Try defining openapi defintion on app

Enable HTTP Basic AUTH
* Add quarkus-elytron-security-properties to enable application properties supporting plaintext http * Changes to `application.properties` to use openshift secrets in openshift env and pssaas:pssaas in dev * Clean up of old config options
37 changed files with 1071 additions and 170 deletions
--- a/hack/sample-pssaas-big.json
+++ b/hack/sample-pssaas-big.json
@ -0,0 +1,45 @@
 {
    "product-id": "jochrist-dev-test-rhbq",
    "is-managed-service": false,
    "cpaas-version": "latest",
    "component-list":[
    {"build-id":"AZ2HRIN2S7AAC","type":"pnc"},
    {"build-id":"AZ2JABY727AAA","type":"pnc"},
    {"build-id":"AZ2JRSQZC7AAC","type":"pnc"},
    {"build-id":"AZ2Z2WLAK7AAC","type":"pnc"},
    {"build-id":"AZ4AMGCV27AAC","type":"pnc"},
    {"build-id":"AZ4A5CSJC7AAC","type":"pnc"},
    {"build-id":"AZ4B7LCNC7AAC","type":"pnc"},
    {"build-id":"AZ4CLXF4K7AAC","type":"pnc"},
    {"build-id":"AZ4CMZK6S7AAC","type":"pnc"},
    {"build-id":"AZ4C62YEC7AAC","type":"pnc"},
    {"build-id":"AZ4DGFNK27AAC","type":"pnc"},
    {"build-id":"AZ4DIMTNS7AAC","type":"pnc"},
    {"build-id":"AZ4KSFVIC7AAC","type":"pnc"},
    {"build-id":"AZ4VFB7XK7AAC","type":"pnc"},
    {"build-id":"AZ4WLXXFC7AAC","type":"pnc"},
    {"build-id":"AZ5JPS7SK7AAC","type":"pnc"},
    {"build-id":"AZ5LC7M327AAC","type":"pnc"},
    {"build-id":"AZ5LQCKAC7AAC","type":"pnc"},
    {"build-id":"AZ5LW6NGS7AAC","type":"pnc"},
    {"build-id":"AZ5MHDELK7AAC","type":"pnc"},
    {"build-id":"AZ5ONFXEC7AAC","type":"pnc"},
    {"build-id":"AZ5P2MUBK7AAC","type":"pnc"},
    {"build-id":"AZ5QJ7VPK7AAC","type":"pnc"},
    {"build-id":"AZ5RPXHM27AAC","type":"pnc"},
    {"build-id":"AZ5SRVAG27AAC","type":"pnc"},
    {"build-id":"AZ56V4B4K7AAC","type":"pnc"},
    {"build-id":"AZ5642PZS7AAC","type":"pnc"},
    {"build-id":"AZ6ATGHXC7AAC","type":"pnc"},
    {"build-id":"AZ6XRDLCS7AAC","type":"pnc"},
    {"build-id":"AZ6YYPCZK7AAC","type":"pnc"},
    {"build-id":"AZ62QFTQ27AAC","type":"pnc"},
    {"build-id":"AZ65EUXBC7AAC","type":"pnc"},
    {"build-id":"AZ65VXKKC7AAC","type":"pnc"},
    {"build-id":"A2ARB7X3S7AAC","type":"pnc"},
    {"build-id":"A2ARDJ7MS7AAC","type":"pnc"},
    {"build-id":"A2ARENQ4S7AAC","type":"pnc"},
    {"build-id":"A2ARFRPLC7AAC","type":"pnc"}
    ]
 }
--- a/k8s/prod/app/database-envs.yaml
+++ b/k8s/prod/app/database-envs.yaml
@ -0,0 +1,8 @@
 apiVersion: v1
 data:
  POSTGRESQL_DATABASE: oshwrapper-db
  POSTGRESQL_USER: scanner
 kind: ConfigMap
 metadata:
  name: database-envs-osh
  namespace: psse-scanchain-prod
--- a/k8s/prod/app/edge-route.yaml
+++ b/k8s/prod/app/edge-route.yaml
@ -0,0 +1,21 @@
 #oc create route edge --service=osh --dry-run=client -o yaml > edgeroute.yml
 apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
  creationTimestamp: null
  labels:
    app.kubernetes.io/name: osh
    app.kubernetes.io/version: 1.0.0-SNAPSHOT
    app.openshift.io/runtime: quarkus
    env: prod
  name: osh
 spec:
  port:
    targetPort: http
  tls:
    termination: edge
  to:
    kind: ""
    name: osh
    weight: null
 status: {}
--- a/k8s/prod/app/kerberos-config.yaml
+++ b/k8s/prod/app/kerberos-config.yaml
@ -0,0 +1,44 @@
 #oc create configmap kerberos-config --from-file=linux-krb5.conf --dry-run=client -o yaml > kerberos-config.yaml
 apiVersion: v1
 data:
  linux-krb5.conf: |
    includedir /etc/krb5.conf.d/
    # depending on your config, you may wish to uncomment the following:
    # includedir /var/lib/sss/pubconf/krb5.include.d/
    [libdefaults]
      default_realm = IPA.REDHAT.COM
      dns_lookup_realm = true
      dns_lookup_kdc = true
      rdns = false
      dns_canonicalize_hostname = false
      ticket_lifetime = 24h
      forwardable = true
      udp_preference_limit = 1
      default_ccache_name = KEYRING:persistent:%{uid}
      max_retries = 1
      kdc_timeout = 1500
    [realms]
        REDHAT.COM = {
            default_domain = redhat.com
            dns_lookup_kdc = true
            master_kdc = kerberos.corp.redhat.com
            admin_server = kerberos.corp.redhat.com
        }
        IPA.REDHAT.COM = {
           default_domain = ipa.redhat.com
           dns_lookup_kdc = true
           # Trust tickets issued by legacy realm on this host
           auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*//
           auth_to_local = DEFAULT
        }
    #DO NOT ADD A [domain_realms] section
    #https://mojo.redhat.com/docs/DOC-1166841
 kind: ConfigMap
 metadata:
  creationTimestamp: null
  name: kerberos-config
--- a/k8s/prod/app/linux-krb5.conf
+++ b/k8s/prod/app/linux-krb5.conf
@ -0,0 +1,36 @@
 includedir /etc/krb5.conf.d/
 # depending on your config, you may wish to uncomment the following:
 # includedir /var/lib/sss/pubconf/krb5.include.d/
 [libdefaults]
  default_realm = IPA.REDHAT.COM
  dns_lookup_realm = true
  dns_lookup_kdc = true
  rdns = false
  dns_canonicalize_hostname = false
  ticket_lifetime = 24h
  forwardable = true
  udp_preference_limit = 1
  default_ccache_name = KEYRING:persistent:%{uid}
  max_retries = 1
  kdc_timeout = 1500
 [realms]
    REDHAT.COM = {
        default_domain = redhat.com
        dns_lookup_kdc = true
        master_kdc = kerberos.corp.redhat.com
        admin_server = kerberos.corp.redhat.com
    }
    IPA.REDHAT.COM = {
       default_domain = ipa.redhat.com
       dns_lookup_kdc = true
       # Trust tickets issued by legacy realm on this host
       auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*//
       auth_to_local = DEFAULT
    }
 #DO NOT ADD A [domain_realms] section
 #https://mojo.redhat.com/docs/DOC-1166841
--- a/k8s/prod/app/service-account.yaml
+++ b/k8s/prod/app/service-account.yaml
@ -0,0 +1,15 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    app.kubernetes.io/name: osh
    app.kubernetes.io/version: 1.0.0-SNAPSHOT
    app.openshift.io/runtime: quarkus
    env: prod
  name: osh
  namespace: psse-scanchain-prod
 imagePullSecrets:
 - name: pct-security-osh-wrapper-client-pull-secret
 - name: osh-dockercfg-n2hr7
 secrets:
 - name: osh-dockercfg-n2hr7
--- a/k8s/prod/app/tekton-rbac.yaml
+++ b/k8s/prod/app/tekton-rbac.yaml
@ -0,0 +1,31 @@
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  labels:
    app.kubernetes.io/component: tekton
  name: osh-wrapper-tekton
  namespace: psse-scanchain-prod
 rules:
 - apiGroups:
  - tekton.dev
  resources:
  - taskruns
  - pipelineruns
  verbs:
  - create
  - get
  - watch
  - list
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: osh-wrapper-tekton-rolebinding
  namespace: psse-scanchain-prod
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: osh-wrapper-tekton
 subjects:
 - kind: ServiceAccount
  name: osh
--- a/k8s/prod/osh-client-tekton/osh-client-config.yaml
+++ b/k8s/prod/osh-client-tekton/osh-client-config.yaml
@ -0,0 +1,79 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  annotations:
  name: kerberos-config-osh-client
  namespace: psse-scanchain-prod
 data:
  linux-krb5.conf: |
    includedir /etc/krb5.conf.d/
    # depending on your config, you may wish to uncomment the following:
    # includedir /var/lib/sss/pubconf/krb5.include.d/
    [libdefaults]
      default_realm = IPA.REDHAT.COM
      dns_lookup_realm = true
      dns_lookup_kdc = true
      rdns = false
      dns_canonicalize_hostname = false
      ticket_lifetime = 24h
      forwardable = true
      udp_preference_limit = 1
      default_ccache_name = FILE:/tmp/krb5cc_%{uid}
      max_retries = 1
      kdc_timeout = 1500
    [realms]
        REDHAT.COM = {
            default_domain = redhat.com
            dns_lookup_kdc = true
            master_kdc = kerberos.corp.redhat.com
            admin_server = kerberos.corp.redhat.com
        }
        IPA.REDHAT.COM = {
           default_domain = ipa.redhat.com
           dns_lookup_kdc = true
           # Trust tickets issued by legacy realm on this host
           auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*//
           auth_to_local = DEFAULT
        }
    #DO NOT ADD A [domain_realms] section
    #https://mojo.redhat.com/docs/DOC-1166841
 ---
 #oc create configmap osh-client-config --from-file=client.conf --dry-run=client -o yaml > osh-client-config.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: osh-client-config
  namespace: psse-scanchain-prod
 data:
  client.conf: |+
    # client config file for covscan
    # Hub XML-RPC address.
    HUB_URL = "https://cov01.lab.eng.brq2.redhat.com/covscanhub/xmlrpc"
    BREW_URL = "https://brewhub.engineering.redhat.com/brewhub"
    KOJI_URL = "https://koji.fedoraproject.org/kojihub"
    KOJI_PROFILES = "brew,koji"
    CIM_SERVER = "cov01.lab.eng.brq2.redhat.com"
    CIM_PORT = "8080"
    DEFAULT_MOCKCONFIG = "fedora-rawhide-x86_64"
    # Hub authentication method: "krbv", "password", or "gssapi"
    AUTH_METHOD = "krbv"
    KRB_REALM = "IPA.REDHAT.COM"
    # Kerberos principal. If commented, default principal obtained by kinit is used.
    KRB_PRINCIPAL = "HTTP/prodsec-scanchain.apps.ocp-c1.prod.psi.redhat.com"
    # Kerberos keytab file.
    KRB_KEYTAB = "/kerberos/kerberos-keytab-osh"
    # Enables XML-RPC verbose flag
    DEBUG_XMLRPC = 0
--- a/k8s/prod/osh-client-tekton/osh-client-pvc.yaml
+++ b/k8s/prod/osh-client-tekton/osh-client-pvc.yaml
@ -0,0 +1,28 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: osh-client-sources
  namespace: psse-scanchain-prod
 spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 5Gi
  storageClassName: dynamic-nfs
  volumeMode: Filesystem
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: osh-client-source-tars
  namespace: psse-scanchain-prod
 spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 10Gi
  storageClassName: dynamic-nfs
  volumeMode: Filesystem
--- a/k8s/prod/osh-client-tekton/pipeline/osh-client-from-source-pipeline.yaml
+++ b/k8s/prod/osh-client-tekton/pipeline/osh-client-from-source-pipeline.yaml
@ -15,6 +15,10 @@ spec:
    description: The revision or tag
    type: string
  - name: mock-build-params
    description: The parameters to pass to covscan mock-build
    type: string
  - name: archive-name
    description: The name of the git archive file
    type: string
@ -77,6 +81,8 @@ spec:
      params:
        - name: targz-file
          value: $(params.archive-name)
        - name: mock-build-params
          value: $(params.mock-build-params)
      runAfter:
        - archive
      taskRef:
--- a/k8s/stage/osh-client-tekton/task/osh-client-from-source-clearup-workspace.yaml
+++ b/k8s/stage/osh-client-tekton/task/osh-client-from-source-clearup-workspace.yaml
--- a/k8s/stage/osh-client-tekton/task/osh-client-from-source.yaml
+++ b/k8s/stage/osh-client-tekton/task/osh-client-from-source.yaml
@ -13,15 +13,10 @@ spec:
    default: "source.tar.gz"
    description: The filename of the tar.gz we'll be uploading to covscan
-  - name: scan-profile
+  - name: mock-build-params
    type: string
-    description: The scan profile we will use
+    description: Parameters pushed to mock build
-    default: "snyk-only-unstable"
+    default: "-p snyk-only-unstable --tarball-build-script=:"
  - name: tarball-build-script
    type: string
    description: Parameters to be passed to tarball-build-script
    default: ":"
  volumes:
    - name: osh-client-kerb-vol
@ -72,7 +67,6 @@ spec:
      script: |
        #!/bin/bash
-        echo $(params.scan-profile)
+        echo $(params.mock-build-params)
        echo $(params.tarball-build-script)
        echo $(params.targz-file)
-        covscan mock-build -p $(params.scan-profile) --tarball-build-script=$(params.tarball-build-script) /workspace/source-tars/$(params.targz-file)
+        covscan mock-build $(params.mock-build-params) /workspace/source-tars/$(params.targz-file)
--- a/k8s/stage/osh-client-tekton/task/osh-client-git-cli-modified.yaml
+++ b/k8s/stage/osh-client-tekton/task/osh-client-git-cli-modified.yaml
@ -13,7 +13,7 @@ metadata:
    app.kubernetes.io/version: "0.4"
    hub.tekton.dev/catalog: tekton
  name: git-cli
-  namespace: pct-security-tooling
+  namespace: psse-scanchain-prod
  resourceVersion: "3453559180"
  uid: 95fc93dd-8780-41ab-9477-b698762dc1de
 spec:
--- a/k8s/prod/osh-client-tekton/task/osh-scan-task.yaml
+++ b/k8s/prod/osh-client-tekton/task/osh-scan-task.yaml
@ -0,0 +1,63 @@
 apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: osh-scan-task
 spec:
  stepTemplate:
    env:
      - name: "HOME"
        value: "/tekton/home"
  params:
  - name: buildId
    type: string
  - name: scanProfile
    type: string
  volumes:
    - name: osh-client-kerb-vol
      secret:
        defaultMode: 384
        optional: false
        secretName: kerberos-keytab-osh
    - name: osh-client-kerb-config-vol
      configMap:
        name: kerberos-config-osh-client
        items:
          - key: linux-krb5.conf
            path: linux-krb5.conf
        defaultMode: 384
        optional: false
    - name: osh-client-config-vol
      configMap:
        name: osh-client-config
        items:
          - key: client.conf
            path: client.conf
        optional: false
  steps:
    - name: perform-buildid-scan
      image: quay.io/pct-security/osh-wrapper-client:latest
      workingDir: /home/covscan
      volumeMounts:
        - name: osh-client-kerb-vol
          mountPath: /kerberos
          readOnly: true
        - name: osh-client-config-vol
          mountPath: /etc/osh/client.conf
          readOnly: true
          subPath: client.conf
        - name: osh-client-kerb-config-vol
          mountPath: /etc/krb5.conf
          readOnly: true
          subPath: linux-krb5.conf
      script: |
        #!/bin/bash
        echo $(params.buildId)
        echo $(params.scanProfile)
        covscan mock-build -p $(params.scanProfile) --brew-build $(params.buildId)
--- a/k8s/stage/osh-client-tekton/osh-client-config.yaml
+++ b/k8s/stage/osh-client-tekton/osh-client-config.yaml
@ -55,14 +55,11 @@ data:
    # client config file for covscan
    # Hub XML-RPC address.
-    HUB_URL = "https://cov01.lab.eng.brq2.redhat.com/covscanhub/xmlrpc"
+    HUB_URL = "https://covscan.lab.eng.brq2.redhat.com/osh/xmlrpc"
    BREW_URL = "https://brewhub.engineering.redhat.com/brewhub"
    KOJI_URL = "https://koji.fedoraproject.org/kojihub"
    KOJI_PROFILES = "brew,koji"
    CIM_SERVER = "cov01.lab.eng.brq2.redhat.com"
    CIM_PORT = "8080"
    DEFAULT_MOCKCONFIG = "fedora-rawhide-x86_64"
    # Hub authentication method: "krbv", "password", or "gssapi"
@ -76,4 +73,4 @@ data:
    KRB_KEYTAB = "/kerberos/kerberos-keytab-osh"
    # Enables XML-RPC verbose flag
-    DEBUG_XMLRPC = 0
+    DEBUG_XMLRPC = 1
--- a/k8s/stage/osh-client-tekton/task/osh-scan-scm-task.yaml
+++ b/k8s/stage/osh-client-tekton/task/osh-scan-scm-task.yaml
@ -0,0 +1,104 @@
 apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
  name: osh-scan-scm-task
 spec:
  stepTemplate:
    env:
      - name: "HOME"
        value: "/tekton/home"
  params:
  - name: repo-url
    type: string
    description: The SCMURL
  - name: revision
    type: string
    description: The revision or tag
  - name: mock-build-params
    type: string
    description: Parameters pushed to mock build
    default: "snyk-only-unstable --tarball-build-script=:"
  - name: archive-name
    type: string
    description: The name of the git archive file
    default: $(context.taskRun.uid).tar.gz
  - name: tarball-storage-dir
    type: string
    description: What directory the scan tar gz will be put into
    default: /workspace/source-tars/$(context.taskRun.name)
  - name: working-dir
    type: string
    description: Working directory for the task
    default: /home/covscan
  workspaces:
    - name: source-tars
      description: This workspace contains our source tar gzips for covscan and is semi-persistant
    - name: ssl-ca-directory
      description: Location of CA bundle for ssl verification with internal services
  volumes:
    - name: osh-client-kerb-vol
      secret:
        defaultMode: 384
        optional: false
        secretName: kerberos-keytab-osh
    - name: osh-client-kerb-config-vol
      configMap:
        name: kerberos-config-osh-client
        items:
          - key: linux-krb5.conf
            path: linux-krb5.conf
        defaultMode: 384
        optional: false
    - name: osh-client-config-vol
      configMap:
        name: osh-client-config
        items:
          - key: client.conf
            path: client.conf
        optional: false
  steps:
    - name: perform-osh-scm-scan
      image: quay.io/pct-security/osh-wrapper-client:latest
      workingDir: $(params.working-dir)
      volumeMounts:
        - name: osh-client-kerb-vol
          mountPath: /kerberos
          readOnly: true
        - name: osh-client-config-vol
          mountPath: /etc/osh/client.conf
          readOnly: true
          subPath: client.conf
        - name: osh-client-kerb-config-vol
          mountPath: /etc/krb5.conf
          readOnly: true
          subPath: linux-krb5.conf
      script: |
        #!/bin/bash
        set -x
        echo $(params.working-dir)
        echo $(params.repo-url)
        echo $(params.revision)
        echo $(params.mock-build-params)
        echo $(params.archive-name)
        git clone -v $(params.repo-url) -b $(params.revision)
        git --git-dir=$(basename $(params.repo-url) .git)/.git archive --format=tar.gz HEAD -o $(params.working-dir)/$(params.archive-name)
        mkdir $(params.tarball-storage-dir)
        cp $(params.working-dir)/$(params.archive-name) $(params.tarball-storage-dir)/
        covscan mock-build $(params.mock-build-params) $(params.working-dir)/$(params.archive-name)
--- a/k8s/stage/osh-client-tekton/task/osh-scan-task.yaml
+++ b/k8s/stage/osh-client-tekton/task/osh-scan-task.yaml
@ -58,6 +58,7 @@ spec:
      script: |
        #!/bin/bash
        set -x
        echo $(params.buildId)
        echo $(params.scanProfile)
-        covscan mock-build -p $(params.scanProfile) --brew-build $(params.buildId)
+        covscan mock-build $(params.scanProfile) --brew-build $(params.buildId)
--- a/k8s/stage/osh-client-tekton/tekton-cleanup-cronjob.yaml
+++ b/k8s/stage/osh-client-tekton/tekton-cleanup-cronjob.yaml
@ -0,0 +1,23 @@
 apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: tekton-terminator
  namespace: pct-security-tooling
 spec:
  schedule: "*/50 * * * *"
  concurrencyPolicy: Forbid
  backoffLimit: 2
  jobTemplate:
    spec:
      template:
        spec:
          serviceAccountName: osh-wrapper-tekton-terminator-sa
          containers:
          - name: tekton-cleanup
            image: quay.io/openshift-pipeline/openshift-pipelines-cli-tkn:1.11
            imagePullPolicy: IfNotPresent
            command:
            - /bin/sh
            - -c
            - tkn pipelinerun delete --keep 10 -f && tkn taskrun delete --keep 40 -f
          restartPolicy: Never
--- a/k8s/stage/osh-client-tekton/tekton-terminator-sa-rbac.yaml
+++ b/k8s/stage/osh-client-tekton/tekton-terminator-sa-rbac.yaml
@ -0,0 +1,43 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  namespace: pct-security-tooling
  name: osh-wrapper-tekton-terminator-sa
  labels: 
    app.kubernetes.io/name: osh-wrapper-tekton-terminator
    env: stage
 imagePullSecrets:
  - name: pct-security-osh-wrapper-client-pull-secret
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: osh-wrapper-tekton-terminator
  labels:
    app.kubernetes.io/component: tekton
  namespace: pct-security-tooling
 rules:
 - apiGroups:
  - tekton.dev
  resources:
  - taskruns
  - pipelineruns
  verbs:
  - get
  - list
  - delete
  - update
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: osh-wrapper-tekton-terminator-rolebinding
  namespace: pct-security-tooling
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: osh-wrapper-tekton-terminator
 subjects:
 - kind: ServiceAccount
  name: osh-wrapper-tekton-terminator-sa
--- a/pom.xml
+++ b/pom.xml
@ -12,7 +12,7 @@
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <quarkus.platform.artifact-id>quarkus-bom</quarkus.platform.artifact-id>
    <quarkus.platform.group-id>io.quarkus.platform</quarkus.platform.group-id>
-    <quarkus.platform.version>3.1.2.Final</quarkus.platform.version>
+    <quarkus.platform.version>3.1.3.Final</quarkus.platform.version>
    <skipITs>true</skipITs>
    <surefire-plugin.version>3.0.0</surefire-plugin.version>
  </properties>
@ -87,6 +87,28 @@
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-kubernetes-config</artifactId>
    </dependency>
    <dependency>
      <groupId>org.jboss.pnc</groupId>
      <artifactId>common</artifactId>
      <version>2.5.1</version>
    </dependency>
    <dependency>
      <groupId>org.jboss.pnc</groupId>
      <artifactId>rest-client</artifactId>
      <version>2.5.1</version>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-elytron-security-properties-file</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-rest-client-reactive-jackson</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-rest-client-reactive</artifactId>
    </dependency>
    <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-junit5</artifactId>
--- a/src/main/java/com/redhat/pctsec/model/Git.java
+++ b/src/main/java/com/redhat/pctsec/model/Git.java
@ -12,7 +12,7 @@ import java.util.UUID;
@Entity
 public class Git {
    public Git() {
-        super();
+
    }
    @Id
--- a/src/main/java/com/redhat/pctsec/model/PNCBuild.java
+++ b/src/main/java/com/redhat/pctsec/model/PNCBuild.java
@ -1,15 +1,55 @@
 package com.redhat.pctsec.model;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.redhat.pctsec.model.api.service.AltPncService;
 //import com.redhat.pctsec.model.api.service.PncService;
 import io.quarkus.rest.client.reactive.QuarkusRestClientBuilder;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import jakarta.persistence.Entity;
 import jakarta.persistence.Transient;
 import org.eclipse.microprofile.config.ConfigProvider;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.jboss.pnc.dto.Build;
 import java.net.URI;
 import java.net.URL;
@Entity
 public class PNCBuild extends BuildType{
    @Transient
    @JsonIgnore
    public static final String apiUrl = ConfigProvider.getConfig().getValue("pnc.api-url",String.class);
    @Transient
    @JsonIgnore
    private static final AltPncService pnc = QuarkusRestClientBuilder.newBuilder().baseUri(URI.create(apiUrl)).build(AltPncService.class);
    /*
    @Transient
    PncService pnc;
    */
    @Transient
    @JsonIgnore
    private Build build;
    private URI SCMURL;
    private String revision;
    public PNCBuild() {
        super();
    }
    @Transient
    @JsonIgnore
    public Build getBuild() {
        if(build == null)
            build = pnc.getBuild(this.buildRef);
        return build;
    }
    public PNCBuild(String buildRef) {
        super(buildRef);
@ -17,7 +57,10 @@ public class PNCBuild extends BuildType{
    @Override
    public URI SCMURL() {
-        return null;
+        if(SCMURL == null)
            SCMURL = URI.create(getBuild().getScmUrl());
        return this.SCMURL;
    }
    @Override
@ -27,7 +70,9 @@ public class PNCBuild extends BuildType{
    @Override
    public String revision() {
-        return null;
+        if(revision == null)
            revision = getBuild().getScmTag();
        return revision;
    }
    public static boolean isValidRef(String ref){
--- a/src/main/java/com/redhat/pctsec/model/Scan.java
+++ b/src/main/java/com/redhat/pctsec/model/Scan.java
@ -1,6 +1,7 @@
 package com.redhat.pctsec.model;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import jakarta.persistence.*;
 import jakarta.transaction.Transactional;
 import jakarta.validation.constraints.Email;
@ -17,6 +18,50 @@ enum ScanState {
@Entity
 public class Scan {
    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    public UUID id;
    /*
    @OneToOne
    @NotNull
    @JoinColumn(name = "product_id", referencedColumnName = "id")
    private String productName;
    */
    @Column(name="product_name")
    private String productName;
    //@Temporal(TemporalType.TIMESTAMP)
    @CreationTimestamp
    @JsonIgnore
    @Column(name="creation_timestamp")
    //@NotNull
    private Instant creationTimestamp;
    @UpdateTimestamp
    @JsonIgnore
    @Column(name="update_timestamp")
    //@NotNull
    private Instant updateTimestamp;
    @Column(name="state")
    @Enumerated(EnumType.STRING)
    private ScanState state;
    @Column(name="requestor")
    @NotNull
    private String requestor;
    @Column(name="email")
    @Email
    private String email;
    @OneToOne(cascade = CascadeType.ALL, fetch=FetchType.EAGER)
    @JoinColumn(name = "scan_requests_id", referencedColumnName = "id")
    public ScanRequests scanRequests = new ScanRequests();
    public Scan() {
        this.scanRequests = new ScanRequests();
    }
@ -53,8 +98,14 @@ public class Scan {
        this.requestor = requestor;
    }
    @JsonProperty("email")
    @Access(AccessType.PROPERTY)
    @Email
    public String getEmail() {
-        return email;
+        if(email != null) {
            return email;
        }
        return getRequestor() + "@redhat.com";
    }
    public void setEmail(String email) {
@ -70,47 +121,12 @@ public class Scan {
        this.scanRequests = scanRequests;
    }
    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    public UUID id;
    /*
    @OneToOne
    @NotNull
    @JoinColumn(name = "product_id", referencedColumnName = "id")
    private String productName;
    */
    @Column(name="proudct_name")
    private String productName;
    //@Temporal(TemporalType.TIMESTAMP)
    @CreationTimestamp
    @JsonIgnore
    @Column(name="creation_timestamp")
    //@NotNull
    private Instant creationTimestamp;
    @UpdateTimestamp
    @JsonIgnore
-    @Column(name="update_timestamp")
+    @Transient
-    //@NotNull
+    public void propagateOptions(){
-    private Instant updateTimestamp;
+        //In future lets export this scan object as YAML
-
+        getScanRequests().propagateOptions();
-    @Column(name="state")
+        String covscanArgs = " --email-to " + this.getEmail() + " --comment \"" + this.productName + "\"";
-    @Enumerated(EnumType.STRING)
+        getScanRequests().scanRequests.forEach(sr -> sr.setScanProperties(sr.getScanProperties() + covscanArgs));
-    private ScanState state;
+    }
    @Column(name="requestor")
    @NotNull
    private String requestor;
    @Column(name="report_email")
    @Email
    private String email;
    @OneToOne(cascade = CascadeType.ALL, fetch=FetchType.LAZY)
    @JoinColumn(name = "scan_requests_id", referencedColumnName = "id")
    public ScanRequests scanRequests;
 }
--- a/src/main/java/com/redhat/pctsec/model/ScanRequest.java
+++ b/src/main/java/com/redhat/pctsec/model/ScanRequest.java
@ -20,9 +20,9 @@ public class ScanRequest {
    @Id
    @GeneratedValue
-    protected UUID id;
+    public UUID id;
    private String metadata;
-    private String oshScanOptions;
+    //private String oshScanOptions;
    public EventBus getBus() {
        return bus;
@ -43,28 +43,21 @@ public class ScanRequest {
    private RequestType type;
-    @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL)
+    @OneToOne(fetch=FetchType.EAGER, cascade = CascadeType.ALL)
    @JoinColumn(name = "brew_build_id", referencedColumnName = "id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
    public BrewBuild brewBuild;
-    @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL)
+    @OneToOne(fetch=FetchType.EAGER, cascade = CascadeType.ALL)
    @JoinColumn(name = "pnc_build_id", referencedColumnName = "id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
    public PNCBuild pncBuild;
-    @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL)
+    @OneToOne(fetch=FetchType.EAGER, cascade = CascadeType.ALL)
    @JoinColumn(name = "git_id", referencedColumnName = "id")
    @JsonInclude(JsonInclude.Include.NON_NULL)
    public Git git;
    public String getOshScanOptions() {
        return oshScanOptions;
    }
    public void setOshScanOptions(String oshScanOptions) {
        this.oshScanOptions = oshScanOptions;
    }
    public String getScanProperties() {
        return scanProperties;
@ -75,8 +68,9 @@ public class ScanRequest {
    }
    @Column(name="scan_properties")
-    public String scanProperties;
+    public String scanProperties = "";
    public ScanRequest() {
    }
    public ScanRequest(BrewBuild brewBuild)
--- a/src/main/java/com/redhat/pctsec/model/ScanRequests.java
+++ b/src/main/java/com/redhat/pctsec/model/ScanRequests.java
@ -1,5 +1,7 @@
 package com.redhat.pctsec.model;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.redhat.pctsec.model.api.request.pssaas;
 import com.redhat.pctsec.model.api.request.scanChain;
 import io.vertx.mutiny.core.eventbus.EventBus;
@ -9,6 +11,8 @@ import java.util.*;
 import java.util.stream.Collectors;
 import jakarta.persistence.*;
 import jakarta.transaction.Transactional;
 import org.jboss.logging.annotations.Property;
@ApplicationScoped
@Entity
@ -19,15 +23,19 @@ public class ScanRequests {
    @GeneratedValue
    protected UUID id;
    @OneToMany(fetch=FetchType.EAGER, cascade = CascadeType.ALL)
    @JoinColumn(name = "scan_request_id", referencedColumnName = "id")
-    private Set<ScanRequest> scanRequests;// = new HashSet<>();
+    public Set<ScanRequest> scanRequests = new HashSet<>();
    @Column(name="scan_properties")
    @JsonIgnore
    private String globalScanProperties;
    @Column(name="scan_metadata")
    @JsonIgnore
    private String scanMetadata;
@ -44,8 +52,11 @@ public class ScanRequests {
        pssaas.componentList.stream().filter(c -> c.getType().equals("pnc")).forEach(g -> this.addPNCBuild(g.getBuildId()));
    }
-    public ScanRequests(scanChain scanchain){
+
    public ScanRequests(scanChain scanChain){
        this();
        scanChain.urls.stream().forEach(g -> this.addGit(g.getRepo().toString(), g.getRef()));
    }
    //public ScanRequests(String repo, String rev){
@ -85,14 +96,14 @@ public class ScanRequests {
         */
    }
-    public Set<ScanRequest> getScanRequests() {
+
        return scanRequests;
    }
    public void setScanRequests(Set<ScanRequest> scanRequests) {
        this.scanRequests = scanRequests;
    }
    @JsonProperty("globalScanProperties")
    @Transient
    public String getGlobalScanProperties() {
        return globalScanProperties;
    }
@ -101,6 +112,9 @@ public class ScanRequests {
        this.globalScanProperties = globalScanProperties;
    }
    @JsonProperty("scanMetadata")
    @Transient
    public String getScanMetadata() {
        return scanMetadata;
    }
@ -108,4 +122,18 @@ public class ScanRequests {
    public void setScanMetadata(String scanMetadata) {
        this.scanMetadata = scanMetadata;
    }
    @JsonProperty("scanRequests")
    @Transient
    public Set<ScanRequest> getScanRequests() {
        return this.scanRequests;
    }
    @JsonIgnore
    @Transient
    public void propagateOptions(){
        //In future lets export this scan object as YAML
        //If its empy overwrite with the global options
        getScanRequests().stream().filter(eso -> eso.getScanProperties().equals("")).filter(eso -> eso.getType() != RequestType.BREW).forEach(sr -> sr.setScanProperties(getGlobalScanProperties()));
    }
 }
--- a/src/main/java/com/redhat/pctsec/model/api/request/scanChain.java
+++ b/src/main/java/com/redhat/pctsec/model/api/request/scanChain.java
@ -1,4 +1,35 @@
 package com.redhat.pctsec.model.api.request;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonPropertyDescription;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.NotNull;
 import jakarta.validation.constraints.Size;
 import java.util.List;
 import java.util.Set;
 public class scanChain {
    @JsonProperty("product_name")
    @JsonPropertyDescription("The product name associated with the scan.")
    @NotNull
    public String productName;
    @JsonProperty("urls")
    @JsonDeserialize(as = java.util.LinkedHashSet.class)
    @JsonPropertyDescription("List of source urls to be scanned")
    @Size(min = 1)
    @Valid
    @NotNull
    public Set<scanChainGit> urls;
    @JsonProperty("requestor")
    @JsonPropertyDescription("The requesting user")
    @NotNull
    public String requestor;
 }
--- a/src/main/java/com/redhat/pctsec/model/api/request/scanChainGit.java
+++ b/src/main/java/com/redhat/pctsec/model/api/request/scanChainGit.java
@ -0,0 +1,34 @@
 package com.redhat.pctsec.model.api.request;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import jakarta.validation.constraints.NotNull;
 import java.net.URI;
 public class scanChainGit {
    private URI repo;
    private String ref;
    public scanChainGit(@NotNull URI repo, @NotNull String ref) {
        this.repo = repo;
        this.ref = ref;
    }
    @NotNull
    @JsonProperty("url")
    public URI getRepo() {
        return this.repo;
    }
    @NotNull
    @JsonProperty("branch")
        public String getRef() {
        return this.ref;
    }
 }
--- a/src/main/java/com/redhat/pctsec/model/api/service/AltPncService.java
+++ b/src/main/java/com/redhat/pctsec/model/api/service/AltPncService.java
@ -0,0 +1,12 @@
 package com.redhat.pctsec.model.api.service;
 import jakarta.ws.rs.*;
 import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
 import org.jboss.pnc.dto.Build;
@Path("pnc-rest/v2/builds")
@RegisterRestClient
 public interface AltPncService {
    @GET
    @Path("{id}")
    Build getBuild(@PathParam("id") String id);
 }
--- a/src/main/java/com/redhat/pctsec/model/jpa/UriConverter.java
+++ b/src/main/java/com/redhat/pctsec/model/jpa/UriConverter.java
@ -17,6 +17,8 @@ public class UriConverter implements AttributeConverter<URI, String>
    @Override
    public URI convertToEntityAttribute(String s) {
-        return ((s.length() > 0) ? URI.create(s.trim()) : null);
+        if(s != null)
            return ((s.length() > 0) ? URI.create(s.trim()) : null);
        return null;
    }
 }
--- a/src/main/java/com/redhat/pctsec/model/osh/paramMapper.java
+++ b/src/main/java/com/redhat/pctsec/model/osh/paramMapper.java
@ -32,6 +32,12 @@ public class paramMapper {
            "                                 of a local file")
    private String brewBuild;
    @Option(names = {"--email-to"}, description = "Email address for email repots")
    private String emailTo;
    @Option(names = {"--comment"}, description = "Comments to add to scan request")
    private String comment;
    public paramMapper(){}
    public paramMapper(String params){
--- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/OshWrapperApiApplication.java
+++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/OshWrapperApiApplication.java
@ -0,0 +1,49 @@
 package com.redhat.pctsec.rest.v1alpha1;
 import jakarta.ws.rs.core.Application;
 import org.eclipse.microprofile.openapi.annotations.Components;
 import org.eclipse.microprofile.openapi.annotations.OpenAPIDefinition;
 import org.eclipse.microprofile.openapi.annotations.enums.SecuritySchemeType;
 import org.eclipse.microprofile.openapi.annotations.info.Contact;
 import org.eclipse.microprofile.openapi.annotations.info.Info;
 import org.eclipse.microprofile.openapi.annotations.info.License;
 import org.eclipse.microprofile.openapi.annotations.security.SecurityRequirement;
 import org.eclipse.microprofile.openapi.annotations.security.SecurityScheme;
 import org.eclipse.microprofile.openapi.annotations.tags.Tag;
@OpenAPIDefinition(
        tags = {
                //@Tag(name="widget", description="Widget operations."),
                //@Tag(name="gasket", description="Operations related to gaskets")
        },
        info = @Info(
                title="Example API",
                version = "1.0.1",
                contact = @Contact(
                        name = "Example API Support",
                        url = "http://exampleurl.com/contact",
                        email = "techsupport@example.com"),
                license = @License(
                        name = "Apache 2.0",
                        url = "https://www.apache.org/licenses/LICENSE-2.0.html")),
        components = @Components(
        securitySchemes = {
                @SecurityScheme(
                        securitySchemeName = "Kerberos",
                        type = SecuritySchemeType.HTTP,
                        scheme = "Negotiate"
                        //bearerFormat = "JWT"
                ),
                @SecurityScheme(
                        securitySchemeName = "basic",
                        type = SecuritySchemeType.HTTP,
                        scheme = "basic"
                )
        }
 ),
        security = {
                @SecurityRequirement(name = "Kerberos"),
                @SecurityRequirement(name = "basic")
        }
 )
 public class OshWrapperApiApplication extends Application {
 }
--- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanRequestsResource.java
+++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanRequestsResource.java
@ -9,7 +9,7 @@ import io.quarkus.security.Authenticated;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.*;
-import org.jboss.resteasy.reactive.common.NotImplementedYet;
+//import org.jboss.resteasy.reactive.common.NotImplementedYet;
 import java.util.UUID;
@ -35,7 +35,7 @@ public class ScanRequestsResource {
    @Authenticated
    public ScanRequests addScanRequest(String id, ScanRequest scanRequest)
    {
-        throw new NotImplementedYet();
+        throw new WebApplicationException("Not implemented");
    }
 }
--- a/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java
+++ b/src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java
@ -2,16 +2,20 @@ package com.redhat.pctsec.rest.v1alpha1;
 import com.redhat.pctsec.model.*;
 import com.redhat.pctsec.model.api.request.pssaas;
 import com.redhat.pctsec.model.api.request.scanChain;
 import com.redhat.pctsec.model.jpa.ScanRepository;
 import io.quarkus.security.Authenticated;
 import io.quarkus.security.identity.SecurityIdentity;
 import io.vertx.mutiny.core.eventbus.EventBus;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import jakarta.transaction.Transactional;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.Email;
 import jakarta.ws.rs.*;
 import org.jboss.resteasy.reactive.RestQuery;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Set;
@ -27,6 +31,10 @@ public class ScanResource {
    @Inject
    EventBus bus;
    @Inject
    SecurityIdentity identity;
    @POST
    @Path("PSSaaS")
    @Consumes({ "application/json" })
@ -36,8 +44,12 @@ public class ScanResource {
    {
        ScanRequests scanRequests = new ScanRequests(scanRequest);
        Scan s = new Scan();
-        s.setRequestor("cpaas");
+        s.setProductName(scanRequest.productId);
        s.setScanRequests(scanRequests);
        if(!identity.getPrincipal().getName().isEmpty())
            s.setRequestor(identity.getPrincipal().getName());
        else
            s.setRequestor("CPaaS");
        sr.persist(s);
        return s;
    }
@ -49,9 +61,42 @@ public class ScanResource {
    public List<ScanTask> createRunPSSAAS(@Valid pssaas scanRequest)
    {
        Scan s = this.createPSSAAS(scanRequest);
        s.propagateOptions();
        return s.scanRequests.execute(bus);
    }
    @POST
    @Path("ScanChain")
    @Consumes({ "application/json" })
    @Transactional
    @Authenticated
    public Scan createScanChain(@Valid scanChain scanRequest)
    {
        ScanRequests scanRequests = new ScanRequests(scanRequest);
        Scan s = new Scan();
        //Set the requestor to kerberos uid first
        if(!identity.getPrincipal().getName().isEmpty())
            s.setRequestor(identity.getPrincipal().getName());
        //Set the email to be our kerberos id + @redhat.com
        s.setEmail(s.getEmail());
        //Now set the actual payload requestor
        s.setRequestor(scanRequest.requestor);
        s.setProductName(scanRequest.productName);
        s.setScanRequests(scanRequests);
        sr.persist(s);
        return s;
    }
    @POST
    @Path("ScanChain/run")
    @Consumes({ "application/json" })
    @Transactional
    @Authenticated
    public List<ScanTask> createRunScanChain(@Valid scanChain scanRequest)
    {
        Scan s = this.createScanChain(scanRequest);
        s.propagateOptions();
        return s.scanRequests.execute(bus);
    }
    @GET
    @Path("All")
    @Produces({"application/json"})
@ -75,9 +120,23 @@ public class ScanResource {
    public List<ScanTask> scanRequestExe(String id)
    {
        Scan s = sr.findById(UUID.fromString(id));
        s.propagateOptions();
        return s.scanRequests.execute(bus);
    }
    @PATCH
    @Path("{id}/{email}")
    @Consumes({"application/octet-stream"})
    @Produces({"application/json"})
    @Authenticated
    @Transactional
    public Scan patchScanEmail(String id, @Email String email)
    {
        Scan s = sr.findById(UUID.fromString(id));
        s.setEmail(email);
        sr.persist(s);
        return s;
    }
    @GET
    @Path("single/git")
@ -87,7 +146,8 @@ public class ScanResource {
    public Scan singleGit(@RestQuery String repo, @RestQuery String ref)
    {
        Scan s = new Scan();
-        s.setRequestor("jochrist");
+        if(!identity.getPrincipal().getName().isEmpty())
            s.setRequestor(identity.getPrincipal().getName());
        s.getScanRequests().addGit(repo,ref);
        sr.persist(s);
        return s;
@ -101,7 +161,8 @@ public class ScanResource {
    public Scan singleGit(@RestQuery String brewId)
    {
        Scan s = new Scan();
-        s.setRequestor("jochrist");
+        if(!identity.getPrincipal().getName().isEmpty())
            s.setRequestor(identity.getPrincipal().getName());
        s.getScanRequests().addBrewBuild(brewId);
        sr.persist(s);
        return s;
@ -114,7 +175,8 @@ public class ScanResource {
    public Scan singlePNC(@RestQuery String pncId)
    {
        Scan s = new Scan();
-        s.setRequestor("jochrist");
+        if(!identity.getPrincipal().getName().isEmpty())
            s.setRequestor(identity.getPrincipal().getName());
        s.getScanRequests().addPNCBuild(pncId);
        sr.persist(s);
        return s;
--- a/src/main/java/com/redhat/pctsec/tekton/TaskHandler.java
+++ b/src/main/java/com/redhat/pctsec/tekton/TaskHandler.java
@ -1,14 +1,8 @@
 package com.redhat.pctsec.tekton;
 import com.redhat.pctsec.model.RequestType;
 import com.redhat.pctsec.model.ScanTask;
 import com.redhat.pctsec.model.ScanTaskState;
 import io.fabric8.kubernetes.api.model.ConfigMapVolumeSource;
 import io.fabric8.kubernetes.api.model.PersistentVolumeClaimVolumeSource;
 import io.fabric8.kubernetes.api.model.PodSecurityContext;
 import io.fabric8.kubernetes.api.model.PodSecurityContextBuilder;
 import io.fabric8.tekton.client.DefaultTektonClient;
 import io.fabric8.tekton.client.TektonClient;
 import io.fabric8.tekton.client.DefaultTektonClient;
 import io.fabric8.tekton.client.TektonClient;
 import io.fabric8.tekton.pipeline.v1beta1.*;
@ -17,9 +11,10 @@ import io.quarkus.vertx.ConsumeEvent;
 import io.smallrye.common.annotation.Blocking;
 import jakarta.inject.Inject;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.apache.commons.compress.utils.FileNameUtils;
 import java.util.ArrayList;
 import java.util.List;
@ -27,13 +22,13 @@ public class TaskHandler {
    @ConfigProperty(name = "quarkus.openshift.namespace")
    String NAMESPACE;
-    @ConfigProperty(name = "tekton.pipeline.ref")
+    @ConfigProperty(name = "tekton.scmscan.task.ref")
-    String PIPELINE_REFERENCE;
+    String SCM_SCAN_REFERENCE;
    @ConfigProperty(name = "tekton.service-account")
    String SERVICE_ACCOUNT;
-    @ConfigProperty(name = "tekton.task.ref")
+    @ConfigProperty(name = "tekton.brewscan.task.ref")
-    String TASK_REFERENCE;
+    String BREW_SCAN_TASK_REFERENCE;
    @Inject
    TektonClient tektonClient;
@ -46,19 +41,20 @@ public class TaskHandler {
        switch(scanTask.getScanRequest().getType())
        {
        case BREW:
-            scanTask.setTektonRunId(invokeScanTask(scanTask.getScanRequest().brewBuild.buildRef));
+            scanTask.setTektonRunId(invokeScanTask(scanTask.getScanRequest().brewBuild.buildRef, 
                        scanTask.getScanRequest().getScanProperties()));
            scanTask.setState(ScanTaskState.RUNNING);
            break;
        case PNC:
            String repo = scanTask.getScanRequest().pncBuild.SCMURL().toString();
            String ref = scanTask.getScanRequest().pncBuild.revision();
-            scanTask.setTektonRunId(invokeOshScmScanPipeline(repo, ref));
+            scanTask.setTektonRunId(invokeOshScmScanPipeline(repo, ref, scanTask.getScanRequest().getScanProperties()));
            scanTask.setState(ScanTaskState.RUNNING);
            break;
        case GIT:
-            scanTask.setTektonRunId(invokeOshScmScanPipeline(scanTask.getScanRequest().git.repo.toString(), scanTask.getScanRequest().git.ref));
+            scanTask.setTektonRunId(invokeOshScmScanPipeline(scanTask.getScanRequest().git.repo.toString(), scanTask.getScanRequest().git.ref, scanTask.getScanRequest().getScanProperties()));
            scanTask.setState(ScanTaskState.RUNNING);
            break;
        }
@ -66,73 +62,67 @@ public class TaskHandler {
        return scanTask;
    }
-    public String invokeScanTask(String buildId) {
+    public String invokeScanTask(String buildId, String mockbuildArgs) {
        // String buildId = "xterm-366-8.el9";
-        String scanProfile = "snyk-only-unstable";
+        // String scanProfile = "snyk-only-unstable";
        // random taskrun name generating for now
-        TaskRun taskRun = new TaskRunBuilder().withNewMetadata().withName("osh-scan-taskrun-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase())
+        TaskRun taskRun = new TaskRunBuilder()
                .withNewMetadata()
                .withGenerateName("osh-brew-scan-taskrun-")
                .endMetadata()
                .withNewSpec()
                .withServiceAccountName(SERVICE_ACCOUNT)
                .withNewTaskRef()
-                .withName(TASK_REFERENCE)
+                .withName(BREW_SCAN_TASK_REFERENCE)
                .endTaskRef()
                .withParams(
                        new Param("buildId", new ArrayOrString(buildId)),
-                        new Param("scanProfile", new ArrayOrString(scanProfile)))
+                        new Param("scanProfile", new ArrayOrString(mockbuildArgs)))
                .endSpec()
                .build();
-        tektonClient.v1beta1().taskRuns().inNamespace(NAMESPACE).resource(taskRun).create();
+        TaskRun createdTaskRun = tektonClient.v1beta1().taskRuns().inNamespace(NAMESPACE).resource(taskRun).create();
-        return taskRun.getMetadata().getName();
+        return createdTaskRun.getMetadata().getName();
    }
-    public String invokeOshScmScanPipeline(String repo, String ref) {
+    public String invokeOshScmScanPipeline(String repo, String ref, String mockBuildArgs) {
        PodSecurityContext securityContext = new PodSecurityContextBuilder()
                .withRunAsNonRoot(true)
                .withRunAsUser(65532L)
                .build();
        WorkspaceBinding sourcesWorkspaceBinding = new WorkspaceBindingBuilder()
                .withName("sources")
                .withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-sources", null))
                .build();
        WorkspaceBinding sourceTarsWorkspaceBinding = new WorkspaceBindingBuilder()
-                .withName("source-tars")
+            .withName("source-tars")
-                .withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-source-tars", null))
+            .withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-source-tars", null))
-                .build();
+            .build();
        WorkspaceBinding sslCaDirectoryWorkspaceBinding = new WorkspaceBindingBuilder()
-                .withName("ssl-ca-directory")
+            .withName("ssl-ca-directory")
-                .withConfigMap(new ConfigMapVolumeSource(null, null, "config-trusted-cabundle", null))
+            .withConfigMap(new ConfigMapVolumeSource(null, null, "config-trusted-cabundle", null))
-                .build();
+            .build();
-
+        
        List<WorkspaceBinding> workspaceBindings = new ArrayList<>();
        workspaceBindings.add(sourcesWorkspaceBinding);
        workspaceBindings.add(sourceTarsWorkspaceBinding);
        workspaceBindings.add(sslCaDirectoryWorkspaceBinding);
-        PipelineRun pipelineRun = new PipelineRunBuilder()
+        TaskRun taskRun = new TaskRunBuilder()
-                .withNewMetadata().withName("osh-scm-scan-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase()).endMetadata()
+        .withNewMetadata()
-                .withNewSpec()
+        .withGenerateName("osh-scm-scan-taskrun-")
-                .withNewPodTemplate()
+        .endMetadata()
-                .withSecurityContext(securityContext)
+        .withNewSpec()
-                .endPodTemplate()
+        .withServiceAccountName(SERVICE_ACCOUNT)
-                .withServiceAccountName(SERVICE_ACCOUNT)
+        .withNewTaskRef()
-                .withNewPipelineRef().withName(PIPELINE_REFERENCE).endPipelineRef()
+        .withName(SCM_SCAN_REFERENCE)
-                .addNewParam().withName("repo-url").withNewValue(repo).endParam()
+        .endTaskRef()
-                .addNewParam().withName("revision").withNewValue(ref).endParam()
+        .addNewParam().withName("repo-url").withNewValue(repo).endParam()
-                .withWorkspaces(workspaceBindings)
+        .addNewParam().withName("revision").withNewValue(ref).endParam()
-                .endSpec()
+        .addNewParam().withName("mock-build-params").withNewValue(mockBuildArgs).endParam()
-                .build();
+        .addNewParam().withName("archive-name").withNewValue(FileNameUtils.getBaseName(repo) + "-" + ref + ".tar.gz").endParam()
-
+        .withWorkspaces(workspaceBindings)
-        tektonClient.v1beta1().pipelineRuns().inNamespace(NAMESPACE).resource(pipelineRun).create();
+        .endSpec()
-
+        .build();
-        return pipelineRun.getMetadata().getName();
+
        TaskRun createdTaskRun = tektonClient.v1beta1().taskRuns().inNamespace(NAMESPACE).resource(taskRun).create();
        return createdTaskRun.getMetadata().getName();
    }
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -1,54 +1,55 @@
 #Example deploy - mvn deploy -Dquarkus.profile=stage -Dquarkus.kubernetes.deploy=true
 # quarkus.rest-client."rest.CreateScanService".url=https://localhost:8080/
 # quarkus.rest-client."rest.CreateScanService".scope=javax.inject.Singleton
 # couchdb.name=scan-results
 # couchdb.url=https://localhost:5984
 # quarkus.hibernate-orm.database.generation=drop-and-create
 #temporary fix, we need to enable it with a working devservices setup
 %dev.quarkus.kerberos.enabled=false
-%dev.quarkus.security.auth.enabled-in-dev-mode=false
+%dev.quarkus.security.auth.enabled-in-dev-mode=true
-#Also tried
+
 #%dev.quarkus.security.enabled=false
 #%dev.quarkus.http.auth.proactive=false
 #%dev.quarkus.http.auth.basic=false
 #%dev.quarkus.http.auth.permission.permit1.paths=/Ping/Ping
 #%dev.quarkus.http.auth.permission.permit1.policy=permit
 #%dev.quarkus.http.auth.permission.permit1.methods=GET,HEAD
 #%quarkus.arc.unremovable-types=io.quarkiverse.kerberos.*,io.quarkiverse.kerberos.KerberosPrincipal
 #%dev.quarkus.kerberos.keytab-path= HTTP_osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM.keytab
 #%dev.quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM
 ##########################################
 #   Data Source                          #
 ##########################################
 %dev.quarkus.datasource.devservices.enabled=true
-%dev.quarkus.datasource.db-kind = postgresql
+quarkus.datasource.db-kind = postgresql
 %dev.quarkus.datasource.username = quarkus
 %dev.quarkus.datasource.password = quarkus
 #%dev.quarkus.datasource.jdbc.url = jdbc:postgresql://localhost:5432/hibernate_db
 %dev.quarkus.hibernate-orm.database.generation=drop-and-create
 %stage.quarkus.kubernetes-config.secrets.enabled=true
-quarkus.kubernetes-config.secrets=postgresql
+%stage.quarkus.kubernetes-config.secrets=postgresql
 %stage.quarkus.datasource.jdbc.url=jdbc:postgresql://postgresql:5432/${database-name}
 %stage.quarkus.datasource.username=${database-user}
 %stage.quarkus.datasource.password=${database-password}
 %stage.quarkus.hibernate-orm.database.generation=drop-and-create
 # Production settings. We db-name and the user are located on a config map (database-envs). The password is located on a
 # secret (database-envs).
 %prod.quarkus.openshift.env.mapping.db-password.from-secret=database-envs
 %prod.quarkus.openshift.env.mapping.db-password.with-key=POSTGRESQL_PASSWORD
 %prod.quarkus.openshift.env.mapping.db-user.from-configmap=database-envs-osh
 %prod.quarkus.openshift.env.mapping.db-user.with-key=POSTGRESQL_USER
 %prod.quarkus.openshift.env.mapping.db-name.from-configmap=database-envs-osh
 %prod.quarkus.openshift.env.mapping.db-name.with-key=POSTGRESQL_DATABASE
 %prod.quarkus.datasource.jdbc.url=jdbc:postgresql://postgresql:5432/${db-name}
 %prod.quarkus.datasource.username=${db-user}
 %prod.quarkus.datasource.password=${db-password}
 %prod.quarkus.hibernate-orm.database.generation.create-schemas=true
 %prod.quarkus.hibernate-orm.database.generation=update
 #Always provide swagger ui
 quarkus.swagger-ui.always-include=true
 %dev.quarkus.openshift.service-account=osh-wrapper-client-sa
 %dev.quarkus.openshift.namespace=pct-security-tooling
 %prod.quarkus.http.root-path=/osh-wrapper/
 %stage.quarkus.openshift.name=osh
 quarkus.openshift.service-account=osh-wrapper-client-sa
 %stage.quarkus.openshift.labels.env=stage
 %stage.quarkus.log.level=DEBUG
 quarkus.arc.remove-unused-beans=false
 #%stage.quarkus.http.root-path=/stage/
 #Only in Quarkus > 3.x 
 %stage.quarkus.openshift.route.tls.termination=edge
@ -58,6 +59,26 @@ quarkus.arc.remove-unused-beans=false
 %stage.quarkus.openshift.route.tls.insecure-edge-termination-policy=redirect
 %stage.quarkus.openshift.namespace=pct-security-tooling
 #Production settings
 #Always provide swagger ui
 # Probably we need to check these 2 settings
 %prod.quarkus.openshift.service-account=osh
 %prod.quarkus.openshift.namespace=psse-scanchain-prod
 %prod.quarkus.openshift.name=osh
 %prod.quarkus.openshift.labels.env=prod
 %prod.quarkus.log.level=DEBUG
 #Only in Quarkus > 3.x
 %prod.quarkus.openshift.route.tls.termination=edge
 #As we cant create a edge terminated route (quarkus <3.x) lets disable route creation for now
 %prod.quarkus.openshift.route.expose=false
 %prod.quarkus.openshift.route.target-port=https
 %prod.quarkus.openshift.route.tls.insecure-edge-termination-policy=redirect
 ##########################################
 #   Kerberos Specifics                   #
 ##########################################
@ -73,12 +94,43 @@ quarkus.arc.remove-unused-beans=false
 %stage.quarkus.openshift.config-map-volumes.osh-wrapper-config-vol.items."linux-krb5.conf".path=linux-krb5.conf
 %stage.quarkus.openshift.mounts.osh-wrapper-config-vol.read-only=true
 ## Production settings
 %prod.quarkus.openshift.secret-volumes.osh-wrapper.secret-name=kerberos-keytab-osh
 %prod.quarkus.openshift.mounts.osh-wrapper.path=/kerberos
 %prod.quarkus.openshift.mounts.osh-wrapper.read-only=true
 %prod.quarkus.kerberos.keytab-path= /kerberos/kerberos-keytab-osh
 %prod.quarkus.kerberos.service-principal-name= HTTP/prodsec-scanchain.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM
 %prod.quarkus.openshift.mounts.osh-wrapper-config-vol.path=/etc/krb5.conf
 %prod.quarkus.openshift.mounts.osh-wrapper-config-vol.sub-path=linux-krb5.conf
 %prod.quarkus.openshift.config-map-volumes.osh-wrapper-config-vol.config-map-name=kerberos-config
 %prod.quarkus.openshift.config-map-volumes.osh-wrapper-config-vol.items."linux-krb5.conf".path=linux-krb5.conf
 %prod.quarkus.openshift.mounts.osh-wrapper-config-vol.read-only=true
 ##########################################
 #   Tekton Specifics (Used in app)       #
 ##########################################
-tekton.pipeline.ref=osh-client-from-source
+tekton.scmscan.task.ref=osh-scan-scm-task
-tekton.task.ref=osh-scan-task
+tekton.brewscan.task.ref=osh-scan-task
 tekton.service-account=${quarkus.openshift.service-account}
 ##########################################
 #   PNC Settings                         #
 ##########################################
 pnc.api-url=http://orch.psi.redhat.com
 ##########################################
 #   PSSaaS Kerberos bypass  (OSH-154)    #
 ##########################################
 quarkus.http.auth.basic=true
 quarkus.security.users.embedded.enabled=true
 quarkus.security.users.embedded.plain-text=true
 quarkus.openshift.env.mapping.kerb-bypass-password.from-secret=kerb-bypass
 quarkus.openshift.env.mapping.kerb-bypass-password.with-key=PASSWORD
 %prod.quarkus.security.users.embedded.users.pssaas=${kerb-bypass-password}
 %stage.quarkus.security.users.embedded.users.pssaas=${kerb-bypass-password}
 %dev.quarkus.security.users.embedded.users.pssaas=pssaas
--- a/src/test/java/com/redhat/pctsec/model/test/PNCBuildTest.java
+++ b/src/test/java/com/redhat/pctsec/model/test/PNCBuildTest.java
@ -0,0 +1,19 @@
 package com.redhat.pctsec.model.test;
 import com.redhat.pctsec.model.PNCBuild;
 import io.quarkus.test.junit.QuarkusTest;
 import jakarta.inject.Inject;
 import org.junit.jupiter.api.Test;
@QuarkusTest
 public class PNCBuildTest {
    @Test
    public void testBuildFetch(){
        PNCBuild pb = new PNCBuild("AZAQZSPFDRQAA");
        System.out.println(pb.SCMURL());
        System.out.println(pb.revision());
    }
 }
--- a/src/test/java/com/redhat/pctsec/model/test/paramMapperTest.java
+++ b/src/test/java/com/redhat/pctsec/model/test/paramMapperTest.java
@ -1,5 +1,6 @@
-package com.redhat.pctsec.model.osh;
+package com.redhat.pctsec.model.test;
 import com.redhat.pctsec.model.osh.paramMapper;
 import io.quarkus.test.junit.QuarkusTest;
 import jakarta.inject.Inject;
 import org.junit.jupiter.api.Test;
Author	SHA1	Message	Date
Jonathan Christison	ec1528cef8	Try defining openapi defintion on app	2 years ago
Jonathan Christison	a39b3f37cc	Enable HTTP Basic AUTH * Add quarkus-elytron-security-properties to enable application properties supporting plaintext http * Changes to `application.properties` to use openshift secrets in openshift env and pssaas:pssaas in dev * Clean up of old config options	2 years ago
Mert Bugra Bicak	ee54eeb57d	Merge branch 'tekton-pod-optimization' into 'main' Converted SCM scan pipeline run to task run with 1 pod instead of 3, and other minor fixes See merge request pct-security/covscanrest!22	2 years ago
Jonathan Christison	78b1995557	Dont apply global properties to brew builds In this commit * Dont apply global properties to brew builds * Remove `-p` from tekton tasks, this will come from scan properties * Delete old pipelines and tasks	2 years ago
Jonathan Christison	22a3668a21	Echo to terminal what was executed	2 years ago
Mert Bugra Bicak	08afd70476	changeing invokeScanTask to point to mockBuildArgs instead of hardcoded example profile	2 years ago
Mert Bugra Bicak	47d6ab1588	made mock-build params consistent with brew scan tekton task, added -p flag	2 years ago
Mert Bugra Bicak	ea5f1d6fb7	added change to get created taskrun id after creation	3 years ago
Jonathan Christison	ba3cc5f726	Merge branch '31-tekton-pipelinerun-and-taskrun-pruning' into 'main' Resolve "Tekton PipelineRun and TaskRun pruning" Closes #31 See merge request pct-security/covscanrest!21	3 years ago
Mert Bugra Bicak	6d99df5945	converted scm pipeline run to task run with 1 pod instead of 3, fixed generateName issue in brew scan, made config adjustments	3 years ago
Jonathan Christison	29889925d1	Seems slightly aggressive of a run time, change to every 50 mins	3 years ago
Jonathan Christison	bdefadd090	Add big payload using builds from cpass test builds See https://orch.psi.redhat.com/pnc-web/#/projects/947 ``` bacon pnc project list-builds 947 --profile=production -o > cpaas_maven_builds.json #takes a long time cat cpaas_maven_builds.json \| jq '.[].id' > buildids.lst for bid in `tail -n 50 buildids.lst`; do printf "{\"build-id\":$bid,\"type\":\"pnc\"},"; done ```	3 years ago
Jonathan Christison	8548244a00	Change SA for tekton terminator	3 years ago
Jonathan Christison	3cf29f95b2	Create a SA with the correct tekton permissions	3 years ago
Jonathan Christison	97b0255c47	Just re-use the OSH service account The pipeline clearup seems to work but taskrun clearup fails for some reason ``` All but 10 PipelineRuns(Completed) deleted in namespace "pct-security-tooling" Error: failed to delete TaskRun "osh-scan-scm-taskrun-test-pjtvw": taskruns.tekton.dev "osh-scan-scm-taskrun-test-pjtvw" is forbidden: User "system:serviceaccount:pct-security-tooling:osh" cannot delete resource "taskruns" in API group "tekton.dev" in the namespace "pct-security-tooling"; failed to delete TaskRun "osh-scan-scm-taskrun-test-9gx7z": taskruns.tekton.dev "osh-scan-scm-taskrun-test-9gx7z" is forbidden: User "system:serviceaccount:pct-security-tooling:osh" cannot delete resource "taskruns" in API group "tekton.dev" in the namespace "pct-security-tooling"; failed to delete TaskRun "osh-scan-scm-taskrun-test-g7vlh": taskruns.tekton.dev "osh-scan-scm-taskrun-test-g7vlh" is forbidden: User "system:serviceaccount:pct-security-tooling:osh" cannot delete resource "taskruns" in API group "tekton.dev" in the namespace "pct-security-tooling"; .... ```	3 years ago
Jonathan Christison	798675466f	Start adding cronjob to do the clearup for us todo: * Service account/secret to access tekton resources * Tune - I dont know what happens if you clean up taskruns only for example	3 years ago
Jonathan Christison	6e13d06238	We dont have permissions to do this	3 years ago
Jonathan Christison	6e6f80fbc0	Merge branch '32-switch-stage-environment-pct-security-tooling-to-use-stage-osh' into 'main' Resolve "Switch stage environment (pct-security-tooling) to use stage OSH" Closes #32 See merge request pct-security/covscanrest!19	3 years ago
Jonathan Christison	0aded42dac	OSH-134 Use stage env * Change HUB_URL * enable XMLRPC debug for easier fault finding * Remove redundant CIM	3 years ago
Jonathan Christison	55f1a9bb1a	Merge branch '17-prod-deployment' into 'main' Resolve "Prod Deployment" Closes #17 See merge request pct-security/covscanrest!15	3 years ago
Jonathan Christison	8727bff831	We really need to set these to template values, every redeploy will break this	3 years ago
Jonathan Christison	82fbf480ec	Set the correct namespace Extra steps also required - `tkn hub install task git-clone`	3 years ago
Jonathan Christison	721c0ad374	Revert "Try setting the principle in the kt file" This reverts commit `ce845c9ade`.	3 years ago
Jonathan Christison	ce845c9ade	Try setting the principle in the kt file	3 years ago
Jonathan Christison	f83d0a1b06	Specify its IPA we need to authenticate against	3 years ago
Jonathan Christison	26592328b9	Use openshift env settings as k8s are not carried across to openshift yaml	3 years ago
Jonathan Christison	3f003048a6	Set postgresql as the default driver for all profiles	3 years ago
Jonathan Christison	29c73976f3	Set path to be osh-wrapper for prod system route	3 years ago
Jonathan Christison	161651f61e	Create the schema initially for blank db	3 years ago
Jonathan Christison	e8738d1cd1	Use an alternate DB in the postgres instance (alter application.properties)	3 years ago
Jonathan Christison	6da7606ad7	Use an alternate DB in the postgres instance	3 years ago
Jonathan Christison	b3feca922b	Change to prod namespace	3 years ago
Jonathan Christison	dc8de982f0	Minor alterations for prod deploy	3 years ago
Jonathan Christison	3dff549872	Change ID to public, we need this visible for subequent requests	3 years ago
Leonid Bossis	98ba0545e1	Merge branch '21-email-to-args-for-osh-client' into 'main' Resolve ""Email to" args for OSH Client" Closes #21 See merge request pct-security/covscanrest!13	3 years ago
Jonathan Christison	6069d11e1c	Fix issues pointed out in https://gitlab.cee.redhat.com/pct-security/covscanrest/-/merge_requests/13	3 years ago
Jonathan Christison	353854b790	Merge branch 'prod-deployment' into 'main' Production deployment branch See merge request pct-security/covscanrest!14	3 years ago
jperezde	fcf47f8d50	Modified principal	3 years ago
Jonathan Christison	5566213fec	Pass parameters though to OSH tekton run * Alter tekton pipeline/task for from source (haven't done brew builds yet) * Propergate scan options (no validation) it be better to cast to the paramMapper and also have paramMapper give the re-parsed mockbuild command	3 years ago
Jonathan Christison	b07123618d	Fix `jakarta.persistence.PersistenceException: Error attempting to apply AttributeConverter`	3 years ago
jperezde	16acdd3061	Modified namespace	3 years ago
jperezde	9d18e6d9cb	Added yaml files for prod	3 years ago
jperezde	f0c0b91be2	Added production settings to application.properties	3 years ago
Jonathan Christison	d2386ac83a	Set scanRequests on scan, dont put pnc build in json	3 years ago
Jonathan Christison	ca186cdd04	Set email based on requesting kerberos id for now	3 years ago
Jonathan Christison	0a7f11d6bf	Not sure what I did but ORM is working again :-S	3 years ago
Jonathan Christison	ccb33b4c64	Add email patch method Annotate Getters and Hibernate and Jackson weren't playing nice resulting in errors like - ``` com.fasterxml.jackson.databind.JsonMappingException: Unable to perform requested lazy initialization [com.redhat.pctsec.model.ScanRequests.globalScanProperties] - session is closed and settings disallow loading outside the Session (through reference chain: com.redhat.pctsec.model.Scan["scanRequests"]->com.redhat.pctsec.model.ScanRequests["globalScanProperties"]) ``` Rearrange fields above methods in Scan	3 years ago
Nicholas Caughey	3392029b8c	Merge branch '18-scanchain-endpoint' into 'main' Resolve "Scanchain endpoint" Closes #18 See merge request pct-security/covscanrest!12	3 years ago
Jonathan Christison	2fb746abae	Add scanchain endpoint Copied the PSSaaS approach, did try inheritance on the `git` class for `scanChainGit` but caused problems with deserialization not matching `Component` so hack was to duplicate it, will need to sort out the structures at some point see #11	3 years ago
Nicholas Caughey	9e175ca403	Merge branch '12-add-pnc-build-support' into 'main' Resolve "Add PNC build support" Closes #12 See merge request pct-security/covscanrest!11	3 years ago
Jonathan Christison	bad8b847ec	Remove PncService for now	3 years ago
Jonathan Christison	87f45b8329	Give up on using PNC rest client for now roll our own There is incompatibility between resteasy in quarkus (6.x) to the one used in PNC (3.x), the API design has changed quite a bit and it seems impossible to have both exist on the classpath at the same time. For the one endpoint we need (Build) then our own restclient should do	3 years ago
Jonathan Christison	c7bd13c3ac	Attempt to add PNC Client (Currently Broken) Hit a bug with pnc rest-easy client builder using javax rather than jakarta which means the class fails to load at runtime for some reason, i've tried various dependency inclusions and exclusions as well as using classic resteasy-client in quarkus, all either cause duplicates or give the same error ``` java.lang.RuntimeException: java.lang.ClassNotFoundException: org.glassfish.jersey.client.JerseyClientBuilder javax.ws.rs.client.ClientBuilder.newBuilder(ClientBuilder.java:86) at org.jboss.pnc.client.ClientBase.<init>(ClientBase.java:76) at org.jboss.pnc.client.ArtifactClient.<init>(ArtifactClient.java:22) at com.redhat.pctsec.model.api.service.PncService.<init>(PncService.java:31) ```	3 years ago
Jonathan Christison	421dce3b6c	Merge branch 'refactor' into 'main' Major refactor See merge request pct-security/covscanrest!10	3 years ago