From aabd284f0491cb2721e42ba3ac2c519205ec0938 Mon Sep 17 00:00:00 2001 From: ccronca Date: Fri, 16 Aug 2024 12:34:13 +0200 Subject: [PATCH] fix(KONFLUX-3663): upload SAST results to quay.io Configure the SAST task to upload SARIF results to quay.io for long-term storage Signed-off-by: ccronca --- .../prometheus-config-reloader-acm-211-pull-request.yaml | 7 ++++++- .tekton/prometheus-config-reloader-acm-211-push.yaml | 7 ++++++- .tekton/prometheus-operator-acm-211-pull-request.yaml | 7 ++++++- .tekton/prometheus-operator-acm-211-push.yaml | 7 ++++++- 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/.tekton/prometheus-config-reloader-acm-211-pull-request.yaml b/.tekton/prometheus-config-reloader-acm-211-pull-request.yaml index ba4516e2998..10fb3f34679 100644 --- a/.tekton/prometheus-config-reloader-acm-211-pull-request.yaml +++ b/.tekton/prometheus-config-reloader-acm-211-pull-request.yaml @@ -339,7 +339,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -357,6 +357,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/prometheus-config-reloader-acm-211-push.yaml b/.tekton/prometheus-config-reloader-acm-211-push.yaml index 69e89b65401..e4ffb8e99d1 100644 --- a/.tekton/prometheus-config-reloader-acm-211-push.yaml +++ b/.tekton/prometheus-config-reloader-acm-211-push.yaml @@ -336,7 +336,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -354,6 +354,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/prometheus-operator-acm-211-pull-request.yaml b/.tekton/prometheus-operator-acm-211-pull-request.yaml index 3af5751a90f..cc9de664a48 100644 --- a/.tekton/prometheus-operator-acm-211-pull-request.yaml +++ b/.tekton/prometheus-operator-acm-211-pull-request.yaml @@ -339,7 +339,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -357,6 +357,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest diff --git a/.tekton/prometheus-operator-acm-211-push.yaml b/.tekton/prometheus-operator-acm-211-push.yaml index 7bab67f5b21..ec31eff4143 100644 --- a/.tekton/prometheus-operator-acm-211-push.yaml +++ b/.tekton/prometheus-operator-acm-211-push.yaml @@ -336,7 +336,7 @@ spec: - "false" - name: sast-snyk-check runAfter: - - clone-repository + - build-container taskRef: params: - name: name @@ -354,6 +354,11 @@ spec: workspaces: - name: workspace workspace: workspace + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) - name: clamav-scan params: - name: image-digest