Aqua is baked into the ods-package-image task. This has the advantage of fewer tasks (= faster) and that Aqua is more likely to be executed at all. However, due to how the Aqua scanner is distributed (via basic auth protected endpoint), having Aqua in the ods-package-image is not trivial and leads to permission issues as the ods-package-image forces gid=1001, which is not allowed to write to the workspace.
As a consequence of adding an extra task, pipelines using Aqua will be a bit slower. However, usage may also change and people could run the Aqua scan task only before promotion. The amount of logic and parameters in each task will shrink, making it easier to maintain them.
Aqua is baked into the
ods-package-imagetask. This has the advantage of fewer tasks (= faster) and that Aqua is more likely to be executed at all. However, due to how the Aqua scanner is distributed (via basic auth protected endpoint), having Aqua in theods-package-imageis not trivial and leads to permission issues as theods-package-imageforces gid=1001, which is not allowed to write to the workspace.As a consequence of adding an extra task, pipelines using Aqua will be a bit slower. However, usage may also change and people could run the Aqua scan task only before promotion. The amount of logic and parameters in each task will shrink, making it easier to maintain them.