Skip to content

Commit

Permalink
Merge branch 'main' into improve-image-parsin
Browse files Browse the repository at this point in the history
  • Loading branch information
mkosiarc authored Dec 9, 2024
2 parents eee3c4f + f7c5f33 commit 14122d8
Show file tree
Hide file tree
Showing 7 changed files with 42 additions and 19 deletions.
5 changes: 3 additions & 2 deletions task/fbc-validation/0.2/MIGRATION.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,9 @@ To remove this task from your pipeline please follow these steps:
- name: name
- value: fbc-validation
+ value: validate-fbc
- - name: bundle
- value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1
- name: bundle
- value: quay.io/konflux-ci/tekton-catalog/task-fbc-validation:0.1
+ value: quay.io/konflux-ci/tekton-catalog/task-validate-fbc:0.1
- name: kind
value: task
resolver: bundles
Expand Down
20 changes: 19 additions & 1 deletion task/sast-snyk-check-oci-ta/0.3/sast-snyk-check-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,25 @@ spec:
(set -x && csgrep --mode=evtstat filtered_sast_snyk_check_out.json)
fi
csgrep --mode=sarif filtered_sast_snyk_check_out.json >sast_snyk_check_out.sarif
# Generation of scan stats
total_files=$(jq '[.runs[0].properties.coverage[].files] | add' "${SOURCE_CODE_DIR}"/sast_snyk_check_out.json)
supported_files=$(jq '[.runs[0].properties.coverage[] | select(.type == "SUPPORTED") | .files] | add' "${SOURCE_CODE_DIR}"/sast_snyk_check_out.json)
# We make sure the values are 0 if no supported/total files are found
total_files=${total_files:-0}
supported_files=${supported_files:-0}
coverage_ratio=0
if ((total_files > 0)); then
coverage_ratio=$((supported_files * 100 / total_files))
fi
# embed stats in results file and convert to SARIF
csgrep --mode=sarif --set-scan-prop snyk-scanned-files-coverage:"${coverage_ratio}" \
--set-scan-prop snyk-scanned-files-success:"${supported_files}" \
--set-scan-prop snyk-scanned-files-total:"${total_files}" \
filtered_sast_snyk_check_out.json >sast_snyk_check_out.sarif
TEST_OUTPUT=
parse_test_output "$(context.task.name)" sarif sast_snyk_check_out.sarif || true
Expand Down
1 change: 1 addition & 0 deletions task/sast-snyk-check/0.3/MIGRATION.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ Version 0.3:
- There are no default arguments as "--all-projects --exclude=test*,vendor,deps" are ignored by Snyk Code
- SARIF produced by Snyk Code is not included in the CI log.
- The `KFP_GIT_URL` parameter has been introduced to indicate the repository to filter false positives. If this variable is left empty, the results won't be filtered. At the same time, we can store all excluded findings in a file using the `RECORD_EXCLUDED` parameter and specify a name of project with the `PROJECT_NAME` to use specific filters.
- The stats of the snyk scan are embedded into the result's SARIF file

## Action from users

Expand Down
20 changes: 19 additions & 1 deletion task/sast-snyk-check/0.3/sast-snyk-check.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,25 @@ spec:
(set -x && csgrep --mode=evtstat filtered_sast_snyk_check_out.json)
fi
csgrep --mode=sarif filtered_sast_snyk_check_out.json > sast_snyk_check_out.sarif
# Generation of scan stats
total_files=$(jq '[.runs[0].properties.coverage[].files] | add' "${SOURCE_CODE_DIR}"/sast_snyk_check_out.json)
supported_files=$(jq '[.runs[0].properties.coverage[] | select(.type == "SUPPORTED") | .files] | add' "${SOURCE_CODE_DIR}"/sast_snyk_check_out.json)
# We make sure the values are 0 if no supported/total files are found
total_files=${total_files:-0}
supported_files=${supported_files:-0}
coverage_ratio=0
if (( total_files > 0 )); then
coverage_ratio=$((supported_files * 100 / total_files))
fi
# embed stats in results file and convert to SARIF
csgrep --mode=sarif --set-scan-prop snyk-scanned-files-coverage:"${coverage_ratio}" \
--set-scan-prop snyk-scanned-files-success:"${supported_files}" \
--set-scan-prop snyk-scanned-files-total:"${total_files}" \
filtered_sast_snyk_check_out.json > sast_snyk_check_out.sarif
TEST_OUTPUT=
parse_test_output "$(context.task.name)" sarif sast_snyk_check_out.sarif || true
Expand Down
5 changes: 0 additions & 5 deletions task/tkn-bundle-oci-ta/OWNERS

This file was deleted.

5 changes: 0 additions & 5 deletions task/tkn-bundle/OWNERS

This file was deleted.

5 changes: 0 additions & 5 deletions task/verify-enterprise-contract/OWNERS

This file was deleted.

0 comments on commit 14122d8

Please sign in to comment.