Implementation of plugin pipeline, v1
This template is ONLY used for feature requests. Bug reporting or pipeline enhancement issues should use the other template options for issue submission.
Description
We need to establish a pipeline for plugins. The implementation will be designed based on the content of the following ticket:
https://repo1.dsop.io/ironbank-tools/ironbank-pipeline/-/issues/138
Purpose
The purpose of this pipeline is to allow for other P1 teams (and others) to view the findings associated with various plugins and integrate them into their products.
Plan
-
Create ironbank-pluginsgroup in registry1 -
Create pluginsgroup inside Repo1 -
Create pipeline in order to populate registry1 with plugins when they are added to a project in the Repo1 pluginsgroup. -
Create a project in order to query Anchore for the scan assessment results. -
Create plugin_manifest.yamlschema. -
Separate deployment of Anchore is NOT needed - can use existing Anchore deployment. -
Create Body of Evidence (BOE) artifact that includes Bill of Material (BOM) and findings from Anchore scan. -
Integrate with IB Front End in order to populate the front end with plugins. Utilize existing S3 bucket in order to provide artifacts to IBFE. -
Documentation created which lives inside plugins group.
Possible Blockers/Challenges
(Phase 2 of rollout) - Deployment of SCA tool and integration.
Acceptance Criteria
- TBD
Plugin pipeline repo:
https://repo1.dsop.io/ironbank-tools/ironbank-plugins-pipeline
Edited by gavin.scallon