fix(KONFLUX-3663): upload SAST results to quay.io

ccronca · vdemeester · commit 5e8327c614de · 2024-08-14T14:53:47.000+02:00
Configure the SAST task to upload SARIF results to quay.io for
long-term storage

Signed-off-by: ccronca &lt;ccota@redhat.com&gt;
diff --git a/.tekton/git-init-pull-request.yaml b/.tekton/git-init-pull-request.yaml
@@ -305,7 +305,7 @@ spec:
         - "false"
     - name: sast-snyk-check
       runAfter:
-      - clone-repository
+      - build-container
       taskRef:
         params:
         - name: name
@@ -323,6 +323,11 @@ spec:
       workspaces:
       - name: workspace
         workspace: workspace
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
     - name: clamav-scan
       params:
       - name: image-digest
diff --git a/.tekton/git-init-push.yaml b/.tekton/git-init-push.yaml
@@ -302,7 +302,7 @@ spec:
         - "false"
     - name: sast-snyk-check
       runAfter:
-      - clone-repository
+      - build-container
       taskRef:
         params:
         - name: name
@@ -320,6 +320,11 @@ spec:
       workspaces:
       - name: workspace
         workspace: workspace
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
     - name: clamav-scan
       params:
       - name: image-digest
