ZAP and sonar cloud scanning for projects in Emerald cluster

BCDevOps / developer-experience

This repository is used to track all work for the BCGov Platform Services Team (This includes work for: 1. Platform Experience, 2. Developer Experience 3. Platform Operations/OCP 3)

Apache License 2.0

8 stars 17 forks source link

ZAP and sonar cloud scanning for projects in Emerald cluster #4734

Open AvneetKahlon opened 8 months ago

AvneetKahlon commented 8 months ago

Describe the issue Need to create a pipeline template for ZAP and sonar cloud scanning for projects in Emerald Cluster

Additional context Add any other context, attachments or screenshots

How does this benefit the users of our platform? Helps the user to scan their namespaces for vulnerability Definition of done

[ ] create a modified template for emerald projects in lab
[ ] review with Nick

AvneetKahlon commented 8 months ago

On hold until we investigate about RH trusted s/w supply chain. we might not need to create a new pipeline template if supply chain can just capture all use cases.

StevenBarre commented 8 months ago

We had previously disabled chain signing in the Pipeline operator due to a bug. If you'd like it re-enabled can you create a ticket for DXC and we can try it out again in the lab clusters.