Elizabeth W
21 lines
1.2 KiB
Markdown
21 lines
1.2 KiB
Markdown
# Implementation Plan: Socket.dev Scanner
|
|
|
|
## Objective
|
|
Implement the Socket.dev supply chain security scanning step as a parallel task in the DAG.
|
|
|
|
## Requirements
|
|
- Define a task template named `scan-socketdev`.
|
|
- Depend on the `clone-repo` task.
|
|
- Mount the shared PVC at `/workspace`.
|
|
- Expect the Socket.dev API key to be injected via Infisical as an environment variable (use the initContainer wait logic from Phase 1 Step 3).
|
|
- Run the Socket CLI against the dependency manifests in `/workspace`.
|
|
- Output findings in a standard format (JSON/SARIF).
|
|
- Save the output to `/workspace/reports/socketdev.json`.
|
|
- Ensure the task exits successfully (e.g. `|| true`) to allow Phase 3 aggregation.
|
|
|
|
## Agent Instructions
|
|
1. Add the `scan-socketdev` template to the `ClusterWorkflowTemplate`.
|
|
2. Configure the Infisical initContainer logic for this specific step to wait for the API key.
|
|
3. Wire it into the DAG alongside the other scanners.
|
|
4. **CRITICAL: File Splitting:** Do NOT put everything into one giant file! Split your YAML manifests or configurations into separate, smaller files (e.g. using separate Helm template files, configmaps, or helper scripts) to prevent exhausting the context window.
|