From 42b52f31c24f8c3a033aeaaf072ce2bd8a40b41f Mon Sep 17 00:00:00 2001
From: ccronca <ccota@redhat.com>
Date: Fri, 16 Aug 2024 12:42:13 +0200
Subject: [PATCH] fix(KONFLUX-3663): upload SAST results to quay.io

Configure the SAST task to upload SARIF results to quay.io for
long-term storage

Signed-off-by: ccronca <ccota@redhat.com>
---
 .tekton/thanos-acm-211-pull-request.yaml | 7 ++++++-
 .tekton/thanos-acm-211-push.yaml         | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/.tekton/thanos-acm-211-pull-request.yaml b/.tekton/thanos-acm-211-pull-request.yaml
index 37d384cf28..7deddcaf4b 100644
--- a/.tekton/thanos-acm-211-pull-request.yaml
+++ b/.tekton/thanos-acm-211-pull-request.yaml
@@ -339,7 +339,7 @@ spec:
         - "false"
     - name: sast-snyk-check
       runAfter:
-      - clone-repository
+      - build-container
       taskRef:
         params:
         - name: name
@@ -357,6 +357,11 @@ spec:
       workspaces:
       - name: workspace
         workspace: workspace
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
     - name: clamav-scan
       params:
       - name: image-digest
diff --git a/.tekton/thanos-acm-211-push.yaml b/.tekton/thanos-acm-211-push.yaml
index 6fe3adf0f7..139efa0c7e 100644
--- a/.tekton/thanos-acm-211-push.yaml
+++ b/.tekton/thanos-acm-211-push.yaml
@@ -336,7 +336,7 @@ spec:
         - "false"
     - name: sast-snyk-check
       runAfter:
-      - clone-repository
+      - build-container
       taskRef:
         params:
         - name: name
@@ -354,6 +354,11 @@ spec:
       workspaces:
       - name: workspace
         workspace: workspace
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
     - name: clamav-scan
       params:
       - name: image-digest