| app_version |
The version of the app to deploy. |
string |
"v1" |
no |
| artifact_signature_verification |
Set to 1 to enable artifact signature verification. |
string |
"" |
no |
| artifactory_dashboard_url |
Type the URL that you want to navigate to when you click the Artifactory integration tile. |
string |
"" |
no |
| artifactory_integration_name |
The name of the Artifactory tool integration. |
string |
"artifactory-dockerconfigjson" |
no |
| artifactory_repo_name |
Type the name of your Artifactory repository where your docker images are located. |
string |
"wcp-compliance-automation-team-docker-local" |
no |
| artifactory_repo_url |
Type the URL for your Artifactory release repository. |
string |
"" |
no |
| artifactory_token_secret_crn |
The CRN for the Artifactory secret. |
string |
"" |
no |
| artifactory_token_secret_group |
Secret group prefix for the Artifactory token secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| artifactory_token_secret_name |
Name of the artifactory token secret in the secret provider. |
string |
"artifactory-token" |
no |
| artifactory_user |
Type the User ID or email for your Artifactory repository. |
string |
"" |
no |
| authorization_policy_creation |
Set to disabled if you do not want this policy auto created. |
string |
"" |
no |
| change_management_group |
Specify Git user/group for change management repo. |
string |
"" |
no |
| change_management_repo_auth_type |
Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. |
string |
"oauth" |
no |
| change_management_repo_git_id |
Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. |
string |
"" |
no |
| change_management_repo_git_provider |
Choose the default git provider for change management repo |
string |
"hostedgit" |
no |
| change_management_repo_git_token_secret_crn |
The CRN for the Change Managemenrt repository Git Token. |
string |
"" |
no |
| change_management_repo_git_token_secret_name |
Name of the Git token secret in the secret provider. |
string |
"git-token" |
no |
| change_management_repo_initialization_type |
The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. |
string |
"" |
no |
| change_management_repo_integration_owner |
The name of the integration owner. |
string |
"" |
no |
| change_management_repo_is_private_repo |
Set to true to make repository private. |
bool |
true |
no |
| change_management_repo_issues_enabled |
Set to true to enable issues. |
bool |
true |
no |
| change_management_repo_name |
The repository name. |
string |
"" |
no |
| change_management_repo_secret_group |
Secret group prefix for the Change Management repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| change_management_repo_traceability_enabled |
Set to true to enable traceability. |
bool |
false |
no |
| change_repo_clone_from_url |
Override the default management repo , which will be cloned into the app repo. Note, using clone_if_not_exists mode, so if the app repo already exists the repo contents are unchanged. |
string |
"" |
no |
| change_request_id |
The ID of an open change request. If this parameter is set to 'notAvailable' by default, a change request is automatically created by the continuous deployment pipeline. |
string |
"notAvailable" |
no |
| cluster_name |
Name of the Kubernetes cluster where the application is deployed. |
string |
"mycluster-free" |
no |
| cluster_namespace |
Namespace of the Kubernetes cluster where the application is deployed. |
string |
"default" |
no |
| cluster_region |
Region of the Kubernetes cluster where the application is deployed. |
string |
"ibm:yp:us-south" |
no |
| code_engine_app_concurrency |
The maximum number of requests that can be processed concurrently per instance. |
string |
"100" |
no |
| code_engine_app_deployment_timeout |
The maximum timeout for the application deployment. |
string |
"300" |
no |
| code_engine_app_max_scale |
The maximum number of instances that can be used for this application. If you set this value to 0, the application scales as needed. The application scaling is limited only by the instances per the resource quota for the project of your application. |
string |
"1" |
no |
| code_engine_app_min_scale |
The minimum number of instances that can be used for this application. This option is useful to ensure that no instances are running when not needed. |
string |
"0" |
no |
| code_engine_app_port |
The port where the application listens. The format is [NAME:]PORT, where [NAME:] is optional. If [NAME:] is specified, valid values are h2c, or http1. When [NAME:] is not specified or is http1, the port uses HTTP/1.1. When [NAME:] is h2c, the port uses unencrypted HTTP/2. |
string |
"8080" |
no |
| code_engine_app_visibility |
The visibility for the application. Valid values are public, private and project. Setting a visibility of public means that your app can receive requests from the public internet or from components within the Code Engine project. Setting a visibility of private means that your app is not accessible from the public internet and network access is only possible from other IBM Cloud using Virtual Private Endpoints (VPE) or Code Engine components that are running in the same project. Visibility can only be private if the project supports application private visibility. Setting a visibility of project means that your app is not accessible from the public internet and network access is only possible from other Code Engine components that are running in the same project. |
string |
"public" |
no |
| code_engine_binding_resource_group |
The name of a resource group to use for authentication for the service bindings of the Code Engine project. A service ID is created with Operator and Manager roles for all services in this resource group. Use '*' to specify all resource groups in this account. |
string |
"" |
no |
| code_engine_cpu |
The amount of CPU set for the instance of the application or job. |
string |
"0.25" |
no |
| code_engine_deployment_type |
type of Code Engine component to create/update as part of deployment. It can be either application or job. |
string |
"application" |
no |
| code_engine_env_from_configmaps |
Semi-colon separated list of configmaps to set environment variables. |
string |
"" |
no |
| code_engine_env_from_secrets |
Semi-colon separated list of secrets to set environment variables. |
string |
"" |
no |
| code_engine_ephemeral_storage |
The amount of ephemeral storage to set for the instance of the application or for the runs of the job. Use M for megabytes or G for gigabytes. |
string |
"0.4G" |
no |
| code_engine_job_instances |
Specifies the number of instances that are used for runs of the job. When you use this option, the system converts to array indices. For example, if you specify instances of 5, the system converts to array-indices of 0 - 4. This option can only be specified if the --array-indices option is not specified. The default value is 1. |
string |
"1" |
no |
| code_engine_job_maxexecutiontime |
The maximum execution time in seconds for runs of the job. |
string |
"7200" |
no |
| code_engine_job_retrylimit |
The number of times to rerun an instance of the job before the job is marked as failed. |
string |
"3" |
no |
| code_engine_memory |
The amount of memory set for the instance of the application or job. Use M for megabytes or G for gigabytes. |
string |
"0.5G" |
no |
| code_engine_project |
The name of the Code Engine project to use. Created if it does not exist. |
string |
"" |
no |
| code_engine_region |
The region to create/lookup for the Code Engine project. |
string |
"" |
no |
| code_engine_remove_refs |
Remove references to unspecified configuration resources (configmap/secret) references (pulled from env-from-configmaps, env-from-secrets along with auto-managed by CD). |
string |
"false" |
no |
| code_engine_resource_group |
The resource group of the Code Engine project. |
string |
"" |
no |
| code_engine_service_bindings |
JSON array including service name(s) (as a simple JSON string). |
string |
"" |
no |
| code_signing_cert |
The base64 encoded GPG public key. Setting this will add the public signing cert to the pipeline properties. Alternatively see enable_signing_validation to store the cert in a Secrets provider . |
string |
"" |
no |
| code_signing_cert_secret_crn |
The CRN for the public signing key cert in the secrets provider. |
string |
"" |
no |
| code_signing_cert_secret_group |
Secret group prefix for the pipeline Public signing key cert secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| code_signing_cert_secret_name |
This is the optional alternative to using code_signing_cert for storing the GPG public signing key. Set this variable with the name of the secret containing the GPG public key from the Secrets Provider. |
string |
"" |
no |
| compliance_base_image |
Pipeline baseimage to run most of the built-in pipeline code. |
string |
"" |
no |
| compliance_pipeline_group |
Specify Git user/group for compliance pipeline repo. |
string |
"" |
no |
| compliance_pipeline_repo_auth_type |
Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. |
string |
"oauth" |
no |
| compliance_pipeline_repo_git_provider |
Choose the default git provider for change management repo |
string |
"hostedgit" |
no |
| compliance_pipeline_repo_git_token_secret_crn |
The CRN for the Compliance Pipeline repository Git Token. |
string |
"" |
no |
| compliance_pipeline_repo_git_token_secret_name |
Name of the Git token secret in the secret provider. |
string |
"git-token" |
no |
| compliance_pipeline_repo_integration_owner |
The name of the integration owner. |
string |
"" |
no |
| compliance_pipeline_repo_issues_enabled |
Set to true to enable issues. |
bool |
false |
no |
| compliance_pipeline_repo_secret_group |
Secret group prefix for the Compliance Pipeline repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| compliance_pipeline_repo_url |
URL of pipeline repo template to be cloned. |
string |
"" |
no |
| compliance_pipelines_repo_git_id |
Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. |
string |
"" |
no |
| cos_api_key_secret_crn |
The CRN for the Cloud Object Storage apikey. |
string |
"" |
no |
| cos_api_key_secret_group |
Secret group prefix for the COS API key secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| cos_api_key_secret_name |
Name of the IBM Cloud Storage api-key secret in the secret provider. |
string |
"cos-api-key" |
no |
| cos_bucket_name |
COS bucket name. |
string |
"" |
no |
| cos_dashboard_url |
The dashboard URL for the COS toolcard. |
string |
"https://cloud.ibm.com/objectstorage" |
no |
| cos_description |
The COS description on the tool card. |
string |
"Cloud Object Storage to store evidences within DevSecOps Pipelines" |
no |
| cos_documentation_url |
The documentation URL that appears on the tool card. |
string |
"https://cloud.ibm.com/objectstorage" |
no |
| cos_endpoint |
COS endpoint name. |
string |
"" |
no |
| cos_integration_name |
The name of the COS integration. |
string |
"Evidence Store" |
no |
| create_triggers |
Set to true to create all the default triggers. |
bool |
true |
no |
| customer_impact |
Custom impact of the change request. |
string |
"no_impact" |
no |
| default_git_provider |
Choose the default git provider for app repo |
string |
"hostedgit" |
no |
| deployment_group |
Specify Git user/group for deployment repo. |
string |
"" |
no |
| deployment_repo_auth_type |
Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat. |
string |
"oauth" |
no |
| deployment_repo_clone_from_branch |
Used when deployment_repo_clone_from_url is provided, the default branch that will be used by the CD build, usually either main or master. |
string |
"" |
no |
| deployment_repo_clone_from_url |
Override the default sample app by providing your own sample deployment url, which will be cloned into the app repo. Note, using clone_if_not_exists mode, so if the app repo already exists the repo contents are unchanged. |
string |
"" |
no |
| deployment_repo_clone_to_git_id |
By default absent, else custom server GUID, or other options for 'git_id' field in the browser UI. |
string |
"" |
no |
| deployment_repo_clone_to_git_provider |
By default 'hostedgit', else use 'githubconsolidated' or 'gitlab'. |
string |
"" |
no |
| deployment_repo_existing_branch |
Used when deployment_repo_existing_url is provided, the default branch that will be used by the CD build, usually either main or master. |
string |
"" |
no |
| deployment_repo_existing_git_id |
By default absent, else custom server GUID, or other options for 'git_id' field in the browser UI. |
string |
"" |
no |
| deployment_repo_existing_git_provider |
By default 'hostedgit', else use 'githubconsolidated' or 'gitlab'. |
string |
"hostedgit" |
no |
| deployment_repo_existing_url |
Override to bring your own existing deployment repository URL, which will be used directly instead of cloning the default deployment sample. |
string |
"" |
no |
| deployment_repo_git_token_secret_crn |
The CRN for the Deployment repository Git Token. |
string |
"" |
no |
| deployment_repo_git_token_secret_name |
Name of the Git token secret in the secret provider. |
string |
"git-token" |
no |
| deployment_repo_initialization_type |
The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. |
string |
"" |
no |
| deployment_repo_integration_owner |
The name of the integration owner. |
string |
"" |
no |
| deployment_repo_is_private_repo |
Set to true to make repository private. |
bool |
true |
no |
| deployment_repo_issues_enabled |
Set to true to enable issues. |
bool |
false |
no |
| deployment_repo_name |
The repository name. |
string |
"" |
no |
| deployment_repo_secret_group |
Secret group prefix for the Deployment repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| deployment_repo_traceability_enabled |
Set to true to enable traceability. |
bool |
false |
no |
| deployment_source_repo_url |
Url of deployment repo template |
string |
"" |
no |
| deployment_target |
The deployment target, 'cluster' or 'code-engine'. |
string |
"cluster" |
no |
| doi_environment |
DevOpsInsights environment for DevSecOps CD deployment. |
string |
"" |
no |
| doi_toolchain_id |
DevOps Insights Toolchain ID to link to. |
string |
"" |
no |
| emergency_label |
Identifies the pull request as an emergency. |
string |
"EMERGENCY" |
no |
| enable_artifactory |
Set true to enable artifacory for devsecops. |
bool |
false |
no |
| enable_change_management_repo |
Set to true to enable the Change Management Repo integration. |
string |
true |
no |
| enable_insights |
Set to true to enable the DevOps Insights integration. |
bool |
true |
no |
| enable_key_protect |
Set to enable Key Protect Integration. |
bool |
false |
no |
| enable_pipeline_git_token |
Enable to add git-token to the pipeline properties. |
bool |
false |
no |
| enable_pipeline_notifications |
When enabled, pipeline run events will be sent to the Event Notifications and Slack integrations in the enclosing toolchain. |
bool |
false |
no |
| enable_secrets_manager |
Set to enable Secrets Manager Integration. |
bool |
true |
no |
| enable_slack |
Set to true to create the integration. |
bool |
false |
no |
| event_notifications |
To enable event notification, set event_notifications to 1 |
string |
"0" |
no |
| event_notifications_crn |
The CRN for the Event Notifications instance. |
string |
"" |
no |
| event_notifications_tool_name |
The name of the Event Notifications integration. |
string |
"Event Notifications" |
no |
| evidence_group |
Specify Git user/group for evidence repo. |
string |
"" |
no |
| evidence_repo_auth_type |
Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. |
string |
"oauth" |
no |
| evidence_repo_git_id |
Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. |
string |
"" |
no |
| evidence_repo_git_provider |
Git provider for evidence repo |
string |
"hostedgit" |
no |
| evidence_repo_git_token_secret_crn |
The CRN for the Evidence repository Git Token. |
string |
"" |
no |
| evidence_repo_git_token_secret_name |
Name of the Git token secret in the secret provider. |
string |
"git-token" |
no |
| evidence_repo_initialization_type |
The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. |
string |
"" |
no |
| evidence_repo_integration_owner |
The name of the integration owner. |
string |
"" |
no |
| evidence_repo_is_private_repo |
Set to true to make repository private. |
bool |
true |
no |
| evidence_repo_issues_enabled |
Set to true to enable issues. |
bool |
false |
no |
| evidence_repo_name |
The repository name. |
string |
"" |
no |
| evidence_repo_secret_group |
Secret group prefix for the Evidence repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| evidence_repo_traceability_enabled |
Set to true to enable traceability. |
bool |
false |
no |
| evidence_repo_url |
This is a template repository to clone compliance-evidence-locker for reference DevSecOps toolchain templates. |
string |
"" |
no |
| force_redeploy |
Forces the deployment or redeployment of the app even if the last deployment does not contain a delta in the inventory. Set this parameter to true to force a deployment of the app as if it is the first deployment on the specified target environment. By default, this parameter is set to false. |
string |
"false" |
no |
| ibmcloud_api |
IBM Cloud API Endpoint. |
string |
"https://cloud.ibm.com" |
no |
| ibmcloud_api_key |
API key used to create the toolchains. |
string |
n/a |
yes |
| inventory_group |
Specify Git user/group for inventory repo. |
string |
"" |
no |
| inventory_repo_auth_type |
Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. |
string |
"oauth" |
no |
| inventory_repo_git_id |
Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. |
string |
"" |
no |
| inventory_repo_git_provider |
Git provider for inventory repo |
string |
"hostedgit" |
no |
| inventory_repo_git_token_secret_crn |
The CRN for the Inventory repository Git Token. |
string |
"" |
no |
| inventory_repo_git_token_secret_name |
Name of the Git token secret in the secret provider. |
string |
"git-token" |
no |
| inventory_repo_initialization_type |
The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. |
string |
"" |
no |
| inventory_repo_integration_owner |
The name of the integration owner. |
string |
"" |
no |
| inventory_repo_is_private_repo |
Set to true to make repository private. |
bool |
true |
no |
| inventory_repo_issues_enabled |
Set to true to enable issues. |
bool |
false |
no |
| inventory_repo_name |
The repository name. |
string |
"" |
no |
| inventory_repo_secret_group |
Secret group prefix for the Inventory repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| inventory_repo_traceability_enabled |
Set to true to enable traceability. |
bool |
false |
no |
| inventory_repo_url |
This is a template repository to clone compliance-inventory-locker for reference DevSecOps toolchain templates. |
string |
"" |
no |
| issues_group |
Specify Git user/group for issues repo. |
string |
"" |
no |
| issues_repo_auth_type |
Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. |
string |
"oauth" |
no |
| issues_repo_git_id |
Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. |
string |
"" |
no |
| issues_repo_git_provider |
Git provider for issue repo |
string |
"hostedgit" |
no |
| issues_repo_git_token_secret_crn |
The CRN for the Issues repository Git Token. |
string |
"" |
no |
| issues_repo_git_token_secret_name |
Name of the Git token secret in the secret provider. |
string |
"git-token" |
no |
| issues_repo_initialization_type |
The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. |
string |
"" |
no |
| issues_repo_integration_owner |
The name of the integration owner. |
string |
"" |
no |
| issues_repo_is_private_repo |
Set to true to make repository private. |
bool |
true |
no |
| issues_repo_issues_enabled |
Set to true to enable issues. |
bool |
true |
no |
| issues_repo_name |
The repository name. |
string |
"" |
no |
| issues_repo_secret_group |
Secret group prefix for the Issues repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| issues_repo_traceability_enabled |
Set to true to enable traceability. |
bool |
false |
no |
| issues_repo_url |
This is a template repository to clone compliance-issues for reference DevSecOps toolchain templates. |
string |
"" |
no |
| kp_integration_name |
The name of the Key Protect integration. |
string |
"kp-compliance-secrets" |
no |
| kp_location |
IBM Cloud location/region containing the Key Protect instance. |
string |
"us-south" |
no |
| kp_name |
Name of the Key Protect instance where the secrets are stored. |
string |
"kp-compliance-secrets" |
no |
| kp_resource_group |
The resource group containing the Key Protect instance. |
string |
"Default" |
no |
| link_to_doi_toolchain |
Enable a link to a DevOpsInsights instance in another toolchain, true or false. |
bool |
false |
no |
| merge_cra_sbom |
Merge the SBOM. |
string |
"1" |
no |
| peer_review_collection |
Set to 1 to enable peer review collection. |
string |
"" |
no |
| peer_review_compliance |
Set to 1 to enable peer review compliance validation. |
string |
"1" |
no |
| pipeline_branch |
The branch within pipeline definitions repository for Compliance CD Toolchain. |
string |
"open-v10" |
no |
| pipeline_config_group |
Specify Git user/group for pipeline config repo. |
string |
"" |
no |
| pipeline_config_path |
The name and path of the pipeline-config.yaml file within the pipeline-config repo. |
string |
".pipeline-config.yaml" |
no |
| pipeline_config_repo_auth_type |
Select the method of authentication that will be used to access the git provider. 'oauth' or 'pat'. |
string |
"oauth" |
no |
| pipeline_config_repo_branch |
Specify the branch containing the custom pipeline-config.yaml file. |
string |
"" |
no |
| pipeline_config_repo_clone_from_url |
Specify a repository to clone that contains a custom pipeline-config.yaml file. |
string |
"" |
no |
| pipeline_config_repo_existing_url |
Specify a repository containing a custom pipeline-config.yaml file. |
string |
"" |
no |
| pipeline_config_repo_git_id |
Set this value to github for github.com, or to the GUID of a custom GitHub Enterprise server. |
string |
"" |
no |
| pipeline_config_repo_git_provider |
Git provider for pipeline repo config |
string |
"hostedgit" |
no |
| pipeline_config_repo_git_token_secret_crn |
The CRN for the Config repository Git Token. |
string |
"" |
no |
| pipeline_config_repo_git_token_secret_name |
Name of the Git token secret in the secret provider. |
string |
"git-token" |
no |
| pipeline_config_repo_initialization_type |
The initialization type for the repo. Can be new, fork, clone, link, new_if_not_exists, clone_if_not_exists, fork_if_not_exists. |
string |
"" |
no |
| pipeline_config_repo_integration_owner |
The name of the integration owner. |
string |
"" |
no |
| pipeline_config_repo_is_private_repo |
Set to true to make repository private. |
bool |
true |
no |
| pipeline_config_repo_issues_enabled |
Set to true to enable issues. |
bool |
false |
no |
| pipeline_config_repo_name |
The repository name. |
string |
"" |
no |
| pipeline_config_repo_secret_group |
Secret group prefix for the Pipeline Config repo secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| pipeline_config_repo_traceability_enabled |
Set to true to enable traceability. |
bool |
false |
no |
| pipeline_debug |
Set to '1' to enable debug logging. |
string |
"0" |
no |
| pipeline_doi_api_key_secret_crn |
The CRN for the DOI apikey. |
string |
"" |
no |
| pipeline_doi_api_key_secret_group |
Secret group prefix for the pipeline DOI api key. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| pipeline_doi_api_key_secret_name |
Name of the Cloud API key secret in the secret provider to access the toolchain containing the Devops Insights instance. |
string |
"" |
no |
| pipeline_git_tag |
The GIT tag within the pipeline definitions repository for Compliance CD Toolchain. |
string |
"" |
no |
| pipeline_git_token_secret_crn |
The CRN for the Git Token secret in the pipeline properties. |
string |
"" |
no |
| pipeline_git_token_secret_group |
Secret group prefix for the pipeline Git token secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| pipeline_git_token_secret_name |
Name of the pipeline Git token secret in the secret provider. |
string |
"pipeline-git-token" |
no |
| pipeline_ibmcloud_api_key_secret_crn |
The CRN for the pipeline apikey. |
string |
"" |
no |
| pipeline_ibmcloud_api_key_secret_group |
Secret group prefix for the pipeline ibmcloud API key secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| pipeline_ibmcloud_api_key_secret_name |
Name of the Cloud API key secret in the secret provider. |
string |
"ibmcloud-api-key" |
no |
| pipeline_properties |
Stringified JSON containing the properties. This takes precedence over the properties JSON. |
string |
"" |
no |
| pipeline_properties_filepath |
The path to the file containing the property JSON. If this is not set, it will by default read the properties.json file at the root of the module. |
string |
"" |
no |
| pre_prod_evidence_collection |
Set this flag to collect the pre-prod evidences and the change requests in the production deployment (target-environment-purpose set to production). Default value is 0. |
string |
"0" |
no |
| privateworker_credentials_secret_crn |
The CRN for the Private Worker apikey. |
string |
"" |
no |
| privateworker_credentials_secret_group |
Secret group prefix for the Private Worker secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| privateworker_credentials_secret_name |
Name of the privateworker secret in the secret provider. |
string |
"private-worker-service-api" |
no |
| region |
IBM Cloud region used to prefix the prod_latest inventory repo branch. |
string |
"" |
no |
| repositories_prefix |
Prefix name for the cloned compliance repos. |
string |
"compliance" |
no |
| repository_properties |
Stringified JSON containing the repositories and triggers. This takes precedence over the repositories JSON. |
string |
"" |
no |
| repository_properties_filepath |
The path to the file containing the repository and triggers JSON. If this is not set, it will by default read the repositories.json file at the root of the module. |
string |
"" |
no |
| satellite_cluster_group |
The Satellite cluster group. |
string |
"" |
no |
| scc_attachment_id |
An attachment ID. An attachment is configured under a profile to define how a scan will be run. To find the attachment ID, in the browser, in the attachments list, click on the attachment link, and a panel appears with a button to copy the attachment ID. This parameter is only relevant when the scc_use_profile_attachment parameter is enabled. |
string |
"" |
no |
| scc_enable_scc |
Enable the SCC integration. |
bool |
true |
no |
| scc_instance_crn |
The Security and Compliance Center service instance CRN (Cloud Resource Name). This parameter is only relevant when the scc_use_profile_attachment parameter is enabled. The value must match the regular expression. |
string |
"" |
no |
| scc_integration_name |
The name of the SCC integration name. |
string |
"Devsecops Scope" |
no |
| scc_profile_name |
The name of a Security and Compliance Center profile. Use the IBM Cloud Framework for Financial Services profile, which contains the DevSecOps Toolchain rules. Or use a user-authored customized profile that has been configured to contain those rules. This parameter is only relevant when the scc_use_profile_attachment parameter is enabled. |
string |
"" |
no |
| scc_profile_version |
The version of a Security and Compliance Center profile, in SemVer format, like 0.0.0. This parameter is only relevant when the scc_use_profile_attachment parameter is enabled. |
string |
"" |
no |
| scc_scc_api_key_secret_crn |
The CRN for the SCC apikey. |
string |
"" |
no |
| scc_scc_api_key_secret_group |
Secret group prefix for the Security and Compliance tool secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| scc_scc_api_key_secret_name |
The Security and Compliance Center api-key secret in the secret provider. |
string |
"scc-api-key" |
no |
| scc_use_profile_attachment |
Set to enabled to enable use profile with attachment, so that the scripts in the pipeline can interact with the Security and Compliance Center service. When enabled, other parameters become relevant; scc_scc_api_key_secret_name, scc_instance_crn, scc_profile_name, scc_profile_version, scc_attachment_id. |
string |
"disabled" |
no |
| slack_channel_name |
The Slack channel that notifications will be posted to. |
string |
"my-channel" |
no |
| slack_integration_name |
The name of the Slack integration. |
string |
"slack-compliance" |
no |
| slack_notifications |
The switch that turns the Slack integration on or off. |
string |
"0" |
no |
| slack_pipeline_fail |
Generate pipeline failed notifications. |
bool |
true |
no |
| slack_pipeline_start |
Generate pipeline start notifications. |
bool |
true |
no |
| slack_pipeline_success |
Generate pipeline succeeded notifications. |
bool |
true |
no |
| slack_team_name |
The Slack team name, which is the word or phrase before .slack.com in the team URL. |
string |
"my-team" |
no |
| slack_toolchain_bind |
Generate tool added to toolchain notifications. |
bool |
true |
no |
| slack_toolchain_unbind |
Generate tool removed from toolchain notifications. |
bool |
true |
no |
| slack_webhook_secret_crn |
The CRN for the Slack webhook secret. |
string |
"" |
no |
| slack_webhook_secret_group |
Secret group prefix for the Slack webhook secret. Defaults to sm_secret_group if not set. Only used with Secrets Manager. |
string |
"" |
no |
| slack_webhook_secret_name |
Name of the webhook secret in the secret provider. |
string |
"slack-webhook" |
no |
| sm_instance_crn |
The CRN of the Secrets Manager instance. |
string |
"" |
no |
| sm_integration_name |
The name of the Secrets Manager integration. |
string |
"sm-compliance-secrets" |
no |
| sm_location |
IBM Cloud location/region containing the Secrets Manager instance. Not required if using a Secrets Manager CRN instance. |
string |
"us-south" |
no |
| sm_name |
Name of the Secrets Manager instance where the secrets are stored. |
string |
"sm-compliance-secrets" |
no |
| sm_resource_group |
The resource group containing the Secrets Manager instance. Not required if using a Secrets Manager CRN instance. |
string |
"default" |
no |
| sm_secret_group |
Group in Secrets Manager for organizing/grouping secrets. |
string |
"Default" |
no |
| source_environment |
The source environment that the app is promoted from. |
string |
"master" |
no |
| target_environment |
The target environment that the app is deployed to. |
string |
"prod" |
no |
| target_environment_detail |
Details of the environment being updated. |
string |
"Production target environment" |
no |
| target_environment_purpose |
Purpose of the environment being updated. |
string |
"production" |
no |
| toolchain_description |
Description for the CD oolchain. |
string |
"Toolchain created with Terraform template for DevSecOps CD Best Practices" |
no |
| toolchain_name |
Name of CD the Toolchain. |
string |
"DevSecOps CD Toolchain - Terraform" |
no |
| toolchain_region |
IBM Cloud Region for the toolchain. |
string |
"us-south" |
no |
| toolchain_resource_group |
The resource group within which the toolchain is created. |
string |
"Default" |
no |
| trigger_git_enable |
Set to true to enable the CD pipeline Git trigger. |
bool |
false |
no |
| trigger_git_name |
The name of the CD pipeline GIT trigger. |
string |
"Git CD Trigger" |
no |
| trigger_git_promotion_branch |
Branch for Git promotion validation listener. |
string |
"prod" |
no |
| trigger_git_promotion_enable |
Enable Git promotion validation for Git promotion listener. |
bool |
false |
no |
| trigger_git_promotion_listener |
Select a Tekton EventListener to use when Git promotion validation listener trigger is fired. |
string |
"promotion-validation-listener-gitlab" |
no |
| trigger_git_promotion_validation_name |
Name of Git Promotion Validation Trigger |
string |
"Git Promotion Validation Trigger" |
no |
| trigger_manual_enable |
Set to true to enable the CD pipeline Manual trigger. |
bool |
true |
no |
| trigger_manual_name |
The name of the CI pipeline Manual trigger. |
string |
"Manual CD Trigger" |
no |
| trigger_manual_promotion_enable |
Set to true to enable the CD pipeline Manual Promotion trigger. |
bool |
true |
no |
| trigger_manual_promotion_name |
The name of the CD pipeline Manual Promotion trigger. |
string |
"Manual Promotion Trigger" |
no |
| trigger_manual_pruner_enable |
Set to true to enable the manual Pruner trigger. |
bool |
true |
no |
| trigger_manual_pruner_name |
The name of the manual Pruner trigger. |
string |
"Evidence Pruner Manual Trigger" |
no |
| trigger_timed_cron_schedule |
Only needed for timed triggers. Cron expression that indicates when this trigger will activate. Maximum frequency is every 5 minutes. The string is based on UNIX crontab syntax: minute, hour, day of month, month, day of week. Example: 0 *_/2 * * * - every 2 hours. |
string |
"0 4 * * *" |
no |
| trigger_timed_enable |
Set to true to enable the CD pipeline Timed trigger. |
bool |
false |
no |
| trigger_timed_name |
The name of the CD pipeline Timed trigger. |
string |
"Git CD Timed Trigger" |
no |
| trigger_timed_pruner_enable |
Set to true to enable the timed Pruner trigger. |
bool |
false |
no |
| trigger_timed_pruner_name |
The name of the timed Pruner trigger. |
string |
"Evidence Pruner Timed Trigger" |
no |
| worker_id |
The identifier for the Managed Pipeline worker. |
string |
"public" |
no |