{"id":20688606,"url":"https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-alm","last_synced_at":"2026-01-17T22:54:44.036Z","repository":{"id":103729863,"uuid":"604529101","full_name":"terraform-ibm-modules/terraform-ibm-devsecops-alm","owner":"terraform-ibm-modules","description":"This is the DevSecOps Application Lifecycle Management Deployable Architecture","archived":false,"fork":false,"pushed_at":"2025-04-19T08:40:07.000Z","size":1849,"stargazers_count":3,"open_issues_count":15,"forks_count":5,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-04-19T09:11:24.860Z","etag":null,"topics":["deployable-architecture","ibm-cloud","terraform"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/terraform-ibm-modules.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-02-21T08:53:13.000Z","updated_at":"2025-04-19T08:59:13.000Z","dependencies_parsed_at":"2023-12-23T01:33:15.433Z","dependency_job_id":"4c486ec3-3f72-4ac3-90a6-47e833e7c313","html_url":"https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-alm","commit_stats":null,"previous_names":["terraform-ibm-modules/terraform-ibm-devsecops","terraform-ibm-modules/terraform-ibm-devsecops-starter"],"tags_count":113,"template":false,"template_full_name":"terraform-ibm-modules/terraform-ibm-module-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-ibm-modules%2Fterraform-ibm-devsecops-alm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-ibm-modules%2Fterraform-ibm-devsecops-alm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-ibm-modules%2Fterraform-ibm-devsecops-alm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-ibm-modules%2Fterraform-ibm-devsecops-alm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/terraform-ibm-modules","download_url":"https://codeload.github.com/terraform-ibm-modules/terraform-ibm-devsecops-alm/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250269954,"owners_count":21402970,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deployable-architecture","ibm-cloud","terraform"],"created_at":"2024-11-16T23:06:17.416Z","updated_at":"2026-01-17T22:54:44.022Z","avatar_url":"https://github.com/terraform-ibm-modules.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- BEGIN MODULE HOOK --\u003e\n\n\u003c!-- Update the title to match the module name and add a description --\u003e\n## DevSecOps Application Lifecycle Management\n\u003c!-- UPDATE BADGE: Update the link for the following badge--\u003e\n![Stable (With quality checks)](https://img.shields.io/badge/Status-Stable%20(With%20quality%20checks)-green)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white)](https://github.com/pre-commit/pre-commit)\n[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-devsecops-alm?logo=GitHub\u0026sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-alm/releases/latest)\n[![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)\n[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)\n\nA Terraform module for provisioning the DevSecOps CI, CD, and CC toolchains.\n\n\u003c!-- Remove the content in this H2 heading after completing the steps --\u003e\n\u003c!-- Remove the content in this previous H2 heading --\u003e\n\n## Reference architectures\n\n![Architecture diagram for 'DevSecOps CI, CD, CC toolchains'.](/reference-architectures/diagram-deploy-arch-ibm-devsecops-alm-diagram.svg \"Architecture diagram\")\n\n## Usage\n\n```hcl\nmodule \"terraform_devsecops_alm\" {\n  source                   = \"git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-alm?ref=v1.0.4\"\n  toolchain_region         = var.toolchain_region\n  toolchain_resource_group = var.toolchain_resource_group\n  registry_namespace       = var.registry_namespace\n  cluster_name             = var.cluster_name\n  sm_resource_group        = var.sm_resource_group\n  sm_name                  = var.sm_name\n  sm_location              = var.sm_location\n  sm_secret_group          = var.sm_secret_group\n}\n\n```\n\n## Required IAM access policies\n\n\u003c!-- NO PERMISSIONS FOR MODULE\nIf no permissions are required for the module, uncomment the following\nstatement instead the previous block.\n--\u003e\n\n\u003c!-- No permissions are needed to run this module.--\u003e\n\u003c!-- END MODULE HOOK --\u003e\n\u003c!-- BEGIN EXAMPLES HOOK --\u003e\n## Examples\n\n- [ Default example](examples/default)\n- [ Bring your own app example](examples/devsecops-ci-toolchain-bring-your-own-app)\n- [ Key Protect and CI only example](examples/devsecops-ci-toolchain-with-key-protect)\n\u003c!-- END EXAMPLES HOOK --\u003e\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n### Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.0.0 |\n| \u003ca name=\"requirement_ibm\"\u003e\u003c/a\u003e [ibm](#requirement\\_ibm) | \u003e= 1.79.2, \u003c 2.0.0 |\n| \u003ca name=\"requirement_null\"\u003e\u003c/a\u003e [null](#requirement\\_null) | = 3.2.2 |\n| \u003ca name=\"requirement_random\"\u003e\u003c/a\u003e [random](#requirement\\_random) | = 3.6.2 |\n\n### Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_devsecops_cc_toolchain\"\u003e\u003c/a\u003e [devsecops\\_cc\\_toolchain](#module\\_devsecops\\_cc\\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cc-toolchain | v2.7.0 |\n| \u003ca name=\"module_devsecops_cd_toolchain\"\u003e\u003c/a\u003e [devsecops\\_cd\\_toolchain](#module\\_devsecops\\_cd\\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-cd-toolchain | v2.7.0 |\n| \u003ca name=\"module_devsecops_ci_toolchain\"\u003e\u003c/a\u003e [devsecops\\_ci\\_toolchain](#module\\_devsecops\\_ci\\_toolchain) | git::https://github.com/terraform-ibm-modules/terraform-ibm-devsecops-ci-toolchain | v2.8.1 |\n| \u003ca name=\"module_prereqs\"\u003e\u003c/a\u003e [prereqs](#module\\_prereqs) | ./prereqs | n/a |\n\n### Resources\n\n| Name | Type |\n|------|------|\n| [ibm_cd_tekton_pipeline_property.cc_pipeline_ibmcloud_api](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cd_tekton_pipeline_property) | resource |\n| [ibm_cd_tekton_pipeline_property.cd_pipeline_ibmcloud_api](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cd_tekton_pipeline_property) | resource |\n| [ibm_cd_tekton_pipeline_property.ci_pipeline_ibmcloud_api](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cd_tekton_pipeline_property) | resource |\n| [ibm_cd_tekton_pipeline_property.pr_pipeline_ibmcloud_api](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cd_tekton_pipeline_property) | resource |\n| [ibm_cd_tekton_pipeline_trigger.ci_pipeline_webhook](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cd_tekton_pipeline_trigger) | resource |\n| [ibm_cd_tekton_pipeline_trigger_property.ci_pipeline_webhook_branch_property](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cd_tekton_pipeline_trigger_property) | resource |\n| [ibm_cd_tekton_pipeline_trigger_property.ci_pipeline_webhook_name_property](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cd_tekton_pipeline_trigger_property) | resource |\n| [ibm_cd_tekton_pipeline_trigger_property.ci_pipeline_webhook_repo_url_property](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cd_tekton_pipeline_trigger_property) | resource |\n| [ibm_cr_namespace.cr_namespace](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/cr_namespace) | resource |\n| [ibm_resource_instance.cd_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |\n| [null_resource.ci_pipeline_run](https://registry.terraform.io/providers/hashicorp/null/3.2.2/docs/resources/resource) | resource |\n| [random_string.resource_suffix](https://registry.terraform.io/providers/hashicorp/random/3.6.2/docs/resources/string) | resource |\n| [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/3.6.2/docs/resources/string) | resource |\n| [ibm_resource_group.resource_group](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/resource_group) | data source |\n\n### Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_add_code_engine_prefix\"\u003e\u003c/a\u003e [add\\_code\\_engine\\_prefix](#input\\_add\\_code\\_engine\\_prefix) | Set to `true` to use `prefix` to add a prefix to the code engine project names. | `bool` | `true` | no |\n| \u003ca name=\"input_add_container_name_suffix\"\u003e\u003c/a\u003e [add\\_container\\_name\\_suffix](#input\\_add\\_container\\_name\\_suffix) | Set to `true` to add a random suffix to the specified ICR name. | `bool` | `false` | no |\n| \u003ca name=\"input_add_pipeline_definitions\"\u003e\u003c/a\u003e [add\\_pipeline\\_definitions](#input\\_add\\_pipeline\\_definitions) | Set to `true` to add pipeline definitions. | `string` | `\"true\"` | no |\n| \u003ca name=\"input_app_group\"\u003e\u003c/a\u003e [app\\_group](#input\\_app\\_group) | Specify the Git user or group for the application repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_repo_auth_type\"\u003e\u003c/a\u003e [app\\_repo\\_auth\\_type](#input\\_app\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_repo_branch\"\u003e\u003c/a\u003e [app\\_repo\\_branch](#input\\_app\\_repo\\_branch) | This is the repository branch used by the default sample application. Alternatively if `app_repo_existing_url` is provided, then the branch must reflect the default branch for that repository. Typically these branches are `main` or `master`. | `string` | `\"master\"` | no |\n| \u003ca name=\"input_app_repo_clone_from_url\"\u003e\u003c/a\u003e [app\\_repo\\_clone\\_from\\_url](#input\\_app\\_repo\\_clone\\_from\\_url) | Override the default sample app by providing your own sample app URL, which is cloned into the app repository. Note, uses `clone_if_not_exists` mode, so if the app repository already exists the repository contents are unchanged. | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_repo_clone_to_git_id\"\u003e\u003c/a\u003e [app\\_repo\\_clone\\_to\\_git\\_id](#input\\_app\\_repo\\_clone\\_to\\_git\\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_repo_clone_to_git_provider\"\u003e\u003c/a\u003e [app\\_repo\\_clone\\_to\\_git\\_provider](#input\\_app\\_repo\\_clone\\_to\\_git\\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_repo_existing_git_id\"\u003e\u003c/a\u003e [app\\_repo\\_existing\\_git\\_id](#input\\_app\\_repo\\_existing\\_git\\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_repo_existing_git_provider\"\u003e\u003c/a\u003e [app\\_repo\\_existing\\_git\\_provider](#input\\_app\\_repo\\_existing\\_git\\_provider) | Git provider for application repo. If not set will default to `hostedgit`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_repo_existing_url\"\u003e\u003c/a\u003e [app\\_repo\\_existing\\_url](#input\\_app\\_repo\\_existing\\_url) | Bring your own existing application repository by providing the URL. This will create an integration for your application repository instead of cloning the default sample. Repositories existing in a different org will require the use of Git token. See `app_repo_git_token_secret_name` under optional variables. | `string` | `\"__NOTSET__\"` | no |\n| \u003ca name=\"input_app_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [app\\_repo\\_git\\_token\\_secret\\_crn](#input\\_app\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the sample application repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_repo_git_token_secret_name\"\u003e\u003c/a\u003e [app\\_repo\\_git\\_token\\_secret\\_name](#input\\_app\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the sample (or bring your own) application repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_repo_name\"\u003e\u003c/a\u003e [app\\_repo\\_name](#input\\_app\\_repo\\_name) | The repository name. | `string` | `\"\"` | no |\n| \u003ca name=\"input_app_repo_secret_group\"\u003e\u003c/a\u003e [app\\_repo\\_secret\\_group](#input\\_app\\_repo\\_secret\\_group) | Secret group for the App repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_artifactory_dashboard_url\"\u003e\u003c/a\u003e [artifactory\\_dashboard\\_url](#input\\_artifactory\\_dashboard\\_url) | Type the URL that you want to navigate to when you click the Artifactory integration tile. | `string` | `\"\"` | no |\n| \u003ca name=\"input_artifactory_integration_name\"\u003e\u003c/a\u003e [artifactory\\_integration\\_name](#input\\_artifactory\\_integration\\_name) | The name of the Artifactory tool integration | `string` | `\"artifactory-dockerconfigjson\"` | no |\n| \u003ca name=\"input_artifactory_repo_name\"\u003e\u003c/a\u003e [artifactory\\_repo\\_name](#input\\_artifactory\\_repo\\_name) | Type the name of your Artifactory repository where your docker images are located. | `string` | `\"\"` | no |\n| \u003ca name=\"input_artifactory_repo_url\"\u003e\u003c/a\u003e [artifactory\\_repo\\_url](#input\\_artifactory\\_repo\\_url) | Type the URL for your Artifactory release repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_artifactory_token_secret_group\"\u003e\u003c/a\u003e [artifactory\\_token\\_secret\\_group](#input\\_artifactory\\_token\\_secret\\_group) | Secret group prefix for the Artifactory token secret. Defaults to `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_artifactory_token_secret_name\"\u003e\u003c/a\u003e [artifactory\\_token\\_secret\\_name](#input\\_artifactory\\_token\\_secret\\_name) | Name of the artifactory token secret in the secret provider. | `string` | `\"artifactory-token\"` | no |\n| \u003ca name=\"input_artifactory_user\"\u003e\u003c/a\u003e [artifactory\\_user](#input\\_artifactory\\_user) | Type the User ID or email for your Artifactory repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_authorization_policy_creation\"\u003e\u003c/a\u003e [authorization\\_policy\\_creation](#input\\_authorization\\_policy\\_creation) | Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. This applies to the CI, CD, and CC toolchains. To set independently, see `ci_authorization_policy_creation`, `cd_authorization_policy_creation`, and `cc_authorization_policy_creation`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_autostart\"\u003e\u003c/a\u003e [autostart](#input\\_autostart) | Set to `true` to auto run the CI pipeline in the CI toolchain after creation. | `bool` | `false` | no |\n| \u003ca name=\"input_cc_app_group\"\u003e\u003c/a\u003e [cc\\_app\\_group](#input\\_cc\\_app\\_group) | Specify user or group for app repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_app_repo_auth_type\"\u003e\u003c/a\u003e [cc\\_app\\_repo\\_auth\\_type](#input\\_cc\\_app\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_app_repo_branch\"\u003e\u003c/a\u003e [cc\\_app\\_repo\\_branch](#input\\_cc\\_app\\_repo\\_branch) | The default branch of the app repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_app_repo_git_id\"\u003e\u003c/a\u003e [cc\\_app\\_repo\\_git\\_id](#input\\_cc\\_app\\_repo\\_git\\_id) | The Git Id of the repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_app_repo_git_provider\"\u003e\u003c/a\u003e [cc\\_app\\_repo\\_git\\_provider](#input\\_cc\\_app\\_repo\\_git\\_provider) | Git provider for the application repo. If not set will default to `hostedgit`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_app_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cc\\_app\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cc\\_app\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the application repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_app_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cc\\_app\\_repo\\_git\\_token\\_secret\\_name](#input\\_cc\\_app\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the sample (or bring your own) application repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_app_repo_secret_group\"\u003e\u003c/a\u003e [cc\\_app\\_repo\\_secret\\_group](#input\\_cc\\_app\\_repo\\_secret\\_group) | Secret group for the App repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_app_repo_url\"\u003e\u003c/a\u003e [cc\\_app\\_repo\\_url](#input\\_cc\\_app\\_repo\\_url) | This Git URL for the application repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_artifactory_token_secret_crn\"\u003e\u003c/a\u003e [cc\\_artifactory\\_token\\_secret\\_crn](#input\\_cc\\_artifactory\\_token\\_secret\\_crn) | The CRN for the Artifactory access secret. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_authorization_policy_creation\"\u003e\u003c/a\u003e [cc\\_authorization\\_policy\\_creation](#input\\_cc\\_authorization\\_policy\\_creation) | Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_compliance_pipeline_branch\"\u003e\u003c/a\u003e [cc\\_compliance\\_pipeline\\_branch](#input\\_cc\\_compliance\\_pipeline\\_branch) | The CC Pipeline Compliance Pipeline branch. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_compliance_pipeline_group\"\u003e\u003c/a\u003e [cc\\_compliance\\_pipeline\\_group](#input\\_cc\\_compliance\\_pipeline\\_group) | Specify user or group for compliance pipeline repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_compliance_pipeline_repo_auth_type\"\u003e\u003c/a\u003e [cc\\_compliance\\_pipeline\\_repo\\_auth\\_type](#input\\_cc\\_compliance\\_pipeline\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_compliance_pipeline_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cc\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cc\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Compliance Pipelines repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_compliance_pipeline_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cc\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_name](#input\\_cc\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the compliance pipelines repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_compliance_pipeline_repo_secret_group\"\u003e\u003c/a\u003e [cc\\_compliance\\_pipeline\\_repo\\_secret\\_group](#input\\_cc\\_compliance\\_pipeline\\_repo\\_secret\\_group) | Secret group for the Compliance Pipeline repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_cos_api_key_secret_crn\"\u003e\u003c/a\u003e [cc\\_cos\\_api\\_key\\_secret\\_crn](#input\\_cc\\_cos\\_api\\_key\\_secret\\_crn) | The CRN of the Cloud Object Storage apikey. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_cos_api_key_secret_group\"\u003e\u003c/a\u003e [cc\\_cos\\_api\\_key\\_secret\\_group](#input\\_cc\\_cos\\_api\\_key\\_secret\\_group) | Secret group for the COS API key secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_cos_api_key_secret_name\"\u003e\u003c/a\u003e [cc\\_cos\\_api\\_key\\_secret\\_name](#input\\_cc\\_cos\\_api\\_key\\_secret\\_name) | Name of the Cloud Object Storage API key secret in the secret provider used for accessing the evidence COS bucket. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_cos_bucket_name\"\u003e\u003c/a\u003e [cc\\_cos\\_bucket\\_name](#input\\_cc\\_cos\\_bucket\\_name) | The name of the Cloud Object Storage bucket used for storing the evidence. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_cos_endpoint\"\u003e\u003c/a\u003e [cc\\_cos\\_endpoint](#input\\_cc\\_cos\\_endpoint) | The endpoint for the Cloud Object Storage instance containing the evidence bucket. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_doi_toolchain_id\"\u003e\u003c/a\u003e [cc\\_doi\\_toolchain\\_id](#input\\_cc\\_doi\\_toolchain\\_id) | The ID of the toolchain containing the DevOps Insights integration. This variable is used to link the DevOps Insights toolcard to a specific instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_enable_key_protect\"\u003e\u003c/a\u003e [cc\\_enable\\_key\\_protect](#input\\_cc\\_enable\\_key\\_protect) | Set to `true` to the enable Key Protect integrations. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_enable_pipeline_notifications\"\u003e\u003c/a\u003e [cc\\_enable\\_pipeline\\_notifications](#input\\_cc\\_enable\\_pipeline\\_notifications) | When enabled, pipeline run events will be sent to the Event Notifications and Slack integrations in the enclosing toolchain. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_enable_secrets_manager\"\u003e\u003c/a\u003e [cc\\_enable\\_secrets\\_manager](#input\\_cc\\_enable\\_secrets\\_manager) | Set to `true` to enable the Secrets Manager integrations. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_enable_slack\"\u003e\u003c/a\u003e [cc\\_enable\\_slack](#input\\_cc\\_enable\\_slack) | Set to `true` to create the Slack toolchain integration. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_event_notifications_crn\"\u003e\u003c/a\u003e [cc\\_event\\_notifications\\_crn](#input\\_cc\\_event\\_notifications\\_crn) | Set the Event Notifications CRN to create an Events Notification integration. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_evidence_group\"\u003e\u003c/a\u003e [cc\\_evidence\\_group](#input\\_cc\\_evidence\\_group) | Specify the Git user or group for the evidence repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_evidence_repo_auth_type\"\u003e\u003c/a\u003e [cc\\_evidence\\_repo\\_auth\\_type](#input\\_cc\\_evidence\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git provider. 'oauth' or 'pat' | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_evidence_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cc\\_evidence\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cc\\_evidence\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Evidence repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_evidence_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cc\\_evidence\\_repo\\_git\\_token\\_secret\\_name](#input\\_cc\\_evidence\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the evidence repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_evidence_repo_secret_group\"\u003e\u003c/a\u003e [cc\\_evidence\\_repo\\_secret\\_group](#input\\_cc\\_evidence\\_repo\\_secret\\_group) | Secret group for the Evidence repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_inventory_group\"\u003e\u003c/a\u003e [cc\\_inventory\\_group](#input\\_cc\\_inventory\\_group) | Specify the Git user or group for the inventory repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_inventory_repo_auth_type\"\u003e\u003c/a\u003e [cc\\_inventory\\_repo\\_auth\\_type](#input\\_cc\\_inventory\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_inventory_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cc\\_inventory\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cc\\_inventory\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Inventory repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_inventory_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cc\\_inventory\\_repo\\_git\\_token\\_secret\\_name](#input\\_cc\\_inventory\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the inventory repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_inventory_repo_secret_group\"\u003e\u003c/a\u003e [cc\\_inventory\\_repo\\_secret\\_group](#input\\_cc\\_inventory\\_repo\\_secret\\_group) | Secret group for the Inventory repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_issues_group\"\u003e\u003c/a\u003e [cc\\_issues\\_group](#input\\_cc\\_issues\\_group) | Specify the Git user or group for the issues repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_issues_repo_auth_type\"\u003e\u003c/a\u003e [cc\\_issues\\_repo\\_auth\\_type](#input\\_cc\\_issues\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_issues_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cc\\_issues\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cc\\_issues\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Issues repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_issues_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cc\\_issues\\_repo\\_git\\_token\\_secret\\_name](#input\\_cc\\_issues\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the issues repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_issues_repo_secret_group\"\u003e\u003c/a\u003e [cc\\_issues\\_repo\\_secret\\_group](#input\\_cc\\_issues\\_repo\\_secret\\_group) | Secret group for the Issues repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_kp_location\"\u003e\u003c/a\u003e [cc\\_kp\\_location](#input\\_cc\\_kp\\_location) | The region hosting the Key Protect instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_kp_name\"\u003e\u003c/a\u003e [cc\\_kp\\_name](#input\\_cc\\_kp\\_name) | Name of the Key Protect instance where the secrets are stored. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_kp_resource_group\"\u003e\u003c/a\u003e [cc\\_kp\\_resource\\_group](#input\\_cc\\_kp\\_resource\\_group) | The resource group containing the Key Protect instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_link_to_doi_toolchain\"\u003e\u003c/a\u003e [cc\\_link\\_to\\_doi\\_toolchain](#input\\_cc\\_link\\_to\\_doi\\_toolchain) | Enable a link to a DevOps Insights instance in another toolchain, true or false. | `bool` | `true` | no |\n| \u003ca name=\"input_cc_locked_properties\"\u003e\u003c/a\u003e [cc\\_locked\\_properties](#input\\_cc\\_locked\\_properties) | List of default locked properties | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"app-concurrency\",\u003cbr/\u003e  \"app-deployment-timeout\",\u003cbr/\u003e  \"app-max-scale\",\u003cbr/\u003e  \"app-min-scale\",\u003cbr/\u003e  \"app-port\",\u003cbr/\u003e  \"app-visibility\",\u003cbr/\u003e  \"artifactory-dockerconfigjson\",\u003cbr/\u003e  \"cluster\",\u003cbr/\u003e  \"cluster-name\",\u003cbr/\u003e  \"cluster-namespace\",\u003cbr/\u003e  \"cluster-region\",\u003cbr/\u003e  \"code-engine-binding-resource-group\",\u003cbr/\u003e  \"code-engine-build-size\",\u003cbr/\u003e  \"code-engine-build-strategy\",\u003cbr/\u003e  \"code-engine-build-timeout\",\u003cbr/\u003e  \"code-engine-build-use-native-docker\",\u003cbr/\u003e  \"code-engine-deployment-type\",\u003cbr/\u003e  \"code-engine-project\",\u003cbr/\u003e  \"code-engine-region\",\u003cbr/\u003e  \"code-engine-resource-group\",\u003cbr/\u003e  \"code-engine-wait-timeout\",\u003cbr/\u003e  \"compliance-baseimage\",\u003cbr/\u003e  \"context-dir\",\u003cbr/\u003e  \"cos-api-key\",\u003cbr/\u003e  \"cos-bucket-name\",\u003cbr/\u003e  \"cos-endpoint\",\u003cbr/\u003e  \"cpu\",\u003cbr/\u003e  \"cra-bom-generate\",\u003cbr/\u003e  \"cra-deploy-analysis\",\u003cbr/\u003e  \"cra-generate-cyclonedx-format\",\u003cbr/\u003e  \"cra-vulnerability-scan\",\u003cbr/\u003e  \"custom-image-tag\",\u003cbr/\u003e  \"dev-cluster-namespace\",\u003cbr/\u003e  \"dev-region\",\u003cbr/\u003e  \"dev-resource-group\",\u003cbr/\u003e  \"dockerfile\",\u003cbr/\u003e  \"doi-environment\",\u003cbr/\u003e  \"doi-ibmcloud-api-key\",\u003cbr/\u003e  \"doi-toolchain-id\",\u003cbr/\u003e  \"env-from-configmaps\",\u003cbr/\u003e  \"env-from-secrets\",\u003cbr/\u003e  \"ephemeral-storage\",\u003cbr/\u003e  \"event-notifications\",\u003cbr/\u003e  \"evidence-repo\",\u003cbr/\u003e  \"git-token\",\u003cbr/\u003e  \"gosec-private-repository-host\",\u003cbr/\u003e  \"gosec-private-repository-ssh-key\",\u003cbr/\u003e  \"ibmcloud-api\",\u003cbr/\u003e  \"ibmcloud-api-key\",\u003cbr/\u003e  \"image-name\",\u003cbr/\u003e  \"incident-repo\",\u003cbr/\u003e  \"inventory-repo\",\u003cbr/\u003e  \"job-instances\",\u003cbr/\u003e  \"job-maxexecutiontime\",\u003cbr/\u003e  \"job-retrylimit\",\u003cbr/\u003e  \"memory\",\u003cbr/\u003e  \"opt-in-dynamic-api-scan\",\u003cbr/\u003e  \"opt-in-dynamic-scan\",\u003cbr/\u003e  \"opt-in-dynamic-ui-scan\",\u003cbr/\u003e  \"opt-in-gosec\",\u003cbr/\u003e  \"opt-in-sonar\",\u003cbr/\u003e  \"peer-review-compliance\",\u003cbr/\u003e  \"pipeline-config\",\u003cbr/\u003e  \"pipeline-config-branch\",\u003cbr/\u003e  \"pipeline-config-repo\",\u003cbr/\u003e  \"pipeline-dockerconfigjson\",\u003cbr/\u003e  \"print-code-signing-certificate\",\u003cbr/\u003e  \"registry-domain\",\u003cbr/\u003e  \"registry-namespace\",\u003cbr/\u003e  \"registry-region\",\u003cbr/\u003e  \"remove-unspecified-references-to-configuration-resources\",\u003cbr/\u003e  \"service-bindings\",\u003cbr/\u003e  \"signing-key\",\u003cbr/\u003e  \"slack-notifications\",\u003cbr/\u003e  \"sonarqube\",\u003cbr/\u003e  \"sonarqube-config\",\u003cbr/\u003e  \"source\",\u003cbr/\u003e  \"version\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_cc_pipeline_config_group\"\u003e\u003c/a\u003e [cc\\_pipeline\\_config\\_group](#input\\_cc\\_pipeline\\_config\\_group) | Specify the Git user or group for the compliance pipeline repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_config_repo_auth_type\"\u003e\u003c/a\u003e [cc\\_pipeline\\_config\\_repo\\_auth\\_type](#input\\_cc\\_pipeline\\_config\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_config_repo_branch\"\u003e\u003c/a\u003e [cc\\_pipeline\\_config\\_repo\\_branch](#input\\_cc\\_pipeline\\_config\\_repo\\_branch) | Specify the branch containing the custom pipeline-config.yaml file. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_config_repo_clone_from_url\"\u003e\u003c/a\u003e [cc\\_pipeline\\_config\\_repo\\_clone\\_from\\_url](#input\\_cc\\_pipeline\\_config\\_repo\\_clone\\_from\\_url) | Specify a repository containing a custom pipeline-config.yaml file. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_config_repo_existing_url\"\u003e\u003c/a\u003e [cc\\_pipeline\\_config\\_repo\\_existing\\_url](#input\\_cc\\_pipeline\\_config\\_repo\\_existing\\_url) | Specify a repository containing a custom pipeline-config.yaml file. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_config_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cc\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cc\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token for accessing the pipeline config repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_config_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cc\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_name](#input\\_cc\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the pipeline config repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_config_repo_secret_group\"\u003e\u003c/a\u003e [cc\\_pipeline\\_config\\_repo\\_secret\\_group](#input\\_cc\\_pipeline\\_config\\_repo\\_secret\\_group) | Secret group for the Pipeline Config repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_doi_api_key_secret_crn\"\u003e\u003c/a\u003e [cc\\_pipeline\\_doi\\_api\\_key\\_secret\\_crn](#input\\_cc\\_pipeline\\_doi\\_api\\_key\\_secret\\_crn) | The CRN of the DOI (DevOps Insights) apikey used for accessing a specific toolchain Insights instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_doi_api_key_secret_group\"\u003e\u003c/a\u003e [cc\\_pipeline\\_doi\\_api\\_key\\_secret\\_group](#input\\_cc\\_pipeline\\_doi\\_api\\_key\\_secret\\_group) | Secret group for the pipeline DOI api key. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_doi_api_key_secret_name\"\u003e\u003c/a\u003e [cc\\_pipeline\\_doi\\_api\\_key\\_secret\\_name](#input\\_cc\\_pipeline\\_doi\\_api\\_key\\_secret\\_name) | Name of the Cloud API key secret in the secret provider to access the toolchain containing the Devops Insights instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_git_tag\"\u003e\u003c/a\u003e [cc\\_pipeline\\_git\\_tag](#input\\_cc\\_pipeline\\_git\\_tag) | The GIT tag selector for the Compliance Pipelines definitions. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_ibmcloud_api_key_secret_crn\"\u003e\u003c/a\u003e [cc\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_crn](#input\\_cc\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_crn) | The CRN of the IBMCloud apikey used for running the pipelines. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_ibmcloud_api_key_secret_group\"\u003e\u003c/a\u003e [cc\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_group](#input\\_cc\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_group) | Secret group for the pipeline ibmcloud API key secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_ibmcloud_api_key_secret_name\"\u003e\u003c/a\u003e [cc\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_name](#input\\_cc\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_name) | Name of the Cloud API key secret in the secret provider for running the pipelines. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_properties\"\u003e\u003c/a\u003e [cc\\_pipeline\\_properties](#input\\_cc\\_pipeline\\_properties) | This JSON represents the pipeline properties belonging to the CC pipeline in the CC toolchain. Each element in the JSON represents a separate pipeline property. Three attributes are required to create a property. These are the `name` field (how the name appears in the pipeline properties), the `type` (text, secure and enum) and then the `value`. Do not put secrets directly into JSON for the `secure` type, instead the value for a `secret` type should be a CRN to a secret in the configured secrets provider or a secret reference to a secret in the configured secrets provider. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_pipeline_properties_filepath\"\u003e\u003c/a\u003e [cc\\_pipeline\\_properties\\_filepath](#input\\_cc\\_pipeline\\_properties\\_filepath) | The path to the file containing the property JSON. If this is not set and `cc_pipeline_properties` is not set, it will by default read the `properties.json` file at the root of the CC module. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_repositories_prefix\"\u003e\u003c/a\u003e [cc\\_repositories\\_prefix](#input\\_cc\\_repositories\\_prefix) | The prefix for the compliance repositories. For the repositories\\_prefix value only a-z, A-Z and 0-9 and the special characters `-_` are allowed. In addition the string must not end with a special character or have two consecutive special characters. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_repository_properties\"\u003e\u003c/a\u003e [cc\\_repository\\_properties](#input\\_cc\\_repository\\_properties) | Stringified JSON containing the repositories and triggers that get created in the CI toolchain pipelines. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_repository_properties_filepath\"\u003e\u003c/a\u003e [cc\\_repository\\_properties\\_filepath](#input\\_cc\\_repository\\_properties\\_filepath) | The path to the file containing the repository and triggers JSON. If this is not set, it will by default read the `repositories.json` file at the root of the module. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_scc_integration_name\"\u003e\u003c/a\u003e [cc\\_scc\\_integration\\_name](#input\\_cc\\_scc\\_integration\\_name) | The name of the SCC integration. | `string` | `\"Security and Compliance\"` | no |\n| \u003ca name=\"input_cc_scc_use_profile_attachment\"\u003e\u003c/a\u003e [cc\\_scc\\_use\\_profile\\_attachment](#input\\_cc\\_scc\\_use\\_profile\\_attachment) | Set to `enabled` to enable use profile with attachment, so that the scripts in the pipeline can interact with the Security and Compliance Center service. When enabled, other parameters become relevant; `scc_scc_api_key_secret_name`, `scc_instance_crn`, `scc_profile_name`, `scc_profile_version`, `scc_attachment_id`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_slack_channel_name\"\u003e\u003c/a\u003e [cc\\_slack\\_channel\\_name](#input\\_cc\\_slack\\_channel\\_name) | The name of the Slack channel where notifications are posted. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_slack_pipeline_fail\"\u003e\u003c/a\u003e [cc\\_slack\\_pipeline\\_fail](#input\\_cc\\_slack\\_pipeline\\_fail) | Set to `true` to generate pipeline failed notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_cc_slack_pipeline_start\"\u003e\u003c/a\u003e [cc\\_slack\\_pipeline\\_start](#input\\_cc\\_slack\\_pipeline\\_start) | Set to `true` to generate pipeline start notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_cc_slack_pipeline_success\"\u003e\u003c/a\u003e [cc\\_slack\\_pipeline\\_success](#input\\_cc\\_slack\\_pipeline\\_success) | Set to `true` to generate pipeline succeeded notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_cc_slack_team_name\"\u003e\u003c/a\u003e [cc\\_slack\\_team\\_name](#input\\_cc\\_slack\\_team\\_name) | The Slack team name, which is the word or phrase before .slack.com in the team URL. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_slack_toolchain_bind\"\u003e\u003c/a\u003e [cc\\_slack\\_toolchain\\_bind](#input\\_cc\\_slack\\_toolchain\\_bind) | Generate tool added to toolchain notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_cc_slack_toolchain_unbind\"\u003e\u003c/a\u003e [cc\\_slack\\_toolchain\\_unbind](#input\\_cc\\_slack\\_toolchain\\_unbind) | Set to `true` to generate tool removed from toolchain notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_cc_slack_webhook_secret_crn\"\u003e\u003c/a\u003e [cc\\_slack\\_webhook\\_secret\\_crn](#input\\_cc\\_slack\\_webhook\\_secret\\_crn) | The CRN of the Slack webhook secret used for accessing the specified Slack channel. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_slack_webhook_secret_group\"\u003e\u003c/a\u003e [cc\\_slack\\_webhook\\_secret\\_group](#input\\_cc\\_slack\\_webhook\\_secret\\_group) | Secret group for the Slack webhook secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_slack_webhook_secret_name\"\u003e\u003c/a\u003e [cc\\_slack\\_webhook\\_secret\\_name](#input\\_cc\\_slack\\_webhook\\_secret\\_name) | Name of the webhook secret in the secret provider used for accessing the configured Slack channel. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sm_instance_crn\"\u003e\u003c/a\u003e [cc\\_sm\\_instance\\_crn](#input\\_cc\\_sm\\_instance\\_crn) | The CRN of the Secrets Manager instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sm_location\"\u003e\u003c/a\u003e [cc\\_sm\\_location](#input\\_cc\\_sm\\_location) | The region hosting the Secrets Manager instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sm_name\"\u003e\u003c/a\u003e [cc\\_sm\\_name](#input\\_cc\\_sm\\_name) | The name of an existing Secrets Manager instance where the secrets are stored. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sm_resource_group\"\u003e\u003c/a\u003e [cc\\_sm\\_resource\\_group](#input\\_cc\\_sm\\_resource\\_group) | The name of the existing resource group containing the Secrets Manager instance for your secrets. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sm_secret_group\"\u003e\u003c/a\u003e [cc\\_sm\\_secret\\_group](#input\\_cc\\_sm\\_secret\\_group) | The Secrets Manager secret group containing the secrets for the DevSecOps pipelines. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sonarqube_integration_name\"\u003e\u003c/a\u003e [cc\\_sonarqube\\_integration\\_name](#input\\_cc\\_sonarqube\\_integration\\_name) | The name of the SonarQube integration. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sonarqube_is_blind_connection\"\u003e\u003c/a\u003e [cc\\_sonarqube\\_is\\_blind\\_connection](#input\\_cc\\_sonarqube\\_is\\_blind\\_connection) | When set to `true`, instructs IBM Cloud Continuous Delivery to not validate the configuration of this integration. Set this to `true` if the SonarQube server is not addressable on the public internet. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sonarqube_secret_crn\"\u003e\u003c/a\u003e [cc\\_sonarqube\\_secret\\_crn](#input\\_cc\\_sonarqube\\_secret\\_crn) | The CRN of the secret used to access SonarQube. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sonarqube_secret_group\"\u003e\u003c/a\u003e [cc\\_sonarqube\\_secret\\_group](#input\\_cc\\_sonarqube\\_secret\\_group) | Secret group for the SonarQube secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sonarqube_secret_name\"\u003e\u003c/a\u003e [cc\\_sonarqube\\_secret\\_name](#input\\_cc\\_sonarqube\\_secret\\_name) | The name of the SonarQube secret in the secrets provider. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sonarqube_server_url\"\u003e\u003c/a\u003e [cc\\_sonarqube\\_server\\_url](#input\\_cc\\_sonarqube\\_server\\_url) | The URL to the SonarQube server. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_sonarqube_user\"\u003e\u003c/a\u003e [cc\\_sonarqube\\_user](#input\\_cc\\_sonarqube\\_user) | The name of the SonarQube user. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_toolchain_description\"\u003e\u003c/a\u003e [cc\\_toolchain\\_description](#input\\_cc\\_toolchain\\_description) | Description for the CC Toolchain. | `string` | `\"Toolchain created with terraform template for DevSecOps CC Best Practices.\"` | no |\n| \u003ca name=\"input_cc_toolchain_name\"\u003e\u003c/a\u003e [cc\\_toolchain\\_name](#input\\_cc\\_toolchain\\_name) | The name of the CC Toolchain. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_toolchain_region\"\u003e\u003c/a\u003e [cc\\_toolchain\\_region](#input\\_cc\\_toolchain\\_region) | The region containing the CI toolchain. Use the short form of the regions. For example `us-south`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_toolchain_resource_group\"\u003e\u003c/a\u003e [cc\\_toolchain\\_resource\\_group](#input\\_cc\\_toolchain\\_resource\\_group) | Resource group within which the toolchain is created. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cc_trigger_manual_enable\"\u003e\u003c/a\u003e [cc\\_trigger\\_manual\\_enable](#input\\_cc\\_trigger\\_manual\\_enable) | Set to `true` to enable the CC pipeline Manual trigger. | `bool` | `true` | no |\n| \u003ca name=\"input_cc_trigger_manual_name\"\u003e\u003c/a\u003e [cc\\_trigger\\_manual\\_name](#input\\_cc\\_trigger\\_manual\\_name) | The name of the CC pipeline Manual trigger. | `string` | `\"CC Manual Trigger\"` | no |\n| \u003ca name=\"input_cc_trigger_timed_cron_schedule\"\u003e\u003c/a\u003e [cc\\_trigger\\_timed\\_cron\\_schedule](#input\\_cc\\_trigger\\_timed\\_cron\\_schedule) | Only needed for timer triggers. Cron expression that indicates when this trigger will activate. Maximum frequency is every 5 minutes. The string is based on UNIX crontab syntax: minute, hour, day of month, month, day of week. Example: 0 *\\_/2 * * * - every 2 hours. | `string` | `\"0 4 * * *\"` | no |\n| \u003ca name=\"input_cc_trigger_timed_enable\"\u003e\u003c/a\u003e [cc\\_trigger\\_timed\\_enable](#input\\_cc\\_trigger\\_timed\\_enable) | Set to `true` to enable the CI pipeline Timed trigger. | `bool` | `false` | no |\n| \u003ca name=\"input_cc_trigger_timed_name\"\u003e\u003c/a\u003e [cc\\_trigger\\_timed\\_name](#input\\_cc\\_trigger\\_timed\\_name) | The name of the CC pipeline Timed trigger. | `string` | `\"CC Timed Trigger\"` | no |\n| \u003ca name=\"input_cd_artifactory_token_secret_crn\"\u003e\u003c/a\u003e [cd\\_artifactory\\_token\\_secret\\_crn](#input\\_cd\\_artifactory\\_token\\_secret\\_crn) | The CRN for the Artifactory access secret. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_authorization_policy_creation\"\u003e\u003c/a\u003e [cd\\_authorization\\_policy\\_creation](#input\\_cd\\_authorization\\_policy\\_creation) | Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_change_management_group\"\u003e\u003c/a\u003e [cd\\_change\\_management\\_group](#input\\_cd\\_change\\_management\\_group) | Specify group for change management repository | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_change_management_repo_auth_type\"\u003e\u003c/a\u003e [cd\\_change\\_management\\_repo\\_auth\\_type](#input\\_cd\\_change\\_management\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_change_management_repo_git_provider\"\u003e\u003c/a\u003e [cd\\_change\\_management\\_repo\\_git\\_provider](#input\\_cd\\_change\\_management\\_repo\\_git\\_provider) | Git provider for the change management repo. If not set will default to `hostedgit`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_change_management_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cd\\_change\\_management\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cd\\_change\\_management\\_repo\\_git\\_token\\_secret\\_crn) | The CRN for the Change Management repository Git Token. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_change_management_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cd\\_change\\_management\\_repo\\_git\\_token\\_secret\\_name](#input\\_cd\\_change\\_management\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_change_management_repo_name\"\u003e\u003c/a\u003e [cd\\_change\\_management\\_repo\\_name](#input\\_cd\\_change\\_management\\_repo\\_name) | The repository name. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_change_management_repo_secret_group\"\u003e\u003c/a\u003e [cd\\_change\\_management\\_repo\\_secret\\_group](#input\\_cd\\_change\\_management\\_repo\\_secret\\_group) | Secret group for the Change Management repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_change_repo_clone_from_url\"\u003e\u003c/a\u003e [cd\\_change\\_repo\\_clone\\_from\\_url](#input\\_cd\\_change\\_repo\\_clone\\_from\\_url) | Override the default management repository, which is cloned into the application repository. Note, using clone\\_if\\_not\\_exists mode, so if the application repository already exists the repository contents are unchanged. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_cluster_name\"\u003e\u003c/a\u003e [cd\\_cluster\\_name](#input\\_cd\\_cluster\\_name) | Name of the cluster where the application is deployed. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_cluster_namespace\"\u003e\u003c/a\u003e [cd\\_cluster\\_namespace](#input\\_cd\\_cluster\\_namespace) | Name of the cluster namespace where the application is deployed. | `string` | `\"prod\"` | no |\n| \u003ca name=\"input_cd_cluster_region\"\u003e\u003c/a\u003e [cd\\_cluster\\_region](#input\\_cd\\_cluster\\_region) | Region hosting the cluster where the application is deployed. Use the short form of the regions. For example `us-south`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_code_engine_project\"\u003e\u003c/a\u003e [cd\\_code\\_engine\\_project](#input\\_cd\\_code\\_engine\\_project) | The name of the Code Engine project to use for the CD pipeline promoted code. The project is created if it does not already exist. | `string` | `\"Sample_CD_Project\"` | no |\n| \u003ca name=\"input_cd_code_engine_region\"\u003e\u003c/a\u003e [cd\\_code\\_engine\\_region](#input\\_cd\\_code\\_engine\\_region) | The region to create/lookup for the Code Engine project. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_code_engine_resource_group\"\u003e\u003c/a\u003e [cd\\_code\\_engine\\_resource\\_group](#input\\_cd\\_code\\_engine\\_resource\\_group) | The resource group of the Code Engine project. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_code_signing_cert_secret_name\"\u003e\u003c/a\u003e [cd\\_code\\_signing\\_cert\\_secret\\_name](#input\\_cd\\_code\\_signing\\_cert\\_secret\\_name) | This is the name of the secret in the secrets provider for storing the code signing certificate. | `string` | `\"signing-certificate\"` | no |\n| \u003ca name=\"input_cd_compliance_pipeline_branch\"\u003e\u003c/a\u003e [cd\\_compliance\\_pipeline\\_branch](#input\\_cd\\_compliance\\_pipeline\\_branch) | The CD Pipeline Compliance Pipeline branch. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_compliance_pipeline_group\"\u003e\u003c/a\u003e [cd\\_compliance\\_pipeline\\_group](#input\\_cd\\_compliance\\_pipeline\\_group) | Specify user or group for compliance pipeline repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_compliance_pipeline_repo_auth_type\"\u003e\u003c/a\u003e [cd\\_compliance\\_pipeline\\_repo\\_auth\\_type](#input\\_cd\\_compliance\\_pipeline\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_compliance_pipeline_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cd\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cd\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Compliance Pipelines repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_compliance_pipeline_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cd\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_name](#input\\_cd\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the compliance pipelines repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_compliance_pipeline_repo_secret_group\"\u003e\u003c/a\u003e [cd\\_compliance\\_pipeline\\_repo\\_secret\\_group](#input\\_cd\\_compliance\\_pipeline\\_repo\\_secret\\_group) | Secret group for the Compliance Pipeline repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_cos_api_key_secret_crn\"\u003e\u003c/a\u003e [cd\\_cos\\_api\\_key\\_secret\\_crn](#input\\_cd\\_cos\\_api\\_key\\_secret\\_crn) | The CRN of the Cloud Object Storage apikey. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_cos_api_key_secret_group\"\u003e\u003c/a\u003e [cd\\_cos\\_api\\_key\\_secret\\_group](#input\\_cd\\_cos\\_api\\_key\\_secret\\_group) | Secret group for the COS API key secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_cos_api_key_secret_name\"\u003e\u003c/a\u003e [cd\\_cos\\_api\\_key\\_secret\\_name](#input\\_cd\\_cos\\_api\\_key\\_secret\\_name) | Name of the Cloud Object Storage API key secret in the secret provider used for accessing the evidence COS bucket. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_cos_bucket_name\"\u003e\u003c/a\u003e [cd\\_cos\\_bucket\\_name](#input\\_cd\\_cos\\_bucket\\_name) | The name of the Cloud Object Storage bucket used for storing the evidence. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_cos_endpoint\"\u003e\u003c/a\u003e [cd\\_cos\\_endpoint](#input\\_cd\\_cos\\_endpoint) | The endpoint for the Cloud Object Storage instance containing the evidence bucket. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_group\"\u003e\u003c/a\u003e [cd\\_deployment\\_group](#input\\_cd\\_deployment\\_group) | Specify group for deployment. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_auth_type\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_auth\\_type](#input\\_cd\\_deployment\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_clone_from_branch\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_clone\\_from\\_branch](#input\\_cd\\_deployment\\_repo\\_clone\\_from\\_branch) | Used when deployment\\_repo\\_clone\\_from\\_url is provided, the default branch that is used by the CD build, usually either main or master. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_clone_from_url\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_clone\\_from\\_url](#input\\_cd\\_deployment\\_repo\\_clone\\_from\\_url) | Override the default sample app by providing your own sample deployment URL, which is cloned into the app repository. Note, using clone\\_if\\_not\\_exists mode, so if the app repository already exists the repository contents are unchanged. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_clone_to_git_id\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_clone\\_to\\_git\\_id](#input\\_cd\\_deployment\\_repo\\_clone\\_to\\_git\\_id) | By default absent, else custom server GUID, or other options for 'git\\_id' field in the browser UI. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_clone_to_git_provider\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_clone\\_to\\_git\\_provider](#input\\_cd\\_deployment\\_repo\\_clone\\_to\\_git\\_provider) | By default 'hostedgit', else use 'githubconsolidated' or 'gitlab'. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_existing_branch\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_existing\\_branch](#input\\_cd\\_deployment\\_repo\\_existing\\_branch) | Used when deployment\\_repo\\_existing\\_url is provided, the default branch that is by the CD build, usually either main or master. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_existing_git_id\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_existing\\_git\\_id](#input\\_cd\\_deployment\\_repo\\_existing\\_git\\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_existing_git_provider\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_existing\\_git\\_provider](#input\\_cd\\_deployment\\_repo\\_existing\\_git\\_provider) | Git provider for the deployment repo. If not set will default to `hostedgit`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_existing_url\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_existing\\_url](#input\\_cd\\_deployment\\_repo\\_existing\\_url) | Override to bring your own existing deployment repository URL, which is used directly instead of cloning the default deployment sample. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cd\\_deployment\\_repo\\_git\\_token\\_secret\\_crn) | The CRN for the Deployment repository Git Token. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_git\\_token\\_secret\\_name](#input\\_cd\\_deployment\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_name\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_name](#input\\_cd\\_deployment\\_repo\\_name) | The repository name. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_deployment_repo_secret_group\"\u003e\u003c/a\u003e [cd\\_deployment\\_repo\\_secret\\_group](#input\\_cd\\_deployment\\_repo\\_secret\\_group) | Secret group for the Deployment repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_doi_toolchain_id\"\u003e\u003c/a\u003e [cd\\_doi\\_toolchain\\_id](#input\\_cd\\_doi\\_toolchain\\_id) | The ID of the toolchain containing the DevOps Insights integration. This variable is used to link the DevOps Insights toolcard to a specific instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_enable_change_management_repo\"\u003e\u003c/a\u003e [cd\\_enable\\_change\\_management\\_repo](#input\\_cd\\_enable\\_change\\_management\\_repo) | Set to `true` to enable the Change Management Repo integration. | `string` | `true` | no |\n| \u003ca name=\"input_cd_enable_key_protect\"\u003e\u003c/a\u003e [cd\\_enable\\_key\\_protect](#input\\_cd\\_enable\\_key\\_protect) | Set to `true` to the enable Key Protect integrations. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_enable_pipeline_notifications\"\u003e\u003c/a\u003e [cd\\_enable\\_pipeline\\_notifications](#input\\_cd\\_enable\\_pipeline\\_notifications) | When enabled, pipeline run events will be sent to the Event Notifications and Slack integrations in the enclosing toolchain. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_enable_secrets_manager\"\u003e\u003c/a\u003e [cd\\_enable\\_secrets\\_manager](#input\\_cd\\_enable\\_secrets\\_manager) | Set to `true` to enable the Secrets Manager integrations. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_enable_slack\"\u003e\u003c/a\u003e [cd\\_enable\\_slack](#input\\_cd\\_enable\\_slack) | Set to `true` to create the Slack toolchain integration. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_event_notifications_crn\"\u003e\u003c/a\u003e [cd\\_event\\_notifications\\_crn](#input\\_cd\\_event\\_notifications\\_crn) | Set the Event Notifications CRN to create an Events Notification integration. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_evidence_group\"\u003e\u003c/a\u003e [cd\\_evidence\\_group](#input\\_cd\\_evidence\\_group) | Specify the Git user or group for the evidence repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_evidence_repo_auth_type\"\u003e\u003c/a\u003e [cd\\_evidence\\_repo\\_auth\\_type](#input\\_cd\\_evidence\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_evidence_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cd\\_evidence\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cd\\_evidence\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Evidence repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_evidence_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cd\\_evidence\\_repo\\_git\\_token\\_secret\\_name](#input\\_cd\\_evidence\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the evidence repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_evidence_repo_secret_group\"\u003e\u003c/a\u003e [cd\\_evidence\\_repo\\_secret\\_group](#input\\_cd\\_evidence\\_repo\\_secret\\_group) | Secret group for the Evidence repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_inventory_group\"\u003e\u003c/a\u003e [cd\\_inventory\\_group](#input\\_cd\\_inventory\\_group) | Specify the Git user or group for the inventory repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_inventory_repo_auth_type\"\u003e\u003c/a\u003e [cd\\_inventory\\_repo\\_auth\\_type](#input\\_cd\\_inventory\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_inventory_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cd\\_inventory\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cd\\_inventory\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Inventory repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_inventory_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cd\\_inventory\\_repo\\_git\\_token\\_secret\\_name](#input\\_cd\\_inventory\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the inventory repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_inventory_repo_secret_group\"\u003e\u003c/a\u003e [cd\\_inventory\\_repo\\_secret\\_group](#input\\_cd\\_inventory\\_repo\\_secret\\_group) | Secret group for the Inventory repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_issues_group\"\u003e\u003c/a\u003e [cd\\_issues\\_group](#input\\_cd\\_issues\\_group) | Specify the Git user or group for the issues repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_issues_repo_auth_type\"\u003e\u003c/a\u003e [cd\\_issues\\_repo\\_auth\\_type](#input\\_cd\\_issues\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_issues_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cd\\_issues\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cd\\_issues\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Issues repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_issues_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cd\\_issues\\_repo\\_git\\_token\\_secret\\_name](#input\\_cd\\_issues\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the issues repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_issues_repo_secret_group\"\u003e\u003c/a\u003e [cd\\_issues\\_repo\\_secret\\_group](#input\\_cd\\_issues\\_repo\\_secret\\_group) | Secret group for the Issues repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_kp_location\"\u003e\u003c/a\u003e [cd\\_kp\\_location](#input\\_cd\\_kp\\_location) | The region hosting the Key Protect instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_kp_name\"\u003e\u003c/a\u003e [cd\\_kp\\_name](#input\\_cd\\_kp\\_name) | Name of the Key Protect instance where the secrets are stored. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_kp_resource_group\"\u003e\u003c/a\u003e [cd\\_kp\\_resource\\_group](#input\\_cd\\_kp\\_resource\\_group) | The resource group containing the Key Protect instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_link_to_doi_toolchain\"\u003e\u003c/a\u003e [cd\\_link\\_to\\_doi\\_toolchain](#input\\_cd\\_link\\_to\\_doi\\_toolchain) | Enable a link to a DevOps Insights instance in another toolchain, true or false. | `bool` | `true` | no |\n| \u003ca name=\"input_cd_locked_properties\"\u003e\u003c/a\u003e [cd\\_locked\\_properties](#input\\_cd\\_locked\\_properties) | List of default locked properties | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"allow_test_servicenow\",\u003cbr/\u003e  \"app-concurrency\",\u003cbr/\u003e  \"app-deployment-timeout\",\u003cbr/\u003e  \"app-max-scale\",\u003cbr/\u003e  \"app-min-scale\",\u003cbr/\u003e  \"app-port\",\u003cbr/\u003e  \"app-visibility\",\u003cbr/\u003e  \"artifact-signature-verification\",\u003cbr/\u003e  \"change-management-repo\",\u003cbr/\u003e  \"cluster\",\u003cbr/\u003e  \"cluster-namespace\",\u003cbr/\u003e  \"cluster-region\",\u003cbr/\u003e  \"code-engine-binding-resource-group\",\u003cbr/\u003e  \"code-engine-deployment-type\",\u003cbr/\u003e  \"code-engine-project\",\u003cbr/\u003e  \"code-engine-region\",\u003cbr/\u003e  \"code-engine-resource-group\",\u003cbr/\u003e  \"code-signing-certificate\",\u003cbr/\u003e  \"compliance-baseimage\",\u003cbr/\u003e  \"cos-api-key\",\u003cbr/\u003e  \"cos-bucket-name\",\u003cbr/\u003e  \"cos-endpoint\",\u003cbr/\u003e  \"cpu\",\u003cbr/\u003e  \"cra-bom-generate\",\u003cbr/\u003e  \"cra-deploy-analysis\",\u003cbr/\u003e  \"cra-vulnerability-scan\",\u003cbr/\u003e  \"doi-environment\",\u003cbr/\u003e  \"doi-ibmcloud-api-key\",\u003cbr/\u003e  \"doi-toolchain-id\",\u003cbr/\u003e  \"emergency-label\",\u003cbr/\u003e  \"env-from-configmaps\",\u003cbr/\u003e  \"env-from-secrets\",\u003cbr/\u003e  \"ephemeral-storage\",\u003cbr/\u003e  \"event-notifications\",\u003cbr/\u003e  \"evidence-repo\",\u003cbr/\u003e  \"git-token\",\u003cbr/\u003e  \"ibmcloud-api\",\u003cbr/\u003e  \"ibmcloud-api-key\",\u003cbr/\u003e  \"incident-repo\",\u003cbr/\u003e  \"inventory-repo\",\u003cbr/\u003e  \"job-instances\",\u003cbr/\u003e  \"job-maxexecutiontime\",\u003cbr/\u003e  \"job-retrylimit\",\u003cbr/\u003e  \"memory\",\u003cbr/\u003e  \"pipeline-config\",\u003cbr/\u003e  \"pipeline-config-branch\",\u003cbr/\u003e  \"pipeline-config-repo\",\u003cbr/\u003e  \"pnp-ibmcloud-api\",\u003cbr/\u003e  \"pnp-ibmcloud-api-key\",\u003cbr/\u003e  \"pre-prod-evidence-collection\",\u003cbr/\u003e  \"remove-unspecified-references-to-configuration-resources\",\u003cbr/\u003e  \"service-bindings\",\u003cbr/\u003e  \"servicenow-api-base-url\",\u003cbr/\u003e  \"servicenow-crn-mask\",\u003cbr/\u003e  \"slack-notifications\",\u003cbr/\u003e  \"version\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_cd_pipeline_config_group\"\u003e\u003c/a\u003e [cd\\_pipeline\\_config\\_group](#input\\_cd\\_pipeline\\_config\\_group) | Specify the Git user or group for the compliance pipeline repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_config_repo_auth_type\"\u003e\u003c/a\u003e [cd\\_pipeline\\_config\\_repo\\_auth\\_type](#input\\_cd\\_pipeline\\_config\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_config_repo_branch\"\u003e\u003c/a\u003e [cd\\_pipeline\\_config\\_repo\\_branch](#input\\_cd\\_pipeline\\_config\\_repo\\_branch) | Specify the branch containing the custom pipeline-config.yaml file. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_config_repo_clone_from_url\"\u003e\u003c/a\u003e [cd\\_pipeline\\_config\\_repo\\_clone\\_from\\_url](#input\\_cd\\_pipeline\\_config\\_repo\\_clone\\_from\\_url) | Specify a repository containing a custom pipeline-config.yaml file. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_config_repo_existing_url\"\u003e\u003c/a\u003e [cd\\_pipeline\\_config\\_repo\\_existing\\_url](#input\\_cd\\_pipeline\\_config\\_repo\\_existing\\_url) | Specify a repository containing a custom pipeline-config.yaml file. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_config_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [cd\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_crn](#input\\_cd\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token for accessing the pipeline config repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_config_repo_git_token_secret_name\"\u003e\u003c/a\u003e [cd\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_name](#input\\_cd\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the pipeline config repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_config_repo_secret_group\"\u003e\u003c/a\u003e [cd\\_pipeline\\_config\\_repo\\_secret\\_group](#input\\_cd\\_pipeline\\_config\\_repo\\_secret\\_group) | Secret group for the Pipeline Config repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_doi_api_key_secret_crn\"\u003e\u003c/a\u003e [cd\\_pipeline\\_doi\\_api\\_key\\_secret\\_crn](#input\\_cd\\_pipeline\\_doi\\_api\\_key\\_secret\\_crn) | The CRN of the DOI (DevOps Insights) apikey used for accessing a specific toolchain Insights instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_doi_api_key_secret_group\"\u003e\u003c/a\u003e [cd\\_pipeline\\_doi\\_api\\_key\\_secret\\_group](#input\\_cd\\_pipeline\\_doi\\_api\\_key\\_secret\\_group) | Secret group for the pipeline DOI api key. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_doi_api_key_secret_name\"\u003e\u003c/a\u003e [cd\\_pipeline\\_doi\\_api\\_key\\_secret\\_name](#input\\_cd\\_pipeline\\_doi\\_api\\_key\\_secret\\_name) | Name of the Cloud API key secret in the secret provider to access the toolchain containing the Devops Insights instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_git_tag\"\u003e\u003c/a\u003e [cd\\_pipeline\\_git\\_tag](#input\\_cd\\_pipeline\\_git\\_tag) | The GIT tag selector for the Compliance Pipelines definitions. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_ibmcloud_api_key_secret_crn\"\u003e\u003c/a\u003e [cd\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_crn](#input\\_cd\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_crn) | The CRN of the IBMCloud apikey used for running the pipelines. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_ibmcloud_api_key_secret_group\"\u003e\u003c/a\u003e [cd\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_group](#input\\_cd\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_group) | Secret group for the pipeline ibmcloud API key secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_ibmcloud_api_key_secret_name\"\u003e\u003c/a\u003e [cd\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_name](#input\\_cd\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_name) | Name of the Cloud API key secret in the secret provider for running the pipelines. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_properties\"\u003e\u003c/a\u003e [cd\\_pipeline\\_properties](#input\\_cd\\_pipeline\\_properties) | This JSON represents the pipeline properties belonging to the CD pipeline in the CD toolchain. Each element in the JSON represents a separate pipeline property. Three attributes are required to create a property. These are the `name` field (how the name appears in the pipeline properties), the `type` (text, secure and enum) and then the `value`. Do not put secrets directly into JSON for the `secure` type, instead the value for a `secret` type should be a CRN to a secret in the configured secrets provider or a secret reference to a secret in the configured secrets provider. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_pipeline_properties_filepath\"\u003e\u003c/a\u003e [cd\\_pipeline\\_properties\\_filepath](#input\\_cd\\_pipeline\\_properties\\_filepath) | The path to the file containing the property JSON. If this is not set and `cd_pipeline_properties` is not set, it will by default read the `properties.json` file at the root of the CD module. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_privateworker_credentials_secret_crn\"\u003e\u003c/a\u003e [cd\\_privateworker\\_credentials\\_secret\\_crn](#input\\_cd\\_privateworker\\_credentials\\_secret\\_crn) | The CRN of the private worker service apikey that runs the pipeline tasks. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_region\"\u003e\u003c/a\u003e [cd\\_region](#input\\_cd\\_region) | IBM Cloud region used to prefix the `prod_latest` inventory repository branch. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_repositories_prefix\"\u003e\u003c/a\u003e [cd\\_repositories\\_prefix](#input\\_cd\\_repositories\\_prefix) | Prefix name for the cloned compliance repos. For the repositories\\_prefix value only a-z, A-Z and 0-9 and the special characters `-_` are allowed. In addition the string must not end with a special character or have two consecutive special characters. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_repository_properties\"\u003e\u003c/a\u003e [cd\\_repository\\_properties](#input\\_cd\\_repository\\_properties) | Stringified JSON containing the repositories and triggers that get created in the CI toolchain pipelines. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_repository_properties_filepath\"\u003e\u003c/a\u003e [cd\\_repository\\_properties\\_filepath](#input\\_cd\\_repository\\_properties\\_filepath) | The path to the file containing the repository and triggers JSON. If this is not set, it will by default read the `repositories.json` file at the root of the module. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_scc_integration_name\"\u003e\u003c/a\u003e [cd\\_scc\\_integration\\_name](#input\\_cd\\_scc\\_integration\\_name) | The name of the SCC integration. | `string` | `\"Security and Compliance\"` | no |\n| \u003ca name=\"input_cd_scc_use_profile_attachment\"\u003e\u003c/a\u003e [cd\\_scc\\_use\\_profile\\_attachment](#input\\_cd\\_scc\\_use\\_profile\\_attachment) | Set to `enabled` to enable use profile with attachment, so that the scripts in the pipeline can interact with the Security and Compliance Center service. When enabled, other parameters become relevant; `scc_scc_api_key_secret_name`, `scc_instance_crn`, `scc_profile_name`, `scc_profile_version`, `scc_attachment_id`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_service_plan\"\u003e\u003c/a\u003e [cd\\_service\\_plan](#input\\_cd\\_service\\_plan) | The Continuous Delivery service plan. Can be `lite` or `professional`. | `string` | `\"professional\"` | no |\n| \u003ca name=\"input_cd_slack_channel_name\"\u003e\u003c/a\u003e [cd\\_slack\\_channel\\_name](#input\\_cd\\_slack\\_channel\\_name) | The name of the Slack channel where notifications are posted. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_slack_pipeline_fail\"\u003e\u003c/a\u003e [cd\\_slack\\_pipeline\\_fail](#input\\_cd\\_slack\\_pipeline\\_fail) | Set to `true` to generate pipeline failed notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_cd_slack_pipeline_start\"\u003e\u003c/a\u003e [cd\\_slack\\_pipeline\\_start](#input\\_cd\\_slack\\_pipeline\\_start) | Set to `true` to generate pipeline start notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_cd_slack_pipeline_success\"\u003e\u003c/a\u003e [cd\\_slack\\_pipeline\\_success](#input\\_cd\\_slack\\_pipeline\\_success) | Set to `true` to generate pipeline succeeded notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_cd_slack_team_name\"\u003e\u003c/a\u003e [cd\\_slack\\_team\\_name](#input\\_cd\\_slack\\_team\\_name) | The Slack team name, which is the word or phrase before .slack.com in the team URL. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_slack_toolchain_bind\"\u003e\u003c/a\u003e [cd\\_slack\\_toolchain\\_bind](#input\\_cd\\_slack\\_toolchain\\_bind) | Set to `true` to Generate tool added to toolchain notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_cd_slack_toolchain_unbind\"\u003e\u003c/a\u003e [cd\\_slack\\_toolchain\\_unbind](#input\\_cd\\_slack\\_toolchain\\_unbind) | Set to `true` to generate tool removed from toolchain notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_cd_slack_webhook_secret_crn\"\u003e\u003c/a\u003e [cd\\_slack\\_webhook\\_secret\\_crn](#input\\_cd\\_slack\\_webhook\\_secret\\_crn) | The CRN of the Slack webhook secret used for accessing the specified Slack channel. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_slack_webhook_secret_group\"\u003e\u003c/a\u003e [cd\\_slack\\_webhook\\_secret\\_group](#input\\_cd\\_slack\\_webhook\\_secret\\_group) | Secret group for the Slack webhook secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_slack_webhook_secret_name\"\u003e\u003c/a\u003e [cd\\_slack\\_webhook\\_secret\\_name](#input\\_cd\\_slack\\_webhook\\_secret\\_name) | Name of the webhook secret in the secret provider used for accessing the configured Slack channel. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_sm_instance_crn\"\u003e\u003c/a\u003e [cd\\_sm\\_instance\\_crn](#input\\_cd\\_sm\\_instance\\_crn) | The CRN of the Secrets Manager instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_sm_location\"\u003e\u003c/a\u003e [cd\\_sm\\_location](#input\\_cd\\_sm\\_location) | The region hosting the Secrets Manager instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_sm_name\"\u003e\u003c/a\u003e [cd\\_sm\\_name](#input\\_cd\\_sm\\_name) | The name of an existing Secrets Manager instance where the secrets are stored. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_sm_resource_group\"\u003e\u003c/a\u003e [cd\\_sm\\_resource\\_group](#input\\_cd\\_sm\\_resource\\_group) | The name of the existing resource group containing the Secrets Manager instance for your secrets. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_sm_secret_group\"\u003e\u003c/a\u003e [cd\\_sm\\_secret\\_group](#input\\_cd\\_sm\\_secret\\_group) | The Secrets Manager secret group containing the secrets for the DevSecOps pipelines. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_toolchain_description\"\u003e\u003c/a\u003e [cd\\_toolchain\\_description](#input\\_cd\\_toolchain\\_description) | Description for the CD toolchain. | `string` | `\"Toolchain created with terraform template for DevSecOps CD Best Practices.\"` | no |\n| \u003ca name=\"input_cd_toolchain_name\"\u003e\u003c/a\u003e [cd\\_toolchain\\_name](#input\\_cd\\_toolchain\\_name) | The name of the CD Toolchain. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_toolchain_region\"\u003e\u003c/a\u003e [cd\\_toolchain\\_region](#input\\_cd\\_toolchain\\_region) | The region containing the CD toolchain. Use the short form of the regions. For example `us-south`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_toolchain_resource_group\"\u003e\u003c/a\u003e [cd\\_toolchain\\_resource\\_group](#input\\_cd\\_toolchain\\_resource\\_group) | Resource group within which the toolchain is created. | `string` | `\"\"` | no |\n| \u003ca name=\"input_cd_trigger_git_enable\"\u003e\u003c/a\u003e [cd\\_trigger\\_git\\_enable](#input\\_cd\\_trigger\\_git\\_enable) | Set to `true` to enable the CD pipeline Git trigger. | `bool` | `false` | no |\n| \u003ca name=\"input_cd_trigger_git_name\"\u003e\u003c/a\u003e [cd\\_trigger\\_git\\_name](#input\\_cd\\_trigger\\_git\\_name) | The name of the CD pipeline GIT trigger. | `string` | `\"Git CD Trigger\"` | no |\n| \u003ca name=\"input_cd_trigger_git_promotion_validation_branch\"\u003e\u003c/a\u003e [cd\\_trigger\\_git\\_promotion\\_validation\\_branch](#input\\_cd\\_trigger\\_git\\_promotion\\_validation\\_branch) | Branch for Git promotion validation listener. | `string` | `\"prod\"` | no |\n| \u003ca name=\"input_cd_trigger_git_promotion_validation_enable\"\u003e\u003c/a\u003e [cd\\_trigger\\_git\\_promotion\\_validation\\_enable](#input\\_cd\\_trigger\\_git\\_promotion\\_validation\\_enable) | Enable Git promotion validation for Git promotion listener. | `bool` | `false` | no |\n| \u003ca name=\"input_cd_trigger_git_promotion_validation_listener\"\u003e\u003c/a\u003e [cd\\_trigger\\_git\\_promotion\\_validation\\_listener](#input\\_cd\\_trigger\\_git\\_promotion\\_validation\\_listener) | Select a Tekton EventListener to use when Git promotion validation listener trigger is fired. | `string` | `\"promotion-validation-listener-gitlab\"` | no |\n| \u003ca name=\"input_cd_trigger_git_promotion_validation_name\"\u003e\u003c/a\u003e [cd\\_trigger\\_git\\_promotion\\_validation\\_name](#input\\_cd\\_trigger\\_git\\_promotion\\_validation\\_name) | Name of Git Promotion Validation Trigger | `string` | `\"Git Promotion Validation Trigger\"` | no |\n| \u003ca name=\"input_cd_trigger_manual_enable\"\u003e\u003c/a\u003e [cd\\_trigger\\_manual\\_enable](#input\\_cd\\_trigger\\_manual\\_enable) | Set to `true` to enable the CD pipeline Manual trigger. | `bool` | `true` | no |\n| \u003ca name=\"input_cd_trigger_manual_name\"\u003e\u003c/a\u003e [cd\\_trigger\\_manual\\_name](#input\\_cd\\_trigger\\_manual\\_name) | The name of the CI pipeline Manual trigger. | `string` | `\"Manual CD Trigger\"` | no |\n| \u003ca name=\"input_cd_trigger_manual_promotion_enable\"\u003e\u003c/a\u003e [cd\\_trigger\\_manual\\_promotion\\_enable](#input\\_cd\\_trigger\\_manual\\_promotion\\_enable) | Set to `true` to enable the CD pipeline Manual Promotion trigger. | `bool` | `true` | no |\n| \u003ca name=\"input_cd_trigger_manual_promotion_name\"\u003e\u003c/a\u003e [cd\\_trigger\\_manual\\_promotion\\_name](#input\\_cd\\_trigger\\_manual\\_promotion\\_name) | The name of the CD pipeline Manual Promotion trigger. | `string` | `\"Manual Promotion Trigger\"` | no |\n| \u003ca name=\"input_cd_trigger_timed_cron_schedule\"\u003e\u003c/a\u003e [cd\\_trigger\\_timed\\_cron\\_schedule](#input\\_cd\\_trigger\\_timed\\_cron\\_schedule) | Only needed for timer triggers. Cron expression that indicates when this trigger will activate. Maximum frequency is every 5 minutes. The string is based on UNIX crontab syntax: minute, hour, day of month, month, day of week. Example: 0 *\\_/2 * * * - every 2 hours. | `string` | `\"0 4 * * *\"` | no |\n| \u003ca name=\"input_cd_trigger_timed_enable\"\u003e\u003c/a\u003e [cd\\_trigger\\_timed\\_enable](#input\\_cd\\_trigger\\_timed\\_enable) | Set to `true` to enable the CD pipeline Timed trigger. | `bool` | `false` | no |\n| \u003ca name=\"input_cd_trigger_timed_name\"\u003e\u003c/a\u003e [cd\\_trigger\\_timed\\_name](#input\\_cd\\_trigger\\_timed\\_name) | The name of the CD pipeline Timed trigger. | `string` | `\"Git CD Timed Trigger\"` | no |\n| \u003ca name=\"input_change_management_existing_url\"\u003e\u003c/a\u003e [change\\_management\\_existing\\_url](#input\\_change\\_management\\_existing\\_url) | The URL for an existing Change Management repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_change_management_repo_git_id\"\u003e\u003c/a\u003e [change\\_management\\_repo\\_git\\_id](#input\\_change\\_management\\_repo\\_git\\_id) | Set this value to `github` for github.com, or to the ID of a custom GitHub Enterprise server. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_group\"\u003e\u003c/a\u003e [ci\\_app\\_group](#input\\_ci\\_app\\_group) | Specify the Git user or group for the application repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_name\"\u003e\u003c/a\u003e [ci\\_app\\_name](#input\\_ci\\_app\\_name) | Name of the application image and inventory entry. | `string` | `\"hello-compliance-app\"` | no |\n| \u003ca name=\"input_ci_app_repo_auth_type\"\u003e\u003c/a\u003e [ci\\_app\\_repo\\_auth\\_type](#input\\_ci\\_app\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_repo_branch\"\u003e\u003c/a\u003e [ci\\_app\\_repo\\_branch](#input\\_ci\\_app\\_repo\\_branch) | This is the repository branch used by the default sample application. Alternatively if `app_repo_existing_url` is provided, then the branch must reflect the default branch for that repository. Typically these branches are `main` or `master`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_repo_clone_from_url\"\u003e\u003c/a\u003e [ci\\_app\\_repo\\_clone\\_from\\_url](#input\\_ci\\_app\\_repo\\_clone\\_from\\_url) | Override the default sample app by providing your own sample app URL, which is cloned into the app repository. Note, uses `clone_if_not_exists` mode, so if the app repository already exists the repository contents are unchanged. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_repo_clone_to_git_id\"\u003e\u003c/a\u003e [ci\\_app\\_repo\\_clone\\_to\\_git\\_id](#input\\_ci\\_app\\_repo\\_clone\\_to\\_git\\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_repo_clone_to_git_provider\"\u003e\u003c/a\u003e [ci\\_app\\_repo\\_clone\\_to\\_git\\_provider](#input\\_ci\\_app\\_repo\\_clone\\_to\\_git\\_provider) | By default this gets set as 'hostedgit', else set to 'githubconsolidated' for GitHub repositories. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_repo_existing_git_id\"\u003e\u003c/a\u003e [ci\\_app\\_repo\\_existing\\_git\\_id](#input\\_ci\\_app\\_repo\\_existing\\_git\\_id) | Set this value to `github` for github.com, or to the GUID of a custom GitHub Enterprise server. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_repo_existing_git_provider\"\u003e\u003c/a\u003e [ci\\_app\\_repo\\_existing\\_git\\_provider](#input\\_ci\\_app\\_repo\\_existing\\_git\\_provider) | Git provider for application repo. If not set will default to `hostedgit`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_repo_existing_url\"\u003e\u003c/a\u003e [ci\\_app\\_repo\\_existing\\_url](#input\\_ci\\_app\\_repo\\_existing\\_url) | Bring your own existing application repository by providing the URL. This will create an integration for your application repository instead of cloning the default sample. Repositories existing in a different org will require the use of Git token. See `app_repo_git_token_secret_name` under optional variables. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [ci\\_app\\_repo\\_git\\_token\\_secret\\_crn](#input\\_ci\\_app\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the application repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_repo_git_token_secret_name\"\u003e\u003c/a\u003e [ci\\_app\\_repo\\_git\\_token\\_secret\\_name](#input\\_ci\\_app\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the sample (or bring your own) application repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_app_repo_secret_group\"\u003e\u003c/a\u003e [ci\\_app\\_repo\\_secret\\_group](#input\\_ci\\_app\\_repo\\_secret\\_group) | Secret group for the App repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_artifactory_token_secret_crn\"\u003e\u003c/a\u003e [ci\\_artifactory\\_token\\_secret\\_crn](#input\\_ci\\_artifactory\\_token\\_secret\\_crn) | The CRN for the Artifactory access secret. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_authorization_policy_creation\"\u003e\u003c/a\u003e [ci\\_authorization\\_policy\\_creation](#input\\_ci\\_authorization\\_policy\\_creation) | Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_cluster_name\"\u003e\u003c/a\u003e [ci\\_cluster\\_name](#input\\_ci\\_cluster\\_name) | Name of the cluster where the application is deployed. (can be the same cluster used for prod) | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_cluster_namespace\"\u003e\u003c/a\u003e [ci\\_cluster\\_namespace](#input\\_ci\\_cluster\\_namespace) | Name of the cluster namespace where the application is deployed. | `string` | `\"dev\"` | no |\n| \u003ca name=\"input_ci_cluster_region\"\u003e\u003c/a\u003e [ci\\_cluster\\_region](#input\\_ci\\_cluster\\_region) | Region hosting the cluster where the application is deployed. Use the short form of the regions. For example `us-south`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_cluster_resource_group\"\u003e\u003c/a\u003e [ci\\_cluster\\_resource\\_group](#input\\_ci\\_cluster\\_resource\\_group) | The cluster resource group. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_code_engine_project\"\u003e\u003c/a\u003e [ci\\_code\\_engine\\_project](#input\\_ci\\_code\\_engine\\_project) | The name of the Code Engine project to use. | `string` | `\"DevSecOps_CE\"` | no |\n| \u003ca name=\"input_ci_code_engine_region\"\u003e\u003c/a\u003e [ci\\_code\\_engine\\_region](#input\\_ci\\_code\\_engine\\_region) | The region to create/lookup for the Code Engine project. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_code_engine_resource_group\"\u003e\u003c/a\u003e [ci\\_code\\_engine\\_resource\\_group](#input\\_ci\\_code\\_engine\\_resource\\_group) | The resource group of the Code Engine project. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_compliance_pipeline_branch\"\u003e\u003c/a\u003e [ci\\_compliance\\_pipeline\\_branch](#input\\_ci\\_compliance\\_pipeline\\_branch) | The CI Pipeline Compliance Pipeline branch. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_compliance_pipeline_group\"\u003e\u003c/a\u003e [ci\\_compliance\\_pipeline\\_group](#input\\_ci\\_compliance\\_pipeline\\_group) | Specify the Git user or group for the compliance pipeline repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_compliance_pipeline_pr_branch\"\u003e\u003c/a\u003e [ci\\_compliance\\_pipeline\\_pr\\_branch](#input\\_ci\\_compliance\\_pipeline\\_pr\\_branch) | The PR Pipeline Compliance Pipeline branch. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_compliance_pipeline_repo_auth_type\"\u003e\u003c/a\u003e [ci\\_compliance\\_pipeline\\_repo\\_auth\\_type](#input\\_ci\\_compliance\\_pipeline\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_compliance_pipeline_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [ci\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_crn](#input\\_ci\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Compliance Pipelines repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_compliance_pipeline_repo_git_token_secret_name\"\u003e\u003c/a\u003e [ci\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_name](#input\\_ci\\_compliance\\_pipeline\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the compliance pipelines repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_compliance_pipeline_repo_secret_group\"\u003e\u003c/a\u003e [ci\\_compliance\\_pipeline\\_repo\\_secret\\_group](#input\\_ci\\_compliance\\_pipeline\\_repo\\_secret\\_group) | Secret group for the Compliance Pipeline repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_cos_api_key_secret_crn\"\u003e\u003c/a\u003e [ci\\_cos\\_api\\_key\\_secret\\_crn](#input\\_ci\\_cos\\_api\\_key\\_secret\\_crn) | The CRN of the Cloud Object Storage apikey. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_cos_api_key_secret_group\"\u003e\u003c/a\u003e [ci\\_cos\\_api\\_key\\_secret\\_group](#input\\_ci\\_cos\\_api\\_key\\_secret\\_group) | Secret group for the COS API key secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_cos_api_key_secret_name\"\u003e\u003c/a\u003e [ci\\_cos\\_api\\_key\\_secret\\_name](#input\\_ci\\_cos\\_api\\_key\\_secret\\_name) | Name of the Cloud Object Storage API key secret in the secret provider used for accessing the evidence COS bucket. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_cos_bucket_name\"\u003e\u003c/a\u003e [ci\\_cos\\_bucket\\_name](#input\\_ci\\_cos\\_bucket\\_name) | The name of the Cloud Object Storage bucket used for storing the evidence. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_cos_endpoint\"\u003e\u003c/a\u003e [ci\\_cos\\_endpoint](#input\\_ci\\_cos\\_endpoint) | The endpoint for the Cloud Object Storage instance containing the evidence bucket. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_doi_toolchain_id\"\u003e\u003c/a\u003e [ci\\_doi\\_toolchain\\_id](#input\\_ci\\_doi\\_toolchain\\_id) | The ID of the toolchain containing the DevOps Insights integration. This variable is used to link the DevOps Insights toolcard to a specific instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_doi_toolchain_id_pipeline_property\"\u003e\u003c/a\u003e [ci\\_doi\\_toolchain\\_id\\_pipeline\\_property](#input\\_ci\\_doi\\_toolchain\\_id\\_pipeline\\_property) | The pipeline property for the DevOps Insights instance toolchain ID. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_enable_key_protect\"\u003e\u003c/a\u003e [ci\\_enable\\_key\\_protect](#input\\_ci\\_enable\\_key\\_protect) | Set to `true` to the enable Key Protect integrations. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_enable_pipeline_notifications\"\u003e\u003c/a\u003e [ci\\_enable\\_pipeline\\_notifications](#input\\_ci\\_enable\\_pipeline\\_notifications) | When enabled, pipeline run events will be sent to the Event Notifications and Slack integrations in the enclosing toolchain. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_enable_secrets_manager\"\u003e\u003c/a\u003e [ci\\_enable\\_secrets\\_manager](#input\\_ci\\_enable\\_secrets\\_manager) | Set to `true` to enable the Secrets Manager integrations. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_enable_slack\"\u003e\u003c/a\u003e [ci\\_enable\\_slack](#input\\_ci\\_enable\\_slack) | Set to `true` to create the Slack toolchain integration. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_event_notifications_crn\"\u003e\u003c/a\u003e [ci\\_event\\_notifications\\_crn](#input\\_ci\\_event\\_notifications\\_crn) | Set the Event Notifications CRN to create an Events Notification integration. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_evidence_group\"\u003e\u003c/a\u003e [ci\\_evidence\\_group](#input\\_ci\\_evidence\\_group) | Specify the Git user or group for the evidence repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_evidence_repo_auth_type\"\u003e\u003c/a\u003e [ci\\_evidence\\_repo\\_auth\\_type](#input\\_ci\\_evidence\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_evidence_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [ci\\_evidence\\_repo\\_git\\_token\\_secret\\_crn](#input\\_ci\\_evidence\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Evidence repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_evidence_repo_git_token_secret_name\"\u003e\u003c/a\u003e [ci\\_evidence\\_repo\\_git\\_token\\_secret\\_name](#input\\_ci\\_evidence\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the evidence repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_evidence_repo_secret_group\"\u003e\u003c/a\u003e [ci\\_evidence\\_repo\\_secret\\_group](#input\\_ci\\_evidence\\_repo\\_secret\\_group) | Secret group for the Evidence repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_inventory_group\"\u003e\u003c/a\u003e [ci\\_inventory\\_group](#input\\_ci\\_inventory\\_group) | Specify the Git user or group for the inventory repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_inventory_repo_auth_type\"\u003e\u003c/a\u003e [ci\\_inventory\\_repo\\_auth\\_type](#input\\_ci\\_inventory\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_inventory_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [ci\\_inventory\\_repo\\_git\\_token\\_secret\\_crn](#input\\_ci\\_inventory\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Inventory repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_inventory_repo_git_token_secret_name\"\u003e\u003c/a\u003e [ci\\_inventory\\_repo\\_git\\_token\\_secret\\_name](#input\\_ci\\_inventory\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the inventory repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_inventory_repo_secret_group\"\u003e\u003c/a\u003e [ci\\_inventory\\_repo\\_secret\\_group](#input\\_ci\\_inventory\\_repo\\_secret\\_group) | Secret group for the Inventory repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_issues_group\"\u003e\u003c/a\u003e [ci\\_issues\\_group](#input\\_ci\\_issues\\_group) | Specify the Git user or group for the issues repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_issues_repo_auth_type\"\u003e\u003c/a\u003e [ci\\_issues\\_repo\\_auth\\_type](#input\\_ci\\_issues\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_issues_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [ci\\_issues\\_repo\\_git\\_token\\_secret\\_crn](#input\\_ci\\_issues\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token used for accessing the Issues repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_issues_repo_git_token_secret_name\"\u003e\u003c/a\u003e [ci\\_issues\\_repo\\_git\\_token\\_secret\\_name](#input\\_ci\\_issues\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the issues repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_issues_repo_secret_group\"\u003e\u003c/a\u003e [ci\\_issues\\_repo\\_secret\\_group](#input\\_ci\\_issues\\_repo\\_secret\\_group) | Secret group for the Issues repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_kp_location\"\u003e\u003c/a\u003e [ci\\_kp\\_location](#input\\_ci\\_kp\\_location) | The region hosting the Key Protect instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_kp_name\"\u003e\u003c/a\u003e [ci\\_kp\\_name](#input\\_ci\\_kp\\_name) | Name of the Key Protect instance where the secrets are stored. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_kp_resource_group\"\u003e\u003c/a\u003e [ci\\_kp\\_resource\\_group](#input\\_ci\\_kp\\_resource\\_group) | The resource group containing the Key Protect instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_link_to_doi_toolchain\"\u003e\u003c/a\u003e [ci\\_link\\_to\\_doi\\_toolchain](#input\\_ci\\_link\\_to\\_doi\\_toolchain) | Enable a link to a DevOps Insights instance in another toolchain. | `bool` | `false` | no |\n| \u003ca name=\"input_ci_locked_properties\"\u003e\u003c/a\u003e [ci\\_locked\\_properties](#input\\_ci\\_locked\\_properties) | List of default locked properties | `list(string)` | \u003cpre\u003e[\u003cbr/\u003e  \"artifactory-dockerconfigjson\",\u003cbr/\u003e  \"cluster\",\u003cbr/\u003e  \"cluster-namespace\",\u003cbr/\u003e  \"cluster-region\",\u003cbr/\u003e  \"compliance-baseimage\",\u003cbr/\u003e  \"cos-api-key\",\u003cbr/\u003e  \"cos-bucket-name\",\u003cbr/\u003e  \"cos-endpoint\",\u003cbr/\u003e  \"cra-bom-generate\",\u003cbr/\u003e  \"cra-deploy-analysis\",\u003cbr/\u003e  \"cra-generate-cyclonedx-format\",\u003cbr/\u003e  \"cra-vulnerability-scan\",\u003cbr/\u003e  \"custom-image-tag\",\u003cbr/\u003e  \"dev-region\",\u003cbr/\u003e  \"dev-resource-group\",\u003cbr/\u003e  \"doi-environment\",\u003cbr/\u003e  \"doi-ibmcloud-api-key\",\u003cbr/\u003e  \"doi-toolchain-id\",\u003cbr/\u003e  \"event-notifications\",\u003cbr/\u003e  \"evidence-repo\",\u003cbr/\u003e  \"git-token\",\u003cbr/\u003e  \"gosec-private-repository-host\",\u003cbr/\u003e  \"gosec-private-repository-ssh-key\",\u003cbr/\u003e  \"ibmcloud-api\",\u003cbr/\u003e  \"ibmcloud-api-key\",\u003cbr/\u003e  \"incident-repo\",\u003cbr/\u003e  \"inventory-repo\",\u003cbr/\u003e  \"opt-in-dynamic-api-scan\",\u003cbr/\u003e  \"opt-in-dynamic-scan\",\u003cbr/\u003e  \"opt-in-dynamic-ui-scan\",\u003cbr/\u003e  \"opt-in-gosec\",\u003cbr/\u003e  \"opt-in-sonar\",\u003cbr/\u003e  \"peer-review-compliance\",\u003cbr/\u003e  \"pipeline-config\",\u003cbr/\u003e  \"pipeline-config-branch\",\u003cbr/\u003e  \"pipeline-config-repo\",\u003cbr/\u003e  \"pipeline-dockerconfigjson\",\u003cbr/\u003e  \"print-code-signing-certificate\",\u003cbr/\u003e  \"registry-namespace\",\u003cbr/\u003e  \"registry-region\",\u003cbr/\u003e  \"signing-key\",\u003cbr/\u003e  \"slack-notifications\",\u003cbr/\u003e  \"sonarqube\",\u003cbr/\u003e  \"sonarqube-config\",\u003cbr/\u003e  \"version\"\u003cbr/\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_ci_pipeline_config_group\"\u003e\u003c/a\u003e [ci\\_pipeline\\_config\\_group](#input\\_ci\\_pipeline\\_config\\_group) | Specify the Git user or group for the pipeline config repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_config_repo_auth_type\"\u003e\u003c/a\u003e [ci\\_pipeline\\_config\\_repo\\_auth\\_type](#input\\_ci\\_pipeline\\_config\\_repo\\_auth\\_type) | Select the method of authentication that is used to access the Git repository. Valid values are 'oauth' or 'pat'. Defaults to `oauth` when unset. `pat` is a git `personal access token`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_config_repo_branch\"\u003e\u003c/a\u003e [ci\\_pipeline\\_config\\_repo\\_branch](#input\\_ci\\_pipeline\\_config\\_repo\\_branch) | Specify the branch containing the custom pipeline-config.yaml file. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_config_repo_clone_from_url\"\u003e\u003c/a\u003e [ci\\_pipeline\\_config\\_repo\\_clone\\_from\\_url](#input\\_ci\\_pipeline\\_config\\_repo\\_clone\\_from\\_url) | Specify a repository containing a custom pipeline-config.yaml file. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_config_repo_existing_url\"\u003e\u003c/a\u003e [ci\\_pipeline\\_config\\_repo\\_existing\\_url](#input\\_ci\\_pipeline\\_config\\_repo\\_existing\\_url) | Specify and link to an existing repository containing a custom pipeline-config.yaml file. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_config_repo_git_token_secret_crn\"\u003e\u003c/a\u003e [ci\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_crn](#input\\_ci\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_crn) | The CRN of the Git token for accessing the pipeline config repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_config_repo_git_token_secret_name\"\u003e\u003c/a\u003e [ci\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_name](#input\\_ci\\_pipeline\\_config\\_repo\\_git\\_token\\_secret\\_name) | Name of the Git token secret in the secret provider used for accessing the pipeline config repository. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_config_repo_secret_group\"\u003e\u003c/a\u003e [ci\\_pipeline\\_config\\_repo\\_secret\\_group](#input\\_ci\\_pipeline\\_config\\_repo\\_secret\\_group) | Secret group for the Pipeline Config repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_doi_api_key_secret_crn\"\u003e\u003c/a\u003e [ci\\_pipeline\\_doi\\_api\\_key\\_secret\\_crn](#input\\_ci\\_pipeline\\_doi\\_api\\_key\\_secret\\_crn) | The CRN of the DOI (DevOps Insights) apikey used for accessing a specific toolchain Insights instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_doi_api_key_secret_group\"\u003e\u003c/a\u003e [ci\\_pipeline\\_doi\\_api\\_key\\_secret\\_group](#input\\_ci\\_pipeline\\_doi\\_api\\_key\\_secret\\_group) | Secret group for the pipeline DOI api key. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_doi_api_key_secret_name\"\u003e\u003c/a\u003e [ci\\_pipeline\\_doi\\_api\\_key\\_secret\\_name](#input\\_ci\\_pipeline\\_doi\\_api\\_key\\_secret\\_name) | Name of the Cloud API key secret in the secret provider to access the toolchain containing the Devops Insights instance. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_git_tag\"\u003e\u003c/a\u003e [ci\\_pipeline\\_git\\_tag](#input\\_ci\\_pipeline\\_git\\_tag) | The GIT tag selector for the Compliance Pipelines definitions. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_ibmcloud_api_key_secret_crn\"\u003e\u003c/a\u003e [ci\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_crn](#input\\_ci\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_crn) | The CRN of the IBMCloud apikey used for running the pipelines. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_ibmcloud_api_key_secret_group\"\u003e\u003c/a\u003e [ci\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_group](#input\\_ci\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_group) | Secret group for the pipeline ibmcloud API key secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_ibmcloud_api_key_secret_name\"\u003e\u003c/a\u003e [ci\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_name](#input\\_ci\\_pipeline\\_ibmcloud\\_api\\_key\\_secret\\_name) | Name of the Cloud API key secret in the secret provider for running the pipelines. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_properties\"\u003e\u003c/a\u003e [ci\\_pipeline\\_properties](#input\\_ci\\_pipeline\\_properties) | This JSON represents the pipeline properties belonging to the both the CI and PR pipelines in the CI toolchain. Each element in the JSON represents a separate pipeline property. Three attributes are required to create a property. These are the `name` field (how the name appears in the pipeline properties), the `type` (text, secure and enum) and then the `value`. Do not put secrets directly into JSON for the `secure` type, instead the value for a `secret` type should be a CRN to a secret in the configured secrets provider or a secret reference to a secret in the configured secrets provider. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_pipeline_properties_filepath\"\u003e\u003c/a\u003e [ci\\_pipeline\\_properties\\_filepath](#input\\_ci\\_pipeline\\_properties\\_filepath) | The path to the file containing the property JSON. If this is not set and `ci_pipeline_properties` is not set, it will by default read the `properties.json` file at the root of the CI module. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_privateworker_credentials_secret_crn\"\u003e\u003c/a\u003e [ci\\_privateworker\\_credentials\\_secret\\_crn](#input\\_ci\\_privateworker\\_credentials\\_secret\\_crn) | The CRN of the private worker service apikey that runs the pipeline tasks. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_registry_region\"\u003e\u003c/a\u003e [ci\\_registry\\_region](#input\\_ci\\_registry\\_region) | The IBM Cloud Region where the IBM Cloud Container Registry namespace is to be created. Use the short form of the regions. For example `us-south`. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_repositories_prefix\"\u003e\u003c/a\u003e [ci\\_repositories\\_prefix](#input\\_ci\\_repositories\\_prefix) | Prefix name for the cloned compliance repos. For the repositories\\_prefix value only a-z, A-Z and 0-9 and the special characters `-_` are allowed. In addition the string must not end with a special character or have two consecutive special characters. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_repository_properties\"\u003e\u003c/a\u003e [ci\\_repository\\_properties](#input\\_ci\\_repository\\_properties) | Stringified JSON containing the repositories and triggers that get created in the CI toolchain pipelines. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_repository_properties_filepath\"\u003e\u003c/a\u003e [ci\\_repository\\_properties\\_filepath](#input\\_ci\\_repository\\_properties\\_filepath) | The path to a file containing the repository and triggers JSON. If this is not set, it will by default read the `repositories.json` file at the root of the CI module. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_signing_key_secret_name\"\u003e\u003c/a\u003e [ci\\_signing\\_key\\_secret\\_name](#input\\_ci\\_signing\\_key\\_secret\\_name) | Name of the signing key secret in the secret provider used for signing images/artifacts. | `string` | `\"signing-key\"` | no |\n| \u003ca name=\"input_ci_slack_channel_name\"\u003e\u003c/a\u003e [ci\\_slack\\_channel\\_name](#input\\_ci\\_slack\\_channel\\_name) | The name of the Slack channel where notifications are posted. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_slack_pipeline_fail\"\u003e\u003c/a\u003e [ci\\_slack\\_pipeline\\_fail](#input\\_ci\\_slack\\_pipeline\\_fail) | Set to `true` to generate pipeline failed notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_ci_slack_pipeline_start\"\u003e\u003c/a\u003e [ci\\_slack\\_pipeline\\_start](#input\\_ci\\_slack\\_pipeline\\_start) | Set to `true` to generate pipeline start notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_ci_slack_pipeline_success\"\u003e\u003c/a\u003e [ci\\_slack\\_pipeline\\_success](#input\\_ci\\_slack\\_pipeline\\_success) | Set to `true` to generate pipeline succeeded notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_ci_slack_team_name\"\u003e\u003c/a\u003e [ci\\_slack\\_team\\_name](#input\\_ci\\_slack\\_team\\_name) | The Slack team name, which is the word or phrase before `.slack.com` in the team URL. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_slack_toolchain_bind\"\u003e\u003c/a\u003e [ci\\_slack\\_toolchain\\_bind](#input\\_ci\\_slack\\_toolchain\\_bind) | Set to `true` to Generate tool added to toolchain notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_ci_slack_toolchain_unbind\"\u003e\u003c/a\u003e [ci\\_slack\\_toolchain\\_unbind](#input\\_ci\\_slack\\_toolchain\\_unbind) | Set to `true` to generate tool removed from toolchain notifications. | `bool` | `true` | no |\n| \u003ca name=\"input_ci_slack_webhook_secret_crn\"\u003e\u003c/a\u003e [ci\\_slack\\_webhook\\_secret\\_crn](#input\\_ci\\_slack\\_webhook\\_secret\\_crn) | The CRN of the Slack webhook secret used for accessing the specified Slack channel. | `string` | `\"\"` | no |\n| \u003ca name=\"input_ci_slack_webhook_secret_group\"\u003e\u003c/a\u003e [ci\\_slack\\_webhook\\_secret\\_group](#input\\_ci\\_slack\\_webhook\\_secret\\_group) | Secret group for the Slack webhook secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manage","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-ibm-modules%2Fterraform-ibm-devsecops-alm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fterraform-ibm-modules%2Fterraform-ibm-devsecops-alm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-ibm-modules%2Fterraform-ibm-devsecops-alm/lists"}