ada/agentguard-ci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
agentguard-ci/docs/plans/phase2-step3-kics.md
T
Elizabeth W a9224a41c1 note to split into multiple files
2026-04-19 22:29:53 -06:00

1012 B
Raw Permalink Blame History

Implementation Plan: KICS IaC Scanner

Objective

Implement the KICS (Keeping Infrastructure as Code Secure) scanning step as a parallel task in the DAG.

Requirements

  • Define a task template named scan-kics.
  • Depend on the clone-repo task.
  • Mount the shared PVC at /workspace.
  • Run KICS against the /workspace directory (or the specific working-dir parameter).
  • Output findings in SARIF and/or JSON format.
  • Save the output to /workspace/reports/kics.sarif.
  • Ensure the task exits successfully even if issues are found, to allow Phase 3 aggregation (e.g., wrap with || true).

Agent Instructions

  1. Add the scan-kics template to the ClusterWorkflowTemplate.
  2. Wire it into the DAG alongside the other scanners.
  3. CRITICAL: File Splitting: Do NOT put everything into one giant file! Split your YAML manifests or configurations into separate, smaller files (e.g. using separate Helm template files, configmaps, or helper scripts) to prevent exhausting the context window.
Reference in New Issue View Git Blame Copy Permalink