Skip to content

Commit

Permalink
Disable internal sast scanning tools in favor of gosec
Browse files Browse the repository at this point in the history
  • Loading branch information
vpnachev committed Oct 25, 2024
1 parent fd7301d commit 5bf01ee
Showing 1 changed file with 18 additions and 1 deletion.
19 changes: 18 additions & 1 deletion .ci/pipeline_definitions
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
# SPDX-License-Identifier: Apache-2.0

gardener-extension-shoot-lakom-service:
templates:
templates:
helmcharts:
- &shoot-lakom-service
name: shoot-lakom-service
Expand Down Expand Up @@ -34,6 +34,13 @@ gardener-extension-shoot-lakom-service:
attribute: image.tag

base_definition:
repo:
source_labels:
- name: cloud.gardener.cnudie/dso/scanning-hints/source_analysis/v1
value:
policy: skip
comment: |
We use gosec for sast scanning, see attached log.
traits:
version:
preprocess: 'inject-commit-hash'
Expand Down Expand Up @@ -85,6 +92,16 @@ gardener-extension-shoot-lakom-service:
- *lakom
- *shoot-lakom-admission
release:
assets:
- type: build-step-log
step_name: verify
purposes:
- lint
- sast
- gosec
comment: |
We use gosec (linter) for SAST scans, see: https://github.com/securego/gosec.
Enabled by https://github.com/gardener/gardener-extension-shoot-lakom-service/pull/116
traits:
version:
preprocess: 'finalize'
Expand Down

0 comments on commit 5bf01ee

Please sign in to comment.