ada/agentguard-ci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8c2c420bffcb34d9f08751db2b788798f879c797
agentguard-ci/docs/plans/phase2-step2-semgrep.md
T
Elizabeth W 963e020efa plan files
2026-04-19 22:12:00 -06:00

18 lines
773 B
Markdown
Raw Blame History

# Implementation Plan: Semgrep Scanner
## Objective
Implement the Semgrep SAST (Static Application Security Testing) scanning step as a parallel task in the DAG.
## Requirements
- Define a task template named `scan-semgrep`.
- Depend on the `clone-repo` task.
- Mount the shared PVC at `/workspace`.
- Run Semgrep with standard or configurable rulesets against the `/workspace` directory.
- Output findings in SARIF format.
- Save the output to `/workspace/reports/semgrep.sarif`.
- Ensure the task exits successfully even if vulnerabilities are found, so Phase 3 aggregation can run (e.g., wrap in a script that returns 0).
## Agent Instructions
1. Add the `scan-semgrep` template to the `ClusterWorkflowTemplate`.
2. Wire it into the DAG alongside the other scanners.
Reference in New Issue View Git Blame Copy Permalink