Remove the PR report / commit insight from the ods-package-inage task, and instead save a file to disk, e.g. .ods/insights/trivy-scans/vulnerabilities. This file (and other similar ones) would be a JSON structure which will be sent to Bitbucket in the finish task. That way the scan task does not need to interact with Bitbucket and it becomes very easy for any task to generate Bitbucket insights.
This is an important step towards splitting out tasks into multiple repos.
Based on https://github.com/opendevstack/ods-pipeline-image/issues/3.
Remove the PR report / commit insight from the ods-package-inage task, and instead save a file to disk, e.g. .ods/insights/trivy-scans/vulnerabilities. This file (and other similar ones) would be a JSON structure which will be sent to Bitbucket in the finish task. That way the scan task does not need to interact with Bitbucket and it becomes very easy for any task to generate Bitbucket insights.
This is an important step towards splitting out tasks into multiple repos.