{{- define "template.scan-socketdev" }}
- name: scan-socketdev
      container:
        image: socketdev/socketcli:latest
        env:
          - name: SOCKET_DEV_API_KEY
            valueFrom:
              secretKeyRef:
                name: amp-security-pipeline-secrets
                key: SOCKET_DEV_API_KEY
        command:
          - sh
          - -c
        args:
          - |
            set -eu
            mkdir -p /workspace/reports
            socketdev scan /workspace --format json --output /workspace/reports/socketdev.json || true
      volumeMounts:
        - name: workspace
          mountPath: /workspace
{{- end }}