agentguard-ci/helm/templates/upload-defectdojo.yaml

{{- if .Values.pipeline.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: ClusterWorkflowTemplate
metadata:
  name: amp-security-pipeline-v1.0.0
spec:
  templates:
    - name: upload-defectdojo
      container:
        image: python:3.12-alpine
        env:
          - name: DEFECTDOJO_URL
            valueFrom:
              secretKeyRef:
                name: amp-security-pipeline-secrets
                key: DEFECTDOJO_URL
          - name: DEFECTDOJO_API_TOKEN
            valueFrom:
              secretKeyRef:
                name: amp-security-pipeline-secrets
                key: DEFECTDOJO_API_TOKEN
        command:
          - sh
          - -c
        args:
          - |
            set -eu
            python - <<'PY'
            import json
            import os
            import pathlib
            import urllib.request

            base_url = os.environ["DEFECTDOJO_URL"].rstrip("/")
            api_token = os.environ["DEFECTDOJO_API_TOKEN"]
            product_name = os.environ.get("DEFECTDOJO_PRODUCT_NAME", "agentguard-ci")
            scan_map = {
                ".sarif": "SARIF",
                ".json": "Generic Findings Import",
            }
            reports_dir = pathlib.Path("/workspace/reports")
            for report in sorted(reports_dir.iterdir()):
                if not report.is_file():
                    continue
                scan_type = scan_map.get(report.suffix)
                if not scan_type:
                    continue
                req = urllib.request.Request(
                    f"{base_url}/api/v2/import-scan/",
                    data=json.dumps({
                        "scan_type": scan_type,
                        "product_name": product_name,
                        "file_name": report.name,
                    }).encode(),
                    headers={
                        "Authorization": f"Token {api_token}",
                        "Content-Type": "application/json",
                    },
                    method="POST",
                )
                urllib.request.urlopen(req)
            PY
      volumeMounts:
        - name: workspace
          mountPath: /workspace
{{- end }}