secureCodeBox · Weltraumschaf · Sep 21, 2023 · Sep 15, 2023 · Sep 15, 2023 · Sep 15, 2023
diff --git a/.cspell.json.license b/.cspell.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # To get started with Dependabot version updates, you'll need to specify which
 # package ecosystems to update and where the package manifests are located.
 # Please see the documentation for all configuration options:

diff --git a/.github/label-commenter-config.yml b/.github/label-commenter-config.yml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 labels:
   - name: breaking
     labeled:

diff --git a/.github/workflows/label-commenter.yml b/.github/workflows/label-commenter.yml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 name: Label Commenter
 
 on:

diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 # The CI runs on ubuntu-22.04; More info about the installed software is found here:
 # https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md

diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # This is a Github Action workflow that runs daily at 9:15 AM UTC Time.
 # It checks if any of the scanners listed in the matrix section are outdated.
 # If a scanner is outdated, it checks if a pull request to upgrade that scanner already exists.

diff --git a/.mega-linter.yml b/.mega-linter.yml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # Configuration file for MegaLinter
 # See all available variables at https://megalinter.github.io/configuration/ and in linters documentation
 

diff --git a/.prettierrc.yaml b/.prettierrc.yaml
@@ -1 +1,5 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 bracketSpacing: false
diff --git a/.python-version b/.python-version
@@ -1 +1,5 @@
-3.9.10
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+3.9.10
diff --git a/.reuse/dep5 b/.reuse/dep5
@@ -2,3 +2,7 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: secureCodeBox
 Upstream-Contact: Robert Seedorff <[email protected]>
 Source: https://github.com/secureCodeBox/secureCodeBox
+
+Files: .github/ISSUE_TEMPLATE/*.md
+Copyright: the secureCodeBox authors
+License: Apache-2.0
diff --git a/.templates/new-scanner/integration-tests/jest.config.json.license b/.templates/new-scanner/integration-tests/jest.config.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/.templates/new-scanner/parser/__testFiles__/empty.json.license b/.templates/new-scanner/parser/__testFiles__/empty.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/.templates/new-scanner/parser/__testFiles__/example.com.json.license b/.templates/new-scanner/parser/__testFiles__/example.com.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/.yamllint.yaml b/.yamllint.yaml
@@ -1,2 +1,6 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 rules:
   document-start: disable
diff --git a/UPGRADING.md b/UPGRADING.md
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 # Upgrading
 
 ## From 2.X to 3.X

diff --git a/auto-discovery/kubernetes/.helmignore b/auto-discovery/kubernetes/.helmignore
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 bin/
 config/
 controller/

diff --git a/auto-discovery/kubernetes/.vscode/launch.json.license b/auto-discovery/kubernetes/.vscode/launch.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/auto-discovery/kubernetes/.vscode/tasks.json.license b/auto-discovery/kubernetes/.vscode/tasks.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/auto-discovery/kubernetes/config/rbac/role.yaml b/auto-discovery/kubernetes/config/rbac/role.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller.go b/auto-discovery/kubernetes/controllers/container_scan_controller.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2021 iteratec GmbH
+// SPDX-FileCopyrightText: the secureCodeBox authors
 //
 // SPDX-License-Identifier: Apache-2.0
 

diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller_test.go b/auto-discovery/kubernetes/controllers/container_scan_controller_test.go
@@ -1,4 +1,4 @@
-// SPDX-FileCopyrightText: 2021 iteratec GmbH
+// SPDX-FileCopyrightText: the secureCodeBox authors
 //
 // SPDX-License-Identifier: Apache-2.0
 

diff --git a/auto-discovery/kubernetes/controllers/restart_scan.go b/auto-discovery/kubernetes/controllers/restart_scan.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package controllers
 
 import (

diff --git a/auto-discovery/kubernetes/controllers/suite_test_util.go b/auto-discovery/kubernetes/controllers/suite_test_util.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package controllers
 
 import (

diff --git a/auto-discovery/kubernetes/pkg/util/checkScanConfig.go b/auto-discovery/kubernetes/pkg/util/checkScanConfig.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package util
 
 import (

diff --git a/auto-discovery/kubernetes/pkg/util/gotemplate.go b/auto-discovery/kubernetes/pkg/util/gotemplate.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package util
 
 import (

diff --git a/auto-discovery/kubernetes/pkg/util/util_suite_test.go b/auto-discovery/kubernetes/pkg/util/util_suite_test.go
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 package util_test
 
 import (

diff --git a/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore b/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore
@@ -1,2 +1,6 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 integration-test/*
 venv/*
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile b/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 FROM python:3.11-alpine
 
 COPY requirements.txt .

diff --git a/auto-discovery/kubernetes/pull-secret-extractor/Makefile b/auto-discovery/kubernetes/pull-secret-extractor/Makefile
@@ -1,4 +1,3 @@
-
 # SPDX-FileCopyrightText: the secureCodeBox authors
 #
 # SPDX-License-Identifier: Apache-2.0

diff --git a/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py b/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 legacyDefaultDomain = "index.docker.io"
 defaultDomain = "docker.io"
 officialRepoName = "library"

diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/...iscovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js b/...iscovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js
@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 const k8s = require("@kubernetes/client-node");
 
 const kc = new k8s.KubeConfig();

diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh
@@ -1,5 +1,9 @@
 #!/bin/sh
 
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: Secret

diff --git a/auto-discovery/kubernetes/pull-secret-extractor/readme.md b/auto-discovery/kubernetes/pull-secret-extractor/readme.md
@@ -1,3 +1,9 @@
+<!--
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
 ## Usage
 The auto-discovery-secret-extraction container should be used as an initContainer to enable Trivy (or other container scan tools) to scan images from private docker registries. The container expects the imageID for which it should find the corresponding secret and the name of the temporary secret as commandline arguments. The initContainer will then read secrets mounted as a volume under `/secrets` and check which secret belongs to the domain of the provided imageID. After the correct secret is identified it will create a temporary secret which will contain the credentials of the private registry of the provided imageID. The temporary secret will have an `ownerReference` to the pod in which this container is running in. This means that the temporary secret will be automatically removed when the scan of the pod is finished.
 

diff --git a/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license b/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py b/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 import glob
 import json
 import sys

diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py b/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 from unittest import TestCase
 
 from docker_image import get_domain_from_docker_image

diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py b/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 import sys
 import unittest
 

diff --git a/...iscovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license b/...iscovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/...y/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license b/...y/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/...iscovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license b/...iscovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/bin/npm-check-updates.sh b/bin/npm-check-updates.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
+
+# SPDX-FileCopyrightText: the secureCodeBox authors
 #
+# SPDX-License-Identifier: Apache-2.0
+
 # Applies all MINOR updates to all `package.json` files using `ncu -u -t minor`
 # in the repository and updates
 # the `package-lock.json` using `npm i`

diff --git a/bin/npm-ci-all.sh b/bin/npm-ci-all.sh
@@ -1,5 +1,9 @@
 #!/usr/bin/env bash
 
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 set -euo pipefail
 
 if [ -z "${PROJECT_DIR:-}" ]; then

diff --git a/demo-targets/dummy-ssh/container/Dockerfile b/demo-targets/dummy-ssh/container/Dockerfile
@@ -1,4 +1,4 @@
-# From https://docs.docker.com/engine/examples/running_ssh_service/
+# From https://gdevillele.github.io/engine/examples/running_ssh_service/
 # This file is authored by Docker Inc. and is not covered by the Apache2 Licence by the secureCodeBox project.
 FROM ubuntu:16.04
 

diff --git a/demo-targets/old-joomla/.helmignore b/demo-targets/old-joomla/.helmignore
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.

diff --git a/demo-targets/old-joomla/templates/NOTES.txt b/demo-targets/old-joomla/templates/NOTES.txt
@@ -1,3 +1,8 @@
+{{- /*
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+*/}}
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}

diff --git a/demo-targets/old-joomla/templates/service.yaml b/demo-targets/old-joomla/templates/service.yaml
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 apiVersion: v1
 kind: Service
 metadata:

diff --git a/demo-targets/old-joomla/templates/tests/test-connection.yaml b/demo-targets/old-joomla/templates/tests/test-connection.yaml
@@ -1,3 +1,6 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
 apiVersion: v1
 kind: Pod
 metadata:

diff --git a/demo-targets/old-typo3/.helmignore b/demo-targets/old-typo3/.helmignore
@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: the secureCodeBox authors
+#
+# SPDX-License-Identifier: Apache-2.0
+
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.

diff --git a/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php b/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php
@@ -1,4 +1,9 @@
 <?php
+
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 return [
     'BE' => [
         'debug' => false,

diff --git a/demo-targets/old-typo3/container/typo3conf/PackageStates.php b/demo-targets/old-typo3/container/typo3conf/PackageStates.php
@@ -1,4 +1,9 @@
 <?php
+
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
 # PackageStates.php
 
 # This file is maintained by TYPO3's package management. Although you can edit it

diff --git a/demo-targets/old-typo3/container/typo3conf/cms-016d0ef9.sqlite.license b/demo-targets/old-typo3/container/typo3conf/cms-016d0ef9.sqlite.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/demo-targets/old-typo3/docs/.gitkeep b/demo-targets/old-typo3/docs/.gitkeep
diff --git a/demo-targets/old-typo3/templates/NOTES.txt b/demo-targets/old-typo3/templates/NOTES.txt
@@ -1,3 +1,8 @@
+{{- /*
+SPDX-FileCopyrightText: the secureCodeBox authors
+
+SPDX-License-Identifier: Apache-2.0
+*/}}
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		SPDX-FileCopyrightText: the secureCodeBox authors

		SPDX-License-Identifier: Apache-2.0