Skip to content

chore: enable Snyk scan for orchestrator-infra chart#136

Merged
openshift-merge-bot[bot] merged 3 commits intoredhat-developer:mainfrom
Fortune-Ndlovu:snyk-scan-orchestrator-chart
Apr 24, 2025
Merged

chore: enable Snyk scan for orchestrator-infra chart#136
openshift-merge-bot[bot] merged 3 commits intoredhat-developer:mainfrom
Fortune-Ndlovu:snyk-scan-orchestrator-chart

Conversation

@Fortune-Ndlovu
Copy link
Copy Markdown
Member

@Fortune-Ndlovu Fortune-Ndlovu commented Apr 24, 2025

Description of the change

This PR updates the snyk.yaml GitHub Actions workflow to include IaC scanning of the orchestrator-infra Helm chart in addition to the existing backstage chart.

Existing or Associated Issue(s)

https://issues.redhat.com/browse/RHIDP-6630

Additional Information

Added helm dependency build and helm template for charts/orchestrator-infra.
Added a separate Snyk IaC scan step targeting the rendered output of orchestrator-infra.
Ensures both backstage and orchestrator-infra templates are scanned weekly for infrastructure vulnerabilities.

Checklist

  • Chart version bumped in Chart.yaml according to semver.
  • Variables are documented in the values.yaml and added to the README.md. The pre-commit utility can be used to generate the necessary content. Use pre-commit run -a to apply changes.
  • JSON Schema template updated and re-generated the raw schema via pre-commit hook.
  • List tests pass for Chart using the Chart Testing tool and the ct lint command.

@Fortune-Ndlovu
chore: enable Snyk scan for orchestrator-infra chart
0277030 
Signed-off-by: Fortune-Ndlovu <fndlovu@redhat.com>
@openshift-ci openshift-ci Bot requested review from gazarenkov and nickboldt April 24, 2025 15:26
@Fortune-Ndlovu
Copy link
Copy Markdown
Member Author

Fortune-Ndlovu commented Apr 24, 2025

cc/ @coreydaley , @rm3l

coreydaley
coreydaley reviewed Apr 24, 2025
View reviewed changes
Comment thread .github/workflows/snyk.yaml Outdated
@Fortune-Ndlovu
Run SNYK IaC Scan for Developer Hub
1309add 
Signed-off-by: Fortune-Ndlovu <fndlovu@redhat.com>
coreydaley
coreydaley reviewed Apr 24, 2025
View reviewed changes
Comment thread .github/workflows/snyk.yaml Outdated
@Fortune-Ndlovu
fixup: sha is preferred than versioning
831c593 
Signed-off-by: Fortune-Ndlovu <fndlovu@redhat.com>
@Fortune-Ndlovu Fortune-Ndlovu force-pushed the snyk-scan-orchestrator-chart branch from aed463c to 831c593 Compare April 24, 2025 15:55
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 24, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@coreydaley
Copy link
Copy Markdown

coreydaley commented Apr 24, 2025

/lgtm
I will let @rm3l give the approval

@openshift-ci openshift-ci Bot added the lgtm label Apr 24, 2025
@openshift-merge-bot openshift-merge-bot Bot merged commit eb94968 into redhat-developer:main Apr 24, 2025
7 checks passed
@rm3l rm3l mentioned this pull request Oct 16, 2025
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gazarenkov gazarenkov Awaiting requested review from gazarenkov

@nickboldt nickboldt Awaiting requested review from nickboldt

1 more reviewer

@coreydaley coreydaley coreydaley left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@coreydaley coreydaley

Labels

lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Fortune-Ndlovu @coreydaley