Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-3086

Make Pac generated PipelineRun use a dependency scanner by default

    XMLWordPrintable

Details

    • Feature
    • Resolution: Can't Do
    • Undefined
    • None
    • None
    • Pipelines as Code
    • None
    • False
    • None
    • False
    • 0
    • 0% 0%
    • Pipelines Sprint 255

    Description

      Goals

      When generating a default pipeline with tkn pac generate we are able to detect the type of repository by the programming language and generate a pipelinerun tailored to it.

      We want to add a dependency  check task, i.e: snyk or others in that pipelinerun.

      It need to output in a way to have github annotation showing up nicely for the dependency that is affected, ie: https://pipelinesascode.com/docs/guide/statuses/#error-detection-from-containers-logs-as-github-annotation

      Requirements

      Requirements Notes IS MVP
           

        • (Optional) Use Cases

      < What are we making, for who, and why/what problem are we solving?>

      Out of scope

      <Defines what is not included in this story>

      Dependencies

      < Link or at least explain any known dependencies. >

      Background, and strategic fit

      < What does the person writing code, testing, documenting need to know? >

      Assumptions

      < Are there assumptions being made regarding prerequisites and dependencies?>

      < Are there assumptions about hardware, software or people resources?>

      Customer Considerations

      < Are there specific customer environments that need to be considered (such as working with existing h/w and software)?>

      Documentation Considerations

      < What educational or reference material (docs) is required to support this product feature? For users/admins? Other functions (security officers, etc)? >

      What does success look like?

      < Does this feature have doc impact? Possible values are: New Content, Updates to existing content, Release Note, or No Doc Impact?>

      QE Contact

      < Are there assumptions being made regarding prerequisites and dependencies?>

      < Are there assumptions about hardware, software or people resources?>

      Impact

      < If the feature is ordered with other work, state the impact of this feature on the other work>

      Related Architecture/Technical Documents

      <links>

      Done Checklist

      • Acceptance criteria are met
      • Non-functional properties of the Feature have been validated (such as performance, resource, UX, security or privacy aspects)
      • User Journey automation is delivered
      • Support and SRE teams are provided with enough skills to support the feature in production environment

      Attachments

        Activity

          People

            cboudjna@redhat.com Chmouel Boudjnah
            cboudjna@redhat.com Chmouel Boudjnah
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: