forked from rcarrata/devsecops-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtask-zap-proxy.yaml.j2
55 lines (48 loc) · 1.77 KB
/
task-zap-proxy.yaml.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
annotations:
tekton.dev/pipelines.minVersion: 0.12.1
tekton.dev/tags: git
name: zap-proxy
namespace: cicd
labels:
app.kubernetes.io/version: '0.1'
operator.tekton.dev/provider-type: community
spec:
description: This Task can be used to update image digest in a Git repo using kustomize
params:
- name: REPORTS_REPO_USERNAME
description: The reports repository username
default: reports
- name: REPORTS_REPO_PASSWORD
description: The reports repository password
default: reports
- name: APP_URL
description: The application under test url
- name: REPORTS_REPO_HOST
description: The reports repository host based on https://github.com/chmouel/openshift-django-uploader
default: http://reports-repo:8080
workspaces:
- description: The workspace for the zap proxy task
name: workspace
steps:
- name: zap-proxy
image: quay.io/rcarrata/zap2docker-stable:latest
env:
- name: PIPELINERUN_NAME
valueFrom:
fieldRef:
fieldPath: metadata.labels['tekton.dev/pipelineRun']
workingDir: $(workspaces.workspace.path)
script: |
#!/usr/bin/env bash
set -x
echo "Make the wrk directory available to save the reports"
cd /zap
mkdir /zap/wrk
echo "Starting the pentesting..."
/zap/zap-baseline.py -t $(params.APP_URL) -r $PIPELINERUN_NAME.html
ls -lhrt /zap/wrk
echo "Uploading the report into the report server"
curl -u $(params.REPORTS_REPO_USERNAME):$(params.REPORTS_REPO_PASSWORD) -F path=$PIPELINERUN_NAME/$PIPELINERUN_NAME.html -F file=@/zap/wrk/$PIPELINERUN_NAME.html -X POST $(params.REPORTS_REPO_HOST)/upload; echo ""