Skip to content

Added a new ZAP Advanced ScanType useful for more complex authentication scenarios #371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rfelber merged 146 commits into from
May 23, 2021
Merged

Added a new ZAP Advanced ScanType useful for more complex authentication scenarios #371

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
146 commits
Select commit Hold shift + click to select a range
8816678
WIP Addind a new c ´ZAP chart containing additional autentication …
rfelber Apr 10, 2021
163aa52
Fixing ZAP readme.
rfelber Apr 10, 2021
5fbd84c
Updating Helm Docs
Apr 10, 2021
4831da9
Introduced a new python package.
rfelber Apr 13, 2021
1549124
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber Apr 13, 2021
7389c45
Introduced a python package structure to organize things more clearly.
rfelber Apr 15, 2021
976bdfa
Bugfixed ZAP YAML Configuration.
rfelber Apr 16, 2021
972240c
Bugfixed HelmChart
rfelber Apr 17, 2021
0edca22
Updating Helm Docs
Apr 17, 2021
9029d66
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber Apr 17, 2021
207831b
Added ZAP-Extended to CI Pipeline.
rfelber Apr 17, 2021
c98bf29
Bugfixing CI Pipeline.
rfelber Apr 17, 2021
9964af0
Bugfixing CI Pipeline.
rfelber Apr 17, 2021
399857a
Bugfixing CI Pipeline.
rfelber Apr 17, 2021
996f377
Updating Helm Docs
Apr 17, 2021
d74fc20
Refactored python class name and introduced a better structure.
rfelber Apr 17, 2021
d5eec96
Extended ZAP Configuration and added unittests.
rfelber Apr 17, 2021
e0c21a0
Added a new additional ZAP Spider Configuration.
rfelber Apr 17, 2021
8e349fc
Updating Helm Docs
Apr 17, 2021
cefb804
Added a new additional ZAP ActiveScan Configuration.
rfelber Apr 17, 2021
aac6b88
Fixed test specific mock path location.
rfelber Apr 17, 2021
e5b89d3
Fixed some chart example issues.
rfelber Apr 17, 2021
99edfc5
Fixed example scans.
rfelber Apr 17, 2021
b569790
Updating Helm Docs
Apr 17, 2021
cd00bf5
Fixed authentication for spiders and scanners.
rfelber Apr 18, 2021
eb453c6
Fixing e-2-2 test
rfelber Apr 19, 2021
c38b88d
Fixing e-2-2 test
rfelber Apr 19, 2021
2f84553
Fixing e-2-2 test
rfelber Apr 19, 2021
df49ced
Fixing e-2-2 test
rfelber Apr 19, 2021
f1327cf
Updated Chart Configuration Options and Examples.
rfelber Apr 19, 2021
ca97485
Added JuiceShop Authentication Script example.
rfelber Apr 19, 2021
f34f930
Updating Helm Docs
Apr 19, 2021
178d28c
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber Apr 19, 2021
d844c07
Refactored additional scanType name implications.
rfelber Apr 20, 2021
c3594be
Refactored some comments and fixed e-2-2 tests.
rfelber Apr 21, 2021
0163b22
Updating Helm Docs
Apr 21, 2021
a4d5086
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber Apr 21, 2021
72e660f
Added reference to the context url to start spider and scanner in the…
rfelber Apr 21, 2021
070e9e3
Bugfixing wrong spider and scanner context referencing.
rfelber Apr 21, 2021
c5dc9fd
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber Apr 23, 2021
7e81592
Refactoring based on review feedback.
rfelber Apr 25, 2021
5d03447
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber Apr 29, 2021
b716024
Merge branch 'feature/adding-zap-extended-chart' of github.com:secure…
rfelber Apr 30, 2021
ff8440c
Added pytest integration test based on docker-compose.
rfelber Apr 30, 2021
62c308c
Implemented docker-compose based integration test with pytest for bod…
rfelber Apr 30, 2021
74e0a0a
Fixed ZAP ajax spider configuration.
rfelber Apr 30, 2021
2ce8fe8
Refactored ajax spider configuration.
rfelber Apr 30, 2021
9e81075
Introduced a new ZAPExtended Class as wrapper and alternative to the …
rfelber May 1, 2021
c5adaca
Updating Helm Docs
May 1, 2021
549b29a
Introduces a complete new implementation of the ZAP-Extended scantype…
rfelber May 2, 2021
7e9f114
Extended exception logging with method tracing.
rfelber May 2, 2021
440a04c
Fixing Zap configuration issue if no config YAML or --config-folder i…
rfelber May 2, 2021
d70142d
Bugfixing Zap Configuration issue if no config file is passed.
rfelber May 2, 2021
a9e958e
Bugfixing Zap sidecar startup wait time.
rfelber May 2, 2021
bab0d15
Bugfixing Zap sidecar startup wait time.
rfelber May 3, 2021
bac7063
Bugfixing wait function used to start ZAP sidecar.
rfelber May 3, 2021
fdc7147
Bugfixing wait function used to start ZAP sidecar.
rfelber May 3, 2021
8456fec
Added ZAP shutdown on error or success.
rfelber May 3, 2021
ea944f7
Added ZAP tuning.
rfelber May 3, 2021
a40b24d
Bugfixing main logger.
rfelber May 3, 2021
1ab787b
Bugfixed DNS error.
rfelber May 3, 2021
6ae5ea0
Added juiceshop ZAP Extended Integration test.
rfelber May 3, 2021
49c3950
Fixed juiceshop ZAP Extended Integration test.
rfelber May 3, 2021
44c25d1
Updating Helm Docs
May 3, 2021
0e5f108
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber May 3, 2021
50b5d0e
Fixed juiceshop ZAP Extended Integration test.
rfelber May 3, 2021
d486f52
Fixed juiceshop ZAP Extended Integration test.
rfelber May 3, 2021
8ee882e
Refactored some method names and introduced ZAP Global Config.
rfelber May 3, 2021
98919ae
Refactored ZAP Global Config.
rfelber May 3, 2021
5d1671e
Bugfixed ZAP Shutdown after successfull scan.
rfelber May 4, 2021
f41d1ac
Added pytest markers.
rfelber May 4, 2021
1194788
Fixed ZAP Session Management via Scripts with Juiceshop example.
rfelber May 5, 2021
9a68b22
Made traditional ZAP Spider always run even if ajax spider is configu…
rfelber May 5, 2021
d1f73f2
Updating Helm Docs
May 5, 2021
8627899
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber May 5, 2021
a9e20b9
Minor bug fixes
J12934 May 5, 2021
a314600
Changed to stable image as bare doesn't have the ajax spider / firefox
J12934 May 5, 2021
c5f1f6e
Change juiceshop config to not block js & css during ajax spidering
J12934 May 5, 2021
075f474
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber May 5, 2021
cd5ece4
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber May 5, 2021
ab43fa1
Refactoring and clean up YAML examples.
rfelber May 5, 2021
26dcb80
HelmChart refactoring to streamline the values.yaml and some templates
rfelber May 6, 2021
d82c24c
Updating Helm Docs
May 6, 2021
c47173f
Optimmized the example scan files.
rfelber May 6, 2021
0c221b9
Updating Helm Docs
May 6, 2021
5990d0d
Bugfixed DefectDojo Integration.
rfelber May 6, 2021
e979c13
Bugfixed CI Pipeline.
rfelber May 6, 2021
3fe2573
Merge branch 'feature/adding-zap-extended-chart' of github.com:secure…
rfelber May 6, 2021
9b06215
Bugfixed DefectDojo Integration.
rfelber May 6, 2021
1f5d113
Bugfixed CI Pipeline.
rfelber May 6, 2021
93bbb24
Added imagePullPolicy to DefectDojo Hook.
rfelber May 7, 2021
1a34e6e
Restricted ZAP to Host connections.
rfelber May 7, 2021
473ce24
Updating Helm Docs
May 7, 2021
3138a48
Refactored the ZAP Spider part and introduced a new abstract class to…
rfelber May 10, 2021
2ea5d94
Bugfixing the ZAP Spider.
rfelber May 10, 2021
c959e19
Bugfixing the ZAP Spider.
rfelber May 11, 2021
b17cd2c
Bugfixing the ZAP Spider.
rfelber May 11, 2021
7034926
Fixing some broken references due to refactoring the ZAP Spider classes.
rfelber May 11, 2021
c7b1674
Fixing some broken references due to refactoring the ZAP Spider classes.
rfelber May 11, 2021
0545160
Added alpha and beta rules to passive scan and active scans + auto up…
rfelber May 11, 2021
1ae345a
Added proxy and script configuration to ZAP Global config.
rfelber May 12, 2021
5626669
Added ZAP API Scan configuration.
rfelber May 12, 2021
5b51137
Added ZAP API Scan Integration Test.
rfelber May 12, 2021
8d9d0bb
Increasing integrationtest timeout due to long running tests.
rfelber May 12, 2021
f6187c5
Refactoring to make codeclimate happy.
rfelber May 13, 2021
c346e24
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber May 14, 2021
c45f64c
Refactored the package name.
rfelber May 14, 2021
0498175
Refactored the package structure and introduced packages.
rfelber May 14, 2021
42a4cbc
Added petstore API Scan example.
rfelber May 14, 2021
9710bb9
Refactored module to make codeclimate happy.
rfelber May 14, 2021
f80b0f9
Refactored configuration module to make codeclimate happy.
rfelber May 14, 2021
0f6c1da
Fixing Settings bug due to refactoring the structure.
rfelber May 14, 2021
bef2fa3
Refactored the ZAP Configuration into multiple smaller classes.
rfelber May 15, 2021
6ed20e2
Refactored to make codeClimate happy.
rfelber May 15, 2021
167e334
Disbling WP Test due to failed pipeline.
rfelber May 15, 2021
5021bdf
Renamed ZAP Chart to zap-advanced.
rfelber May 15, 2021
ca6ef0d
Renamed ZAP Chart to zap-advanced.
rfelber May 15, 2021
dc80ef2
Updated the readme.
rfelber May 15, 2021
9be2674
Updating Helm Docs
May 15, 2021
0154f1b
Cleaning up.
rfelber May 15, 2021
2ab5998
Cleaning up.
rfelber May 15, 2021
f8ca241
Updating Helm Docs
May 15, 2021
cc3d5be
Cleaning up.
rfelber May 15, 2021
74f32e9
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber May 17, 2021
4f4d481
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber May 17, 2021
1a3027e
Added adonInstall config option to chart
rfelber May 18, 2021
829f490
Changed extractResult.type to acutally use the zap-advanced one
J12934 May 18, 2021
b7861cb
Fixed minor typos
J12934 May 18, 2021
cfa1a05
Run helm-docs
J12934 May 18, 2021
5399cef
Added some more documentation about this chart
rfelber May 19, 2021
9c2fe68
Updating Helm Docs
May 19, 2021
60ff548
Use retries for zap-advanced tests
J12934 May 19, 2021
6e6947c
Fix retry function call
J12934 May 19, 2021
6519e57
Increase test timeouts :(
J12934 May 19, 2021
c2b317f
Refactored some example configurations
rfelber May 20, 2021
4573fc4
disable zap extended test temporarily as they slow down the pipeline …
J12934 May 20, 2021
a9636bb
Refactored the scripts configuration
rfelber May 21, 2021
cd43170
Updating Helm Docs
May 21, 2021
01ccefa
Bugfixing the script section
rfelber May 21, 2021
f8652eb
Merge branch 'feature/adding-zap-extended-chart' of github.com:secure…
rfelber May 21, 2021
359e3f0
Fixed some minor issues regarding
rfelber May 21, 2021
b098984
Optimized integration test configuration
rfelber May 22, 2021
95e5688
Merged and fixed DD ScanType Mapping
rfelber May 22, 2021
ce3f211
Merge branch 'main' into feature/adding-zap-extended-chart
rfelber May 22, 2021
03e4186
Added licence header
rfelber May 22, 2021
da8dd8f
Updating Helm Docs
May 22, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .editorconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,11 @@ indent_size = 2
[*.go]
indent_style = tab

# 4 space indentation
[*.py]
indent_style = space
indent_size = 4

# Tab indentation (no size specified)
[Makefile]
indent_style = tab
3 changes: 2 additions & 1 deletion .eslintignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@
hooks/declarative-subsequent-scans/hook.js
hooks/declarative-subsequent-scans/scan-helpers.js
hooks/declarative-subsequent-scans/kubernetes-label-selector.js
**/build/reports/*
scanners/zap-advanced/scanner/scripts/*
**/build/reports/*
52 changes: 37 additions & 15 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
unit: ["git_repo_scanner"]
unit: ["git-repo-scanner", "zap-advanced"]
steps:
- name: Checkout
uses: actions/checkout/@v2
Expand All @@ -58,13 +58,13 @@ jobs:
- name: "Install dependencies"
run: |
python -m pip install --upgrade pip setuptools wheel
pip install -r scanners/git-repo-scanner/scanner/requirements.txt
pip install -r scanners/${{ matrix.unit }}/scanner/requirements.txt

- name: "Execute Tests"
working-directory: scanners/git-repo-scanner/scanner/
working-directory: scanners/${{ matrix.unit }}/scanner/
run: |
pip install pytest
pytest
pytest --ignore-glob='*_local.py' --ignore=tests/docker

# ---- Unit-Test | JavaScript ----

Expand Down Expand Up @@ -364,6 +364,7 @@ jobs:
- kubeaudit
- ncrack
- nmap
- zap-advanced
steps:
- name: Checkout
uses: actions/checkout@v2
Expand Down Expand Up @@ -652,13 +653,17 @@ jobs:
- name: "Install Demo Apps"
run: |
# Install dummy-ssh app
helm -n demo-apps install dummy-ssh ./demo-apps/dummy-ssh/ --wait
helm -n demo-apps install dummy-ssh ./demo-apps/dummy-ssh/ --set="fullnameOverride=dummy-ssh" --wait
# Install unsafe-https app
helm -n demo-apps install unsafe-https ./demo-apps/unsafe-https/ --wait
helm -n demo-apps install unsafe-https ./demo-apps/unsafe-https/ --set="fullnameOverride=unsafe-https" --wait
# Install bodgeit app
helm -n demo-apps install bodgeit ./demo-apps/bodgeit/ --wait
helm -n demo-apps install bodgeit ./demo-apps/bodgeit/ --set="fullnameOverride=bodgeit" --wait
# Install bodgeit app
helm -n demo-apps install petstore ./demo-apps/swagger-petstore/ --set="fullnameOverride=petstore" --wait
# Install old-wordpress app
helm -n demo-apps install old-wordpress ./demo-apps/old-wordpress/ --wait
helm -n demo-apps install old-wordpress ./demo-apps/old-wordpress/ --set="fullnameOverride=old-wordpress" --wait
# Install juiceshop app
helm -n demo-apps install juiceshop ./demo-apps/juice-shop/ --set="fullnameOverride=juiceshop" --wait
# Install plain nginx server
kubectl create deployment --image nginx:alpine nginx --namespace demo-apps
kubectl expose deployment nginx --port 80 --namespace demo-apps
Expand All @@ -673,7 +678,7 @@ jobs:
--set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
cd tests/integration/
npx jest --ci --color scanner/amass.test.js

# ---- gitleaks Integration Tests ----

- name: "gitleaks Integration Tests"
Expand Down Expand Up @@ -806,10 +811,9 @@ jobs:
cd tests/integration/
npx jest --ci --color scanner/wpscan.test.js


# ---- Zap Integration Tests ----

- name: "zap Integration Tests"
- name: "ZAP Integration Tests"
run: |
kubectl -n integration-tests delete scans --all
helm -n integration-tests install zap ./scanners/zap/ \
Expand All @@ -818,6 +822,22 @@ jobs:
cd tests/integration/
npx jest --ci --color scanner/zap.test.js

# ---- Zap Extended Integration Tests ----

- name: "ZAP Extended Integration Tests"
# disable zap extended test temporarily as they slow down the pipeline too much
if: ${{ false }}
run: |
kubectl -n integration-tests delete scans --all
helm -n integration-tests install zap-advanced ./scanners/zap-advanced/ \
--set="parseJob.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-zap" \
--set="parseJob.image.tag=sha-$(git rev-parse --short HEAD)" \
--set="scannerJob.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/scanner-zap-advanced" \
--set="scannerJob.image.tag=sha-$(git rev-parse --short HEAD)"
kubectl apply -f ./scanners/zap-advanced/examples/integration-tests/scantype-configMap.yaml -n integration-tests
cd tests/integration/
npx jest --ci --color scanner/zap-advanced.test.js

# ---- Cascading Scans ncrack Integration Test ----

- name: "cascading Scans ncrack Integration Tests"
Expand Down Expand Up @@ -896,14 +916,16 @@ jobs:
- name: Inspect Post Failure
if: failure()
run: |
echo "HelmCharts in all namespaces"
echo "List all 'HelmCharts' in all namespaces"
helm list --all-namespaces
echo "Scans in all namespaces"
echo "List all 'Scans' in all namespaces"
kubectl -n integration-tests get scan -o wide --all-namespaces
echo "Jobs in all namespaces"
echo "List all 'Jobs' in all namespaces"
kubectl -n integration-tests get jobs -o wide --all-namespaces
echo "Pods in all namespaces"
echo "List all 'Pods' in all namespaces"
kubectl -n integration-tests get pods -o wide --all-namespaces
echo "List all 'Services' in all namespaces"
kubectl -n integration-tests get services -o wide --all-namespaces

- name: "Inspect Operator"
if: failure()
Expand Down
7 changes: 5 additions & 2 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,12 @@

.DS_Store
**/node_modules
coverage/
**/coverage/
**/__pycache__
**/.pytest_cache
**/.asciinema
.vagrant
**.log
**/*.log
**/*.monopic
.s3_credentials
**/__pycache__
Expand Down
5 changes: 4 additions & 1 deletion bin/add-license-header.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@

set -eu

echo "Adding Header to all files..."

FILES=""

if [[ -p /dev/stdin ]]; then
Expand All @@ -30,9 +32,10 @@ else
fi

for file in $FILES; do
echo "Adding HEADER to file: $file"
reuse addheader \
--copyright "iteratec GmbH" \
--year 2020 \
--year 2021 \
--license "Apache-2.0" \
--skip-unrecognised \
"$file"
Expand Down
36 changes: 18 additions & 18 deletions docs/user-guide/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,15 +53,15 @@ kubectl get CascadingRules
Output should show these CascadingRules:

```bash
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline non-invasive medium
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline-scan non-invasive medium
```

### Start Scans
Expand Down Expand Up @@ -132,13 +132,13 @@ This selection can be replicated in kubectl using:

```bash
kubectl get CascadingRules -l "securecodebox.io/intensive in (light,medium)"
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline non-invasive medium
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline-scan non-invasive medium
```
36 changes: 18 additions & 18 deletions hooks/declarative-subsequent-scans/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,15 @@ There is a configuration option `cascadingRules.enabled` for each scanner to pre
```bash
# Check your CascadingRules
kubectl get CascadingRules
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline non-invasive medium
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline-scan non-invasive medium
```

## Starting a cascading Scan
Expand Down Expand Up @@ -105,15 +105,15 @@ This selection can be replicated in kubectl using:

```bash
kubectl get CascadingRules -l "securecodebox.io/intensive in (light,medium)"
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline non-invasive medium
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline-scan non-invasive medium
```

## Chart Configuration
Expand Down
36 changes: 18 additions & 18 deletions hooks/declarative-subsequent-scans/README.md.gotmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,15 @@ There is a configuration option `cascadingRules.enabled` for each scanner to pre
```bash
# Check your CascadingRules
kubectl get CascadingRules
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline non-invasive medium
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline-scan non-invasive medium
```

## Starting a cascading Scan
Expand Down Expand Up @@ -109,15 +109,15 @@ This selection can be replicated in kubectl using:

```bash
kubectl get CascadingRules -l "securecodebox.io/intensive in (light,medium)"
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline non-invasive medium
NAME STARTS INVASIVENESS INTENSIVENESS
https-tls-scan sslyze non-invasive light
imaps-tls-scan sslyze non-invasive light
nikto-http nikto non-invasive medium
nmap-smb nmap non-invasive light
pop3s-tls-scan sslyze non-invasive light
smtps-tls-scan sslyze non-invasive light
ssh-scan ssh-scan non-invasive light
zap-http zap-baseline-scan non-invasive medium
```

## Chart Configuration
Expand Down
12 changes: 6 additions & 6 deletions hooks/declarative-subsequent-scans/hook.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ beforeEach(() => {
];
});

test("should create subsequent scans for open HTTPS ports (NMAP findings)", () => {
test("Should create subsequent scans for open HTTPS ports (NMAP findings)", () => {
const findings = [
{
name: "Port 443 is open",
Expand Down Expand Up @@ -114,7 +114,7 @@ test("Should create no subsequent scans if there are no rules", () => {
expect(cascadedScans).toMatchInlineSnapshot(`Array []`);
});

test("should not try to do magic to the scan name if its something random", () => {
test("Should not try to do magic to the scan name if its something random", () => {
parentScan.metadata.name = "foobar.com";

const findings = [
Expand Down Expand Up @@ -154,7 +154,7 @@ test("should not try to do magic to the scan name if its something random", () =
`);
});

test("should not start scan when the cascadingrule for it is already in the chain", () => {
test("Should not start a new scan when the corresponding cascadingRule is already in the chain", () => {
parentScan.metadata.annotations["cascading.securecodebox.io/chain"] =
sslyzeCascadingRules[0].metadata.name;

Expand All @@ -180,7 +180,7 @@ test("should not start scan when the cascadingrule for it is already in the chai
expect(cascadedScans).toMatchInlineSnapshot(`Array []`);
});

test("should not crash when the annotations are not set", () => {
test("Should not crash when the annotations are not set", () => {
parentScan.metadata.annotations = undefined;

const findings = [
Expand Down Expand Up @@ -219,7 +219,7 @@ test("should not crash when the annotations are not set", () => {
`);
});

test("should add env fields from cascading rule to created scan", () => {
test("Should copy ENV fields from cascadingRule to created scan", () => {
sslyzeCascadingRules[0].spec.scanSpec.env = [
{
name: "FOOBAR",
Expand Down Expand Up @@ -273,7 +273,7 @@ test("should add env fields from cascading rule to created scan", () => {
`);
});

test("should allow wildcards in cascading rules", () => {
test("Should allow wildcards in cascadingRules", () => {
sslyzeCascadingRules = [
{
apiVersion: "cascading.securecodebox.io/v1",
Expand Down
1 change: 1 addition & 0 deletions hooks/persistence-defectdojo/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,5 +134,6 @@ helm upgrade --install dd secureCodeBox/persistence-defectdojo \
| defectdojo.authentication.usernameKey | string | `"username"` | Name of the username key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs |
| defectdojo.syncFindingsBack | bool | `true` | Syncs back (two way sync) all imported findings from DefectDojo to SCB Findings Store, set to false to only import the findings to DefectDojo (one way sync). |
| defectdojo.url | string | `"http://defectdojo-django.default.svc"` | Url to the DefectDojo Instance |
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
| image.repository | string | `"docker.io/securecodebox/persistence-defectdojo"` | Hook image repository |
| image.tag | string | `nil` | Container image tag |
Loading