Skip to content

Commit

Permalink
Regenerate sast-snyk-check-oci-ta
Browse files Browse the repository at this point in the history
  • Loading branch information
ralphbean committed Jun 20, 2024
1 parent 083fe73 commit 8a14519
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 0 deletions.
2 changes: 2 additions & 0 deletions task/sast-snyk-check-oci-ta/0.1/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ See https://snyk.io/product/snyk-code/ and https://snyk.io/ for more information
|ARGS|Append arguments.|--all-projects --exclude=test*,vendor,deps|false|
|SNYK_SECRET|Name of secret which contains Snyk token.|snyk-secret|false|
|SOURCE_ARTIFACT|The Trusted Artifact URI pointing to the artifact with the application source code.||true|
|image-digest|Image digest to report findings for.|""|false|
|image-url|Image URL.|""|false|

## Results
|name|description|
Expand Down
38 changes: 38 additions & 0 deletions task/sast-snyk-check-oci-ta/0.1/sast-snyk-check-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,14 @@ spec:
description: The Trusted Artifact URI pointing to the artifact with
the application source code.
type: string
- name: image-digest
description: Image digest to report findings for.
type: string
default: ""
- name: image-url
description: Image URL.
type: string
default: ""
results:
- name: TEST_OUTPUT
description: Tekton task test output.
Expand Down Expand Up @@ -104,3 +112,33 @@ spec:
ERROR_OUTPUT=$(make_result_json -r ERROR -t "$note")
fi
echo "${TEST_OUTPUT:-${ERROR_OUTPUT}}" | tee $(results.TEST_OUTPUT.path)
- name: upload
image: quay.io/konflux-ci/oras:latest@sha256:04cbd5efbcf1a38944b050e3adbc3071218643f6aa92e95d5d25b173574bca5e
workingDir: /var/workdir/source
env:
- name: IMAGE_URL
value: $(params.image-url)
- name: IMAGE_DIGEST
value: $(params.image-digest)
script: |
#!/usr/bin/env bash
UPLOAD_FILE=sast_snyk_check_out.json
MEDIA_TYPE=application/sarif+json
if [ -z "${IMAGE_URL}" ] || [ -z "${IMAGE_DIGEST}" ]; then
echo 'No image-url or image-digest param provided. Skipping upload.'
exit 0
fi
if [ ! -f "${UPLOAD_FILE}" ]; then
echo "No ${UPLOAD_FILE} exists. Skipping upload."
exit 0
fi
echo "Selecting auth"
select-oci-auth $IMAGE_URL >$HOME/auth.json
echo "Attaching to ${IMAGE_URL} via the OCI 1.1 Referrers API"
oras attach --no-tty --registry-config "$HOME/auth.json" --distribution-spec v1.1-referrers-api --artifact-type "${MEDIA_TYPE}" "${IMAGE_URL}" "${UPLOAD_FILE}:${MEDIA_TYPE}"
echo "Attaching to ${IMAGE_URL} via the OCI 1.1 Referrers Tag"
oras attach --no-tty --registry-config "$HOME/auth.json" --distribution-spec v1.1-referrers-tag --artifact-type "${MEDIA_TYPE}" "${IMAGE_URL}" "${UPLOAD_FILE}:${MEDIA_TYPE}"

0 comments on commit 8a14519

Please sign in to comment.