From 40b7e24f78dfad123a8d38621b32f3015e657f9c Mon Sep 17 00:00:00 2001
From: andream16 <andrea@ocurity.com>
Date: Tue, 17 Sep 2024 16:18:52 +0100
Subject: [PATCH] Adding task for atom reachability enricher.

---
 components/enrichers/reachability/task.yaml | 68 +++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 components/enrichers/reachability/task.yaml

diff --git a/components/enrichers/reachability/task.yaml b/components/enrichers/reachability/task.yaml
new file mode 100644
index 000000000..f6981297b
--- /dev/null
+++ b/components/enrichers/reachability/task.yaml
@@ -0,0 +1,68 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: enricher-reachability
+  labels:
+    v1.dracon.ocurity.com/component: enricher
+spec:
+  description: Performs a reachability check on a supplied repository using AppThreat/atom.
+  params:
+    - name: enricher-reachability-programming-language
+      type: string
+  volumes:
+    - name: scratch
+      emptyDir: {}
+  workspaces:
+    - name: output
+      description: The workspace containing the source-code to scan.
+  steps:
+  - name: run-cdxgen
+    image: ghcr.io/cyclonedx/cdxgen:v10.9.5
+    command:
+      - node
+    args:
+      - /opt/cdxgen/bin/cdxgen.js
+      - -t
+      - $(params.enricher-reachability-programming-language)
+      - --deep
+      - -r
+      - -p
+      - -o
+      - $(workspaces.output.path)/source-code/bom.json
+      - $(workspaces.output.path)/source-code
+      - --spec-version
+      - "1.5"
+    volumeMounts:
+      - mountPath: /scratch
+        name: scratch
+  - name: run-atom
+    imagePullPolicy: IfNotPresent
+    image: ghcr.io/appthreat/atom:v2.0.18@sha256:893ed9ede9eea19540027faf72aa618e2b488192378f590fd2a1277b77712c1a
+    command:
+      - /bin/sh
+      - -c
+      - |
+        atom \
+        reachables \
+          -o $(workspaces.output.path)/source-code/app.atom \
+          -s /scratch/reachables.json \
+          -l $(params.enricher-reachability-programming-language) \
+          $(workspaces.output.path)/source-code
+    volumeMounts:
+      - mountPath: /scratch
+        name: scratch
+  - name: run-enricher
+    imagePullPolicy: IfNotPresent
+    image: '{{ default "ghcr.io/ocurity/dracon" .Values.image.registry }}/components/enrichers/reachability:{{ .Chart.AppVersion }}'
+    command: ["/app/components/enrichers/reachability/reachability"]
+    volumeMounts:
+      - mountPath: /scratch
+        name: scratch
+    env:
+    - name: READ_PATH
+      value: $(workspaces.output.path)/.dracon/producers
+    - name: WRITE_PATH
+      value: $(workspaces.output.path)/.dracon/enrichers/reachability
+    - name: ATOM_FILE_PATH
+      value: /scratch/reachables.json