diff --git a/Jenkinsfile b/Jenkinsfile
index bb221109..a0e0cd5d 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -51,7 +51,7 @@ pipeline {
stage('Unit Testing') {
agent {
docker {
- image 'securityuniversal/jenkins-python-agent:latest'
+ image 'securityuniversal/jenkins:latest'
}
}
when {
@@ -99,7 +99,7 @@ pipeline {
stage('Software Composition Analysis') {
agent {
docker {
- image 'securityuniversal/jenkins-codetesting-agent:latest'
+ image 'securityuniversal/jenkins:latest'
}
}
when {
@@ -127,7 +127,7 @@ pipeline {
stage('Static Application Security Testing') {
agent {
docker {
- image 'securityuniversal/jenkins-codetesting-agent:latest'
+ image 'securityuniversal/jenkins:latest'
}
}
when {
@@ -316,6 +316,7 @@ pipeline {
agent {
docker {
image 'securityuniversal/jenkins-deploy-agent:latest'
+ args '--group-add 999'
}
}
when {
diff --git a/pipeline-config.yaml b/pipeline-config.yaml
index 9d98c47f..c54451b7 100644
--- a/pipeline-config.yaml
+++ b/pipeline-config.yaml
@@ -9,21 +9,21 @@ stages:
branches:
- release
unitTesting:
- enabled: true
+ enabled: false
branches: []
secretScanning:
enabled: true
branches:
- release
sca:
- enabled: true
+ enabled: false
branches:
- release
codeLanguages:
- Python
- Javascript
sast:
- enabled: true
+ enabled: false
branches:
- release
codeLanguages:
@@ -37,26 +37,26 @@ stages:
branches:
- release
containerScan:
- enabled: true
+ enabled: false
branches:
- release
containerName: secusphere
containerTag: latest
releaseToTest:
- enabled: true
+ enabled: false
branches:
- release
serviceName: secusphere
containerTag: latest
testRelease:
- enabled: true
+ enabled: false
branches:
- release
targetUrl: 'http://192.168.0.68:5010'
dastTestType: full
apiTargetUrl: 'http://192.168.0.68:5010/api/openapi.yaml'
securityQualityGate:
- enabled: true
+ enabled: false
branches:
- release
deploy:
diff --git a/src/config_engine.py b/src/config_engine.py
index 0168cb9a..07400d06 100644
--- a/src/config_engine.py
+++ b/src/config_engine.py
@@ -9,7 +9,7 @@
SET_APP_EXT_URL
from settings import SET_PROD_DB_URI_REF, SET_SMTP_PW_REF, SET_JENKINS_KEY_REF, SET_JENKINS_USER_REF, SET_JENKINS_TOKEN_REF
from settings import SET_PROD_DB_URI, SET_SMTP_PW, SET_JENKINS_KEY, SET_JENKINS_USER, \
- SET_JENKINS_HOST, SET_JENKINS_PROJECT, SET_JENKINS_TOKEN, SET_JENKINS_STAGING_PROJECT
+ SET_JENKINS_HOST, SET_JENKINS_PROJECT, SET_JENKINS_TOKEN, SET_JENKINS_STAGING_PROJECT, SET_JENKINS_ENABLED, SET_SNOW_ENABLED
from settings import SET_AZAD_CLIENT_ID, SET_AZAD_CLIENT_SECRET, SET_AZAD_AUTHORITY
from settings import SET_SNOW_INSTANCE_NAME, SET_SNOW_CLIENT_ID, SET_SNOW_CLIENT_SECRET, SET_SNOW_USERNAME, SET_SNOW_PASSWORD, SET_SNOW_CLIENT_SECRET_REF, SET_SNOW_PASSWORD_REF
@@ -205,65 +205,87 @@ def delete_cert(self, secret_name):
##
## GitHub to Jenkins Webhook ##
-if ENV == 'prod':
- if os.getenv('JENKINS_USER'):
- JENKINS_USER = KeyVaultManager().get_secret(os.getenv('JENKINS_USER'))
- else:
- JENKINS_USER = KeyVaultManager().get_secret(SET_JENKINS_USER_REF)
- if os.getenv('JENKINS_KEY'):
- JENKINS_KEY = KeyVaultManager().get_secret(os.getenv('JENKINS_KEY'))
- else:
- JENKINS_KEY = KeyVaultManager().get_secret(SET_JENKINS_KEY_REF)
- if os.getenv('JENKINS_TOKEN'):
- JENKINS_TOKEN = KeyVaultManager().get_secret(os.getenv('JENKINS_TOKEN'))
- else:
- JENKINS_TOKEN = KeyVaultManager().get_secret(SET_JENKINS_TOKEN_REF)
+if os.getenv('JENKINS_ENABLED'):
+ JENKINS_ENABLED = os.getenv('JENKINS_ENABLED')
else:
- JENKINS_USER = SET_JENKINS_USER
- JENKINS_KEY = SET_JENKINS_KEY
- JENKINS_TOKEN = SET_JENKINS_TOKEN
+ JENKINS_ENABLED = SET_JENKINS_ENABLED
+if JENKINS_ENABLED == 'yes':
+ if ENV == 'prod':
+ if os.getenv('JENKINS_USER'):
+ JENKINS_USER = KeyVaultManager().get_secret(os.getenv('JENKINS_USER'))
+ else:
+ JENKINS_USER = KeyVaultManager().get_secret(SET_JENKINS_USER_REF)
+ if os.getenv('JENKINS_KEY'):
+ JENKINS_KEY = KeyVaultManager().get_secret(os.getenv('JENKINS_KEY'))
+ else:
+ JENKINS_KEY = KeyVaultManager().get_secret(SET_JENKINS_KEY_REF)
+ if os.getenv('JENKINS_TOKEN'):
+ JENKINS_TOKEN = KeyVaultManager().get_secret(os.getenv('JENKINS_TOKEN'))
+ else:
+ JENKINS_TOKEN = KeyVaultManager().get_secret(SET_JENKINS_TOKEN_REF)
+ else:
+ JENKINS_USER = SET_JENKINS_USER
+ JENKINS_KEY = SET_JENKINS_KEY
+ JENKINS_TOKEN = SET_JENKINS_TOKEN
-if os.getenv('JENKINS_PROJECT'):
- JENKINS_PROJECT = os.getenv('JENKINS_PROJECT')
-else:
- JENKINS_PROJECT = SET_JENKINS_PROJECT
+ if os.getenv('JENKINS_PROJECT'):
+ JENKINS_PROJECT = os.getenv('JENKINS_PROJECT')
+ else:
+ JENKINS_PROJECT = SET_JENKINS_PROJECT
-if os.getenv('JENKINS_HOST'):
- JENKINS_HOST = os.getenv('JENKINS_HOST')
-else:
- JENKINS_HOST = SET_JENKINS_HOST
+ if os.getenv('JENKINS_HOST'):
+ JENKINS_HOST = os.getenv('JENKINS_HOST')
+ else:
+ JENKINS_HOST = SET_JENKINS_HOST
-if os.getenv('JENKINS_STAGING_PROJECT'):
- JENKINS_STAGING_PROJECT = os.getenv('JENKINS_STAGING_PROJECT')
+ if os.getenv('JENKINS_STAGING_PROJECT'):
+ JENKINS_STAGING_PROJECT = os.getenv('JENKINS_STAGING_PROJECT')
+ else:
+ JENKINS_STAGING_PROJECT = SET_JENKINS_STAGING_PROJECT
else:
- JENKINS_STAGING_PROJECT = SET_JENKINS_STAGING_PROJECT
-
+ JENKINS_USER = ""
+ JENKINS_KEY = ""
+ JENKINS_TOKEN = ""
+ JENKINS_PROJECT = ""
+ JENKINS_HOST = ""
+ JENKINS_STAGING_PROJECT = ""
## ServiceNOW Integration
-if ENV == 'prod':
- if os.getenv('SNOW_PASSWORD'):
- SNOW_PASSWORD = KeyVaultManager().get_secret(os.getenv('SNOW_PASSWORD'))
- else:
- SNOW_PASSWORD = KeyVaultManager().get_secret(SET_SNOW_PASSWORD_REF)
- if os.getenv('SNOW_CLIENT_SECRET'):
- SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(os.getenv('SNOW_CLIENT_SECRET'))
- else:
- SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(SET_SNOW_CLIENT_SECRET_REF)
- if os.getenv('SNOW_INSTANCE_NAME'):
- SNOW_INSTANCE_NAME = KeyVaultManager().get_secret(os.getenv('SNOW_INSTANCE_NAME'))
- else:
- SNOW_INSTANCE_NAME = KeyVaultManager().get_secret(SET_SNOW_INSTANCE_NAME)
- if os.getenv('SNOW_CLIENT_ID'):
- SNOW_CLIENT_ID = KeyVaultManager().get_secret(os.getenv('SNOW_CLIENT_ID'))
- else:
- SNOW_CLIENT_ID = KeyVaultManager().get_secret(SET_SNOW_CLIENT_ID)
- if os.getenv('SNOW_USERNAME'):
- SNOW_USERNAME = KeyVaultManager().get_secret(os.getenv('SNOW_USERNAME'))
+if os.getenv('SNOW_ENABLED'):
+ SNOW_ENABLED = os.getenv('SNOW_ENABLED')
+else:
+ SNOW_ENABLED = SET_SNOW_ENABLED
+if SNOW_ENABLED == 'yes':
+ if ENV == 'prod':
+ if os.getenv('SNOW_PASSWORD'):
+ SNOW_PASSWORD = KeyVaultManager().get_secret(os.getenv('SNOW_PASSWORD'))
+ else:
+ SNOW_PASSWORD = KeyVaultManager().get_secret(SET_SNOW_PASSWORD_REF)
+ if os.getenv('SNOW_CLIENT_SECRET'):
+ SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(os.getenv('SNOW_CLIENT_SECRET'))
+ else:
+ SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(SET_SNOW_CLIENT_SECRET_REF)
+ if os.getenv('SNOW_INSTANCE_NAME'):
+ SNOW_INSTANCE_NAME = os.getenv('SNOW_INSTANCE_NAME')
+ else:
+ SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
+ if os.getenv('SNOW_CLIENT_ID'):
+ SNOW_CLIENT_ID = os.getenv('SNOW_CLIENT_ID')
+ else:
+ SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
+ if os.getenv('SNOW_USERNAME'):
+ SNOW_USERNAME = os.getenv('SNOW_USERNAME')
+ else:
+ SNOW_USERNAME = SET_SNOW_USERNAME
else:
- SNOW_USERNAME = KeyVaultManager().get_secret(SET_SNOW_USERNAME)
+ SNOW_PASSWORD = SET_SNOW_PASSWORD
+ SNOW_CLIENT_SECRET = SET_SNOW_CLIENT_SECRET
+ SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
+ SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
+ SNOW_USERNAME = SET_SNOW_USERNAME
else:
- SNOW_PASSWORD = SET_SNOW_PASSWORD
- SNOW_CLIENT_SECRET = SET_SNOW_CLIENT_SECRET
- SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
- SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
- SNOW_USERNAME = SET_SNOW_USERNAME
+ SNOW_PASSWORD = ""
+ SNOW_CLIENT_SECRET = ""
+ SNOW_INSTANCE_NAME = ""
+ SNOW_CLIENT_ID = ""
+ SNOW_USERNAME = ""
diff --git a/src/settings.py b/src/settings.py
index 7273b90b..a893a2f0 100644
--- a/src/settings.py
+++ b/src/settings.py
@@ -39,6 +39,7 @@
##
## Jenkins Webhook Settings (Optional) ##
+SET_JENKINS_ENABLED = 'no'
SET_JENKINS_KEY_REF = 'JENKINS-KEY'
SET_JENKINS_USER_REF = 'JENKINS-USER'
SET_JENKINS_TOKEN_REF = 'JENKINS-TOKEN'
@@ -51,6 +52,7 @@
SET_JENKINS_TOKEN = 'changeme'
## ServiceNOW Settings
+SET_SNOW_ENABLED = 'no'
SET_SNOW_INSTANCE_NAME = 'dev124268'
SET_SNOW_CLIENT_ID = '1ab21bf476013110e1ce39e1f368c2fa'
SET_SNOW_CLIENT_SECRET_REF = 'SNOW-SECRET'
diff --git a/src/vr/functions/initial_setup.py b/src/vr/functions/initial_setup.py
index abc1228d..1132f9c9 100644
--- a/src/vr/functions/initial_setup.py
+++ b/src/vr/functions/initial_setup.py
@@ -217,7 +217,7 @@ def setup_core_db_tables(ENV):
if ENV == 'test':
sql = 'INSERT INTO SgGlobalThresholds (Name, AddDate, ThreshScaLow, ThreshScaMedium, ThreshScaHigh, ThreshScaCritical, ThreshContainerLow, ThreshContainerMedium, ThreshContainerHigh, ThreshContainerCritical, ThreshDastLow, ThreshDastMedium, ThreshDastHigh, ThreshDastCritical, ThreshDastApiLow, ThreshDastApiMedium, ThreshDastApiHigh, ThreshDastApiCritical, ThreshInfrastructureLow, ThreshInfrastructureMedium, ThreshInfrastructureHigh, ThreshInfrastructureCritical, ThreshSastLow, ThreshSastMedium, ThreshSastHigh, ThreshSastCritical, ThreshIacLow, ThreshIacMedium, ThreshIacHigh, ThreshIacCritical, ThreshSecretsLow, ThreshSecretsMedium, ThreshSecretsHigh, ThreshSecretsCritical) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)'
else:
- sql = 'INSERT INTO SgGlobalThresholds (Name, AddDate, ThreshScaLow, ThreshScaMedium, ThreshScaHigh, ThreshScaCritical, ThreshContainerLow, ThreshContainerMedium, ThreshContainerHigh, ThreshContainerCritical, ThreshDastLow, ThreshDastMedium, ThreshDastHigh, ThreshDastCritical, ThreshDastApiLow, ThreshDastApiMedium, ThreshDastApiHigh, ThreshDastApiCritical, ThreshInfrastructureLow, ThreshInfrastructureMedium, ThreshInfrastructureHigh, ThreshInfrastructureCritical, ThreshSastLow, ThreshSastMedium, ThreshSastHigh, ThreshSastCritical, ThreshIacLow, ThreshIacMedium, ThreshIacHigh, ThreshIacCritical, ThreshSecretsLow, ThreshSecretsMedium, ThreshSecretsHigh, ThreshSecretsCritical) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)'
+ sql = 'INSERT INTO SgGlobalThresholds (Name, AddDate, ThreshScaLow, ThreshScaMedium, ThreshScaHigh, ThreshScaCritical, ThreshContainerLow, ThreshContainerMedium, ThreshContainerHigh, ThreshContainerCritical, ThreshDastLow, ThreshDastMedium, ThreshDastHigh, ThreshDastCritical, ThreshDastApiLow, ThreshDastApiMedium, ThreshDastApiHigh, ThreshDastApiCritical, ThreshInfrastructureLow, ThreshInfrastructureMedium, ThreshInfrastructureHigh, ThreshInfrastructureCritical, ThreshSastLow, ThreshSastMedium, ThreshSastHigh, ThreshSastCritical, ThreshIacLow, ThreshIacMedium, ThreshIacHigh, ThreshIacCritical, ThreshSecretsLow, ThreshSecretsMedium, ThreshSecretsHigh, ThreshSecretsCritical) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)'
args = ("General", now, None,None,4,0,None,None,2,0,None,None,0,2,None,None,0,2,None,None,0,2,None,None,0,2,None,None,0,2,None,None,0,2)
cur.execute(sql, args)
db.commit()
diff --git a/src/vr/templates/base_auth.html b/src/vr/templates/base_auth.html
index 5886557d..df697bc2 100644
--- a/src/vr/templates/base_auth.html
+++ b/src/vr/templates/base_auth.html
@@ -15,6 +15,7 @@
+
diff --git a/src/vr/vulns/model/sgglobalthresholds.py b/src/vr/vulns/model/sgglobalthresholds.py
index 0309bae3..09a2d3f1 100644
--- a/src/vr/vulns/model/sgglobalthresholds.py
+++ b/src/vr/vulns/model/sgglobalthresholds.py
@@ -8,7 +8,7 @@ class SgGlobalThresholds(db.Model):
__tablename__ = 'SgGlobalThresholds'
__table_args__ = {'extend_existing': True}
ID = db.Column(db.Integer, primary_key=True)
- Name = db.Column(db.String)
+ Name = db.Column(db.String(100))
AddDate = db.Column(db.DateTime)
ThreshScaLow = db.Column(db.Integer)
ThreshScaMedium = db.Column(db.Integer)