plan files
This commit is contained in:
@@ -0,0 +1,17 @@
|
||||
# Implementation Plan: DefectDojo Upload
|
||||
|
||||
## Objective
|
||||
Implement a task that pushes all SARIF/JSON reports from the PVC to DefectDojo via its API.
|
||||
|
||||
## Requirements
|
||||
- Define a task template named `upload-defectdojo`.
|
||||
- Depend on the completion of all parallel scanner tasks (Phase 2).
|
||||
- Mount the shared PVC at `/workspace`.
|
||||
- Expect DefectDojo API keys and URL to be injected as environment variables via Infisical (with initContainer wait logic).
|
||||
- Iterate over the `/workspace/reports/` directory.
|
||||
- For each file, make an API request to DefectDojo to import the scan results (mapping the file type to the correct DefectDojo parser, e.g., SARIF -> Generic SARIF).
|
||||
|
||||
## Agent Instructions
|
||||
1. Add the `upload-defectdojo` template to the `ClusterWorkflowTemplate`.
|
||||
2. Write the API upload script (Python, curl, or a dedicated CLI) in the task template.
|
||||
3. Configure the Infisical initContainer to wait for the DefectDojo credentials.
|
||||
Reference in New Issue
Block a user