# Implementation Plan: KICS IaC Scanner

## Objective
Implement the KICS (Keeping Infrastructure as Code Secure) scanning step as a parallel task in the DAG.

## Requirements
- Define a task template named `scan-kics`.
- Depend on the `clone-repo` task.
- Mount the shared PVC at `/workspace`.
- Run KICS against the `/workspace` directory (or the specific `working-dir` parameter).
- Output findings in SARIF and/or JSON format.
- Save the output to `/workspace/reports/kics.sarif`.
- Ensure the task exits successfully even if issues are found, to allow Phase 3 aggregation (e.g., wrap with `|| true`).

## Agent Instructions
1. Add the `scan-kics` template to the `ClusterWorkflowTemplate`.
2. Wire it into the DAG alongside the other scanners.