Configure snyk (#2445)

jotak · web-flow · commit 7913271a7874 · 2026-02-11T12:40:01.000+01:00
* Configure snyk

* Enable snyk reports only on push
diff --git a/.tekton/network-observability-operator-bundle-ystream-push.yaml b/.tekton/network-observability-operator-bundle-ystream-push.yaml
@@ -40,6 +40,8 @@ spec:
     value: bundle.Dockerfile.downstream
   - name: prefetch-input
     value: '{"type":"pip", "path":"."}'
+  - name: snyk-args
+    value: "--project-name=netobserv-bundle --report --org=824715e7-b597-4123-bdb7-ba8abc3d3b2f"
   pipelineRef:
     name: build-bundle-pipeline
   taskRunTemplate:
diff --git a/.tekton/network-observability-operator-ystream-push.yaml b/.tekton/network-observability-operator-ystream-push.yaml
@@ -45,6 +45,8 @@ spec:
     value: Dockerfile-args.downstream
   - name: dockerfile
     value: ./Dockerfile.downstream
+  - name: snyk-args
+    value: "--project-name=netobserv-operator --report --org=824715e7-b597-4123-bdb7-ba8abc3d3b2f"
   pipelineRef:
     name: build-pipeline
   taskRunTemplate:
diff --git a/.tekton/pipeline-bundle-ref.yaml b/.tekton/pipeline-bundle-ref.yaml
@@ -65,6 +65,10 @@ spec:
     default: 'false'
     description: Enable cache proxy configuration
     type: string
+  - name: snyk-args
+    default: ''
+    description: Snyk arguments, e.g. for report upload
+    type: string
   results:
   - description: ""
     name: IMAGE_URL
@@ -277,6 +281,8 @@ spec:
       value: $(tasks.build-container.results.IMAGE_DIGEST)
     - name: image-url
       value: $(tasks.build-container.results.IMAGE_URL)
+    - name: ARGS
+      value: $(params.snyk-args)
     runAfter:
     - build-container
     taskRef:
diff --git a/.tekton/pipeline-ref.yaml b/.tekton/pipeline-ref.yaml
@@ -79,6 +79,10 @@ spec:
     default: docker
     type: string
     description: The format for the resulting image's mediaType. Valid values are oci or docker.
+  - name: snyk-args
+    default: ''
+    description: Snyk arguments, e.g. for report upload
+    type: string
   results:
   - description: ""
     name: IMAGE_URL
@@ -382,6 +386,8 @@ spec:
       value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
     - name: CACHI2_ARTIFACT
       value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
+    - name: ARGS
+      value: $(params.snyk-args)
     runAfter:
     - build-image-index
     taskRef:
