fix(KONFLUX-3663): upload SAST results to quay.io

Configure the SAST task to upload SARIF results to quay.io for long-term storage Signed-off-by: ccronca <ccota@redhat.com>
stolostron · Aug 19, 2024 · aabd284 · aabd284
1 parent 7586f8a
commit aabd284
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 4 deletions.
diff --git a/.tekton/prometheus-config-reloader-acm-211-pull-request.yaml b/.tekton/prometheus-config-reloader-acm-211-pull-request.yaml
@@ -339,7 +339,7 @@ spec:
         - "false"
     - name: sast-snyk-check
       runAfter:
-      - clone-repository
+      - build-container
       taskRef:
         params:
         - name: name
@@ -357,6 +357,11 @@ spec:
       workspaces:
       - name: workspace
         workspace: workspace
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
     - name: clamav-scan
       params:
       - name: image-digest

diff --git a/.tekton/prometheus-config-reloader-acm-211-push.yaml b/.tekton/prometheus-config-reloader-acm-211-push.yaml
@@ -336,7 +336,7 @@ spec:
         - "false"
     - name: sast-snyk-check
       runAfter:
-      - clone-repository
+      - build-container
       taskRef:
         params:
         - name: name
@@ -354,6 +354,11 @@ spec:
       workspaces:
       - name: workspace
         workspace: workspace
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
     - name: clamav-scan
       params:
       - name: image-digest

diff --git a/.tekton/prometheus-operator-acm-211-pull-request.yaml b/.tekton/prometheus-operator-acm-211-pull-request.yaml
@@ -339,7 +339,7 @@ spec:
         - "false"
     - name: sast-snyk-check
       runAfter:
-      - clone-repository
+      - build-container
       taskRef:
         params:
         - name: name
@@ -357,6 +357,11 @@ spec:
       workspaces:
       - name: workspace
         workspace: workspace
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
     - name: clamav-scan
       params:
       - name: image-digest

diff --git a/.tekton/prometheus-operator-acm-211-push.yaml b/.tekton/prometheus-operator-acm-211-push.yaml
@@ -336,7 +336,7 @@ spec:
         - "false"
     - name: sast-snyk-check
       runAfter:
-      - clone-repository
+      - build-container
       taskRef:
         params:
         - name: name
@@ -354,6 +354,11 @@ spec:
       workspaces:
       - name: workspace
         workspace: workspace
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
     - name: clamav-scan
       params:
       - name: image-digest