plan files
This commit is contained in:
Elizabeth W
@@ -0,0 +1,19 @@
|
||||
# Implementation Plan: Socket.dev Scanner
|
||||
|
||||
## Objective
|
||||
Implement the Socket.dev supply chain security scanning step as a parallel task in the DAG.
|
||||
|
||||
## Requirements
|
||||
- Define a task template named `scan-socketdev`.
|
||||
- Depend on the `clone-repo` task.
|
||||
- Mount the shared PVC at `/workspace`.
|
||||
- Expect the Socket.dev API key to be injected via Infisical as an environment variable (use the initContainer wait logic from Phase 1 Step 3).
|
||||
- Run the Socket CLI against the dependency manifests in `/workspace`.
|
||||
- Output findings in a standard format (JSON/SARIF).
|
||||
- Save the output to `/workspace/reports/socketdev.json`.
|
||||
- Ensure the task exits successfully (e.g. `|| true`) to allow Phase 3 aggregation.
|
||||
|
||||
## Agent Instructions
|
||||
1. Add the `scan-socketdev` template to the `ClusterWorkflowTemplate`.
|
||||
2. Configure the Infisical initContainer logic for this specific step to wait for the API key.
|
||||
3. Wire it into the DAG alongside the other scanners.
|
||||
Reference in New Issue
Block a user