Open in-1911 opened 3 days ago
Initial thoughts:
app-url
parameter between the CD and CC pipelines, as the CD pipeline is less configurable than CI and it may be problematic to add information to the inventory from there.app-url
parameter from CI (ie the 'dev' instance) is easier, as we can include that information in the inventory. We can start with that, at least some dynamic scan results will be in CC. Is there a different way to pass the app url? Inventory may not be the proper channel as well - it seems to be more related to the application components / artifacts, so may be only CI is supposed to update it?
Description
The SCC checks in AI Guardrails profile require a dynamic scan in the CC pipeline run. To enable the dynamic scanning, the following properties need to be set in the pipeline or a at least the manual trigger:
opt-in-dynamic-scan = 1
(or any non-empty value)opt-in-dynamic-ui-scan = 1
(or any non-empty value)app-url = https://rag-sample-app.<code-engine assigned subdomain>.<code-engine region>.codeengine.appdomain.cloud/
The app-url needs to be retrieved from the application in CD project, presumably in the CD pipeline run. Likely it needs to be stored in an inventory to be able to fetch it in CC run.
New or affected modules
By submitting this issue, you agree to follow our Code of Conduct