Elizabeth W
19 lines
1.0 KiB
Markdown
19 lines
1.0 KiB
Markdown
# Implementation Plan: Policy Enforcement
|
|
|
|
## Objective
|
|
Implement the final task that parses the aggregated results and decides whether to Pass or Fail the Argo Workflow based on the `fail-on-cvss` input threshold.
|
|
|
|
## Requirements
|
|
- Define a task template named `enforce-policy`.
|
|
- Depend on the completion of the upload tasks (Phase 3 Steps 1 & 2).
|
|
- Mount the shared PVC at `/workspace`.
|
|
- Read the input parameter `fail-on-cvss` (e.g., `7.0`).
|
|
- Run a script (Python, jq, etc.) to parse all the reports in `/workspace/reports/`.
|
|
- If any vulnerability is found with a CVSS score >= the threshold, print an error summary and exit with a non-zero code (causing the Argo Workflow to fail).
|
|
- If no vulnerabilities exceed the threshold, print a success summary and exit with 0.
|
|
|
|
## Agent Instructions
|
|
1. Add the `enforce-policy` template to the `ClusterWorkflowTemplate`.
|
|
2. Write the parsing logic inside the task (e.g., extracting CVSS scores from SARIF and JSON formats).
|
|
3. Ensure this step acts as the final gatekeeper for the pipeline.
|