... | ... | @@ -19,7 +19,7 @@ When deploying a software factory, there are many hats/personas that interact wi |
|
|
```mermaid
|
|
|
graph LR
|
|
|
subgraph cicd[Developer CICD]
|
|
|
C[Code+VEX] --> Build
|
|
|
C[Code+Justifications] --> Build
|
|
|
Build --> Scan
|
|
|
Scan --> Check
|
|
|
C --> Check[Check all Vulns have a justification]
|
... | ... | @@ -27,13 +27,13 @@ graph LR |
|
|
|
|
|
end
|
|
|
Upload --> OCIRegistry
|
|
|
Scan2 --> OCIRegistry
|
|
|
S --> OCIRegistry
|
|
|
OCIRegistry --> B[System Vulnerabilities]
|
|
|
B -->|Review/Accept by Security| B
|
|
|
V --> B
|
|
|
subgraph infra[Infra CICD]
|
|
|
GitChanges[GitOps Changes + VEX] --> Scan2[Scan]
|
|
|
Scan2 --> S[Upload Image + VEX]
|
|
|
GitChanges[GitOps Changes + Justifications] --> Scan2[Scan]
|
|
|
Scan2 --> S[Upload Image + Vulns + Justifications]
|
|
|
S --> V[Validate Accepted Justifications]
|
|
|
V --> Prod[Deploy to Environment]
|
|
|
end
|
... | ... | |