-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sast: initial task for Coverity Buildless #1411
Conversation
task/sast-coverity-buildless-check/0.1/sast-coverity-buildless-check.yaml
Outdated
Show resolved
Hide resolved
48b9d8c
to
06b8305
Compare
Results are parsed and shown in the UI: Here we have an example pipeline: https://konflux.apps.stone-prod-p02.hjvn.p1.openshiftapps.com/application-pipeline/workspaces/jperezde/applications/test-coverity/pipelineruns/ec-cli-on-pull-request-292mf |
7d6c4fb
to
e833b16
Compare
task/sast-coverity-buildless-check/0.1/sast-coverity-buildless-check.yaml
Outdated
Show resolved
Hide resolved
task/sast-coverity-buildless-check/0.1/sast-coverity-buildless-check.yaml
Outdated
Show resolved
Hide resolved
task/sast-coverity-buildless-check/0.1/sast-coverity-buildless-check.yaml
Outdated
Show resolved
Hide resolved
task/sast-coverity-buildless-check/0.1/sast-coverity-buildless-check.yaml
Outdated
Show resolved
Hide resolved
e833b16
to
beaaf79
Compare
Thanks for the thorough review @kdudka ! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jperezdealgaba Please close the review threads that have been resolved. I do not have sufficient permission to do it myself.
task/sast-coverity-buildless-check/0.1/sast-coverity-buildless-check.yaml
Outdated
Show resolved
Hide resolved
task/sast-coverity-buildless-check/0.1/sast-coverity-buildless-check.yaml
Outdated
Show resolved
Hide resolved
97be5ae
to
e52f763
Compare
Solved all comments and added new changes. I will also apply the changes (the record excluded and update the |
f65c313
to
ffff308
Compare
ffff308
to
dc50185
Compare
72ee032
to
5973915
Compare
Hey! @kdudka I just did a new MR with all the discussed changes:
The relationship between the two tasks are defined in the following file: pipelines/template-build/template-build.yaml |
a053118
to
1cf84a4
Compare
@tnevrlka Would you mind retriggering the tests? This was just merged: release-engineering/rhtap-ec-policy#85 (comment) |
/ok-to-test |
1cf84a4
to
378ff5d
Compare
/ok-to-test |
/retest |
378ff5d
to
9ae6fef
Compare
/retest |
The The README says |
I think we also need a fix tor the Task Tests workflow then, tests should really be optional at the moment |
I have skipped task tests workflow with this PR till it is fixed. |
9ae6fef
to
c682c64
Compare
Solves: https://issues.redhat.com/browse/OSH-740 Initial version of the Coverity Buildless task. In introduces two different tasks: A task checking the availability of Coverity license and authentication token, and a task for scanning the code. The code will be scanned using coverity buildless mode, then the results are processing using csgrep and the results are later filtered using csfilter-kfp.
c682c64
to
ac3c8d5
Compare
/ok-to-test |
|caTrustConfigMapKey| The name of the key in the ConfigMap that contains the CA bundle data.| ca-bundle.crt| | | ||
|caTrustConfigMapName| The name of the ConfigMap to read CA bundle data from.| trusted-ca| | | ||
|image-digest| Image digest to report findings for.| None| '$(tasks.build-container.results.IMAGE_DIGEST)'| | ||
|image-url| Image URL.| None| '$(tasks.build-container.results.IMAGE_URL)'| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jperezdealgaba for multi-arch I think this should be build-image-index
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pierDipi Sorry! We weren't aware of this. Would you mind adding more information about how this is used in this tracker: https://issues.redhat.com/browse/OSH-790 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
... and coverity-availability-check to make the template work with multiarch builds. Fixes: konflux-ci#1411 Resolves: https://issues.redhat.com/browse/OSH-790 Resolves: https://issues.redhat.com/browse/KFLUXSPRT-847
... and coverity-availability-check to make the template work with multiarch builds. Fixes: konflux-ci#1411 Resolves: https://issues.redhat.com/browse/OSH-790 Resolves: https://issues.redhat.com/browse/KFLUXSPRT-847
... and coverity-availability-check to make the template work with multiarch builds. Fixes: #1411 Resolves: https://issues.redhat.com/browse/OSH-790 Resolves: https://issues.redhat.com/browse/KFLUXSPRT-847
Initial version of the Coverity Buildless task. The code will be scanned using coverity buildless mode, then the results are processuing using csgrep and the results are later filtered using csfilter-kfp.
This is a draft request and this can not be merged in this repository. It will be merged in a newly created repository.
Things pending to do:
csdiff
package once the container image is updatedApart from that, the MR can be reviewed as the funcionality will remain the same