ada/agentguard-ci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df10609df54da4e5209c18c03ba8f7cf15a16277
agentguard-ci/docs/plans/phase3-step3-enforcement.md
T
Elizabeth W 963e020efa plan files
2026-04-19 22:12:00 -06:00

1.0 KiB
Raw Blame History

Implementation Plan: Policy Enforcement

Objective

Implement the final task that parses the aggregated results and decides whether to Pass or Fail the Argo Workflow based on the fail-on-cvss input threshold.

Requirements

  • Define a task template named enforce-policy.
  • Depend on the completion of the upload tasks (Phase 3 Steps 1 & 2).
  • Mount the shared PVC at /workspace.
  • Read the input parameter fail-on-cvss (e.g., 7.0).
  • Run a script (Python, jq, etc.) to parse all the reports in /workspace/reports/.
  • If any vulnerability is found with a CVSS score >= the threshold, print an error summary and exit with a non-zero code (causing the Argo Workflow to fail).
  • If no vulnerabilities exceed the threshold, print a success summary and exit with 0.

Agent Instructions

  1. Add the enforce-policy template to the ClusterWorkflowTemplate.
  2. Write the parsing logic inside the task (e.g., extracting CVSS scores from SARIF and JSON formats).
  3. Ensure this step acts as the final gatekeeper for the pipeline.
Reference in New Issue View Git Blame Copy Permalink