From 6459de4d09f4b77e8f2b85025a17f5b39e7a26c6 Mon Sep 17 00:00:00 2001 From: Shimon Tanny Date: Thu, 19 Feb 2026 10:12:11 +0200 Subject: [PATCH 1/9] add new tekton task --- .tekton/on-pull-request.yaml | 48 +++++++++++++++++++ .../tools/lexical_full_search.py | 2 +- 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/.tekton/on-pull-request.yaml b/.tekton/on-pull-request.yaml index c96501987..1b36d731f 100644 --- a/.tekton/on-pull-request.yaml +++ b/.tekton/on-pull-request.yaml @@ -480,6 +480,54 @@ spec: echo "--- INTEGRATION TESTS FINISHED SUCCESSFULLY ---" + finally: + - name: post-integration-evaluation + when: + - input: $(tasks.integration-test.status) + operator: in + values: + - Succeeded + - Failed + params: + - name: INTEGRATION_TEST_STATUS + value: $(tasks.integration-test.status) + taskSpec: + params: + - name: INTEGRATION_TEST_STATUS + type: string + steps: + - name: report + image: registry.access.redhat.com/ubi9/python-312:9.6 + workingDir: $(workspaces.source.path) + env: + - name: EXPLOIT_IQ_API_BASE + valueFrom: + configMapKeyRef: + name: evaluation-config + key: EXPLOIT_IQ_API_BASE + - name: EXPLOIT_IQ_API_TOKEN + valueFrom: + secretKeyRef: + name: evaluation-secret + key: EXPLOIT_IQ_API_TOKEN + - name: NGC_API_KEY + valueFrom: + secretKeyRef: + name: evaluation-secret + key: NGC_API_KEY + script: | + #!/bin/bash + set -e + echo "--- POST INTEGRATION REPORT ---" + echo "Integration test status: $(params.INTEGRATION_TEST_STATUS)" + #check if the run_cve_evaluation.py file is present + if [ -f run_cve_evaluation.py ]; then + echo "run_cve_evaluation.py file found" + python3 run_cve_evaluation.py --mode api --stages all --submit + else + echo "run_cve_evaluation.py file not found" + fi + echo "--- POST INTEGRATION REPORT DONE ---" workspaces: - name: source diff --git a/src/vuln_analysis/tools/lexical_full_search.py b/src/vuln_analysis/tools/lexical_full_search.py index 0b24fcc1e..3b4e87db8 100644 --- a/src/vuln_analysis/tools/lexical_full_search.py +++ b/src/vuln_analysis/tools/lexical_full_search.py @@ -27,7 +27,7 @@ logger = LoggingFactory.get_agent_logger(__name__) - +#add documentation for the tool class LexicalSearchToolConfig(FunctionBaseConfig, name=LEXICAL_CODE_SEARCH): """ Lexical search tool used to search source code. From 25c7065eb0b0724436eb868283005213bbda97ef Mon Sep 17 00:00:00 2001 From: Shimon Tanny Date: Sun, 8 Mar 2026 10:20:21 +0200 Subject: [PATCH 2/9] change image name --- .tekton/on-pull-request.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/on-pull-request.yaml b/.tekton/on-pull-request.yaml index 1b36d731f..f139b50c6 100644 --- a/.tekton/on-pull-request.yaml +++ b/.tekton/on-pull-request.yaml @@ -497,7 +497,7 @@ spec: type: string steps: - name: report - image: registry.access.redhat.com/ubi9/python-312:9.6 + image: quay.io/ecosystem-appeng/cve-evaluation workingDir: $(workspaces.source.path) env: - name: EXPLOIT_IQ_API_BASE From 8d403c955e45119ca058a4c601fd3ee76b43ea05 Mon Sep 17 00:00:00 2001 From: Shimon Tanny Date: Sun, 8 Mar 2026 10:53:28 +0200 Subject: [PATCH 3/9] update image tag --- .tekton/on-pull-request.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/on-pull-request.yaml b/.tekton/on-pull-request.yaml index f139b50c6..d546dc7b3 100644 --- a/.tekton/on-pull-request.yaml +++ b/.tekton/on-pull-request.yaml @@ -497,7 +497,7 @@ spec: type: string steps: - name: report - image: quay.io/ecosystem-appeng/cve-evaluation + image: quay.io/ecosystem-appeng/cve-evaluation:v1.0 workingDir: $(workspaces.source.path) env: - name: EXPLOIT_IQ_API_BASE From e53e91e7c2b311cf59b8ea3c619ec05c23d8f652 Mon Sep 17 00:00:00 2001 From: Shimon Tanny Date: Thu, 12 Mar 2026 09:04:44 +0200 Subject: [PATCH 4/9] new image version --- .tekton/on-pull-request.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/on-pull-request.yaml b/.tekton/on-pull-request.yaml index d546dc7b3..a91a89217 100644 --- a/.tekton/on-pull-request.yaml +++ b/.tekton/on-pull-request.yaml @@ -497,7 +497,7 @@ spec: type: string steps: - name: report - image: quay.io/ecosystem-appeng/cve-evaluation:v1.0 + image: quay.io/ecosystem-appeng/cve-evaluation:latest workingDir: $(workspaces.source.path) env: - name: EXPLOIT_IQ_API_BASE From db00e1c4c477db8f3ea982f461b343afead7ff75 Mon Sep 17 00:00:00 2001 From: Shimon Tanny Date: Thu, 12 Mar 2026 09:08:59 +0200 Subject: [PATCH 5/9] force build image --- src/vuln_analysis/tools/lexical_full_search.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/vuln_analysis/tools/lexical_full_search.py b/src/vuln_analysis/tools/lexical_full_search.py index 3b4e87db8..334d17b89 100644 --- a/src/vuln_analysis/tools/lexical_full_search.py +++ b/src/vuln_analysis/tools/lexical_full_search.py @@ -27,7 +27,7 @@ logger = LoggingFactory.get_agent_logger(__name__) -#add documentation for the tool +#add documentation for the tool sort main reasults to dependencies class LexicalSearchToolConfig(FunctionBaseConfig, name=LEXICAL_CODE_SEARCH): """ Lexical search tool used to search source code. From 22be48884cc17fe790165e8f55e84d41778dec3c Mon Sep 17 00:00:00 2001 From: Shimon Tanny Date: Thu, 12 Mar 2026 09:45:44 +0200 Subject: [PATCH 6/9] fix args for image --- .tekton/on-pull-request.yaml | 21 +++++++------------ .../tools/lexical_full_search.py | 2 +- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/.tekton/on-pull-request.yaml b/.tekton/on-pull-request.yaml index a91a89217..96e656a03 100644 --- a/.tekton/on-pull-request.yaml +++ b/.tekton/on-pull-request.yaml @@ -498,7 +498,6 @@ spec: steps: - name: report image: quay.io/ecosystem-appeng/cve-evaluation:latest - workingDir: $(workspaces.source.path) env: - name: EXPLOIT_IQ_API_BASE valueFrom: @@ -515,19 +514,13 @@ spec: secretKeyRef: name: evaluation-secret key: NGC_API_KEY - script: | - #!/bin/bash - set -e - echo "--- POST INTEGRATION REPORT ---" - echo "Integration test status: $(params.INTEGRATION_TEST_STATUS)" - #check if the run_cve_evaluation.py file is present - if [ -f run_cve_evaluation.py ]; then - echo "run_cve_evaluation.py file found" - python3 run_cve_evaluation.py --mode api --stages all --submit - else - echo "run_cve_evaluation.py file not found" - fi - echo "--- POST INTEGRATION REPORT DONE ---" + args: + - --mode + - api + - --stages + - all + - --submit + workspaces: - name: source diff --git a/src/vuln_analysis/tools/lexical_full_search.py b/src/vuln_analysis/tools/lexical_full_search.py index 334d17b89..5edde514b 100644 --- a/src/vuln_analysis/tools/lexical_full_search.py +++ b/src/vuln_analysis/tools/lexical_full_search.py @@ -27,7 +27,7 @@ logger = LoggingFactory.get_agent_logger(__name__) -#add documentation for the tool sort main reasults to dependencies +#add documentation for the tool sort main reasults to dependencies ... class LexicalSearchToolConfig(FunctionBaseConfig, name=LEXICAL_CODE_SEARCH): """ Lexical search tool used to search source code. From ddd2b6563f1acc401db7a3ef139e617f9a614b07 Mon Sep 17 00:00:00 2001 From: Shimon Tanny Date: Thu, 12 Mar 2026 10:32:58 +0200 Subject: [PATCH 7/9] add cve evaluation to cm test --- .tekton/on-cm-runner.yaml | 41 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/.tekton/on-cm-runner.yaml b/.tekton/on-cm-runner.yaml index 27d0f6672..2907d3094 100644 --- a/.tekton/on-cm-runner.yaml +++ b/.tekton/on-cm-runner.yaml @@ -521,6 +521,47 @@ spec: echo "--- Release Process Complete ---" + finally: + - name: post-cm-evaluation + when: + - input: $(tasks.integration-test.status) + operator: in + values: + - Succeeded + - Failed + params: + - name: INTEGRATION_TEST_STATUS + value: $(tasks.integration-test.status) + taskSpec: + params: + - name: INTEGRATION_TEST_STATUS + type: string + steps: + - name: report + image: quay.io/ecosystem-appeng/cve-evaluation:latest + env: + - name: EXPLOIT_IQ_API_BASE + valueFrom: + configMapKeyRef: + name: evaluation-config + key: EXPLOIT_IQ_API_BASE + - name: EXPLOIT_IQ_API_TOKEN + valueFrom: + secretKeyRef: + name: evaluation-secret + key: EXPLOIT_IQ_API_TOKEN + - name: NGC_API_KEY + valueFrom: + secretKeyRef: + name: evaluation-secret + key: NGC_API_KEY + args: + - --mode + - api + - --stages + - all + - --submit + # ------------------------------------------------ # WORKSPACE BINDINGS # ------------------------------------------------ From b164075480c74998e0ea0add82184b6e6f3ea351 Mon Sep 17 00:00:00 2001 From: Shimon Tanny Date: Thu, 12 Mar 2026 17:16:19 +0200 Subject: [PATCH 8/9] rerun clean java cache --- .tekton/on-pull-request.yaml | 1 + src/vuln_analysis/tools/lexical_full_search.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.tekton/on-pull-request.yaml b/.tekton/on-pull-request.yaml index 96e656a03..bd8ca0349 100644 --- a/.tekton/on-pull-request.yaml +++ b/.tekton/on-pull-request.yaml @@ -251,6 +251,7 @@ spec: # This is handled in the Makefile's lint-pr target and should be reverted after migration. make lint-pr TARGET_BRANCH=$TARGET_BRANCH_NAME + print_banner "RUNNING UNIT TESTS" make test-unit PYTEST_OPTS="--log-cli-level=DEBUG" diff --git a/src/vuln_analysis/tools/lexical_full_search.py b/src/vuln_analysis/tools/lexical_full_search.py index 5edde514b..1bb6cf21f 100644 --- a/src/vuln_analysis/tools/lexical_full_search.py +++ b/src/vuln_analysis/tools/lexical_full_search.py @@ -27,7 +27,7 @@ logger = LoggingFactory.get_agent_logger(__name__) -#add documentation for the tool sort main reasults to dependencies ... +#add documentation for the tool sort main reasults to dependencies ,next class LexicalSearchToolConfig(FunctionBaseConfig, name=LEXICAL_CODE_SEARCH): """ Lexical search tool used to search source code. From f48f631c5e19819ace7f122229d935bf55ef1103 Mon Sep 17 00:00:00 2001 From: Shimon Tanny Date: Thu, 14 May 2026 08:31:13 +0300 Subject: [PATCH 9/9] update evaluation tag name to llama --- .tekton/on-pull-request.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/on-pull-request.yaml b/.tekton/on-pull-request.yaml index bd8ca0349..d9c78a5d2 100644 --- a/.tekton/on-pull-request.yaml +++ b/.tekton/on-pull-request.yaml @@ -498,7 +498,7 @@ spec: type: string steps: - name: report - image: quay.io/ecosystem-appeng/cve-evaluation:latest + image: quay.io/ecosystem-appeng/cve-evaluation:llama_prompt env: - name: EXPLOIT_IQ_API_BASE valueFrom: