Modified security test to use os container

ci-operator/step-registry/openshift/ci-security/snyk/scan/openshift-ci-security-snyk-scan-commands.sh

@@ -19,31 +19,8 @@ chmod +x ${SNYK_DIR}/snyk
 echo snyk installed to ${SNYK_DIR}
 ${SNYK_DIR}/snyk --version
 
-# install jq if not installed
-if ! [ -x "$(command -v jq)" ]; then
-    # https://github.com/jqlang/jq/tree/master/sig
-    case ${ARCH} in
-        arm64)
-          JQ_CHECKSUM="ab57ee39075db4a23f899d396ecef3c6e58f6aada35bfee472468210bd126940"
-        ;;
-        amd64)
-          JQ_CHECKSUM="2f312b9587b1c1eddf3a53f9a0b7d276b9b7b94576c85bda22808ca950569716"
-        ;;
-        *)
-          echo "Unsupported architecture: ${ARCH}"
-          exit 1
-    esac
-
-    curl -Lo ${SNYK_DIR}/jq "https://github.com/jqlang/jq/releases/download/jq-1.7/jq-linux-${ARCH}"
-
-    actual_checksum=$(sha256sum ${SNYK_DIR}/jq | cut -d ' ' -f 1)
-    if [ "${actual_checksum}" != "${JQ_CHECKSUM}" ]; then
-        echo "Checksum of downloaded JQ didn't match expected checksum"
-        exit 1
-    fi
-
-    chmod +x ${SNYK_DIR}/jq
-    export PATH=${PATH}:${SNYK_DIR}
+if [ "$(which jq)" -ne 0 ] || [ "$(which git)" -ne 0 ]; then
+    dnf --cacheonly install -y git jq
 fi
 
 CLONE_REFS=$(echo $CLONEREFS_OPTIONS | jq -r ".refs | map(select(.base_ref == \"$(git rev-parse --abbrev-ref HEAD)\")) | if length > 1 then del(.[] | select(.repo == \"release\" and .org == \"openshift\")) else . end | .[]")

ci-operator/step-registry/openshift/ci-security/snyk/scan/openshift-ci-security-snyk-scan-ref.yaml

@@ -32,7 +32,7 @@ ref:
   - name: SNYK_ENABLE_CODE_SCAN
     default: "true"
   commands: openshift-ci-security-snyk-scan-commands.sh
-  from: src
+  from: os
   grace_period: 5m0s
   resources:
     requests: