Fix app properties service account reference

Its possible tekton is responding for some reason

hack/pssaas-request-curl.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 
-curl -H 'Content-Type: application/json' -d '@sample-pssaas.json' localhost:8080/Scan/PSSaaS -vv
+curl -H 'Content-Type: application/json' -d '@sample-pssaas.json' localhost:8080/api/v1a/Scan/PSSaaS/run -vv | jq 
-curl -H 'Content-Type: application/json' -d '@sample-pssaas-bad.json' localhost:8080/Scan/PSSaaS -vv
+#curl -H 'Content-Type: application/json' -d '@sample-pssaas-bad.json' localhost:8080/api/v1a/Scan/PSSaaS -vv

hack/sample-pssaas.json

@@ -6,6 +6,10 @@
         {"build-id":"ASLKGOMQVVAAA",
          "type":"pnc"},
          {"build-id":"ASLMBTBCNVAAA",
-         "type":"pnc"}]
+         "type":"pnc"},
+         {"type":"git",
+          "repo":"https://code.engineering.redhat.com/gerrit/quarkusio/quarkus.git",
+          "ref":"2.13.8.Final-redhat-00001"}
+    ]
 }
 

hack/single-brew-scan-stage.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+curl --get \
+    --data-urlencode "brewId=xterm-366-8.el9" \
+    https://osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com/api/v1a/Scan/single/brew  -vv
+
+curl --get https://osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com/api/v1a/Scan/2  -vv
+curl --get https://osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com/api/v1a/Scan/2/run -vv 
+

hack/single-git-scan-stage.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+curl --get \
+    --data-urlencode "repo=https://code.engineering.redhat.com/gerrit/quarkusio/quarkus.git" \
+    --data-urlencode "ref=2.13.8.Final-redhat-00001" \
+    https://osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com/api/v1a/Scan/single/git  -vv
+
+curl --get https://osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com/api/v1a/Scan/1  -vv
+curl --get https://osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com/api/v1a/Scan/1/run -vv
+

hack/single-git-scan.sh

@@ -6,4 +6,5 @@ curl --get \
     localhost:8080/api/v1a/Scan/single/git  -vv
 
 curl --get localhost:8080/api/v1a/Scan/1  -vv
+curl --get localhost:8080/api/v1a/Scan/1/run -vv
 

pom.xml

@@ -70,6 +70,23 @@
       <groupId>io.quarkus</groupId>
       <artifactId>quarkus-hibernate-orm-panache</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.quarkus</groupId>
+      <artifactId>quarkus-smallrye-openapi</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>info.picocli</groupId>
+      <artifactId>picocli</artifactId>
+      <version>4.7.4</version>
+    </dependency>
+    <dependency>
+      <groupId>io.quarkus</groupId>
+      <artifactId>quarkus-vertx</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.quarkus</groupId>
+      <artifactId>quarkus-kubernetes-config</artifactId>
+    </dependency>
     <dependency>
       <groupId>io.quarkus</groupId>
       <artifactId>quarkus-junit5</artifactId>

src/main/java/com/redhat/pctsec/GreetingResource.java

@@ -1,16 +0,0 @@
-package com.redhat.pctsec;
-
-import jakarta.ws.rs.GET;
-import jakarta.ws.rs.Path;
-import jakarta.ws.rs.Produces;
-import jakarta.ws.rs.core.MediaType;
-
-@Path("/hello")
-public class GreetingResource {
-
-    @GET
-    @Produces(MediaType.TEXT_PLAIN)
-    public String hello() {
-        return "Hello from RESTEasy Reactive";
-    }
-}

src/main/java/com/redhat/pctsec/model/BrewBuild.java

@@ -0,0 +1,37 @@
+package com.redhat.pctsec.model;
+
+import jakarta.persistence.Entity;
+import org.eclipse.microprofile.openapi.annotations.media.Schema;
+
+import java.net.URI;
+import java.net.URL;
+
+
+@Entity
+public class BrewBuild extends BuildType {
+
+    public BrewBuild(String buildRef) {
+        super(buildRef);
+    }
+
+    public BrewBuild() {
+        super();
+    }
+
+    @Override
+    public URI SCMURL() {
+        return null;
+    }
+
+    @Override
+    public URL URL() {
+        return null;
+    }
+
+    @Override
+    public String revision() {
+        return null;
+    }
+
+
+}

src/main/java/com/redhat/pctsec/model/BuildType.java

@@ -0,0 +1,35 @@
+package com.redhat.pctsec.model;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import jakarta.persistence.*;
+
+import java.net.URI;
+import java.net.URL;
+import java.util.UUID;
+
+@Entity
+@DiscriminatorColumn(name="REF_TYPE")
+abstract public class BuildType {
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private UUID id;
+
+    @JsonProperty()
+    @Column(name="buildref")
+    public String buildRef;
+
+    public BuildType(String buildRef)
+    {
+        this.buildRef = buildRef;
+    }
+
+    public BuildType() {
+
+    }
+
+    //This is the git URL of the sources
+    abstract public URI SCMURL();
+    //This is the URL of the build
+    abstract public URL URL();
+    abstract public String revision();
+}

src/main/java/com/redhat/pctsec/model/Git.java

@@ -0,0 +1,29 @@
+package com.redhat.pctsec.model;
+
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.GenerationType;
+import jakarta.persistence.Id;
+import org.eclipse.microprofile.openapi.annotations.media.Schema;
+
+import java.net.URI;
+import java.util.UUID;
+
+@Entity
+public class Git {
+    public Git() {
+        super();
+    }
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private UUID id;
+
+    public URI repo;
+    public String ref;
+
+    public Git(String repo, String ref) {
+        this.repo = URI.create(repo);
+        this.ref = ref;
+    }
+}

src/main/java/com/redhat/pctsec/model/PNCBuild.java

@@ -0,0 +1,39 @@
+package com.redhat.pctsec.model;
+
+import jakarta.persistence.Entity;
+
+import java.net.URI;
+import java.net.URL;
+
+@Entity
+public class PNCBuild extends BuildType{
+    public PNCBuild() {
+        super();
+    }
+
+    public PNCBuild(String buildRef) {
+        super(buildRef);
+    }
+
+    @Override
+    public URI SCMURL() {
+        return null;
+    }
+
+    @Override
+    public URL URL() {
+        return null;
+    }
+
+    @Override
+    public String revision() {
+        return null;
+    }
+
+    public static boolean isValidRef(String ref){
+        //New type PNC Ref
+        if(ref.length()!=14)
+            return false;
+        return true;
+    }
+}

src/main/java/com/redhat/pctsec/model/RequestType.java

@@ -0,0 +1,3 @@
+package com.redhat.pctsec.model;
+
+public enum RequestType {BREW, PNC, GIT}

src/main/java/com/redhat/pctsec/model/Scan.java

@@ -0,0 +1,116 @@
+package com.redhat.pctsec.model;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import jakarta.persistence.*;
+import jakarta.transaction.Transactional;
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotNull;
+import org.hibernate.annotations.CreationTimestamp;
+import org.hibernate.annotations.UpdateTimestamp;
+
+import java.time.Instant;
+import java.util.UUID;
+
+enum ScanState {
+    CREATED, TRIGGERED, RUNNING, SUCCESS, FAIL;
+}
+@Entity
+public class Scan {
+
+    public Scan() {
+        this.scanRequests = new ScanRequests();
+    }
+
+    public Instant getCreationTimestamp() {
+        return creationTimestamp;
+    }
+
+    public void setCreationTimestamp(Instant creationTimestamp) {
+        this.creationTimestamp = creationTimestamp;
+    }
+
+    public ScanState getState() {
+        return state;
+    }
+
+    public void setState(ScanState state) {
+        this.state = state;
+    }
+
+    public String getProductName() {
+        return productName;
+    }
+
+    public void setProductName(String productName) {
+        this.productName = productName;
+    }
+
+    public String getRequestor() {
+        return requestor;
+    }
+
+    public void setRequestor(String requestor) {
+        this.requestor = requestor;
+    }
+
+    public String getEmail() {
+        return email;
+    }
+
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+
+    public ScanRequests getScanRequests() {
+        return scanRequests;
+    }
+
+    public void setScanRequests(ScanRequests scanRequests) {
+        this.scanRequests = scanRequests;
+    }
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    public UUID id;
+
+
+    /*
+    @OneToOne
+    @NotNull
+    @JoinColumn(name = "product_id", referencedColumnName = "id")
+    private String productName;
+    */
+    @Column(name="proudct_name")
+    private String productName;
+
+    //@Temporal(TemporalType.TIMESTAMP)
+
+    @CreationTimestamp
+    @JsonIgnore
+    @Column(name="creation_timestamp")
+    //@NotNull
+    private Instant creationTimestamp;
+
+    @UpdateTimestamp
+    @JsonIgnore
+    @Column(name="update_timestamp")
+    //@NotNull
+    private Instant updateTimestamp;
+
+    @Column(name="state")
+    @Enumerated(EnumType.STRING)
+    private ScanState state;
+
+    @Column(name="requestor")
+    @NotNull
+    private String requestor;
+
+    @Column(name="report_email")
+    @Email
+    private String email;
+
+    @OneToOne(cascade = CascadeType.ALL, fetch=FetchType.LAZY)
+    @JoinColumn(name = "scan_requests_id", referencedColumnName = "id")
+    public ScanRequests scanRequests;
+}

src/main/java/com/redhat/pctsec/model/ScanRequest.java

@@ -1,41 +1,110 @@
 package com.redhat.pctsec.model;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.redhat.pctsec.model.api.request.git;
 import com.redhat.pctsec.tekton.brewTaskRun;
 import com.redhat.pctsec.tekton.scmUrlPipelineRun;
+import io.vertx.mutiny.core.eventbus.EventBus;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import jakarta.inject.Singleton;
+import jakarta.persistence.*;
 
 import java.util.HashMap;
+import java.util.UUID;
+
 @ApplicationScoped
+@Entity
 public class ScanRequest {
 
-    private HashMap<String, String> metadata;
+    @Id
-    private HashMap<String, String> oshScanOptions;
+    @GeneratedValue
-    private String brewBuild;
+    protected UUID id;
-    private HashMap<String, String> scmurl;
+    private String metadata;
+    private String oshScanOptions;
 
-    @Inject
+    public EventBus getBus() {
-    brewTaskRun btr;
+        return bus;
+    }
 
+    public void setBus(EventBus bus) {
+        this.bus = bus;
+    }
+
+    @Transient
+    @JsonIgnore
     @Inject
-    scmUrlPipelineRun plr;
+    EventBus bus;
+
+    public RequestType getType() {
+        return type;
+    }
+
+    private RequestType type;
+
+    @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL)
+    @JoinColumn(name = "brew_build_id", referencedColumnName = "id")
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    public BrewBuild brewBuild;
+
+    @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL)
+    @JoinColumn(name = "pnc_build_id", referencedColumnName = "id")
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    public PNCBuild pncBuild;
+
+    @OneToOne(fetch=FetchType.LAZY, cascade = CascadeType.ALL)
+    @JoinColumn(name = "git_id", referencedColumnName = "id")
+    @JsonInclude(JsonInclude.Include.NON_NULL)
+    public Git git;
+
+    public String getOshScanOptions() {
+        return oshScanOptions;
+    }
+
+    public void setOshScanOptions(String oshScanOptions) {
+        this.oshScanOptions = oshScanOptions;
+    }
+
+    public String getScanProperties() {
+        return scanProperties;
+    }
+
+    public void setScanProperties(String scanProperties) {
+        this.scanProperties = scanProperties;
+    }
+
+    @Column(name="scan_properties")
+    public String scanProperties;
+    public ScanRequest() {
+    }
 
-    public ScanRequest(String brewBuildId)
+    public ScanRequest(BrewBuild brewBuild)
     {
-        this.brewBuild = brewBuildId;
+        this.type = RequestType.BREW;
+        this.brewBuild = brewBuild;
+    }
+
+    public ScanRequest(PNCBuild pncBuild)
+    {
+        this.type = RequestType.PNC;
+        this.pncBuild = pncBuild;
+    }
+
+    public ScanRequest(Git git)
+    {
+        this.type = RequestType.GIT;
+        this.git = git;
     }
 
     public ScanRequest(String repo, String ref)
     {
-        this.scmurl = new HashMap<>();
+        this.git = new Git(repo, ref);
-        this.scmurl.put("repo", repo);
-        this.scmurl.put("ref", repo);
     }
-    public void executeScan(){
+    public ScanTask executeScan(){
-        if(this.brewBuild != null && !this.brewBuild.trim().isEmpty()){
+        ScanTask st =  new ScanTask(this);
-            //btr = new brewTaskRun();
+        st.execute();
-            btr.invokeScanTask(this.brewBuild);
+        return st;
-        }
     }
+
 }

src/main/java/com/redhat/pctsec/model/ScanRequests.java

@@ -1,50 +1,111 @@
 package com.redhat.pctsec.model;
 
-import com.redhat.pctsec.rest.v1alpha1.Scan;
+import com.redhat.pctsec.model.api.request.pssaas;
+import com.redhat.pctsec.model.api.request.scanChain;
+import io.vertx.mutiny.core.eventbus.EventBus;
 import jakarta.enterprise.context.ApplicationScoped;
 
-import java.util.HashMap;
+import java.util.*;
-import java.util.HashSet;
+import java.util.stream.Collectors;
-import java.util.Set;
+
-import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.*;
-import jakarta.persistence.Id;
+
 @ApplicationScoped
+@Entity
+@Table(name="ScanRequests")
 public class ScanRequests {
 
-    @Id @GeneratedValue private Long id;
+    @Id
-    private Set<ScanRequest> scanRequests = new HashSet<>();
+    @GeneratedValue
-    private HashMap<String, String> globalScanProperties;
+    protected UUID id;
+
+    @OneToMany(fetch=FetchType.EAGER, cascade = CascadeType.ALL)
+    @JoinColumn(name = "scan_request_id", referencedColumnName = "id")
+    private Set<ScanRequest> scanRequests;// = new HashSet<>();
+
+
+    @Column(name="scan_properties")
+    private String globalScanProperties;
+
+    @Column(name="scan_metadata")
+    private String scanMetadata;
+
 
     public ScanRequests(){
-        this.id =
+        //Default to the Snyk scan
+        this.globalScanProperties = "-p snyk-only-unstable --tarball-build-script=\":\"";
+        this.scanRequests = new HashSet<>();
     }
+
     public ScanRequests(pssaas pssaas){
-        //Iterate scan payload and create scans
+        this();
+        pssaas.componentList.stream().filter(c -> c.getType().equals("git")).forEach(g -> this.addGit(g.getRepo().toString(), g.getRef()));
+        pssaas.componentList.stream().filter(c -> c.getType().equals("brew")).forEach(g -> this.addBrewBuild(g.getBuildId()));
+        pssaas.componentList.stream().filter(c -> c.getType().equals("pnc")).forEach(g -> this.addPNCBuild(g.getBuildId()));
     }
 
-    public ScanRequests(String repo, String rev){
+    public ScanRequests(scanChain scanchain){
-        //shortcut for single scans
+        this();
-        scanRequests.add(new ScanRequest(repo, rev));
     }
 
+    //public ScanRequests(String repo, String rev){
+    //    //shortcut for single scans
+    //    scanRequests.add(new ScanRequest(repo, rev));
+    //}
+
+    /*
     public ScanRequests(String brewBuildId){
-        scanRequests.add(new ScanRequest(brewBuildId));
+        scanRequests.add(new ScanRequest(new B));
     }
+     */
 
     public void addBrewBuild(String brewBuildId)
     {
-        scanRequests.add(new ScanRequest(brewBuildId));
+        scanRequests.add(new ScanRequest(new BrewBuild(brewBuildId)));
     }
 
     public void addGit(String repo, String rev)
     {
-        scanRequests.add(new ScanRequest(repo, rev));
+        scanRequests.add(new ScanRequest(new Git(repo, rev)));
+    }
+
+    public void addPNCBuild(String pncBuildId)
+    {
+        scanRequests.add(new ScanRequest(new PNCBuild(pncBuildId)));
     }
 
     //Create tekton pipeline/taskrun
-    public void execute(){
+    public List<ScanTask> execute(EventBus eventBus){
+        scanRequests.stream().forEach(s -> s.setBus(eventBus));
+        return scanRequests.stream().map(s -> s.executeScan()).collect(Collectors.toList());
+        /*
         for(ScanRequest s : scanRequests){
             s.executeScan();
         }
+         */
+    }
+
+    public Set<ScanRequest> getScanRequests() {
+        return scanRequests;
+    }
+
+    public void setScanRequests(Set<ScanRequest> scanRequests) {
+        this.scanRequests = scanRequests;
+    }
+
+    public String getGlobalScanProperties() {
+        return globalScanProperties;
+    }
+
+    public void setGlobalScanProperties(String globalScanProperties) {
+        this.globalScanProperties = globalScanProperties;
+    }
+
+    public String getScanMetadata() {
+        return scanMetadata;
+    }
+
+    public void setScanMetadata(String scanMetadata) {
+        this.scanMetadata = scanMetadata;
     }
 }

src/main/java/com/redhat/pctsec/model/ScanResult.java

@@ -0,0 +1,19 @@
+package com.redhat.pctsec.model;
+
+import java.net.URI;
+import java.net.URL;
+
+public class ScanResult {
+
+    public URL covScanTask;
+
+
+    //Store files in document store
+    private void storeResults(){
+
+    }
+
+    private void fetchResults(){
+
+    }
+}

src/main/java/com/redhat/pctsec/model/ScanTask.java

@@ -0,0 +1,78 @@
+package com.redhat.pctsec.model;
+
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import io.vertx.core.eventbus.impl.EventBusImpl;
+import io.vertx.mutiny.core.eventbus.EventBus;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.enterprise.context.Dependent;
+import jakarta.inject.Inject;
+import jakarta.persistence.*;
+
+import java.util.UUID;
+
+
+@Entity
+@ApplicationScoped
+public class ScanTask {
+
+    @Id
+    @GeneratedValue
+    protected UUID id;
+    @JsonIgnore
+    @Transient
+    @Inject
+    EventBus bus;
+    public ScanTaskState state;
+
+    public void setTektonRunId(String tektonRunId) {
+        this.tektonRunId = tektonRunId;
+    }
+
+    public String tektonRunId;
+
+    @OneToOne(fetch=FetchType.EAGER, cascade = CascadeType.ALL)
+    @JoinColumn(name = "scan_result_id", referencedColumnName = "id")
+    public ScanRequest scanRequest;
+
+
+    public ScanTask(ScanRequest scanRequest) {
+        this();
+        this.scanRequest = scanRequest;
+        this.bus = scanRequest.getBus();
+        //this.bus = new EventBus(new EventBusImpl());
+    }
+
+
+    public  ScanTask(){
+    }
+
+
+    /*
+    public ScanTask(ScanRequest scanRequest)
+    {
+        this(
+        this.scanRequest = scanRequest;
+    }
+
+     */
+    public void execute(){
+            bus.publish("tekton", this);
+    }
+
+    public ScanTaskState getState() {
+        return state;
+    }
+
+    public void setState(ScanTaskState state) {
+        this.state = state;
+    }
+
+    public ScanRequest getScanRequest() {
+        return scanRequest;
+    }
+
+    public void setScanRequest(ScanRequest scanRequest) {
+        this.scanRequest = scanRequest;
+    }
+}

src/main/java/com/redhat/pctsec/model/ScanTaskState.java

@@ -0,0 +1,3 @@
+package com.redhat.pctsec.model;
+
+public enum ScanTaskState {AWAIT, TRIGGERED, RUNNING, SUCCESS, FAULURE}

src/main/java/com/redhat/pctsec/model/api/request/Component.java

@@ -0,0 +1,17 @@
+package com.redhat.pctsec.model.api.request;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
+import java.net.URI;
+
+@JsonDeserialize(using = ComponentJsonDeserializer.class)
+public interface Component {
+
+    public String getType();
+
+    public String getBuildId();
+
+    public URI getRepo();
+
+    public String getRef();
+}

src/main/java/com/redhat/pctsec/model/api/request/ComponentJsonDeserializer.java

@@ -0,0 +1,31 @@
+package com.redhat.pctsec.model.api.request;
+
+import com.fasterxml.jackson.core.JacksonException;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.JsonDeserializer;
+import com.fasterxml.jackson.databind.JsonNode;
+
+import java.io.IOException;
+import java.net.URI;
+
+public class ComponentJsonDeserializer extends JsonDeserializer<Component> {
+
+    @Override
+    public Component deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException, JacksonException {
+
+        JsonNode node = jsonParser.readValueAsTree();
+        JsonNode componentT = node.get("type");
+        if(componentT.asText().equals("git"))
+        {
+            URI repo = URI.create(node.get("repo").asText());
+            String ref = node.get("ref").asText();
+            return new git(repo, ref);
+        }
+        else
+        {
+            return new build(componentT.asText(), node.get("build-id").asText());
+        }
+
+    }
+}

src/main/java/com/redhat/pctsec/model/api/request/build.java

@@ -0,0 +1,49 @@
+package com.redhat.pctsec.model.api.request;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import jakarta.validation.constraints.NotNull;
+
+import java.net.URI;
+
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonPropertyOrder({
+        "type",
+        "build-id"
+})
+public class build implements Component {
+
+    public final String type;
+
+
+    public final String buildId;
+
+    public build(@NotNull String type, @NotNull String buildId) {
+        this.type = type;
+        this.buildId = buildId;
+    }
+
+    @Override
+    @NotNull
+    @JsonProperty("type")
+    public String getType() {
+        return this.type;
+    }
+
+    @NotNull
+    @JsonProperty("build-id")
+    @Override
+    public String getBuildId() {
+        return this.buildId;
+    }
+
+    @Override
+    public URI getRepo() {
+        return URI.create("");
+    }
+
+    @Override
+    public String getRef() {
+        return "";
+    }
+}

src/main/java/com/redhat/pctsec/model/api/request/git.java

@@ -0,0 +1,53 @@
+package com.redhat.pctsec.model.api.request;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import jakarta.validation.constraints.NotNull;
+
+import java.net.URI;
+
+@JsonInclude(JsonInclude.Include.NON_NULL)
+@JsonPropertyOrder({
+        "type",
+        "repo",
+        "ref"
+})
+public class git implements Component{
+    @NotNull
+    @JsonProperty("type")
+    public final static String type = "git";
+
+    @NotNull
+    @JsonProperty("repo")
+    public URI repo;
+
+    @NotNull
+    @JsonProperty("ref")
+    public String ref;
+
+    public git(@NotNull URI repo, @NotNull String ref) {
+        this.repo = repo;
+        this.ref = ref;
+    }
+
+    @Override
+    public String getType() {
+        return this.type;
+    }
+
+    @Override
+    public String getBuildId() {
+        return "";
+    }
+
+    @Override
+    public URI getRepo() {
+        return this.repo;
+    }
+
+    @Override
+    public String getRef() {
+        return this.ref;
+    }
+}

src/main/java/com/redhat/pctsec/model/api/request/pssaas.java

@@ -1,4 +1,4 @@
-package com.redhat.pctsec.model;
+package com.redhat.pctsec.model.api.request;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Set;
@@ -65,21 +65,6 @@ public class pssaas {
     @Size(min = 1)
     @Valid
     @NotNull
-    public Set<Object> componentList;
+    public Set<Component> componentList;
-    @JsonIgnore
-    @Valid
-    private Map<String, Object> additionalProperties = new LinkedHashMap<String, Object>();
-
-    /*
-    @JsonAnyGetter
-    public Map<String, Object> getAdditionalProperties() {
-        return this.additionalProperties;
-    }
-
-    @JsonAnySetter
-    public void setAdditionalProperty(String name, Object value) {
-        this.additionalProperties.put(name, value);
-    }
-    */
 
 }

src/main/java/com/redhat/pctsec/model/api/request/scanChain.java

@@ -0,0 +1,4 @@
+package com.redhat.pctsec.model.api.request;
+
+public class scanChain {
+}

src/main/java/com/redhat/pctsec/model/build.java

@@ -1,30 +0,0 @@
-package com.redhat.pctsec.model;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.Set;
-import com.fasterxml.jackson.annotation.JsonAnyGetter;
-import com.fasterxml.jackson.annotation.JsonAnySetter;
-import com.fasterxml.jackson.annotation.JsonIgnore;
-import com.fasterxml.jackson.annotation.JsonInclude;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.annotation.JsonPropertyDescription;
-import com.fasterxml.jackson.annotation.JsonPropertyOrder;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-import jakarta.validation.Valid;
-import jakarta.validation.constraints.NotNull;
-import jakarta.validation.constraints.Size;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonPropertyOrder({
-        "type",
-        "build-id"
-})
-public class build {
-    @NotNull
-    @JsonProperty("type")
-    public String type;
-
-    @NotNull
-    @JsonProperty("build-id")
-    public String buildId;
-}

src/main/java/com/redhat/pctsec/model/git.java

@@ -1,26 +0,0 @@
-package com.redhat.pctsec.model;
-
-import com.fasterxml.jackson.annotation.JsonInclude;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.annotation.JsonPropertyOrder;
-import jakarta.validation.constraints.NotNull;
-
-@JsonInclude(JsonInclude.Include.NON_NULL)
-@JsonPropertyOrder({
-        "type",
-        "repo",
-        "ref"
-})
-public class git {
-    @NotNull
-    @JsonProperty("type")
-    public String type;
-
-    @NotNull
-    @JsonProperty("repo")
-    public String repo;
-
-    @NotNull
-    @JsonProperty("ref")
-    public String ref;
-}

src/main/java/com/redhat/pctsec/model/jpa/ScanRepository.java

@@ -0,0 +1,16 @@
+package com.redhat.pctsec.model.jpa;
+
+import com.redhat.pctsec.model.Scan;
+import io.quarkus.hibernate.orm.panache.PanacheRepositoryBase;
+import io.smallrye.mutiny.Uni;
+import jakarta.enterprise.context.ApplicationScoped;
+
+import java.util.UUID;
+
+@ApplicationScoped
+public class ScanRepository implements PanacheRepositoryBase<Scan, UUID> {
+    public Uni<Scan> findByProduct(String product)
+    {
+        return find("product", product).firstResult();
+    }
+}

src/main/java/com/redhat/pctsec/model/jpa/ScanRequestRepository.java

@@ -0,0 +1,18 @@
+package com.redhat.pctsec.model.jpa;
+
+
+import com.redhat.pctsec.model.ScanRequest;
+import io.quarkus.hibernate.orm.panache.PanacheRepositoryBase;
+import io.smallrye.mutiny.Uni;
+import jakarta.enterprise.context.ApplicationScoped;
+
+import java.util.UUID;
+
+@ApplicationScoped
+public class ScanRequestRepository implements PanacheRepositoryBase<ScanRequest, UUID> {
+    public Uni<ScanRequest> findByProduct(String product)
+    {
+        return find("product", product).firstResult();
+    }
+}
+

src/main/java/com/redhat/pctsec/model/jpa/ScanRequestsRepository.java

@@ -0,0 +1,18 @@
+package com.redhat.pctsec.model.jpa;
+
+import com.redhat.pctsec.model.Scan;
+import com.redhat.pctsec.model.ScanRequests;
+import io.quarkus.hibernate.orm.panache.PanacheRepositoryBase;
+import io.smallrye.mutiny.Uni;
+import jakarta.enterprise.context.ApplicationScoped;
+
+import java.util.UUID;
+
+@ApplicationScoped
+public class ScanRequestsRepository implements PanacheRepositoryBase<ScanRequests, UUID> {
+    public Uni<Scan> findByProduct(String product)
+    {
+        return find("product", product).firstResult();
+    }
+}
+

src/main/java/com/redhat/pctsec/model/jpa/UriConverter.java

@@ -0,0 +1,22 @@
+package com.redhat.pctsec.model.jpa;
+
+import jakarta.persistence.AttributeConverter;
+import jakarta.persistence.Converter;
+
+
+import java.net.URI;
+
+@Converter(autoApply = true)
+public class UriConverter implements AttributeConverter<URI, String>
+{
+
+    @Override
+    public String convertToDatabaseColumn(URI uri) {
+        return (uri == null) ? null : uri.toString();
+    }
+
+    @Override
+    public URI convertToEntityAttribute(String s) {
+        return ((s.length() > 0) ? URI.create(s.trim()) : null);
+    }
+}

src/main/java/com/redhat/pctsec/model/osh/paramMapper.java

@@ -0,0 +1,72 @@
+package com.redhat.pctsec.model.osh;
+
+import jakarta.inject.Singleton;
+import picocli.CommandLine;
+import picocli.CommandLine.Option;
+import picocli.CommandLine.Parameters;
+
+
+
+public class paramMapper {
+
+    @Option(names = {"-p", "--profile"}, description = "list of analyzers to use (see command 'list-\n" +
+            "                                 analyzers'); use comma as a separator: e.g. \"\n" +
+            "                                 --analyzer=gcc,clang,cppcheck\"")
+    private String profile;
+
+    @Option(names = {"-a", "--analyzer"}, description = "list of analyzers to use (see command 'list-\n" +
+            "                                 analyzers'); use comma as a separator: e.g. \"\n" +
+            "                                 --analyzer=gcc,clang,cppcheck\"")
+    private String analyzers;
+
+    @Option(names = {"--tarball-build-script"}, description = "With this option osh-cli accepts path to\n" +
+            "                                 tarball specified via first argument and then\n" +
+            "                                 the tarball will be scanned. This option sets\n" +
+            "                                 command which should build the package,\n" +
+            "                                 usually this should be just \"make\", in case\n" +
+            "                                 of packages which doesn't need to be built,\n" +
+            "                                 just pass \"true\".\n")
+    private String tarballBuildScript;
+
+    @Option(names = {"--brew-build"}, description = "use a brew build (specified by NVR) instead\n" +
+            "                                 of a local file")
+    private String brewBuild;
+
+    public paramMapper(){}
+
+    public paramMapper(String params){
+        new CommandLine(this).parseArgs(params.split(("\\s+")));
+    }
+
+    public String getProfile() {
+        return profile;
+    }
+
+    public void setProfile(String profile) {
+        this.profile = profile;
+    }
+
+    public String getAnalyzers() {
+        return analyzers;
+    }
+
+    public void setAnalyzers(String analyzers) {
+        this.analyzers = analyzers;
+    }
+
+    public String getTarballBuildScript() {
+        return tarballBuildScript;
+    }
+
+    public void setTarballBuildScript(String tarballBuildScript) {
+        this.tarballBuildScript = tarballBuildScript;
+    }
+
+    public String getBrewBuild() {
+        return brewBuild;
+    }
+
+    public void setBrewBuild(String brewBuild) {
+        this.brewBuild = brewBuild;
+    }
+}

src/main/java/com/redhat/pctsec/model/scanChain.java

@@ -1,4 +0,0 @@
-package com.redhat.pctsec.model;
-
-public class scanChain {
-}

src/main/java/com/redhat/pctsec/rest/v1alpha1/Scan.java

@@ -1,60 +0,0 @@
-package com.redhat.pctsec.rest.v1alpha1;
-
-import com.redhat.pctsec.model.ScanRequests;
-import com.redhat.pctsec.model.pssaas;
-import jakarta.enterprise.context.ApplicationScoped;
-import jakarta.validation.Valid;
-import jakarta.ws.rs.*;
-import org.jboss.resteasy.reactive.RestQuery;
-
-import java.util.HashMap;
-
-@ApplicationScoped
-@Path("/api/v1a/Scan")
-public class Scan {
-
-    HashMap<String, ScanRequests> scanCollection = new HashMap<>();
-    @POST
-    @Path("PSSaaS")
-    @Consumes({ "application/json" })
-    public Integer createScans(@Valid pssaas scanRequest)
-    {
-        //Validate JSON
-
-        //CreateScanCollection
-
-        //Return ScanCollectionID
-        return 1;
-    }
-
-    @GET
-    @Path("{id}")
-    public ScanRequests scanRequest(String id){
-        return scanCollection.get(id.toString());
-    }
-
-    @GET
-    @Path("{id}/run")
-    public String scanRequestExe(String id){
-        scanCollection.get(id.toString()).execute();
-        return "We'd normally have a json payload here, with pipeline UID";
-    }
-
-    @GET
-    @Path("single/git")
-    public String singleGit(@RestQuery String repo, @RestQuery String ref)
-    {
-        ScanRequests sc = new ScanRequests(repo, ref);
-        scanCollection.put("1",sc);
-        return "restult";
-    }
-
-    @GET
-    @Path("single/brew")
-    public String singleGit(@RestQuery String brewId)
-    {
-        ScanRequests sc = new ScanRequests(brewId);
-        scanCollection.put("2",sc);
-        return "result";
-    }
-}

src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanRequestResource.java

@@ -0,0 +1,50 @@
+package com.redhat.pctsec.rest.v1alpha1;
+
+import com.redhat.pctsec.model.ScanRequest;
+import com.redhat.pctsec.model.jpa.ScanRequestRepository;
+import com.redhat.pctsec.model.osh.paramMapper;
+import io.quarkus.security.Authenticated;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+import jakarta.transaction.Transactional;
+import jakarta.ws.rs.*;
+import picocli.CommandLine;
+
+import java.util.UUID;
+@ApplicationScoped
+@Path("/api/v1a/ScanRequest/{id}")
+public class ScanRequestResource {
+    @Inject
+    ScanRequestRepository scanRequestRepository;
+
+
+    @GET
+    @Produces({"application/json"})
+    public ScanRequest getScanRequest(String id)
+    {
+        ScanRequest scanRequest = scanRequestRepository.findById(UUID.fromString(id));
+        return scanRequest;
+    }
+
+    @PATCH
+    @Path("ScanProperties/{scanProperties}")
+    @Consumes({"application/octet-stream"})
+    @Produces({"application/json"})
+    @Authenticated
+    @Transactional
+    public ScanRequest patchScanRequest(String id, String scanProperties)
+    {
+        ScanRequest scanRequest = scanRequestRepository.findById(UUID.fromString(id));
+
+        try {
+            paramMapper pm = new paramMapper(scanProperties);
+            }catch(CommandLine.UnmatchedArgumentException e)
+            {
+                throw new BadRequestException("Invalid OSH Parameter");
+            }
+        scanRequest.setScanProperties(scanProperties);
+        scanRequestRepository.persist(scanRequest);
+        return scanRequest;
+    }
+
+}

src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanRequestsResource.java

@@ -0,0 +1,41 @@
+package com.redhat.pctsec.rest.v1alpha1;
+
+import com.redhat.pctsec.model.Scan;
+import com.redhat.pctsec.model.ScanRequest;
+import com.redhat.pctsec.model.ScanRequests;
+import com.redhat.pctsec.model.jpa.ScanRepository;
+import com.redhat.pctsec.model.jpa.ScanRequestsRepository;
+import io.quarkus.security.Authenticated;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+import jakarta.ws.rs.*;
+import org.jboss.resteasy.reactive.common.NotImplementedYet;
+
+import java.util.UUID;
+
+@ApplicationScoped
+@Path("/api/v1a/ScanRequests/{id}")
+public class ScanRequestsResource {
+
+    @Inject
+    ScanRequestsRepository  sr;
+
+
+    @GET
+    @Produces({"application/json"})
+    public ScanRequests getScanRequests(String id)
+    {
+        ScanRequests scanRequests = sr.findById(UUID.fromString(id));
+        return scanRequests;
+    }
+
+    @POST
+    @Produces({"application/json"})
+    @Consumes({"application/json"})
+    @Authenticated
+    public ScanRequests addScanRequest(String id, ScanRequest scanRequest)
+    {
+        throw new NotImplementedYet();
+    }
+
+}

src/main/java/com/redhat/pctsec/rest/v1alpha1/ScanResource.java

@@ -0,0 +1,122 @@
+package com.redhat.pctsec.rest.v1alpha1;
+
+import com.redhat.pctsec.model.*;
+import com.redhat.pctsec.model.api.request.pssaas;
+import com.redhat.pctsec.model.jpa.ScanRepository;
+import io.quarkus.security.Authenticated;
+import io.vertx.mutiny.core.eventbus.EventBus;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+import jakarta.transaction.Transactional;
+import jakarta.validation.Valid;
+import jakarta.ws.rs.*;
+import org.jboss.resteasy.reactive.RestQuery;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;
+
+@ApplicationScoped
+@Path("/api/v1a/Scan")
+public class ScanResource {
+
+    @Inject
+    ScanRepository sr;
+
+    @Inject
+    EventBus bus;
+
+    @POST
+    @Path("PSSaaS")
+    @Consumes({ "application/json" })
+    @Transactional
+    @Authenticated
+    public Scan createPSSAAS(@Valid pssaas scanRequest)
+    {
+        ScanRequests scanRequests = new ScanRequests(scanRequest);
+        Scan s = new Scan();
+        s.setRequestor("cpaas");
+        s.setScanRequests(scanRequests);
+        sr.persist(s);
+        return s;
+    }
+    @POST
+    @Path("PSSaaS/run")
+    @Consumes({ "application/json" })
+    @Transactional
+    @Authenticated
+    public List<ScanTask> createRunPSSAAS(@Valid pssaas scanRequest)
+    {
+        Scan s = this.createPSSAAS(scanRequest);
+        return s.scanRequests.execute(bus);
+    }
+
+    @GET
+    @Path("All")
+    @Produces({"application/json"})
+    public List<Scan> list()
+    {
+        return sr.listAll();
+    }
+
+    @GET
+    @Path("{id}")
+    @Produces({"application/json"})
+    public Scan scanRequest(String id)
+    {
+        Scan s = sr.findById(UUID.fromString(id));
+        return s;
+    }
+
+    @GET
+    @Path("{id}/run")
+    @Authenticated
+    public List<ScanTask> scanRequestExe(String id)
+    {
+        Scan s = sr.findById(UUID.fromString(id));
+        return s.scanRequests.execute(bus);
+    }
+
+
+    @GET
+    @Path("single/git")
+    @Produces({"application/json"})
+    @Transactional
+    @Authenticated
+    public Scan singleGit(@RestQuery String repo, @RestQuery String ref)
+    {
+        Scan s = new Scan();
+        s.setRequestor("jochrist");
+        s.getScanRequests().addGit(repo,ref);
+        sr.persist(s);
+        return s;
+    }
+
+    @GET
+    @Path("single/brew")
+    @Produces({"application/json"})
+    @Transactional
+    @Authenticated
+    public Scan singleGit(@RestQuery String brewId)
+    {
+        Scan s = new Scan();
+        s.setRequestor("jochrist");
+        s.getScanRequests().addBrewBuild(brewId);
+        sr.persist(s);
+        return s;
+    }
+    @GET
+    @Path("single/pnc")
+    @Produces({"application/json"})
+    @Transactional
+    @Authenticated
+    public Scan singlePNC(@RestQuery String pncId)
+    {
+        Scan s = new Scan();
+        s.setRequestor("jochrist");
+        s.getScanRequests().addPNCBuild(pncId);
+        sr.persist(s);
+        return s;
+    }
+}

src/main/java/com/redhat/pctsec/tekton/TaskHandler.java

@@ -0,0 +1,139 @@
+package com.redhat.pctsec.tekton;
+import com.redhat.pctsec.model.RequestType;
+import com.redhat.pctsec.model.ScanTask;
+import com.redhat.pctsec.model.ScanTaskState;
+import io.fabric8.kubernetes.api.model.ConfigMapVolumeSource;
+import io.fabric8.kubernetes.api.model.PersistentVolumeClaimVolumeSource;
+import io.fabric8.kubernetes.api.model.PodSecurityContext;
+import io.fabric8.kubernetes.api.model.PodSecurityContextBuilder;
+import io.fabric8.tekton.client.DefaultTektonClient;
+import io.fabric8.tekton.client.TektonClient;
+import io.fabric8.tekton.client.DefaultTektonClient;
+import io.fabric8.tekton.client.TektonClient;
+import io.fabric8.tekton.pipeline.v1beta1.*;
+
+import io.quarkus.vertx.ConsumeEvent;
+
+import io.smallrye.common.annotation.Blocking;
+import jakarta.inject.Inject;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.eclipse.microprofile.config.inject.ConfigProperty;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class TaskHandler {
+
+    @ConfigProperty(name = "quarkus.openshift.namespace")
+    String NAMESPACE;
+    @ConfigProperty(name = "tekton.pipeline.ref")
+    String PIPELINE_REFERENCE;
+    @ConfigProperty(name = "tekton.service-account")
+    String SERVICE_ACCOUNT;
+
+    @ConfigProperty(name = "tekton.task.ref")
+    String TASK_REFERENCE;
+
+    @Inject
+    TektonClient tektonClient;
+
+    @ConsumeEvent("tekton")
+    @Blocking
+    public ScanTask consume(ScanTask scanTask)
+    {
+
+        switch(scanTask.getScanRequest().getType())
+        {
+        case BREW:
+            scanTask.setTektonRunId(invokeScanTask(scanTask.getScanRequest().brewBuild.buildRef));
+            scanTask.setState(ScanTaskState.RUNNING);
+            break;
+
+        case PNC:
+            String repo = scanTask.getScanRequest().pncBuild.SCMURL().toString();
+            String ref = scanTask.getScanRequest().pncBuild.revision();
+            scanTask.setTektonRunId(invokeOshScmScanPipeline(repo, ref));
+            scanTask.setState(ScanTaskState.RUNNING);
+            break;
+
+        case GIT:
+            scanTask.setTektonRunId(invokeOshScmScanPipeline(scanTask.getScanRequest().git.repo.toString(), scanTask.getScanRequest().git.ref));
+            scanTask.setState(ScanTaskState.RUNNING);
+            break;
+        }
+
+        return scanTask;
+    }
+
+    public String invokeScanTask(String buildId) {
+        // String buildId = "xterm-366-8.el9";
+        String scanProfile = "snyk-only-unstable";
+
+        // random taskrun name generating for now
+        TaskRun taskRun = new TaskRunBuilder().withNewMetadata().withName("osh-scan-taskrun-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase())
+                .endMetadata()
+                .withNewSpec()
+                .withServiceAccountName(SERVICE_ACCOUNT)
+                .withNewTaskRef()
+                .withName(TASK_REFERENCE)
+                .endTaskRef()
+                .withParams(
+                        new Param("buildId", new ArrayOrString(buildId)),
+                        new Param("scanProfile", new ArrayOrString(scanProfile)))
+                .endSpec()
+                .build();
+
+        tektonClient.v1beta1().taskRuns().inNamespace(NAMESPACE).resource(taskRun).create();
+
+        return taskRun.getMetadata().getName();
+    }
+
+    public String invokeOshScmScanPipeline(String repo, String ref) {
+
+        PodSecurityContext securityContext = new PodSecurityContextBuilder()
+                .withRunAsNonRoot(true)
+                .withRunAsUser(65532L)
+                .build();
+
+        WorkspaceBinding sourcesWorkspaceBinding = new WorkspaceBindingBuilder()
+                .withName("sources")
+                .withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-sources", null))
+                .build();
+
+        WorkspaceBinding sourceTarsWorkspaceBinding = new WorkspaceBindingBuilder()
+                .withName("source-tars")
+                .withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-source-tars", null))
+                .build();
+
+        WorkspaceBinding sslCaDirectoryWorkspaceBinding = new WorkspaceBindingBuilder()
+                .withName("ssl-ca-directory")
+                .withConfigMap(new ConfigMapVolumeSource(null, null, "config-trusted-cabundle", null))
+                .build();
+
+        List<WorkspaceBinding> workspaceBindings = new ArrayList<>();
+        workspaceBindings.add(sourcesWorkspaceBinding);
+        workspaceBindings.add(sourceTarsWorkspaceBinding);
+        workspaceBindings.add(sslCaDirectoryWorkspaceBinding);
+
+        PipelineRun pipelineRun = new PipelineRunBuilder()
+                .withNewMetadata().withName("osh-scm-scan-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase()).endMetadata()
+                .withNewSpec()
+                .withNewPodTemplate()
+                .withSecurityContext(securityContext)
+                .endPodTemplate()
+                .withServiceAccountName(SERVICE_ACCOUNT)
+                .withNewPipelineRef().withName(PIPELINE_REFERENCE).endPipelineRef()
+                .addNewParam().withName("repo-url").withNewValue(repo).endParam()
+                .addNewParam().withName("revision").withNewValue(ref).endParam()
+                .withWorkspaces(workspaceBindings)
+                .endSpec()
+                .build();
+
+        tektonClient.v1beta1().pipelineRuns().inNamespace(NAMESPACE).resource(pipelineRun).create();
+
+        return pipelineRun.getMetadata().getName();
+    }
+
+
+}

src/main/java/com/redhat/pctsec/tekton/scmUrlPipelineRun.java

@@ -1,6 +1,74 @@
 package com.redhat.pctsec.tekton;
 
+import io.fabric8.kubernetes.api.model.ConfigMapVolumeSource;
+import io.fabric8.kubernetes.api.model.PersistentVolumeClaimVolumeSource;
+import io.fabric8.kubernetes.api.model.PodSecurityContext;
+import io.fabric8.kubernetes.api.model.PodSecurityContextBuilder;
+import io.fabric8.tekton.client.DefaultTektonClient;
+import io.fabric8.tekton.client.TektonClient;
+import io.fabric8.tekton.client.DefaultTektonClient;
+import io.fabric8.tekton.client.TektonClient;
+import io.fabric8.tekton.pipeline.v1beta1.*;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Singleton;
+import org.apache.commons.lang3.RandomStringUtils;
+
+import java.util.ArrayList;
+import java.util.List;
+
 public class scmUrlPipelineRun {
+    public static final String NAMESPACE = "pct-security-tooling";
+    public static final String REPO_URL = "repo-url";
+    public static final String REVISION = "revision";
+    public static final String PIPELINE_REFERENCE = "osh-client-from-source";
+    public static final String SERVICE_ACCOUNT = "osh-wrapper-client-sa";
+
+    TektonClient tektonClient = new DefaultTektonClient();
+
+    public String invokeOshScmScanPipeline(String repo, String ref) {
+
+        PodSecurityContext securityContext = new PodSecurityContextBuilder()
+                .withRunAsNonRoot(true)
+                .withRunAsUser(65532L)
+                .build();
+
+        WorkspaceBinding sourcesWorkspaceBinding = new WorkspaceBindingBuilder()
+                .withName("sources")
+                .withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-sources", null))
+                .build();
+
+        WorkspaceBinding sourceTarsWorkspaceBinding = new WorkspaceBindingBuilder()
+                .withName("source-tars")
+                .withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("osh-client-source-tars", null))
+                .build();
+
+        WorkspaceBinding sslCaDirectoryWorkspaceBinding = new WorkspaceBindingBuilder()
+                .withName("ssl-ca-directory")
+                .withConfigMap(new ConfigMapVolumeSource(null, null, "config-trusted-cabundle", null))
+                .build();
+
+        List<WorkspaceBinding> workspaceBindings = new ArrayList<>();
+        workspaceBindings.add(sourcesWorkspaceBinding);
+        workspaceBindings.add(sourceTarsWorkspaceBinding);
+        workspaceBindings.add(sslCaDirectoryWorkspaceBinding);
+
+        PipelineRun pipelineRun = new PipelineRunBuilder()
+                .withNewMetadata().withName("osh-scm-scan-" + RandomStringUtils.randomAlphanumeric(8).toLowerCase()).endMetadata()
+                .withNewSpec()
+                .withNewPodTemplate()
+                .withSecurityContext(securityContext)
+                .endPodTemplate()
+                .withServiceAccountName(SERVICE_ACCOUNT)
+                .withNewPipelineRef().withName(PIPELINE_REFERENCE).endPipelineRef()
+                .addNewParam().withName(REPO_URL).withNewValue(repo).endParam()
+                .addNewParam().withName(REVISION).withNewValue(ref).endParam()
+                .withWorkspaces(workspaceBindings)
+                .endSpec()
+                .build();
+
+        tektonClient.v1beta1().pipelineRuns().inNamespace(NAMESPACE).resource(pipelineRun).create();
 
+        return "Scan invoked. PipelineRun name: " + pipelineRun.getMetadata().getName();
+    }
 
 }

src/main/resources/application.properties

@@ -21,8 +21,31 @@
 #%dev.quarkus.kerberos.keytab-path= HTTP_osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM.keytab
 #%dev.quarkus.kerberos.service-principal-name= HTTP/osh-pct-security-tooling.apps.ocp-c1.prod.psi.redhat.com@IPA.REDHAT.COM
 
+##########################################
+#   Data Source                          #
+##########################################
+%dev.quarkus.datasource.devservices.enabled=true
+%dev.quarkus.datasource.db-kind = postgresql
+%dev.quarkus.datasource.username = quarkus
+%dev.quarkus.datasource.password = quarkus
+#%dev.quarkus.datasource.jdbc.url = jdbc:postgresql://localhost:5432/hibernate_db
+%dev.quarkus.hibernate-orm.database.generation=drop-and-create
+
+%stage.quarkus.kubernetes-config.secrets.enabled=true
+quarkus.kubernetes-config.secrets=postgresql
+%stage.quarkus.datasource.jdbc.url=jdbc:postgresql://postgresql:5432/${database-name}
+%stage.quarkus.datasource.username=${database-user}
+%stage.quarkus.datasource.password=${database-password}
+%stage.quarkus.hibernate-orm.database.generation=drop-and-create
+
+
+#Always provide swagger ui
+quarkus.swagger-ui.always-include=true
+%dev.quarkus.openshift.service-account=osh-wrapper-client-sa
+%dev.quarkus.openshift.namespace=pct-security-tooling
+
 %stage.quarkus.openshift.name=osh
-%stage.quarkus.openshift.service-account=osh-wrapper-client-sa
+quarkus.openshift.service-account=osh-wrapper-client-sa
 %stage.quarkus.openshift.labels.env=stage
 %stage.quarkus.log.level=DEBUG
 quarkus.arc.remove-unused-beans=false
@@ -33,6 +56,7 @@ quarkus.arc.remove-unused-beans=false
 %stage.quarkus.openshift.route.expose=false
 %stage.quarkus.openshift.route.target-port=https
 %stage.quarkus.openshift.route.tls.insecure-edge-termination-policy=redirect
+%stage.quarkus.openshift.namespace=pct-security-tooling
 
 ##########################################
 #   Kerberos Specifics                   #
@@ -49,5 +73,12 @@ quarkus.arc.remove-unused-beans=false
 %stage.quarkus.openshift.config-map-volumes.osh-wrapper-config-vol.items."linux-krb5.conf".path=linux-krb5.conf
 %stage.quarkus.openshift.mounts.osh-wrapper-config-vol.read-only=true
 
+##########################################
+#   Tekton Specifics (Used in app)       #
+##########################################
+tekton.pipeline.ref=osh-client-from-source
+tekton.task.ref=osh-scan-task
+tekton.service-account=${quarkus.openshift.service-account}
+
 
 

src/test/java/com/redhat/pctsec/GreetingResourceIT.java

@@ -1,8 +0,0 @@
-package com.redhat.pctsec;
-
-import io.quarkus.test.junit.QuarkusIntegrationTest;
-
-@QuarkusIntegrationTest
-public class GreetingResourceIT extends GreetingResourceTest {
-    // Execute the same tests but in packaged mode.
-}

src/test/java/com/redhat/pctsec/GreetingResourceTest.java

@@ -1,21 +0,0 @@
-package com.redhat.pctsec;
-
-import io.quarkus.test.junit.QuarkusTest;
-import org.junit.jupiter.api.Test;
-
-import static io.restassured.RestAssured.given;
-import static org.hamcrest.CoreMatchers.is;
-
-@QuarkusTest
-public class GreetingResourceTest {
-
-    @Test
-    public void testHelloEndpoint() {
-        given()
-          .when().get("/hello")
-          .then()
-             .statusCode(200)
-             .body(is("Hello from RESTEasy Reactive"));
-    }
-
-}

src/test/java/com/redhat/pctsec/model/osh/paramMapperTest.java

@@ -0,0 +1,22 @@
+package com.redhat.pctsec.model.osh;
+
+import io.quarkus.test.junit.QuarkusTest;
+import jakarta.inject.Inject;
+import org.junit.jupiter.api.Test;
+import java.lang.String;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.CoreMatchers.is;
+
+@QuarkusTest
+public class paramMapperTest {
+
+
+
+    @Test
+    public void testSnykScan() {
+        paramMapper pm = new paramMapper("-p snyk-only-unstable --tarball-build-script=\":\"");
+        System.out.println(pm);
+    }
+
+}