Skip to content

Commit 8e61f6e

Browse files
Merge pull request #1510 from sriroopar/ec_violation_fix_sast_bundle
Adding required sast checks.
2 parents 22165aa + 539d8d9 commit 8e61f6e

2 files changed

Lines changed: 56 additions & 0 deletions

File tree

.tekton/ols-bundle-pull-request.yaml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -386,6 +386,34 @@ spec:
386386
operator: in
387387
values:
388388
- "false"
389+
- name: sast-snyk-check
390+
params:
391+
- name: image-digest
392+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
393+
- name: image-url
394+
value: $(tasks.build-image-index.results.IMAGE_URL)
395+
- name: ARGS
396+
value: --project-name=lightspeed-bundle --org=dca2ca89-7e51-4a3a-b7a5-6ad5633057b8
397+
- name: SOURCE_ARTIFACT
398+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
399+
- name: CACHI2_ARTIFACT
400+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
401+
runAfter:
402+
- build-image-index
403+
taskRef:
404+
params:
405+
- name: name
406+
value: sast-snyk-check-oci-ta
407+
- name: bundle
408+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:ba3eff8f97a7cfc5341f3138c8a13e532238298d9a0fb94401c0971d30eb115a
409+
- name: kind
410+
value: task
411+
resolver: bundles
412+
when:
413+
- input: $(params.skip-checks)
414+
operator: in
415+
values:
416+
- "false"
389417
- name: sast-shell-check
390418
params:
391419
- name: image-digest

.tekton/ols-bundle-push.yaml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -383,6 +383,34 @@ spec:
383383
operator: in
384384
values:
385385
- "false"
386+
- name: sast-snyk-check
387+
params:
388+
- name: image-digest
389+
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
390+
- name: image-url
391+
value: $(tasks.build-image-index.results.IMAGE_URL)
392+
- name: ARGS
393+
value: --project-name=lightspeed-bundle --org=dca2ca89-7e51-4a3a-b7a5-6ad5633057b8
394+
- name: SOURCE_ARTIFACT
395+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
396+
- name: CACHI2_ARTIFACT
397+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
398+
runAfter:
399+
- build-image-index
400+
taskRef:
401+
params:
402+
- name: name
403+
value: sast-snyk-check-oci-ta
404+
- name: bundle
405+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:ba3eff8f97a7cfc5341f3138c8a13e532238298d9a0fb94401c0971d30eb115a
406+
- name: kind
407+
value: task
408+
resolver: bundles
409+
when:
410+
- input: $(params.skip-checks)
411+
operator: in
412+
values:
413+
- "false"
386414
- name: sast-shell-check
387415
params:
388416
- name: image-digest

0 commit comments

Comments
 (0)