remove embedded python that moved to defectdojo and enforce policy and change to standalone typescript
This commit is contained in:
Elizabeth W
@@ -1,66 +0,0 @@
|
||||
{{- if .Values.pipeline.enabled }}
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: ClusterWorkflowTemplate
|
||||
metadata:
|
||||
name: amp-security-pipeline-v1.0.0
|
||||
spec:
|
||||
templates:
|
||||
- name: upload-defectdojo
|
||||
container:
|
||||
image: python:3.12-alpine
|
||||
env:
|
||||
- name: DEFECTDOJO_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: amp-security-pipeline-secrets
|
||||
key: DEFECTDOJO_URL
|
||||
- name: DEFECTDOJO_API_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: amp-security-pipeline-secrets
|
||||
key: DEFECTDOJO_API_TOKEN
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
args:
|
||||
- |
|
||||
set -eu
|
||||
python - <<'PY'
|
||||
import json
|
||||
import os
|
||||
import pathlib
|
||||
import urllib.request
|
||||
|
||||
base_url = os.environ["DEFECTDOJO_URL"].rstrip("/")
|
||||
api_token = os.environ["DEFECTDOJO_API_TOKEN"]
|
||||
product_name = os.environ.get("DEFECTDOJO_PRODUCT_NAME", "agentguard-ci")
|
||||
scan_map = {
|
||||
".sarif": "SARIF",
|
||||
".json": "Generic Findings Import",
|
||||
}
|
||||
reports_dir = pathlib.Path("/workspace/reports")
|
||||
for report in sorted(reports_dir.iterdir()):
|
||||
if not report.is_file():
|
||||
continue
|
||||
scan_type = scan_map.get(report.suffix)
|
||||
if not scan_type:
|
||||
continue
|
||||
req = urllib.request.Request(
|
||||
f"{base_url}/api/v2/import-scan/",
|
||||
data=json.dumps({
|
||||
"scan_type": scan_type,
|
||||
"product_name": product_name,
|
||||
"file_name": report.name,
|
||||
}).encode(),
|
||||
headers={
|
||||
"Authorization": f"Token {api_token}",
|
||||
"Content-Type": "application/json",
|
||||
},
|
||||
method="POST",
|
||||
)
|
||||
urllib.request.urlopen(req)
|
||||
PY
|
||||
volumeMounts:
|
||||
- name: workspace
|
||||
mountPath: /workspace
|
||||
{{- end }}
|
||||
@@ -1,45 +0,0 @@
|
||||
{{- if .Values.pipeline.enabled }}
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: ClusterWorkflowTemplate
|
||||
metadata:
|
||||
name: amp-security-pipeline-v1.0.0
|
||||
spec:
|
||||
templates:
|
||||
- name: upload-storage
|
||||
container:
|
||||
image: amazon/aws-cli:2.15.40
|
||||
env:
|
||||
- name: AWS_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: amp-security-pipeline-secrets
|
||||
key: AWS_ACCESS_KEY_ID
|
||||
- name: AWS_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: amp-security-pipeline-secrets
|
||||
key: AWS_SECRET_ACCESS_KEY
|
||||
- name: MINIO_ROOT_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: amp-security-pipeline-secrets
|
||||
key: MINIO_ROOT_USER
|
||||
- name: MINIO_ROOT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: amp-security-pipeline-secrets
|
||||
key: MINIO_ROOT_PASSWORD
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
args:
|
||||
- |
|
||||
set -eu
|
||||
repo_name="${REPO_NAME:-repo}"
|
||||
commit_sha="${GIT_COMMIT_SHA:-unknown}"
|
||||
report_date="$(date -u +%F)"
|
||||
aws s3 sync /workspace/reports "s3://${REPORTS_BUCKET:-security-reports}/${repo_name}/${report_date}/${commit_sha}/"
|
||||
volumeMounts:
|
||||
- name: workspace
|
||||
mountPath: /workspace
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user