Merge pull request #113 from secureCodeBox/feature/helm2-support

Trying to support helm2 in parallel to helm3 (WIP).
secureCodeBox · Sep 29, 2020 · d59daec · d59daec
2 parents 5621c34 + 5a14380
commit d59daec
Show file tree

Hide file tree

Showing 22 changed files with 342 additions and 3 deletions.
diff --git a/.github/workflows/helm-charts.yaml b/.github/workflows/helm-charts.yaml
@@ -13,19 +13,46 @@ jobs:
           sudo snap install yq
       - name: Parse Tag 
         run: echo ::set-env name=RELEASE_VERSION::${GITHUB_REF#refs/*/}
-      - name: "Publish Helm Chart"
+      - name: "Publish Helm3 Charts"
         env:
           HELM_REGISTRY: https://charts.securecodebox.io
           USERNAME: ${{ secrets.HELM_REGISTRY_USERNAME }}
           PASSWORD: ${{ secrets.HELM_REGISTRY_PASSWORD }}
         run: |
-          # Publish charts in all folders containing a `Chart.yaml` file
+          # Publish all helm3 charts in all folders containing a `Chart.yaml` file
           # https://github.com/koalaman/shellcheck/wiki/SC2044
           find . -type f -name Chart.yaml -print0 | while IFS= read -r -d '' chart; do
           (
             dir="$(dirname "${chart}")"
             cd "${dir}" || exit
-            echo "Processing Chart in $dir"
+            echo "Processing Helm3 Chart in $dir"
+            helm package --version $RELEASE_VERSION .
+            NAME=$(yq read - name < Chart.yaml)
+            curl --silent --show-error --user "${USERNAME}:${PASSWORD}" --data-binary "@${NAME}-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts"
+          )
+          done
+      - name: "Publish Helm2 Charts"
+        env:
+          HELM_REGISTRY: https://charts-helm2.securecodebox.io
+          USERNAME: ${{ secrets.HELM_REGISTRY_USERNAME }}
+          PASSWORD: ${{ secrets.HELM_REGISTRY_PASSWORD }}
+        run: |
+          # Publish all helm2 charts in all folders containing a `helm2.Chart.yaml` file
+          # https://github.com/koalaman/shellcheck/wiki/SC2044
+          find . -type f -name helm2.Chart.yaml -print0 | while IFS= read -r -d '' chart; do
+          (
+            dir="$(dirname "${chart}")"
+            cd "${dir}" || exit
+            mv Chart.yaml helm3.Chart.yaml
+            mv helm2.Chart.yaml Chart.yaml
+            if [ ${dir} = "operator" ]
+            then
+                cp -R crds templates/crds
+            fi
+            echo "Restoring Helm2 Chart and replace Helm3 Chart temporary"
+            [ ! -f helm2.requirements.lock ] || mv helm2.requirements.lock requirements.lock
+            [ ! -f helm2.requirements.yaml ] || mv helm2.requirements.yaml requirements.yaml
+            echo "Processing Helm2 Chart in $dir"
             helm package --version $RELEASE_VERSION .
             NAME=$(yq read - name < Chart.yaml)
             curl --silent --show-error --user "${USERNAME}:${PASSWORD}" --data-binary "@${NAME}-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts"

diff --git a/hooks/declarative-subsequent-scans/helm2.Chart.yaml b/hooks/declarative-subsequent-scans/helm2.Chart.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+name: declarative-subsequent-scans
+description: Starts possible subsequent security scans based on findings (e.g. open ports found by NMAP or subdomains found by AMASS).
+
+type: application
+
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
diff --git a/hooks/generic-webhook/helm2.Chart.yaml b/hooks/generic-webhook/helm2.Chart.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+name: generic-webhook
+description: Lets you send http webhooks after scans are completed
+
+type: application
+
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
diff --git a/hooks/imperative-subsequent-scans/helm2.Chart.yaml b/hooks/imperative-subsequent-scans/helm2.Chart.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+name: imperative-subsequent-scans
+description: Starts possible subsequent security scans based on findings (e.g. open ports found by NMAP or subdomains found by AMASS).
+
+type: application
+
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
diff --git a/hooks/persistence-elastic/helm2.Chart.yaml b/hooks/persistence-elastic/helm2.Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+name: persistence-elastic
+description: The elastic persistence provider persists secureCodeBox findings into the elastic stack.
+
+type: application
+
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+
+appVersion: 7.6.1
diff --git a/hooks/persistence-elastic/helm2.requirements.lock b/hooks/persistence-elastic/helm2.requirements.lock
@@ -0,0 +1,9 @@
+dependencies:
+- name: elasticsearch
+  repository: https://helm.elastic.co
+  version: 7.6.1
+- name: kibana
+  repository: https://helm.elastic.co
+  version: 7.6.1
+digest: sha256:7d3461d986f620421f775f9ecaf73af2565ace9d909a8134c4259c5206f1f89c
+generated: "2020-03-17T15:09:24.838784+01:00"
diff --git a/hooks/persistence-elastic/helm2.requirements.yaml b/hooks/persistence-elastic/helm2.requirements.yaml
@@ -0,0 +1,9 @@
+dependencies:
+  - name: elasticsearch
+    version: 7.6.1
+    repository: https://helm.elastic.co
+    condition: elasticsearch.enabled
+  - name: kibana
+    version: 7.6.1
+    repository: https://helm.elastic.co
+    condition: kibana.enabled
diff --git a/hooks/update-field/helm2.Chart.yaml b/hooks/update-field/helm2.Chart.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+name: update-field-hook
+description: Lets you add or override a field to every finding
+
+type: application
+
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
diff --git a/operator/helm2.Chart.yaml b/operator/helm2.Chart.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+name: operator
+description: secureCodeBox Operator to automate the execution of security scans on kubernetes
+
+type: application
+
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
diff --git a/operator/helm2.requirements.lock b/operator/helm2.requirements.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: minio
+  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 5.0.19
+digest: sha256:13a3a902e7ac7dcc7124ab858344b5bebe9ab623d06ee9c8d5a1cc3f467a36bb
+generated: "2020-08-10T13:09:59.053995+02:00"
diff --git a/operator/helm2.requirements.yaml b/operator/helm2.requirements.yaml
@@ -0,0 +1,5 @@
+dependencies:
+  - name: minio
+    version: 5.0.19
+    repository: https://kubernetes-charts.storage.googleapis.com/
+    condition: minio.enabled
diff --git a/scanners/amass/helm2.Chart.yaml b/scanners/amass/helm2.Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+name: amass
+description: A Helm chart for the Amass security scanner that integrates with the secureCodeBox.
+
+type: application
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+appVersion: 3.10.3
+
+keywords:
+  - security
+  - amass
+  - scanner
+  - secureCodeBox
+home: https://www.securecodebox.io/scanners/amass
+icon: https://www.securecodebox.io/scannerIcons/Amass.svg
+sources:
+  - https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+  - name: iteratec GmbH
+    email: security@iteratec.com
diff --git a/scanners/kube-hunter/helm2.Chart.yaml b/scanners/kube-hunter/helm2.Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+name: kube-hunter
+description: A Helm chart for the kube-hunter security scanner that integrates with the secureCodeBox.
+
+type: application
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+appVersion: v0.3.0
+
+keywords:
+  - security
+  - kube-hunter
+  - scanner
+  - secureCodeBox
+home: https://www.securecodebox.io/scanners/kube-hunter
+icon: https://www.securecodebox.io/scannerIcons/kube-hunter.svg
+sources:
+  - https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+  - name: iteratec GmbH
+    email: security@iteratec.com
diff --git a/scanners/ncrack/helm2.Chart.yaml b/scanners/ncrack/helm2.Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+name: ncrack
+description: A Helm chart for the NCRACK security Scanner that integrates with the secureCodeBox.
+
+type: application
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+appVersion: 0.7
+
+keywords:
+  - security
+  - ncrack
+  - scanner
+  - secureCodeBox
+home: https://www.securecodebox.io/scanners/ncrack
+icon: https://www.securecodebox.io/scannerIcons/Ncrack.svg
+sources:
+  - https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+  - name: iteratec GmbH
+    email: security@iteratec.com
diff --git a/scanners/nikto/helm2.Chart.yaml b/scanners/nikto/helm2.Chart.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+name: nikto
+description: A Helm chart for the Nikto security scanner that integrates with the secureCodeBox.
+
+type: application
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+# appVersion - Nikto doesn't really version its releases
+appVersion: latest
+
+keywords:
+  - security
+  - nikto
+  - scanner
+  - secureCodeBox
+home: https://www.securecodebox.io/scanners/nikto
+icon: https://www.securecodebox.io/scannerIcons/Nikto.svg
+sources:
+  - https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+  - name: iteratec GmbH
+    email: security@iteratec.com
diff --git a/scanners/nmap/helm2.Chart.yaml b/scanners/nmap/helm2.Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+name: nmap
+description: A Helm chart for the NMAP security Scanner that integrates with the secureCodeBox.
+
+type: application
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+appVersion: 7.80-r2
+
+keywords:
+  - security
+  - nmap
+  - scanner
+  - secureCodeBox
+home: https://www.securecodebox.io/scanners/nmap
+icon: https://www.securecodebox.io/scannerIcons/Nmap.svg
+sources:
+  - https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+  - name: iteratec GmbH
+    email: security@iteratec.com
diff --git a/scanners/ssh_scan/helm2.Chart.yaml b/scanners/ssh_scan/helm2.Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+name: ssh-scan
+description: A Helm chart for the SSH_Scan security scanner that integrates with the secureCodeBox.
+
+type: application
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+appVersion: "0.0.43"
+
+keywords:
+  - security
+  - ssh
+  - scanner
+  - secureCodeBox
+home: https://www.securecodebox.io/scanners/ssh
+icon: https://www.securecodebox.io/scannerIcons/SSH.svg
+sources:
+  - https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+  - name: iteratec GmbH
+    email: security@iteratec.com
diff --git a/scanners/sslyze/helm2.Chart.yaml b/scanners/sslyze/helm2.Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+name: sslyze
+description: A Helm chart for the SSLyze security scanner that integrates with the secureCodeBox.
+
+type: application
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+appVersion: v3.0.6
+
+keywords:
+  - security
+  - ssl
+  - scanner
+  - secureCodeBox
+home: https://www.securecodebox.io/scanners/sslyze
+icon: https://www.securecodebox.io/scannerIcons/SSLyze.svg
+sources:
+  - https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+  - name: iteratec GmbH
+    email: security@iteratec.com
diff --git a/scanners/test-scan/helm2.Chart.yaml b/scanners/test-scan/helm2.Chart.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+name: test-scan
+description: A Helm chart to test the secureCodeBox operator
+
+type: application
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+
+keywords:
+  - security
+  - scanner
+  - secureCodeBox
+  - integrationTest
+  - test
+sources:
+  - https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+  - name: iteratec GmbH
+    email: security@iteratec.com
diff --git a/scanners/trivy/helm2.Chart.yaml b/scanners/trivy/helm2.Chart.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+name: trivy
+description: A Helm chart for the trivy security scanner that integrates with the secureCodeBox.
+
+type: application
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+appVersion: v0.6.0
+
+keywords:
+  - security
+  - trivy
+  - image-scanning
+  - scanner
+  - secureCodeBox
+home: https://www.securecodebox.io/scanners/trivy
+icon: https://github.com/aquasecurity/trivy/blob/master/imgs/logo.png
+sources:
+  - https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+  - name: iteratec GmbH
+    email: security@iteratec.com
diff --git a/scanners/wpscan/helm2.Chart.yaml b/scanners/wpscan/helm2.Chart.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+name: wpscan
+description: A Helm chart for the WordPress security scanner that integrates with the secureCodeBox.
+
+type: application
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+appVersion: latest
+
+keywords:
+  - security
+  - wpscan
+  - wordpress
+  - scanner
+  - secureCodeBox
+home: https://www.securecodebox.io/scanners/wpscan
+icon: https://www.securecodebox.io/scannerIcons/WPScan.svg
+sources:
+  - https://github.com/secureCodeBox/scanner-infrastructure-wpscan
+maintainers:
+  - name: iteratec GmbH
+    email: security@iteratec.com
diff --git a/scanners/zap/helm2.Chart.yaml b/scanners/zap/helm2.Chart.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+name: zap
+description: A Helm chart for the OWASP ZAP security scanner that integrates with the secureCodeBox.
+
+type: application
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+appVersion: v2.9.0
+
+keywords:
+  - security
+  - Zap
+  - OWASP
+  - scanner
+  - secureCodeBox
+home: https://www.securecodebox.io/scanners/zap
+icon: https://www.securecodebox.io/scannerIcons/ZAP.svg
+sources:
+  - https://github.com/secureCodeBox/secureCodeBox
+maintainers:
+  - name: iteratec GmbH
+    email: security@iteratec.com