Elizabeth W
20 lines
942 B
Markdown
20 lines
942 B
Markdown
# Implementation Plan: Socket.dev Scanner
|
|
|
|
## Objective
|
|
Implement the Socket.dev supply chain security scanning step as a parallel task in the DAG.
|
|
|
|
## Requirements
|
|
- Define a task template named `scan-socketdev`.
|
|
- Depend on the `clone-repo` task.
|
|
- Mount the shared PVC at `/workspace`.
|
|
- Expect the Socket.dev API key to be injected via Infisical as an environment variable (use the initContainer wait logic from Phase 1 Step 3).
|
|
- Run the Socket CLI against the dependency manifests in `/workspace`.
|
|
- Output findings in a standard format (JSON/SARIF).
|
|
- Save the output to `/workspace/reports/socketdev.json`.
|
|
- Ensure the task exits successfully (e.g. `|| true`) to allow Phase 3 aggregation.
|
|
|
|
## Agent Instructions
|
|
1. Add the `scan-socketdev` template to the `ClusterWorkflowTemplate`.
|
|
2. Configure the Infisical initContainer logic for this specific step to wait for the API key.
|
|
3. Wire it into the DAG alongside the other scanners.
|