Feature/jenkinsfile updates

Jenkinsfile

@@ -51,7 +51,7 @@ pipeline {
         stage('Unit Testing') {
             agent {
                 docker {
-                    image 'securityuniversal/jenkins-python-agent:latest'
+                    image 'securityuniversal/jenkins:latest'
                 }
             }
             when {
@@ -99,7 +99,7 @@ pipeline {
         stage('Software Composition Analysis') {
             agent {
                 docker {
-                    image 'securityuniversal/jenkins-codetesting-agent:latest'
+                    image 'securityuniversal/jenkins:latest'
                 }
             }
             when {
@@ -127,7 +127,7 @@ pipeline {
         stage('Static Application Security Testing') {
             agent {
                 docker {
-                    image 'securityuniversal/jenkins-codetesting-agent:latest'
+                    image 'securityuniversal/jenkins:latest'
                 }
             }
             when {
@@ -316,6 +316,7 @@ pipeline {
             agent {
                 docker {
                     image 'securityuniversal/jenkins-deploy-agent:latest'
+                    args '--group-add 999'
                 }
             }
             when {

pipeline-config.yaml

@@ -9,21 +9,21 @@ stages:
     branches:
       - release
   unitTesting:
-    enabled: true
+    enabled: false
     branches: []
   secretScanning:
     enabled: true
     branches:
       - release
   sca:
-    enabled: true
+    enabled: false
     branches:
       - release
     codeLanguages:
       - Python
       - Javascript
   sast:
-    enabled: true
+    enabled: false
     branches:
       - release
     codeLanguages:
@@ -37,26 +37,26 @@ stages:
     branches:
       - release
   containerScan:
-    enabled: true
+    enabled: false
     branches:
       - release
     containerName: secusphere
     containerTag: latest
   releaseToTest:
-    enabled: true
+    enabled: false
     branches:
       - release
     serviceName: secusphere
     containerTag: latest
   testRelease:
-    enabled: true
+    enabled: false
     branches:
       - release
     targetUrl: 'http://192.168.0.68:5010'
     dastTestType: full
     apiTargetUrl: 'http://192.168.0.68:5010/api/openapi.yaml'
   securityQualityGate:
-    enabled: true
+    enabled: false
     branches:
       - release
   deploy:

src/config_engine.py

@@ -9,7 +9,7 @@
     SET_APP_EXT_URL
 from settings import SET_PROD_DB_URI_REF, SET_SMTP_PW_REF, SET_JENKINS_KEY_REF, SET_JENKINS_USER_REF, SET_JENKINS_TOKEN_REF
 from settings import SET_PROD_DB_URI, SET_SMTP_PW, SET_JENKINS_KEY, SET_JENKINS_USER, \
-    SET_JENKINS_HOST, SET_JENKINS_PROJECT, SET_JENKINS_TOKEN, SET_JENKINS_STAGING_PROJECT
+    SET_JENKINS_HOST, SET_JENKINS_PROJECT, SET_JENKINS_TOKEN, SET_JENKINS_STAGING_PROJECT, SET_JENKINS_ENABLED, SET_SNOW_ENABLED
 from settings import SET_AZAD_CLIENT_ID, SET_AZAD_CLIENT_SECRET, SET_AZAD_AUTHORITY
 from settings import SET_SNOW_INSTANCE_NAME, SET_SNOW_CLIENT_ID, SET_SNOW_CLIENT_SECRET, SET_SNOW_USERNAME, SET_SNOW_PASSWORD, SET_SNOW_CLIENT_SECRET_REF, SET_SNOW_PASSWORD_REF
 
@@ -205,65 +205,87 @@ def delete_cert(self, secret_name):
 
 ##
 ## GitHub to Jenkins Webhook ##
-if ENV == 'prod':
-    if os.getenv('JENKINS_USER'):
-        JENKINS_USER = KeyVaultManager().get_secret(os.getenv('JENKINS_USER'))
-    else:
-        JENKINS_USER = KeyVaultManager().get_secret(SET_JENKINS_USER_REF)
-    if os.getenv('JENKINS_KEY'):
-        JENKINS_KEY = KeyVaultManager().get_secret(os.getenv('JENKINS_KEY'))
-    else:
-        JENKINS_KEY = KeyVaultManager().get_secret(SET_JENKINS_KEY_REF)
-    if os.getenv('JENKINS_TOKEN'):
-        JENKINS_TOKEN = KeyVaultManager().get_secret(os.getenv('JENKINS_TOKEN'))
-    else:
-        JENKINS_TOKEN = KeyVaultManager().get_secret(SET_JENKINS_TOKEN_REF)
+if os.getenv('JENKINS_ENABLED'):
+    JENKINS_ENABLED = os.getenv('JENKINS_ENABLED')
 else:
-    JENKINS_USER = SET_JENKINS_USER
-    JENKINS_KEY = SET_JENKINS_KEY
-    JENKINS_TOKEN = SET_JENKINS_TOKEN
+    JENKINS_ENABLED = SET_JENKINS_ENABLED
+if JENKINS_ENABLED == 'yes':
+    if ENV == 'prod':
+        if os.getenv('JENKINS_USER'):
+            JENKINS_USER = KeyVaultManager().get_secret(os.getenv('JENKINS_USER'))
+        else:
+            JENKINS_USER = KeyVaultManager().get_secret(SET_JENKINS_USER_REF)
+        if os.getenv('JENKINS_KEY'):
+            JENKINS_KEY = KeyVaultManager().get_secret(os.getenv('JENKINS_KEY'))
+        else:
+            JENKINS_KEY = KeyVaultManager().get_secret(SET_JENKINS_KEY_REF)
+        if os.getenv('JENKINS_TOKEN'):
+            JENKINS_TOKEN = KeyVaultManager().get_secret(os.getenv('JENKINS_TOKEN'))
+        else:
+            JENKINS_TOKEN = KeyVaultManager().get_secret(SET_JENKINS_TOKEN_REF)
+    else:
+        JENKINS_USER = SET_JENKINS_USER
+        JENKINS_KEY = SET_JENKINS_KEY
+        JENKINS_TOKEN = SET_JENKINS_TOKEN
 
-if os.getenv('JENKINS_PROJECT'):
-    JENKINS_PROJECT = os.getenv('JENKINS_PROJECT')
-else:
-    JENKINS_PROJECT = SET_JENKINS_PROJECT
+    if os.getenv('JENKINS_PROJECT'):
+        JENKINS_PROJECT = os.getenv('JENKINS_PROJECT')
+    else:
+        JENKINS_PROJECT = SET_JENKINS_PROJECT
 
-if os.getenv('JENKINS_HOST'):
-    JENKINS_HOST = os.getenv('JENKINS_HOST')
-else:
-    JENKINS_HOST = SET_JENKINS_HOST
+    if os.getenv('JENKINS_HOST'):
+        JENKINS_HOST = os.getenv('JENKINS_HOST')
+    else:
+        JENKINS_HOST = SET_JENKINS_HOST
 
-if os.getenv('JENKINS_STAGING_PROJECT'):
-    JENKINS_STAGING_PROJECT = os.getenv('JENKINS_STAGING_PROJECT')
+    if os.getenv('JENKINS_STAGING_PROJECT'):
+        JENKINS_STAGING_PROJECT = os.getenv('JENKINS_STAGING_PROJECT')
+    else:
+        JENKINS_STAGING_PROJECT = SET_JENKINS_STAGING_PROJECT
 else:
-    JENKINS_STAGING_PROJECT = SET_JENKINS_STAGING_PROJECT
-
+    JENKINS_USER = ""
+    JENKINS_KEY = ""
+    JENKINS_TOKEN = ""
+    JENKINS_PROJECT = ""
+    JENKINS_HOST = ""
+    JENKINS_STAGING_PROJECT = ""
 
 ## ServiceNOW Integration
-if ENV == 'prod':
-    if os.getenv('SNOW_PASSWORD'):
-        SNOW_PASSWORD = KeyVaultManager().get_secret(os.getenv('SNOW_PASSWORD'))
-    else:
-        SNOW_PASSWORD = KeyVaultManager().get_secret(SET_SNOW_PASSWORD_REF)
-    if os.getenv('SNOW_CLIENT_SECRET'):
-        SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(os.getenv('SNOW_CLIENT_SECRET'))
-    else:
-        SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(SET_SNOW_CLIENT_SECRET_REF)
-    if os.getenv('SNOW_INSTANCE_NAME'):
-        SNOW_INSTANCE_NAME = KeyVaultManager().get_secret(os.getenv('SNOW_INSTANCE_NAME'))
-    else:
-        SNOW_INSTANCE_NAME = KeyVaultManager().get_secret(SET_SNOW_INSTANCE_NAME)
-    if os.getenv('SNOW_CLIENT_ID'):
-        SNOW_CLIENT_ID = KeyVaultManager().get_secret(os.getenv('SNOW_CLIENT_ID'))
-    else:
-        SNOW_CLIENT_ID = KeyVaultManager().get_secret(SET_SNOW_CLIENT_ID)
-    if os.getenv('SNOW_USERNAME'):
-        SNOW_USERNAME = KeyVaultManager().get_secret(os.getenv('SNOW_USERNAME'))
+if os.getenv('SNOW_ENABLED'):
+    SNOW_ENABLED = os.getenv('SNOW_ENABLED')
+else:
+    SNOW_ENABLED = SET_SNOW_ENABLED
+if SNOW_ENABLED == 'yes':
+    if ENV == 'prod':
+        if os.getenv('SNOW_PASSWORD'):
+            SNOW_PASSWORD = KeyVaultManager().get_secret(os.getenv('SNOW_PASSWORD'))
+        else:
+            SNOW_PASSWORD = KeyVaultManager().get_secret(SET_SNOW_PASSWORD_REF)
+        if os.getenv('SNOW_CLIENT_SECRET'):
+            SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(os.getenv('SNOW_CLIENT_SECRET'))
+        else:
+            SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(SET_SNOW_CLIENT_SECRET_REF)
+        if os.getenv('SNOW_INSTANCE_NAME'):
+            SNOW_INSTANCE_NAME = os.getenv('SNOW_INSTANCE_NAME')
+        else:
+            SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
+        if os.getenv('SNOW_CLIENT_ID'):
+            SNOW_CLIENT_ID = os.getenv('SNOW_CLIENT_ID')
+        else:
+            SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
+        if os.getenv('SNOW_USERNAME'):
+            SNOW_USERNAME = os.getenv('SNOW_USERNAME')
+        else:
+            SNOW_USERNAME = SET_SNOW_USERNAME
     else:
-        SNOW_USERNAME = KeyVaultManager().get_secret(SET_SNOW_USERNAME)
+        SNOW_PASSWORD = SET_SNOW_PASSWORD
+        SNOW_CLIENT_SECRET = SET_SNOW_CLIENT_SECRET
+        SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
+        SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
+        SNOW_USERNAME = SET_SNOW_USERNAME
 else:
-    SNOW_PASSWORD = SET_SNOW_PASSWORD
-    SNOW_CLIENT_SECRET = SET_SNOW_CLIENT_SECRET
-    SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
-    SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
-    SNOW_USERNAME = SET_SNOW_USERNAME
+    SNOW_PASSWORD = ""
+    SNOW_CLIENT_SECRET = ""
+    SNOW_INSTANCE_NAME = ""
+    SNOW_CLIENT_ID = ""
+    SNOW_USERNAME = ""

src/settings.py

@@ -39,6 +39,7 @@
 
 ##
 ## Jenkins Webhook Settings (Optional) ##
+SET_JENKINS_ENABLED = 'no'
 SET_JENKINS_KEY_REF = 'JENKINS-KEY'
 SET_JENKINS_USER_REF = 'JENKINS-USER'
 SET_JENKINS_TOKEN_REF = 'JENKINS-TOKEN'
@@ -51,6 +52,7 @@
 SET_JENKINS_TOKEN = 'changeme'
 
 ## ServiceNOW Settings
+SET_SNOW_ENABLED = 'no'
 SET_SNOW_INSTANCE_NAME = 'dev124268'
 SET_SNOW_CLIENT_ID = '1ab21bf476013110e1ce39e1f368c2fa'
 SET_SNOW_CLIENT_SECRET_REF = 'SNOW-SECRET'

src/vr/functions/initial_setup.py

@@ -217,7 +217,7 @@ def setup_core_db_tables(ENV):
     if ENV == 'test':
         sql = 'INSERT INTO SgGlobalThresholds (Name, AddDate, ThreshScaLow, ThreshScaMedium, ThreshScaHigh, ThreshScaCritical, ThreshContainerLow, ThreshContainerMedium, ThreshContainerHigh, ThreshContainerCritical, ThreshDastLow, ThreshDastMedium, ThreshDastHigh, ThreshDastCritical, ThreshDastApiLow, ThreshDastApiMedium, ThreshDastApiHigh, ThreshDastApiCritical, ThreshInfrastructureLow, ThreshInfrastructureMedium, ThreshInfrastructureHigh, ThreshInfrastructureCritical, ThreshSastLow, ThreshSastMedium, ThreshSastHigh, ThreshSastCritical, ThreshIacLow, ThreshIacMedium, ThreshIacHigh, ThreshIacCritical, ThreshSecretsLow, ThreshSecretsMedium, ThreshSecretsHigh, ThreshSecretsCritical) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)'
     else:
-        sql = 'INSERT INTO SgGlobalThresholds (Name, AddDate, ThreshScaLow, ThreshScaMedium, ThreshScaHigh, ThreshScaCritical, ThreshContainerLow, ThreshContainerMedium, ThreshContainerHigh, ThreshContainerCritical, ThreshDastLow, ThreshDastMedium, ThreshDastHigh, ThreshDastCritical, ThreshDastApiLow, ThreshDastApiMedium, ThreshDastApiHigh, ThreshDastApiCritical, ThreshInfrastructureLow, ThreshInfrastructureMedium, ThreshInfrastructureHigh, ThreshInfrastructureCritical, ThreshSastLow, ThreshSastMedium, ThreshSastHigh, ThreshSastCritical, ThreshIacLow, ThreshIacMedium, ThreshIacHigh, ThreshIacCritical, ThreshSecretsLow, ThreshSecretsMedium, ThreshSecretsHigh, ThreshSecretsCritical) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)'
+        sql = 'INSERT INTO SgGlobalThresholds (Name, AddDate, ThreshScaLow, ThreshScaMedium, ThreshScaHigh, ThreshScaCritical, ThreshContainerLow, ThreshContainerMedium, ThreshContainerHigh, ThreshContainerCritical, ThreshDastLow, ThreshDastMedium, ThreshDastHigh, ThreshDastCritical, ThreshDastApiLow, ThreshDastApiMedium, ThreshDastApiHigh, ThreshDastApiCritical, ThreshInfrastructureLow, ThreshInfrastructureMedium, ThreshInfrastructureHigh, ThreshInfrastructureCritical, ThreshSastLow, ThreshSastMedium, ThreshSastHigh, ThreshSastCritical, ThreshIacLow, ThreshIacMedium, ThreshIacHigh, ThreshIacCritical, ThreshSecretsLow, ThreshSecretsMedium, ThreshSecretsHigh, ThreshSecretsCritical) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)'
     args = ("General", now, None,None,4,0,None,None,2,0,None,None,0,2,None,None,0,2,None,None,0,2,None,None,0,2,None,None,0,2,None,None,0,2)
     cur.execute(sql, args)
     db.commit()

src/vr/templates/base_auth.html

@@ -15,6 +15,7 @@
   <link rel="stylesheet" href="{{ url_for('static', filename='css/fontawesome/css/all.css') }}" />
 
   <link rel="stylesheet" type="text/css" href="{{ url_for('static', filename='css/introjs.min.css') }}" />
+  <link rel="stylesheet" type="text/css" href="{{ url_for('static', filename='lib/introjs/themes/introjs-modern.css') }}" />
 
 
   <!-- style -->

src/vr/vulns/model/sgglobalthresholds.py

@@ -8,7 +8,7 @@ class SgGlobalThresholds(db.Model):
     __tablename__ = 'SgGlobalThresholds'
     __table_args__ = {'extend_existing': True}
     ID = db.Column(db.Integer, primary_key=True)
-    Name = db.Column(db.String)
+    Name = db.Column(db.String(100))
     AddDate = db.Column(db.DateTime)
     ThreshScaLow = db.Column(db.Integer)
     ThreshScaMedium = db.Column(db.Integer)