From bbe88beed6ea490f80df43ec2bd19634f3e695bf Mon Sep 17 00:00:00 2001
From: Joel Takvorian <joel.takvorian@qaraywa.net>
Date: Tue, 8 Apr 2025 13:45:48 +0200
Subject: [PATCH] Tekton add sast checks (#659)
---
.tekton/pipeline-ref.yaml | 50 +++++++++++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
diff --git a/.tekton/pipeline-ref.yaml b/.tekton/pipeline-ref.yaml
index c9f6281bd..25086eb96 100644
--- a/.tekton/pipeline-ref.yaml
+++ b/.tekton/pipeline-ref.yaml
@@ -387,6 +387,56 @@ spec:
operator: in
values:
- "false"
+ - name: sast-shell-check
+ params:
+ - name: image-digest
+ value: $(tasks.build-image-index.results.IMAGE_DIGEST)
+ - name: image-url
+ value: $(tasks.build-image-index.results.IMAGE_URL)
+ - name: SOURCE_ARTIFACT
+ value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
+ - name: CACHI2_ARTIFACT
+ value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
+ runAfter:
+ - build-image-index
+ taskRef:
+ params:
+ - name: name
+ value: sast-shell-check-oci-ta
+ - name: bundle
+ value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:8e817af22b04305676597a556a975bde8552949ca2bf8918bf62414f135f93c8
+ - name: kind
+ value: task
+ resolver: bundles
+ when:
+ - input: $(params.skip-checks)
+ operator: in
+ values:
+ - "false"
+ - name: sast-unicode-check
+ params:
+ - name: image-url
+ value: $(tasks.build-image-index.results.IMAGE_URL)
+ - name: SOURCE_ARTIFACT
+ value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
+ - name: CACHI2_ARTIFACT
+ value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
+ runAfter:
+ - build-image-index
+ taskRef:
+ params:
+ - name: name
+ value: sast-unicode-check-oci-ta
+ - name: bundle
+ value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.1@sha256:b9c3dfe732a0d9581c75d07d59043f675ddcbe5e9a3152daad99076bedfd5b85
+ - name: kind
+ value: task
+ resolver: bundles
+ when:
+ - input: $(params.skip-checks)
+ operator: in
+ values:
+ - "false"
- name: clamav-scan
params:
- name: image-digest
--
GitLab