screwdriver.yaml

jobs:
  validate-semgrep-sast:
    template: ProdSec/validate_semgrep@stable
    image: alma8
    environment:
      YAHOO_SEMGREP_ENFORCING: False #(If you choose to fail builds for validation failures in Semgrep, then you should set this value to True)
      YAHOO_SEMGREP_ONLINE: True

  checkov:
    requires: [~pr, ~commit]
    image: docker.ouroath.com:4443/containers/python3:latest
    steps:
      - run: |
          sd-cmd exec ProdSec/checkov@stable -d $SD_SOURCE_DIR
    environment:
      CHECKOV_HARD_FAIL_ON_FINDINGS: false