Add cache steps to security stages
pending feedback
P
Psychological Firefly
The caching steps that are available in the CI module should also be available in the security module. These are particularly handy for SCA scans that download the dependencies before performing the scans.
Log In
P
Psychological Firefly
I'm looking for caching of the application dependencies in the case of running an SCA scan using ingest mode. In this case, scanners like Snyk and XRay will use maven/gradle/pip etc to pull all the app's dependencies to the pod before initiating a scan. If we can cache these dependencies, it would greatly speed up SCA scans of this nature.
Pritesh Chandaliya
pending feedback
Pritesh Chandaliya
under review
I am not sure why would the cache be helpful for STO steps?
STO if using orchestration, extraction mode, it runs the scan on the scanner side - that means caching on scanner side is useful here.
In case of Ingestion mode, caching is not required because the final report (vulnerability report grabbed from the scanner) is provided directly.
Am I understanding incorrectly or if there is some info missing, can you please provide more context. Thanks!