agentguard-ci/helm/templates/_scan-kics.yaml

{{- define "template.scan-kics" -}}
- name: scan-kics
  inputs:
    parameters:
      - name: working-dir
  container:
    image: {{ .Values.images.kics | quote }}
    command:
      - sh
      - -c
    args:
      - |
        set -eu
        mkdir -p /workspace/reports
        kics scan -p "/workspace/{{ `{{inputs.parameters.working-dir}}` }}" -o /workspace/reports --report-formats sarif,json --output-name kics || true
        if [ -f /workspace/reports/kics.sarif ]; then
          exit 0
        fi
        if [ -f /workspace/reports/kics.json ]; then
          cp /workspace/reports/kics.json /workspace/reports/kics.sarif
        fi
    volumeMounts:
      - name: workspace
        mountPath: /workspace
{{- end }}