{ "$schema": "https://json-schema.org/draft-07/schema#", "type": "object", "additionalProperties": false, "properties": { "pipeline": { "type": "object", "additionalProperties": false, "description": "Core Argo workflow settings.", "properties": { "enabled": { "type": "boolean", "description": "Render the ClusterWorkflowTemplate when true." }, "name": { "type": "string", "description": "Name of the ClusterWorkflowTemplate resource.", "minLength": 1 }, "serviceAccountName": { "type": "string", "description": "Service account used by workflow pods.", "minLength": 1 }, "workingDir": { "type": "string", "description": "Repository path scanned inside the cloned workspace.", "minLength": 1 }, "gitRevision": { "type": "string", "description": "Default git revision to clone when the workflow caller does not override it.", "minLength": 1 }, "failOnCvss": { "type": "string", "description": "CVSS threshold passed to the policy enforcement utility.", "pattern": "^[0-9]+(\\.[0-9]+)?$" }, "workspace": { "type": "object", "additionalProperties": false, "description": "PVC configuration for the shared workspace volume.", "properties": { "storage": { "type": "string", "description": "Requested workspace PVC size, for example 1Gi.", "minLength": 1 } }, "required": [ "storage" ] }, "repoName": { "type": "string", "description": "Repository name used in storage upload paths.", "minLength": 1 }, "scanners": { "type": "array", "description": "Ordered list of scanner templates wired into the scanner fan-out DAG.", "minItems": 1, "items": { "type": "string", "enum": [ "trufflehog", "semgrep", "kics", "socketdev", "syft-grype", "pulumi-crossguard" ] }, "uniqueItems": true }, "toolsImage": { "type": "object", "additionalProperties": false, "description": "Custom image that packages the Node utilities used by the workflow.", "properties": { "repository": { "type": "string", "minLength": 1 }, "tag": { "type": "string", "minLength": 1 }, "pullPolicy": { "type": "string", "enum": [ "Always", "IfNotPresent", "Never" ] } }, "required": [ "repository", "tag", "pullPolicy" ] } }, "required": [ "enabled", "name", "serviceAccountName", "workingDir", "gitRevision", "failOnCvss", "workspace", "repoName", "scanners", "toolsImage" ] }, "images": { "type": "object", "additionalProperties": false, "description": "Container images used by each workflow step.", "properties": { "git": { "type": "string", "minLength": 1 }, "trufflehog": { "type": "string", "minLength": 1 }, "semgrep": { "type": "string", "minLength": 1 }, "kics": { "type": "string", "minLength": 1 }, "socketdev": { "type": "string", "minLength": 1 }, "syftGrype": { "type": "string", "minLength": 1 }, "pulumiCrossguard": { "type": "string", "minLength": 1 }, "awsCli": { "type": "string", "minLength": 1 }, "curl": { "type": "string", "minLength": 1 } }, "required": [ "git", "trufflehog", "semgrep", "kics", "socketdev", "syftGrype", "pulumiCrossguard", "awsCli", "curl" ] }, "storage": { "type": "object", "additionalProperties": false, "description": "Optional raw report upload configuration.", "properties": { "enabled": { "type": "boolean" }, "reportsBucket": { "type": "string", "minLength": 1 }, "endpoint": { "type": "string", "description": "Optional custom S3 endpoint for MinIO or another compatible store." } }, "required": [ "enabled", "reportsBucket", "endpoint" ] }, "pulumi": { "type": "object", "additionalProperties": false, "description": "Pulumi CrossGuard scanner settings.", "properties": { "policyPackPath": { "type": "string", "minLength": 1 } }, "required": [ "policyPackPath" ] }, "defectdojo": { "type": "object", "additionalProperties": false, "description": "Optional DefectDojo upload step configuration.", "properties": { "enabled": { "type": "boolean" }, "productTypeName": { "type": "string", "minLength": 1 }, "productName": { "type": "string", "minLength": 1 }, "engagementName": { "type": "string", "minLength": 1 }, "minimumSeverity": { "type": "string", "minLength": 1 }, "active": { "type": "boolean" }, "verified": { "type": "boolean" }, "closeOldFindings": { "type": "boolean" }, "autoCreateContext": { "type": "boolean" } }, "required": [ "enabled", "productTypeName", "productName", "engagementName", "minimumSeverity", "active", "verified", "closeOldFindings", "autoCreateContext" ] }, "infisical": { "type": "object", "additionalProperties": false, "description": "Optional Infisical operator integration.", "properties": { "enabled": { "type": "boolean" }, "workspaceSlug": { "type": "string" }, "projectSlug": { "type": "string" } }, "required": [ "enabled", "workspaceSlug", "projectSlug" ] } }, "required": [ "pipeline", "images", "storage", "pulumi", "defectdojo", "infisical" ] }