ada/agentguard-ci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
963e020efae702fadde7646bd41d9265fadcdd0a
agentguard-ci/docs/plans/phase2-step6-crossguard.md
T
Elizabeth W 963e020efa plan files
2026-04-19 22:12:00 -06:00

944 B
Raw Blame History

Implementation Plan: Pulumi Crossguard

Objective

Implement the Pulumi Crossguard policy enforcement step as a parallel task in the DAG.

Requirements

  • Define a task template named scan-crossguard.
  • Depend on the clone-repo task.
  • Mount the shared PVC at /workspace.
  • Expect Pulumi credentials and cloud provider credentials (e.g., AWS/GCP) to be injected via Infisical as environment variables (using the initContainer logic).
  • Run pulumi preview --policy-pack <path> inside the /workspace.
  • Capture the output and convert/save it into a structured JSON/SARIF format at /workspace/reports/crossguard.json.
  • Ensure the task exits successfully (|| true) to allow Phase 3 aggregation.

Agent Instructions

  1. Add the scan-crossguard template to the ClusterWorkflowTemplate.
  2. Configure the Infisical initContainer to wait for Pulumi and Cloud credentials.
  3. Wire it into the DAG alongside the other scanners.
Reference in New Issue View Git Blame Copy Permalink