adding image suffix to keep inputs whole

Apply 1 suggestion(s) to 1 file(s)
Co-authored-by: Adam Cohen <acohen@gitlab.com>
2025-06-30 07:28:29 +02:00 · 2025-05-20 22:10:19 -04:00 · 2025-05-20 22:04:22 -04:00 · 2025-05-20 22:03:35 -04:00
1 changed files with 10 additions and 15 deletions
--- a/templates/iac-kics-sast.yml
+++ b/templates/iac-kics-sast.yml
@ -9,34 +9,29 @@ spec:
            default: "spec, test, tests, tmp"
        excluded_analyzers:
            default: ""
-        analyzer_image:
+        image_prefix:
            default: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
+        image_suffix:
+            dafault: ""
        search_max_depth:
            default: 4
        image_tag:
            default: 6

 ---
-iac-sast:
+kics-iac-sast:
  stage: $[[ inputs.stage ]]
+  image:
+    name: "$[[ inputs.image_prefix ]]/kics:$[[ inputs.image_tag ]]$[[ inputs.image_suffix ]]"
+  variables:
+    SEARCH_MAX_DEPTH: $[[ inputs.search_max_depth ]]
+  script:
+    - /analyzer run
  artifacts:
    access: 'developer'
    reports:
      sast: gl-sast-report.json
-  rules:
-    - when: never
-  # `rules` must be overridden explicitly by each child job
-  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
-  variables:
-    SEARCH_MAX_DEPTH: $[[ inputs.search_max_depth ]]
  allow_failure: true
-  script:
-    - /analyzer run
-
-kics-iac-sast:
-  extends: iac-sast
-  image:
-    name: "$[[ inputs.analyzer_image ]]/kics:$[[ inputs.image_tag ]]"
  rules:
    - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1'
      when: never
Author	SHA1	Message	Date
Rob Jackson	40ec68512d	adding image suffix to keep inputs whole	2025-05-20 22:10:19 -04:00
Rob Jackson	cf87e0da38	Apply 1 suggestion(s) to 1 file(s) Co-authored-by: Adam Cohen <acohen@gitlab.com>	2025-05-20 22:04:22 -04:00
Rob Jackson	2a492122e2	Apply 1 suggestion(s) to 1 file(s) Co-authored-by: Adam Cohen <acohen@gitlab.com>	2025-05-20 22:03:35 -04:00