plan files
This commit is contained in:
Elizabeth W
@@ -0,0 +1,17 @@
|
||||
# Implementation Plan: KICS IaC Scanner
|
||||
|
||||
## Objective
|
||||
Implement the KICS (Keeping Infrastructure as Code Secure) scanning step as a parallel task in the DAG.
|
||||
|
||||
## Requirements
|
||||
- Define a task template named `scan-kics`.
|
||||
- Depend on the `clone-repo` task.
|
||||
- Mount the shared PVC at `/workspace`.
|
||||
- Run KICS against the `/workspace` directory (or the specific `working-dir` parameter).
|
||||
- Output findings in SARIF and/or JSON format.
|
||||
- Save the output to `/workspace/reports/kics.sarif`.
|
||||
- Ensure the task exits successfully even if issues are found, to allow Phase 3 aggregation (e.g., wrap with `|| true`).
|
||||
|
||||
## Agent Instructions
|
||||
1. Add the `scan-kics` template to the `ClusterWorkflowTemplate`.
|
||||
2. Wire it into the DAG alongside the other scanners.
|
||||
Reference in New Issue
Block a user