From 49d7e0ee55a5f44db571039bc8c1077ddaac5f1d Mon Sep 17 00:00:00 2001
From: Johannes Scheerer <johannes.scheerer@sap.com>
Date: Wed, 16 Oct 2024 08:53:25 +0200
Subject: [PATCH] Add SAST logs to OCM component descriptor (#422)

---
 .ci/pipeline_definitions | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.ci/pipeline_definitions b/.ci/pipeline_definitions
index 0667e023..ceb9085a 100644
--- a/.ci/pipeline_definitions
+++ b/.ci/pipeline_definitions
@@ -30,6 +30,13 @@ gardener-extension-networking-cilium:
         attribute: global.image.tag
 
   base_definition:
+    repo:
+      source_labels:
+      - name: cloud.gardener.cnudie/dso/scanning-hints/source_analysis/v1
+        value:
+          policy: skip
+          comment: |
+            we use gosec for sast scanning. See attached log.
     steps:
       verify:
         image: 'golang:1.23.1'
@@ -110,6 +117,17 @@ gardener-extension-networking-cilium:
           nextversion: 'bump_minor'
           next_version_callback: '.ci/prepare_release'
           release_callback: '.ci/prepare_release'
+          assets:
+          - type: build-step-log
+            step_name: verify
+            purposes:
+            - lint
+            - sast
+            - gosec
+            comment: |
+                we use gosec (linter) for SAST scans
+                see: https://github.com/securego/gosec
+                enabled by https://github.com/gardener/gardener-extension-networking-cilium/pull/420
         slack:
           default_channel: 'internal_scp_workspace'
           channel_cfgs: