235 lines
6.5 KiB
JSON
235 lines
6.5 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft-07/schema#",
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"pipeline": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"description": "Core Argo workflow settings.",
|
|
"properties": {
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"description": "Render the ClusterWorkflowTemplate when true."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"description": "Name of the ClusterWorkflowTemplate resource.",
|
|
"minLength": 1
|
|
},
|
|
"serviceAccountName": {
|
|
"type": "string",
|
|
"description": "Service account used by workflow pods.",
|
|
"minLength": 1
|
|
},
|
|
"workingDir": {
|
|
"type": "string",
|
|
"description": "Repository path scanned inside the cloned workspace.",
|
|
"minLength": 1
|
|
},
|
|
"gitRevision": {
|
|
"type": "string",
|
|
"description": "Default git revision to clone when the workflow caller does not override it.",
|
|
"minLength": 1
|
|
},
|
|
"failOnCvss": {
|
|
"type": "string",
|
|
"description": "CVSS threshold passed to the policy enforcement utility.",
|
|
"pattern": "^[0-9]+(\\.[0-9]+)?$"
|
|
},
|
|
"workspace": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"description": "PVC configuration for the shared workspace volume.",
|
|
"properties": {
|
|
"storage": {
|
|
"type": "string",
|
|
"description": "Requested workspace PVC size, for example 1Gi.",
|
|
"minLength": 1
|
|
}
|
|
},
|
|
"required": [
|
|
"storage"
|
|
]
|
|
},
|
|
"repoName": {
|
|
"type": "string",
|
|
"description": "Repository name used in storage upload paths.",
|
|
"minLength": 1
|
|
},
|
|
"scanners": {
|
|
"type": "array",
|
|
"description": "Ordered list of scanner templates wired into the scanner fan-out DAG.",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"trufflehog",
|
|
"semgrep",
|
|
"kics",
|
|
"socketdev",
|
|
"syft-grype",
|
|
"pulumi-crossguard"
|
|
]
|
|
},
|
|
"uniqueItems": true
|
|
},
|
|
"toolsImage": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"description": "Custom image that packages the Node utilities used by the workflow.",
|
|
"properties": {
|
|
"repository": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"tag": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"pullPolicy": {
|
|
"type": "string",
|
|
"enum": [
|
|
"Always",
|
|
"IfNotPresent",
|
|
"Never"
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"repository",
|
|
"tag",
|
|
"pullPolicy"
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"enabled",
|
|
"name",
|
|
"serviceAccountName",
|
|
"workingDir",
|
|
"gitRevision",
|
|
"failOnCvss",
|
|
"workspace",
|
|
"repoName",
|
|
"scanners",
|
|
"toolsImage"
|
|
]
|
|
},
|
|
"images": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"description": "Container images used by each workflow step.",
|
|
"properties": {
|
|
"git": { "type": "string", "minLength": 1 },
|
|
"trufflehog": { "type": "string", "minLength": 1 },
|
|
"semgrep": { "type": "string", "minLength": 1 },
|
|
"kics": { "type": "string", "minLength": 1 },
|
|
"socketdev": { "type": "string", "minLength": 1 },
|
|
"syftGrype": { "type": "string", "minLength": 1 },
|
|
"pulumiCrossguard": { "type": "string", "minLength": 1 },
|
|
"awsCli": { "type": "string", "minLength": 1 },
|
|
"curl": { "type": "string", "minLength": 1 }
|
|
},
|
|
"required": [
|
|
"git",
|
|
"trufflehog",
|
|
"semgrep",
|
|
"kics",
|
|
"socketdev",
|
|
"syftGrype",
|
|
"pulumiCrossguard",
|
|
"awsCli",
|
|
"curl"
|
|
]
|
|
},
|
|
"storage": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"description": "Optional raw report upload configuration.",
|
|
"properties": {
|
|
"enabled": {
|
|
"type": "boolean"
|
|
},
|
|
"reportsBucket": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
},
|
|
"endpoint": {
|
|
"type": "string",
|
|
"description": "Optional custom S3 endpoint for MinIO or another compatible store."
|
|
}
|
|
},
|
|
"required": [
|
|
"enabled",
|
|
"reportsBucket",
|
|
"endpoint"
|
|
]
|
|
},
|
|
"pulumi": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"description": "Pulumi CrossGuard scanner settings.",
|
|
"properties": {
|
|
"policyPackPath": {
|
|
"type": "string",
|
|
"minLength": 1
|
|
}
|
|
},
|
|
"required": [
|
|
"policyPackPath"
|
|
]
|
|
},
|
|
"defectdojo": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"description": "Optional DefectDojo upload step configuration.",
|
|
"properties": {
|
|
"enabled": { "type": "boolean" },
|
|
"productTypeName": { "type": "string", "minLength": 1 },
|
|
"productName": { "type": "string", "minLength": 1 },
|
|
"engagementName": { "type": "string", "minLength": 1 },
|
|
"minimumSeverity": { "type": "string", "minLength": 1 },
|
|
"active": { "type": "boolean" },
|
|
"verified": { "type": "boolean" },
|
|
"closeOldFindings": { "type": "boolean" },
|
|
"autoCreateContext": { "type": "boolean" }
|
|
},
|
|
"required": [
|
|
"enabled",
|
|
"productTypeName",
|
|
"productName",
|
|
"engagementName",
|
|
"minimumSeverity",
|
|
"active",
|
|
"verified",
|
|
"closeOldFindings",
|
|
"autoCreateContext"
|
|
]
|
|
},
|
|
"infisical": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"description": "Optional Infisical operator integration.",
|
|
"properties": {
|
|
"enabled": { "type": "boolean" },
|
|
"workspaceSlug": { "type": "string" },
|
|
"projectSlug": { "type": "string" }
|
|
},
|
|
"required": [
|
|
"enabled",
|
|
"workspaceSlug",
|
|
"projectSlug"
|
|
]
|
|
}
|
|
},
|
|
"required": [
|
|
"pipeline",
|
|
"images",
|
|
"storage",
|
|
"pulumi",
|
|
"defectdojo",
|
|
"infisical"
|
|
]
|
|
}
|