plan files
This commit is contained in:
Elizabeth W
@@ -0,0 +1,18 @@
|
||||
# Implementation Plan: Policy Enforcement
|
||||
|
||||
## Objective
|
||||
Implement the final task that parses the aggregated results and decides whether to Pass or Fail the Argo Workflow based on the `fail-on-cvss` input threshold.
|
||||
|
||||
## Requirements
|
||||
- Define a task template named `enforce-policy`.
|
||||
- Depend on the completion of the upload tasks (Phase 3 Steps 1 & 2).
|
||||
- Mount the shared PVC at `/workspace`.
|
||||
- Read the input parameter `fail-on-cvss` (e.g., `7.0`).
|
||||
- Run a script (Python, jq, etc.) to parse all the reports in `/workspace/reports/`.
|
||||
- If any vulnerability is found with a CVSS score >= the threshold, print an error summary and exit with a non-zero code (causing the Argo Workflow to fail).
|
||||
- If no vulnerabilities exceed the threshold, print a success summary and exit with 0.
|
||||
|
||||
## Agent Instructions
|
||||
1. Add the `enforce-policy` template to the `ClusterWorkflowTemplate`.
|
||||
2. Write the parsing logic inside the task (e.g., extracting CVSS scores from SARIF and JSON formats).
|
||||
3. Ensure this step acts as the final gatekeeper for the pipeline.
|
||||
Reference in New Issue
Block a user