:fc685d6f7dfb7c9ab2f2db38bbe2c8d383407847350ccd8b96352322c487b13c
495505 - name : kind
496506 value : task
497507 resolver : bundles
@@ -510,14 +520,16 @@ spec:
510520 value : $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
511521 - name : CACHI2_ARTIFACT
512522 value : $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
523+ - name : TARGET_DIRS
524+ value : $(params.sast-target-dirs)
513525 runAfter :
514526 - build-image-index
515527 taskRef :
516528 params :
517529 - name : name
518530 value : sast-unicode-check-oci-ta
519531 - name : bundle
520- value : quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:90efa582de7770d55102b74014a765cd16a25a56f2cf644b56a788c70c4dc749
532+ value : quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:5807ffe3a0cca5cf970076bbc7a404642cc6e3eebe64e9e5e6a4f20da740bf73
521533 - name : kind
522534 value : task
523535 resolver : bundles
@@ -562,7 +574,7 @@ spec:
562574 - name : name
563575 value : push-dockerfile-oci-ta
564576 - name : bundle
565- value : quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:7855471abfe87de080b914f2f3ca27c59e64f6448a7c2435e51435b764494c71
577+ value : quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3@sha256:581ddbb0b8dc388678cea65b9b3b6265db59f6de1d473006fb84fb0b456886bd
566578 - name : kind
567579 value : task
568580 resolver : bundles
@@ -579,7 +591,7 @@ spec:
579591 - name : name
580592 value : rpms-signature-scan
581593 - name : bundle
582- value : quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1d807f6be3be2bd8bff76321e9599bbafce8196dcd9597eeffd9df65466682af
594+ value : quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:65370ccb44ff82e4ce128addd913f3c96b298607b3760ee1339ed10011a4bd6b
583595 - name : kind
584596 value : task
585597 resolver : bundles
0 commit comments