{{- if .Values.pipeline.enabled }} apiVersion: argoproj.io/v1alpha1 kind: ClusterWorkflowTemplate metadata: name: amp-security-pipeline-v1.0.0 spec: templates: - name: upload-defectdojo container: image: python:3.12-alpine env: - name: DEFECTDOJO_URL valueFrom: secretKeyRef: name: amp-security-pipeline-secrets key: DEFECTDOJO_URL - name: DEFECTDOJO_API_TOKEN valueFrom: secretKeyRef: name: amp-security-pipeline-secrets key: DEFECTDOJO_API_TOKEN command: - sh - -c args: - | set -eu python - <<'PY' import json import os import pathlib import urllib.request base_url = os.environ["DEFECTDOJO_URL"].rstrip("/") api_token = os.environ["DEFECTDOJO_API_TOKEN"] product_name = os.environ.get("DEFECTDOJO_PRODUCT_NAME", "agentguard-ci") scan_map = { ".sarif": "SARIF", ".json": "Generic Findings Import", } reports_dir = pathlib.Path("/workspace/reports") for report in sorted(reports_dir.iterdir()): if not report.is_file(): continue scan_type = scan_map.get(report.suffix) if not scan_type: continue req = urllib.request.Request( f"{base_url}/api/v2/import-scan/", data=json.dumps({ "scan_type": scan_type, "product_name": product_name, "file_name": report.name, }).encode(), headers={ "Authorization": f"Token {api_token}", "Content-Type": "application/json", }, method="POST", ) urllib.request.urlopen(req) PY volumeMounts: - name: workspace mountPath: /workspace {{- end }}