A workflow specification allows to configure a workflow.
An example workflow.yaml looks like:
description: GoSec based workflow
name: gosec
components:
- component: file://components/targets/git-clone/component.yaml
- component: file://components/scanners/gosec/component.yaml
- component: file://components/enrichers/custom-annotation/component.yaml
- component: file://components/reporters/json-logger/component.yamlComponent references can be:
local: absolute path to acomponent.yamlwithfile://prefix.remote: referring to a packaged component pushed in an OCI registry.
An overrides file defines optional parameter overrides for each component at run time.
An example overrides.yaml file looks like follows:
git-clone:
- name: "repo_url"
type: "string"
value: "https://github.com/0c34/govwa.git"
gosec-parser:
- name: "repo_name"
type: "string"
value: "govwa"The root entries specify the component name, while the entries are parameters.