ci: implement security pipeline

[philipp-hinteregger]

This PR

• creates a security pipeline to check the project with:
  • KICS
  • Kubescape
  • Kubeconform
  • Govulncheck
  • Trivy
• contains initial security fixes
• fixes: Security pipeline #341

Example run on fork

Signed-off-by: Philipp Hinteregger [email protected]

[codecov]

Codecov Report

Merging #549 (21070bb) into main (c661dc0) will increase coverage by 0.07%.
The diff coverage is n/a.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #549      +/-   ##
==========================================
+ Coverage   49.61%   49.69%   +0.07%     
==========================================
  Files          60       60              
  Lines        5486     5528      +42     
==========================================
+ Hits         2722     2747      +25     
- Misses       2656     2670      +14     
- Partials      108      111       +3     

Impacted Files	Coverage Δ
operator/controllers/keptnapp/controller.go	68.42% <0.00%> (-9.23%)	⬇️
operator/webhooks/pod_mutating_webhook.go	35.83% <0.00%> (-0.11%)	⬇️
operator/api/v1alpha2/keptnapp_types.go	91.66% <0.00%> (ø)
...ator/api/v1alpha2/keptnevaluationprovider_types.go	100.00% <0.00%> (ø)
operator/api/v1alpha2/keptnappversion_types.go	97.52% <0.00%> (+0.08%)	⬆️
...or/controllers/keptnworkloadinstance/controller.go	79.08% <0.00%> (+0.21%)	⬆️
...ptnworkloadinstance/reconcile_prepostdeployment.go	90.90% <0.00%> (+9.09%)	⬆️

Flag	Coverage Δ
component-tests	50.43% <ø> (-0.70%)	⬇️
keptn-lifecycle-operator	47.58% <ø> (+0.09%)	⬆️
scheduler	21.17% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[thschue]

lgtm