fixing confusing repeated lists of scanners

2026-04-20 01:43:14 -06:00
parent 1036fce55e
commit 7f366204a9
2 changed files with 7 additions and 35 deletions
@@ -0,0 +1,33 @@
+{{- define "template.scan-defectdojo" }}
+- name: scan-defectdojo
+      container:
+        image: pulumi/pulumi:3.154.0
+        env:
+          - name: PULUMI_ACCESS_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: amp-security-pipeline-secrets
+                key: PULUMI_ACCESS_TOKEN
+          - name: AWS_ACCESS_KEY_ID
+            valueFrom:
+              secretKeyRef:
+                name: amp-security-pipeline-secrets
+                key: AWS_ACCESS_KEY_ID
+          - name: AWS_SECRET_ACCESS_KEY
+            valueFrom:
+              secretKeyRef:
+                name: amp-security-pipeline-secrets
+                key: AWS_SECRET_ACCESS_KEY
+        command:
+          - sh
+          - -c
+        args:
+          - |
+            set -eu
+            mkdir -p /workspace/reports
+            cd /workspace
+            pulumi preview --policy-pack ./policy-pack > /workspace/reports/crossguard.json 2>&1 || true
+      volumeMounts:
+        - name: workspace
+          mountPath: /workspace
+{{- end }}