{{- if .Values.pipeline.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: ClusterWorkflowTemplate
metadata:
  name: amp-security-pipeline-v1.0.0
spec:
  templates:
    - name: scan-syft-grype
      container:
        image: anchore/syft:latest
        command:
          - sh
          - -c
        args:
          - |
            set -eu
            mkdir -p /workspace/reports
            syft scan dir:/workspace -o cyclonedx-json=/workspace/reports/sbom.json || true
            grype sbom:/workspace/reports/sbom.json -o sarif=/workspace/reports/grype.sarif || true
      volumeMounts:
        - name: workspace
          mountPath: /workspace
{{- end }}