Skip to content

Commit

Permalink
update sast asset for OCM (#305)
Browse files Browse the repository at this point in the history
  • Loading branch information
MartinWeindel authored Oct 21, 2024
1 parent 8d8456e commit 408c1c9
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions .ci/pipeline_definitions
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,16 @@ gardener-extension-shoot-cert-service:
attribute: image.tag

base_definition:
repo:
source_labels:
- name: cloud.gardener.cnudie/dso/scanning-hints/source_analysis/v1
value:
policy: skip
comment: |
we use gosec for sast scanning. See attached log.
steps:
verify:
image: 'golang:1.23.2'
traits:
version:
preprocess: 'inject-commit-hash'
Expand Down Expand Up @@ -55,6 +65,17 @@ gardener-extension-shoot-cert-service:
nextversion: 'bump_minor'
next_version_callback: '.ci/prepare_release'
release_callback: '.ci/prepare_release'
assets:
- type: build-step-log
step_name: verify
purposes:
- lint
- sast
- gosec
comment: |
we use gosec (linter) for SAST scans
see: https://github.com/securego/gosec
enabled by https://github.com/gardener/gardener-extension-shoot-cert-service/pull/302
slack:
default_channel: 'internal_scp_workspace'
channel_cfgs:
Expand Down

0 comments on commit 408c1c9

Please sign in to comment.