plan files
This commit is contained in:
Elizabeth W
@@ -0,0 +1,18 @@
|
||||
# Implementation Plan: Syft & Grype Scanner
|
||||
|
||||
## Objective
|
||||
Implement the SBOM generation (Syft) and vulnerability scanning (Grype) step as a parallel task in the DAG.
|
||||
|
||||
## Requirements
|
||||
- Define a task template named `scan-syft-grype`.
|
||||
- Depend on the `clone-repo` task.
|
||||
- Mount the shared PVC at `/workspace`.
|
||||
- Step A: Run Syft against `/workspace` to generate an SBOM (SPDX/CycloneDX format) -> `/workspace/reports/sbom.json`.
|
||||
- Step B: Run Grype against the generated SBOM (or the workspace directly) to find vulnerabilities.
|
||||
- Output Grype findings in SARIF format.
|
||||
- Save the Grype output to `/workspace/reports/grype.sarif`.
|
||||
- Ensure the task exits successfully (`|| true`) to allow Phase 3 aggregation.
|
||||
|
||||
## Agent Instructions
|
||||
1. Add the `scan-syft-grype` template to the `ClusterWorkflowTemplate`.
|
||||
2. Wire it into the DAG alongside the other scanners.
|
||||
Reference in New Issue
Block a user