From a2e96cb3793c0cbc91adb9bb5f347fdfa103f6b6 Mon Sep 17 00:00:00 2001
From: Fabio Pitino <fpitino@gitlab.com>
Date: Wed, 3 May 2023 10:47:29 +0100
Subject: [PATCH] Replace var to run kubesec-sast job with input

---
 README.md    | 1 +
 template.yml | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 8b2ff68..353f59f 100644
--- a/README.md
+++ b/README.md
@@ -25,3 +25,4 @@ where `<VERSION>` is the latest released tag or `main`.
 | `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from |
 | `image_suffix` | `""` | Used by `semgrep-sast` job only |
 | `excluded_analyzers` | `""` | Comma separated list of analyzers that should not run |
+| `run_kubesec_sast` | `"false"` | Set it to `"true"` to run `kubesec-sast` job  |
diff --git a/template.yml b/template.yml
index ab80d48..4ed97b2 100644
--- a/template.yml
+++ b/template.yml
@@ -8,6 +8,8 @@ spec:
       default: ""
     excluded_analyzers:
       default: ""
+    run_kubesec_sast:
+      default: 'false'
     
 ---
 .sast-analyzer:
@@ -75,8 +77,7 @@ kubesec-sast:
       when: never
     - if: '"$[[ inputs.excluded_analyzers ]]" =~ /kubesec/'
       when: never
-    - if: $CI_COMMIT_BRANCH &&
-          $SCAN_KUBERNETES_MANIFESTS == 'true'
+    - if: '$CI_COMMIT_BRANCH && "$[[ inputs.run_kubesec_sast ]]" == "true"'
 
 .mobsf-sast:
   extends: .sast-analyzer