diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index d90b1da2a..6705b789e 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -60,7 +60,7 @@ representative at an online or offline event. Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at -[engineering@phylum.io](mailto:engineering@phylum.io). +[dl-phylum-engineering@veracode.com](mailto:dl-phylum-engineering@veracode.com). All complaints will be reviewed and investigated promptly and fairly. All community leaders are obligated to respect the privacy and security of the diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index fe4b673d8..a9c6929b9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,6 @@ # Contributing -This guide is written for both internal contributors (Phylum, Inc. employees) and external/community contributors. +This guide is written for both internal contributors (Veracode, Inc. employees) and external/community contributors. Community contributions are possible by submitting issues. ## Types of Contributions @@ -56,8 +56,8 @@ is expected to treat other people with respect and more generally to follow the ## Local Development -Internal contributors (Phylum, Inc. employees) are able to contribute with content submissions and pull requests (PRs). -Here's how to set up the Phylum `documentation` repository for local development. +Internal contributors (Veracode, Inc. employees) are able to contribute with content submissions and pull requests +(PRs). Here's how to set up the Phylum `documentation` repository for local development. 1. Clone the `phylum-dev/documentation` repo locally @@ -123,4 +123,4 @@ Docusaurus `plugin-client-redirects` plugin configuration in the larger `site/do If there are any outstanding questions about contributing to the Phylum documentation, they can be asked on the issue tracker: . -As an alternative, you can also email . +As an alternative, you can also email `phylum@veracode.com`. diff --git a/README.md b/README.md index 818328b8a..feccb6cf0 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ The rendered form of the documentation can be viewed at the +Email: `phylum@veracode.com` diff --git a/SECURITY.md b/SECURITY.md index 544d35cf0..1e296407a 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -5,6 +5,6 @@ Phylum was founded by a team of security researchers at heart, and we take the s ## Reporting a Vulnerability We love coordinated disclosure! -Please email [security@phylum.io](mailto:security@phylum.io) to start a conversation! +Please email [dl-phylum-engineering@veracode.com](mailto:dl-phylum-engineering@veracode.com) to start a conversation! We'll coordinate a secure communication mechanism first, then evaluate the reported issue(s) and keep you apprised each step of the way. diff --git a/assets/artifactory_create_repo.png b/assets/artifactory/create_repo.png similarity index 100% rename from assets/artifactory_create_repo.png rename to assets/artifactory/create_repo.png diff --git a/assets/artifactory_lenient_host_auth.png b/assets/artifactory/lenient_host_auth.png similarity index 100% rename from assets/artifactory_lenient_host_auth.png rename to assets/artifactory/lenient_host_auth.png diff --git a/assets/artifactory_select_ecosystem.png b/assets/artifactory/select_ecosystem.png similarity index 100% rename from assets/artifactory_select_ecosystem.png rename to assets/artifactory/select_ecosystem.png diff --git a/assets/artifactory_select_repo_1.png b/assets/artifactory/select_repo_1.png similarity index 100% rename from assets/artifactory_select_repo_1.png rename to assets/artifactory/select_repo_1.png diff --git a/assets/artifactory_select_repo_2.png b/assets/artifactory/select_repo_2.png similarity index 100% rename from assets/artifactory_select_repo_2.png rename to assets/artifactory/select_repo_2.png diff --git a/assets/artifactory_select_repo_3.png b/assets/artifactory/select_repo_3.png similarity index 100% rename from assets/artifactory_select_repo_3.png rename to assets/artifactory/select_repo_3.png diff --git a/assets/artifactory_select_repo_4.png b/assets/artifactory/select_repo_4.png similarity index 100% rename from assets/artifactory_select_repo_4.png rename to assets/artifactory/select_repo_4.png diff --git a/assets/artifactory_select_repo_5.png b/assets/artifactory/select_repo_5.png similarity index 100% rename from assets/artifactory_select_repo_5.png rename to assets/artifactory/select_repo_5.png diff --git a/assets/artifactory_virtual_repos.png b/assets/artifactory/virtual_repos.png similarity index 100% rename from assets/artifactory_virtual_repos.png rename to assets/artifactory/virtual_repos.png diff --git a/assets/gh_app_audit_mode.png b/assets/gh_app/audit_mode.png similarity index 100% rename from assets/gh_app_audit_mode.png rename to assets/gh_app/audit_mode.png diff --git a/assets/gh_app_check_details_audit_neutral.png b/assets/gh_app/check_details_audit_neutral.png similarity index 100% rename from assets/gh_app_check_details_audit_neutral.png rename to assets/gh_app/check_details_audit_neutral.png diff --git a/assets/gh_app_check_view_job_link.png b/assets/gh_app/check_view_job_link.png similarity index 100% rename from assets/gh_app_check_view_job_link.png rename to assets/gh_app/check_view_job_link.png diff --git a/assets/gh_app_install_1.png b/assets/gh_app/install_1.png similarity index 100% rename from assets/gh_app_install_1.png rename to assets/gh_app/install_1.png diff --git a/assets/gh_app_install_2.png b/assets/gh_app/install_2.png similarity index 100% rename from assets/gh_app_install_2.png rename to assets/gh_app/install_2.png diff --git a/assets/gh_app/monitoring_options.png b/assets/gh_app/monitoring_options.png new file mode 100644 index 000000000..1cae14684 Binary files /dev/null and b/assets/gh_app/monitoring_options.png differ diff --git a/assets/gh_app_on-demand_analysis.png b/assets/gh_app/on-demand_analysis.png similarity index 100% rename from assets/gh_app_on-demand_analysis.png rename to assets/gh_app/on-demand_analysis.png diff --git a/assets/gh_app_pr_comment_failed.png b/assets/gh_app/pr_comment_failed.png similarity index 100% rename from assets/gh_app_pr_comment_failed.png rename to assets/gh_app/pr_comment_failed.png diff --git a/assets/gh_app_pr_comment_incomplete.png b/assets/gh_app/pr_comment_incomplete.png similarity index 100% rename from assets/gh_app_pr_comment_incomplete.png rename to assets/gh_app/pr_comment_incomplete.png diff --git a/assets/gh_app_pr_comment_incomplete_failure.png b/assets/gh_app/pr_comment_incomplete_failure.png similarity index 100% rename from assets/gh_app_pr_comment_incomplete_failure.png rename to assets/gh_app/pr_comment_incomplete_failure.png diff --git a/assets/gh_app_re-run_options.png b/assets/gh_app/re-run_options.png similarity index 100% rename from assets/gh_app_re-run_options.png rename to assets/gh_app/re-run_options.png diff --git a/assets/gh_app_settings_analyze_button.png b/assets/gh_app/settings_analyze_button.png similarity index 100% rename from assets/gh_app_settings_analyze_button.png rename to assets/gh_app/settings_analyze_button.png diff --git a/assets/gh_app_settings_menu.png b/assets/gh_app/settings_menu.png similarity index 100% rename from assets/gh_app_settings_menu.png rename to assets/gh_app/settings_menu.png diff --git a/assets/gh_app/settings_select_repo.png b/assets/gh_app/settings_select_repo.png new file mode 100644 index 000000000..15b06a330 Binary files /dev/null and b/assets/gh_app/settings_select_repo.png differ diff --git a/assets/gh_app_status_check_details_link.png b/assets/gh_app/status_check_details_link.png similarity index 100% rename from assets/gh_app_status_check_details_link.png rename to assets/gh_app/status_check_details_link.png diff --git a/assets/gh_app_status_check_running.png b/assets/gh_app/status_check_running.png similarity index 100% rename from assets/gh_app_status_check_running.png rename to assets/gh_app/status_check_running.png diff --git a/assets/gh_app_view_project_link.png b/assets/gh_app/view_project_link.png similarity index 100% rename from assets/gh_app_view_project_link.png rename to assets/gh_app/view_project_link.png diff --git a/assets/gh_app_settings_pro.png b/assets/gh_app_settings_pro.png deleted file mode 100644 index 80d6f1f36..000000000 Binary files a/assets/gh_app_settings_pro.png and /dev/null differ diff --git a/assets/gh_app_settings_select_repo.png b/assets/gh_app_settings_select_repo.png deleted file mode 100644 index 08eb4731d..000000000 Binary files a/assets/gh_app_settings_select_repo.png and /dev/null differ diff --git a/assets/snyk_ask_scopes.png b/assets/snyk/ask_scopes.png similarity index 100% rename from assets/snyk_ask_scopes.png rename to assets/snyk/ask_scopes.png diff --git a/assets/snyk_auth.png b/assets/snyk/auth.png similarity index 100% rename from assets/snyk_auth.png rename to assets/snyk/auth.png diff --git a/assets/snyk_enable.png b/assets/snyk/enable.png similarity index 100% rename from assets/snyk_enable.png rename to assets/snyk/enable.png diff --git a/assets/snyk_import_in_progress.png b/assets/snyk/import_in_progress.png similarity index 100% rename from assets/snyk_import_in_progress.png rename to assets/snyk/import_in_progress.png diff --git a/assets/snyk_install.png b/assets/snyk/install.png similarity index 100% rename from assets/snyk_install.png rename to assets/snyk/install.png diff --git a/assets/snyk_invalid_token.png b/assets/snyk/invalid_token.png similarity index 100% rename from assets/snyk_invalid_token.png rename to assets/snyk/invalid_token.png diff --git a/assets/snyk_invalid_token_update.png b/assets/snyk/invalid_token_update.png similarity index 100% rename from assets/snyk_invalid_token_update.png rename to assets/snyk/invalid_token_update.png diff --git a/assets/snyk_list_projects.png b/assets/snyk/list_projects.png similarity index 100% rename from assets/snyk_list_projects.png rename to assets/snyk/list_projects.png diff --git a/assets/snyk_manage_access.png b/assets/snyk/manage_access.png similarity index 100% rename from assets/snyk_manage_access.png rename to assets/snyk/manage_access.png diff --git a/assets/snyk_manual_import.png b/assets/snyk/manual_import.png similarity index 100% rename from assets/snyk_manual_import.png rename to assets/snyk/manual_import.png diff --git a/assets/snyk_phylum_auth.png b/assets/snyk/phylum_auth.png similarity index 100% rename from assets/snyk_phylum_auth.png rename to assets/snyk/phylum_auth.png diff --git a/assets/snyk_setup_empty_group.png b/assets/snyk/setup_empty_group.png similarity index 100% rename from assets/snyk_setup_empty_group.png rename to assets/snyk/setup_empty_group.png diff --git a/assets/snyk_setup_existing_group.png b/assets/snyk/setup_existing_group.png similarity index 100% rename from assets/snyk_setup_existing_group.png rename to assets/snyk/setup_existing_group.png diff --git a/assets/snyk_setup_token.png b/assets/snyk/setup_token.png similarity index 100% rename from assets/snyk_setup_token.png rename to assets/snyk/setup_token.png diff --git a/assets/snyk_supply_chain_attacks.png b/assets/snyk/supply_chain_attacks.png similarity index 100% rename from assets/snyk_supply_chain_attacks.png rename to assets/snyk/supply_chain_attacks.png diff --git a/assets/sophos_add_creds.png b/assets/sophos/add_creds.png similarity index 100% rename from assets/sophos_add_creds.png rename to assets/sophos/add_creds.png diff --git a/assets/sophos_create_cred_phylum.png b/assets/sophos/create_cred_phylum.png similarity index 100% rename from assets/sophos_create_cred_phylum.png rename to assets/sophos/create_cred_phylum.png diff --git a/assets/sophos_create_cred_ssh.png b/assets/sophos/create_cred_ssh.png similarity index 100% rename from assets/sophos_create_cred_ssh.png rename to assets/sophos/create_cred_ssh.png diff --git a/assets/sophos_pipeline_view.png b/assets/sophos/pipeline_view.png similarity index 100% rename from assets/sophos_pipeline_view.png rename to assets/sophos/pipeline_view.png diff --git a/assets/sophos_solution_catalog.png b/assets/sophos/solution_catalog.png similarity index 100% rename from assets/sophos_solution_catalog.png rename to assets/sophos/solution_catalog.png diff --git a/assets/tines_add_phylum_template.png b/assets/tines/add_phylum_template.png similarity index 100% rename from assets/tines_add_phylum_template.png rename to assets/tines/add_phylum_template.png diff --git a/assets/tines_new_cred.png b/assets/tines/new_cred.png similarity index 100% rename from assets/tines_new_cred.png rename to assets/tines/new_cred.png diff --git a/assets/tines_new_cred_dropdown.png b/assets/tines/new_cred_dropdown.png similarity index 100% rename from assets/tines_new_cred_dropdown.png rename to assets/tines/new_cred_dropdown.png diff --git a/assets/tines_phylum_templates.png b/assets/tines/phylum_templates.png similarity index 100% rename from assets/tines_phylum_templates.png rename to assets/tines/phylum_templates.png diff --git a/assets/tines_templates_location.png b/assets/tines/templates_location.png similarity index 100% rename from assets/tines_templates_location.png rename to assets/tines/templates_location.png diff --git a/docs/integrations/github_app.md b/docs/integrations/github_app.md index 7d266980c..bf137f2ae 100644 --- a/docs/integrations/github_app.md +++ b/docs/integrations/github_app.md @@ -8,20 +8,19 @@ Phylum provides a GitHub App to get your current and future repositories monitor * Ability to install Apps in GitHub * [Phylum account linked to GitHub](../knowledge_base/federate_account.md) -* Phylum Account set to Pro, if additional functionality is desired ## Installation Walkthrough 1. Go to the [Phylum App on the GitHub Marketplace](https://github.com/marketplace/phylum-io). 2. Click to install the free Phylum App. Be sure to select the intended account under the Account drop-down. - ![GitHub App initial install screen](../../assets/gh_app_install_1.png) + ![GitHub App initial install screen](../../assets/gh_app/install_1.png) 3. Fill in or edit account billing information. 4. Click the button to "Complete order and begin installation" 5. Choose **All** (default) or **Select** repositories and click to install. This setting controls which repositories _can be_ monitored by Phylum (i.e., visibility). Configuring repositories to be monitored [is a different step](#monitoring). - ![GitHub App install confirmation screen](../../assets/gh_app_install_2.png) + ![GitHub App install confirmation screen](../../assets/gh_app/install_2.png) 6. After installation, you will be redirected to the Phylum application to configure monitoring. 7. If you are a new user or are not logged in, select the GitHub button at the login screen. @@ -32,17 +31,17 @@ Phylum provides a GitHub App to get your current and future repositories monitor Once installed, the GitHub app can be managed through the settings menu available from the [Phylum UI](https://app.phylum.io). Click on your user icon and select the `GitHub App Settings` option from the dropdown menu: -![Phylum GitHub app settings dropdown](../../assets/gh_app_settings_menu.png) +![Phylum GitHub app settings dropdown](../../assets/gh_app/settings_menu.png) ### Monitoring Monitoring can be activated or paused by selecting the toggle for a given repository. When first activated, a Phylum Project will be created and any supported lockfiles in the default branch will be analyzed. -![GitHub app settings - select repo](../../assets/gh_app_settings_select_repo.png) +![GitHub app settings - select repo](../../assets/gh_app/settings_select_repo.png) -> **NOTE:** [Phylum PRO accounts](https://www.phylum.io/pricing) can select to monitor all existing and future repositories! +> **NOTE:** Phylum accounts can also select to monitor all existing and future repositories! > -> ![GitHub app settings - PRO](../../assets/gh_app_settings_pro.png) +> ![GitHub app settings - PRO](../../assets/gh_app/monitoring_options.png) For every update to the default branch or a pull request for a monitored repository, the GitHub app will automatically check the dependencies in [supported lockfiles](../cli/supported_lockfiles.md). @@ -52,11 +51,11 @@ When the default branch is updated, for example when a pull request is merged, t If an issue causes the job to fail the [defined policy], the GitHub check for the commit will also fail. The details of the failure will be visible in the Phylum analysis job. A link to the analysis job is always available from the bottom of the check details in GitHub. -![GitHub check details showing view more details on Phylum.io link](../../assets/gh_app_check_view_job_link.png) +![GitHub check details showing view more details on Phylum.io link](../../assets/gh_app/check_view_job_link.png) #### Pull Requests -![GitHub app status check in PR](../../assets/gh_app_status_check_running.png) +![GitHub app status check in PR](../../assets/gh_app/status_check_running.png) For Pull Requests, the dependencies of the PR branch are compared against the dependencies of the main branch. If the dependencies have changed, the dependencies of the PR branch are submitted for analysis. If the dependencies have not changed, the GitHub check will pass without creating an analysis in Phylum. @@ -70,41 +69,39 @@ If the Phylum analysis fails the [defined policy] because of an issue related to Phylum OSS Supply Chain Risk Analysis - FAILED -![GitHub app PR comment - failed](../../assets/gh_app_pr_comment_failed.png) +![GitHub app PR comment - failed](../../assets/gh_app/pr_comment_failed.png) --- Phylum OSS Supply Chain Risk Analysis - INCOMPLETE WITH FAILURE -![GitHub app PR comment - incomplete with failure](../../assets/gh_app_pr_comment_incomplete_failure.png) +![GitHub app PR comment - incomplete with failure](../../assets/gh_app/pr_comment_incomplete_failure.png) --- Phylum OSS Supply Chain Risk Analysis - INCOMPLETE -![GitHub app PR comment - incomplete](../../assets/gh_app_pr_comment_incomplete.png) +![GitHub app PR comment - incomplete](../../assets/gh_app/pr_comment_incomplete.png) --- ### Groups -> **NOTE:** Only [Phylum PRO accounts](https://www.phylum.io/pricing) support groups. - -The GitHub App will automatically create a group with the name of your GitHub account/organization. All Phylum projects created by the GitHub App will be owned by that group and results can be shared by adding Phylum PRO accounts as members to the group. +The GitHub App will automatically create a group with the name of your GitHub account/organization. All Phylum projects created by the GitHub App will be owned by that group and results can be shared by adding Phylum accounts as members to the group. ![Phylum groups management](../../assets/phylum_groups_management.png) -The default group that is created is owned by the account that installed the GitHub App. If you would like a different account to manage the GitHub App and group you may [transfer ownership](../knowledge_base/transfer_group_ownership.md) of the group. +The default group that is created is owned by the account that installed the GitHub App. ### Policy -The Phylum GitHub app uses the [established project policy](../knowledge_base/policy.md) for making overall success/failure risk decisions. No configuration is required for setting the policy since a default policy is used for all projects. However, [Phylum PRO users](https://www.phylum.io/pricing) may specify custom policies for their projects to exercise fine-grained control over the risk decision logic. +The Phylum GitHub app uses the [established project policy](../knowledge_base/policy.md) for making overall success/failure risk decisions. No configuration is required for setting the policy since a default policy is used for all projects. However, Phylum users may specify custom policies for their projects to exercise fine-grained control over the risk decision logic. ### Remediation There are several options to remediate failures determined by the GitHub app. A good first step is to click the link in the PR comment to "View this project in the Phylum UI": -![GitHub app PR comment link to project](../../assets/gh_app_view_project_link.png) +![GitHub app PR comment link to project](../../assets/gh_app/view_project_link.png) That will provide results and details for individual package issues. Each issue can be reviewed and the entire package suppressed if all issues within it are found to be false positive, irrelevant, or otherwise acceptable to proceed: @@ -114,11 +111,11 @@ Remaining issues may require lockfile modification to find alternative dependenc After remediation steps are complete, the GitHub app can be re-triggered to run again by pushing new commits to the PR. If no code changes were made to the offending lockfile (issue suppression only), it is possible to manually trigger another run by first clicking the `Details` link for the `Phylum` status check on the PR: -![Phylum app status check failure in PR](../../assets/gh_app_status_check_details_link.png) +![Phylum app status check failure in PR](../../assets/gh_app/status_check_details_link.png) That takes you to the `Checks` tab of the PR, where it is possible to re-run the failed analysis by either clicking the `Re-run` link for the `Phylum` status check specifically or the `Re-run failed checks` option from the `Re-run checks` dropdown menu to include it with all other failed checks. -![Re-trigger Phylum status check](../../assets/gh_app_re-run_options.png) +![Re-trigger Phylum status check](../../assets/gh_app/re-run_options.png) ### On-demand Analysis @@ -126,17 +123,17 @@ It is possible to perform on-demand analysis of any repository for which the Phy To perform an on-demand analysis, click the `Analyze` button for the desired repository: -![GitHub app on-demand analysis button](../../assets/gh_app_settings_analyze_button.png) +![GitHub app on-demand analysis button](../../assets/gh_app/settings_analyze_button.png) The results will be visible in the `Project` menu view for the selected project under the `Label` corresponding to the default branch: -![GitHub app on-demand analysis results](../../assets/gh_app_on-demand_analysis.png) +![GitHub app on-demand analysis results](../../assets/gh_app/on-demand_analysis.png) ### Audit Mode Enabling audit mode for an installation of the Phylum GitHub app temporarily disables pull request protection. This can be useful to minimize disruption in cases where developers are working on repositories at the same time as Phylum is being configured. -![GitHub app audit mode button](../../assets/gh_app_audit_mode.png) +![GitHub app audit mode button](../../assets/gh_app/audit_mode.png) When audit mode is enabled, Phylum still analyzes pull requests and results are still visible in the Phylum UI. However: @@ -144,7 +141,7 @@ When audit mode is enabled, Phylum still analyzes pull requests and results are * The commit check status for policy violations changes from failed to neutral, allowing the PR to be merged. * A message about audit mode being enabled is appended to the commit check details for commits that would have otherwise failed. -![GitHub check result details showing a neutral result because of audit mode](../../assets/gh_app_check_details_audit_neutral.png) +![GitHub check result details showing a neutral result because of audit mode](../../assets/gh_app/check_details_audit_neutral.png) ## FAQ diff --git a/docs/integrations/snyk.md b/docs/integrations/snyk.md index 442dfa274..e3d26f3e2 100644 --- a/docs/integrations/snyk.md +++ b/docs/integrations/snyk.md @@ -15,8 +15,8 @@ group is possible. Setup for a new connection is done on the group page by selecting `Import From > Snyk`. -![Setup with empty group](../../assets/snyk_setup_empty_group.png) -![Setup with existing group](../../assets/snyk_setup_existing_group.png) +![Setup with empty group](../../assets/snyk/setup_empty_group.png) +![Setup with existing group](../../assets/snyk/setup_existing_group.png) To import projects from Snyk, Phylum needs a Snyk API key. This key is not only used for authentication, but also decides which Snyk projects should be @@ -26,9 +26,9 @@ Snyk service account with the desired access permissions is recommended. Instructions on setting up a service account can be found in Snyk's documentation: -https://docs.snyk.io/enterprise-configuration/service-accounts#how-to-set-up-a-group-or-organization-service-account + -![Token entry](../../assets/snyk_setup_token.png) +![Token entry](../../assets/snyk/setup_token.png) ## Updates @@ -39,28 +39,28 @@ Imports run asynchronously, so it might take a while to finish and projects will not necessarily all show up at the same time. Phylum will show a message if an import is not completed yet. -![Import in progress](../../assets/snyk_import_in_progress.png) +![Import in progress](../../assets/snyk/import_in_progress.png) Manual imports can be started at any time if the daily update is not sufficient. This can be done by pressing the `Refresh Imports` button. -![Manual import](../../assets/snyk_manual_import.png) +![Manual import](../../assets/snyk/manual_import.png) ## Snyk Token Updates Phylum will notify you if the associated token is revoked or invalidated. -![Invalid token](../../assets/snyk_invalid_token.png) +![Invalid token](../../assets/snyk/invalid_token.png) In this case, the token can be updated by just pressing the red `Update Token` button. -![Invalid token update](../../assets/snyk_invalid_token_update.png) +![Invalid token update](../../assets/snyk/invalid_token_update.png) If you want to change a valid token, a manual change can be performed by selecting `Manage Access > Update Token`. -![Valid token update](../../assets/snyk_manage_access.png) +![Valid token update](../../assets/snyk/manage_access.png) ## Deletion @@ -68,4 +68,4 @@ Snyk connections can be deleted by selecting `Manage Access > Revoke Connection` in any group with a Snyk connection. This will only stop future updates of the connection and will not delete projects that are already imported. -![Revoke connection](../../assets/snyk_manage_access.png) +![Revoke connection](../../assets/snyk/manage_access.png) diff --git a/docs/integrations/sophos.md b/docs/integrations/sophos.md index 76db763f6..25de23edd 100644 --- a/docs/integrations/sophos.md +++ b/docs/integrations/sophos.md @@ -24,11 +24,11 @@ Copy the token in preparation for adding it to your Sophos Factory credentials. After logging into Sophos Factory, click `Credentials` in the left-hand navigation, then click the green `+ New Credential` button: -![Adding a new credential in Sophos](../../assets/sophos_add_creds.png) +![Adding a new credential in Sophos](../../assets/sophos/add_creds.png) A dialog will slide out from the right: -![Create Phylum credential dialog](../../assets/sophos_create_cred_phylum.png) +![Create Phylum credential dialog](../../assets/sophos/create_cred_phylum.png) Fill out the form as follows: @@ -47,11 +47,11 @@ Click the green `+ Create` button at the bottom of the dialog. You will need your SSH *private* key. This file is commonly found in `~/.ssh/id_rsa`. Copy this file and head back to Sophos Factory. Click `Credentials` in the left-hand navigation and click the green `+ New Credential` button: -![Adding a new credential in Sophos](../../assets/sophos_add_creds.png) +![Adding a new credential in Sophos](../../assets/sophos/add_creds.png) A dialog will slide out from the right: -![Create SSH key credential dialog](../../assets/sophos_create_cred_ssh.png) +![Create SSH key credential dialog](../../assets/sophos/create_cred_ssh.png) Fill out this form as follows: @@ -68,10 +68,10 @@ Click the green `+ Create` button to save this credential. Visit the [solution catalog](https://app.refactr.it/catalogs) and locate the Phylum solution. Click the green `Open` button: -![Sophos solution catalog](../../assets/sophos_solution_catalog.png) +![Sophos solution catalog](../../assets/sophos/solution_catalog.png) Under `Pipelines`, locate the `Phylum Analysis` pipeline and click on the green play button: -![Phylum analysis pipeline](../../assets/sophos_pipeline_view.png) +![Phylum analysis pipeline](../../assets/sophos/pipeline_view.png) In the dialog that slides out, select your `phylumApiToken`, populate the `gitRepo`, and define the `branch` you want to analyze. Then click the green `Run` button to kick off the pipeline. diff --git a/docs/integrations/tines.md b/docs/integrations/tines.md index 63d707fb5..4441e666d 100644 --- a/docs/integrations/tines.md +++ b/docs/integrations/tines.md @@ -4,11 +4,11 @@ Tines has a concept of credentials that can be used from within stories. Under `Your Teams` on the left hand side, locate the `Credentials` item in the navigation and click it. On the new page, click on the `+ New credential` button in the top right: -![Tines new credential button](../../assets/tines_new_cred.png) +![Tines new credential button](../../assets/tines/new_cred.png) and select `HTTP Request` in the drop down: -![Tines new credential dropdown menu](../../assets/tines_new_cred_dropdown.png) +![Tines new credential dropdown menu](../../assets/tines/new_cred_dropdown.png) Name your new credential `Phylum` and populate the fields as follows: @@ -30,12 +30,12 @@ Tines is a no-code editor that allows users to work with and triage security-rel After signing into Tines and accessing your relevant story, locate the `Templates` section on the left of the editor: -![Tines templates section location](../../assets/tines_templates_location.png) +![Tines templates section location](../../assets/tines/templates_location.png) In the dialog that pops up, enter `Phylum` to locate the Phylum templates: -![Tines templates for Phylum](../../assets/tines_phylum_templates.png) +![Tines templates for Phylum](../../assets/tines/phylum_templates.png) Select the template you want to use in your story and drag and drop it over into the work area: -![Add the Phylum template](../../assets/tines_add_phylum_template.png) +![Add the Phylum template](../../assets/tines/add_phylum_template.png) diff --git a/docs/knowledge_base/continuous_monitoring.md b/docs/knowledge_base/continuous_monitoring.md index c38581684..edf2ac9dd 100644 --- a/docs/knowledge_base/continuous_monitoring.md +++ b/docs/knowledge_base/continuous_monitoring.md @@ -19,4 +19,4 @@ If no default label has been set, the project's current job will be the latest j ## How to Activate -No activation required! Continuous Monitoring is a default platform feature for all Phylum accounts. Phylum Pro users have the additional option to trigger [notifications] on new Continuous Monitoring violations. +No activation required! Continuous Monitoring is a default platform feature for all Phylum accounts. Phylum users have the additional option to trigger [notifications] on new Continuous Monitoring violations. diff --git a/docs/knowledge_base/notifications.md b/docs/knowledge_base/notifications.md index e7f878406..fa6dc37b4 100644 --- a/docs/knowledge_base/notifications.md +++ b/docs/knowledge_base/notifications.md @@ -2,7 +2,7 @@ Phylum supports notification systems using email addresses or webhooks for various platforms including Slack, Microsoft Teams, and Discord. This document guides you through setting up notifications for each of these platforms. -Notifications are a Phylum Pro feature and can be configured at the group or project level. Currently, the only trigger for notifications is [Continuous Monitoring](../knowledge_base/continuous_monitoring.md) events. +Notifications can be configured at the group or project level. Currently, the only trigger for notifications is [Continuous Monitoring](../knowledge_base/continuous_monitoring.md) events. ## Notification Setup diff --git a/docs/knowledge_base/policy.md b/docs/knowledge_base/policy.md index 00b022c49..cc3d69146 100644 --- a/docs/knowledge_base/policy.md +++ b/docs/knowledge_base/policy.md @@ -1,7 +1,9 @@ # Policy -Phylum uses a policy framework implemented with [Open Policy Agent] to evaluate dependencies and provide tailored results. A default set of Phylum-provided policies will be applied to all newly created groups/projects. Phylum PRO users may customize their resultant policy by toggling policies on/off in the Phylum UI. +Phylum uses a policy framework implemented with [Open Policy Agent] to evaluate dependencies and provide tailored results. A default set of Phylum-provided policies will be applied to all newly created groups/projects. Phylum users may customize their resultant policy by toggling policies on/off in the Phylum UI. -Phylum PRO users may also [develop custom policies](./policy_development.md) using the [rego query language](https://www.openpolicyagent.org/docs/latest/policy-language/) and apply those policies to their groups/projects. +Phylum users may also [develop custom policies] using the [rego query language] and apply those policies to their groups/projects. [Open Policy Agent]: https://www.openpolicyagent.org/ +[develop custom policies]: ./policy_development.md +[rego query language]: https://www.openpolicyagent.org/docs/latest/policy-language/ diff --git a/docs/knowledge_base/policy_development.md b/docs/knowledge_base/policy_development.md index 3bfb44a3c..1673e50ad 100644 --- a/docs/knowledge_base/policy_development.md +++ b/docs/knowledge_base/policy_development.md @@ -123,7 +123,7 @@ This test requires `constants.json` from the Phylum SDK. The test can be execute ## Evaluating policies using the Phylum API -Using the [`evaluate_policy`](https://api.phylum.io/api/v0/swagger/index.html#/Jobs/evaluate_policy) API, it's possible to evaluate policies within Phylum. This is the same API used by Phylum tooling. +Using the [`evaluate_policy`](https://swagger.phylum.io/#/Jobs/jobs_evaluate_policy) API, it's possible to evaluate policies within Phylum. This is the same API used by Phylum tooling. To evaluate an existing job using `example.rego` you can make an API call like this: diff --git a/docs/knowledge_base/threat_feed.md b/docs/knowledge_base/threat_feed.md index 020584fec..e1d0c5334 100644 --- a/docs/knowledge_base/threat_feed.md +++ b/docs/knowledge_base/threat_feed.md @@ -2,8 +2,6 @@ The Phylum threat feed provides a curated view into malware being released across the open source ecosystems that we monitor. Packages that appear on this feed originate from our automated risk analysis platform, before being triaged and reviewed by a team of security researchers. This produces a timely, high signal feed of threats; [packages now attributed to North Korean state actors](https://blog.phylum.io/sophisticated-ongoing-attack-discovered-on-npm/) appeared on this threat feed before publication of our research article. -> ℹ️ The threat feed is not part of the Phylum Community edition. - ## Quickstart 1. Obtain an [API key](../knowledge_base/api-keys.md) and set it as follows: diff --git a/docs/knowledge_base/transfer_group_ownership.md b/docs/knowledge_base/transfer_group_ownership.md deleted file mode 100644 index 9f7e6f275..000000000 --- a/docs/knowledge_base/transfer_group_ownership.md +++ /dev/null @@ -1,31 +0,0 @@ -# Transfer Group Ownership - -Ownership of a Phylum group can be transferred to another [Phylum PRO account](https://www.phylum.io/pricing). Only the owner of a group may add/remove members and delete projects or the group. - -## Walkthrough - -### Phylum CLI - -1. Use the `phylum group transfer` command to transfer ownership of a group. - -Example: Transfer ownership of the group `sample` from the current user to the user `user@domain.com`. - -```sh -phylum group transfer --group sample user@domain.com -``` - -### Phylum UI - -1. Click on your user icon and navigate to the `Groups Admin` page. - - ![Phylum groups admin dropdown](../../assets/transfer_group_ownership_01.png) - -2. Click the `Transfer Ownership` button for the group you want to transfer. - - ![Phylum groups menu - transfer ownership button](../../assets/transfer_group_ownership_02.png) - -3. Type the email address of the account you want to transfer the group to. - - > **NOTE:** Groups are a [Phylum PRO](https://www.phylum.io/pricing) feature, so the receiving account must be PRO. - -4. Click `Confirm Transfer` to complete the process. diff --git a/docs/package_firewall/artifactory.md b/docs/package_firewall/artifactory.md index dd344cd9b..a27ca0194 100644 --- a/docs/package_firewall/artifactory.md +++ b/docs/package_firewall/artifactory.md @@ -16,12 +16,12 @@ regarding the acceptable use of open source libraries/packages. 1. Create a remote repository for Phylum. Navigate to `Repositories > Administration` and click the green `Create a Repository` button in the top right and select `Remote`. - ![Artifactory_create_repo](../../assets/artifactory_create_repo.png) + ![Artifactory_create_repo](../../assets/artifactory/create_repo.png) 2. Select the appropriate package repository to which you would like to apply the policy. See current [Phylum supported ecosystems here](./about.md#supported-ecosystems). - ![Artifactory_select_ecosystem](../../assets/artifactory_select_ecosystem.png) + ![Artifactory_select_ecosystem](../../assets/artifactory/select_ecosystem.png) 3. Provide a name for your remote repository in the `Repository Key` field. 4. In the `User Name` field enter the name of the [Phylum group](../knowledge_base/groups.md) where you @@ -34,7 +34,7 @@ regarding the acceptable use of open source libraries/packages. This will ensure that redirects (e.g., `HTTP 301`) are allowed and that requests to the repository succeed. - ![Artifactory_lenient_host_auth](../../assets/artifactory_lenient_host_auth.png) + ![Artifactory_lenient_host_auth](../../assets/artifactory/lenient_host_auth.png) ## Update Virtual Repository @@ -49,28 +49,28 @@ repository to use it. 1. Under `Repositories > Administration` locate your virtual repository. Click on the virtual repository you want to update. - ![Artifactory_virtual_repos](../../assets/artifactory_virtual_repos.png) + ![Artifactory_virtual_repos](../../assets/artifactory/virtual_repos.png) 2. In your virtual repository, scroll down to Repositories. You should see several repositories in the following format. - ![Artifactory_select_repo_1](../../assets/artifactory_select_repo_1.png) + ![Artifactory_select_repo_1](../../assets/artifactory/select_repo_1.png) 3. Under the `Selected Repositories` section, remove the existing remote by clicking the checkbox next to its name and clicking the green arrows pointing to the left. - ![Artifactory_select_repo_2](../../assets/artifactory_select_repo_2.png) + ![Artifactory_select_repo_2](../../assets/artifactory/select_repo_2.png) --- - ![Artifactory_select_repo_3](../../assets/artifactory_select_repo_3.png) + ![Artifactory_select_repo_3](../../assets/artifactory/select_repo_3.png) 4. Under the `Available Repositories` section, add your Phylum remote repository by clicking the checkbox next to its name and clicking the green arrows pointing to the right. - ![Artifactory_select_repo_4](../../assets/artifactory_select_repo_4.png) + ![Artifactory_select_repo_4](../../assets/artifactory/select_repo_4.png) 5. Save your settings using the green `Save` button at the bottom right of the screen. - ![Artifactory_select_repo_5](../../assets/artifactory_select_repo_5.png) + ![Artifactory_select_repo_5](../../assets/artifactory/select_repo_5.png) diff --git a/docs/support/contact_us.md b/docs/support/contact_us.md index 6ced5accd..300fdb898 100644 --- a/docs/support/contact_us.md +++ b/docs/support/contact_us.md @@ -1,5 +1,5 @@ # Contact Us -We'd love to answer your questions or provide recommendations on your unique environment! Search our documentation, contact [support](mailto:support@phylum.io) or connect with our [sales team](mailto:sales@phylum.io). +We'd love to answer your questions or provide recommendations on your unique environment! Search our documentation, contact [support](mailto:phylum@veracode.com), or connect with our [sales team](mailto:phylum@veracode.com). Also, join us on the [Phylum Community Discord](https://discord.gg/Fe6pr5eW6p)! diff --git a/docs/support/security.md b/docs/support/security.md index 4689f5ce6..1641d0376 100644 --- a/docs/support/security.md +++ b/docs/support/security.md @@ -5,4 +5,6 @@ Phylum was founded by a team of security researchers at heart, and we take the s ## Reporting security issues We love coordinated disclosure! -Please email [security@phylum.io](mailto:security@phylum.io) to start a conversation! We'll coordinate a secure communication mechanism first, then evaluate the reported issue(s) and keep you apprised each step of the way. +Please email [dl-phylum-engineering@veracode.com](mailto:dl-phylum-engineering@veracode.com) to start a conversation! +We'll coordinate a secure communication mechanism first, then evaluate the reported issue(s) and keep you apprised each +step of the way. diff --git a/site/docusaurus.config.js b/site/docusaurus.config.js index 90c490f01..d7fb4f964 100644 --- a/site/docusaurus.config.js +++ b/site/docusaurus.config.js @@ -90,8 +90,8 @@ const config = { navbar: { title: 'Phylum Docs', logo: { - alt: 'Phylum Logo', - src: 'img/phylum_logo.svg', + alt: 'Veracode Logo', + src: 'img/veracode_logo.svg', }, hideOnScroll: false, items: [ @@ -102,7 +102,7 @@ const config = { label: 'Docs', }, { - href: 'https://api.phylum.io/api/v0/swagger/index.html', + href: 'https://swagger.phylum.io/', position: 'left', label: 'API', }, @@ -116,11 +116,11 @@ const config = { }, footer: { style: 'dark', - copyright: `Copyright © 2020-${new Date().getFullYear()} Phylum, Inc.`, + copyright: `Copyright © 2020-${new Date().getFullYear()} Veracode, Inc.`, links: [ { - label: 'Phylum Home', - href: 'https://phylum.io', + label: 'Phylum App', + href: 'https://app.phylum.io', }, { label: 'Discord', diff --git a/site/sidebars.js b/site/sidebars.js index c7be46178..0c92b27ac 100644 --- a/site/sidebars.js +++ b/site/sidebars.js @@ -100,7 +100,6 @@ const sidebars = { 'knowledge_base/groups', 'knowledge_base/issue_tags', 'knowledge_base/notifications', - 'knowledge_base/transfer_group_ownership', 'knowledge_base/search' ] }, diff --git a/site/static/img/favicon.ico b/site/static/img/favicon.ico index ef6e56886..1df2f341c 100644 Binary files a/site/static/img/favicon.ico and b/site/static/img/favicon.ico differ diff --git a/site/static/img/phylum_logo.svg b/site/static/img/phylum_logo.svg deleted file mode 100644 index da2dcd280..000000000 --- a/site/static/img/phylum_logo.svg +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/site/static/img/veracode_logo.svg b/site/static/img/veracode_logo.svg new file mode 100644 index 000000000..af77b2c5d --- /dev/null +++ b/site/static/img/veracode_logo.svg @@ -0,0 +1,20 @@ + + + + + + + + + + + + \ No newline at end of file