| jobs: | |
| validate-semgrep-sast: | |
| template: ProdSec/validate_semgrep@stable | |
| image: alma8 | |
| environment: | |
| YAHOO_SEMGREP_ENFORCING: False #(If you choose to fail builds for validation failures in Semgrep, then you should set this value to True) | |
| YAHOO_SEMGREP_ONLINE: True | |
| checkov: | |
| requires: [~pr, ~commit] | |
| image: docker.ouroath.com:4443/containers/python3:latest | |
| steps: | |
| - run: | | |
| sd-cmd exec ProdSec/checkov@stable -d $SD_SOURCE_DIR | |
| environment: | |
| CHECKOV_HARD_FAIL_ON_FINDINGS: false | |