From c40ded35489b5c21bdd4e7cbc99a34b076924b7a Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 13:29:13 +0200 Subject: [PATCH 01/65] added appVersion to template rendering --- scanners/amass/README.md.gotmpl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scanners/amass/README.md.gotmpl b/scanners/amass/README.md.gotmpl index 20bb6c408b..d3c91bea06 100644 --- a/scanners/amass/README.md.gotmpl +++ b/scanners/amass/README.md.gotmpl @@ -8,7 +8,7 @@ title: "Amass" category: "scanner" type: "Network" state: "released" -appVersion: "3.10.4" +appVersion: '{{ template "chart.appVersion" . }}' usecase: "Subdomain Enumeration Scanner" --- @@ -18,6 +18,8 @@ The OWASP Amass Project has developed a tool to help information security profes +{{ template “chart.badgesSection” . }} + ## Deployment The AMASS scanType can be deployed via helm: From bdf9a5bc85b94d0ff0682d57520a72aa658ecf71 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 13:41:16 +0200 Subject: [PATCH 02/65] Bugfixing amass template --- scanners/amass/README.md.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/amass/README.md.gotmpl b/scanners/amass/README.md.gotmpl index d3c91bea06..8a03e82180 100644 --- a/scanners/amass/README.md.gotmpl +++ b/scanners/amass/README.md.gotmpl @@ -18,7 +18,7 @@ The OWASP Amass Project has developed a tool to help information security profes -{{ template “chart.badgesSection” . }} +{{ template "chart.badgesSection" . }} ## Deployment From 3410ebff7ac5bc4caaccd332c69f0eb5f17e476a Mon Sep 17 00:00:00 2001 From: rseedorff Date: Mon, 7 Jun 2021 11:41:45 +0000 Subject: [PATCH 03/65] Updating Helm Docs --- scanners/amass/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scanners/amass/README.md b/scanners/amass/README.md index d4c5cfe1b7..4e7f94fe68 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -3,7 +3,7 @@ title: "Amass" category: "scanner" type: "Network" state: "released" -appVersion: "3.10.4" +appVersion: 'v3.13' usecase: "Subdomain Enumeration Scanner" --- @@ -13,6 +13,8 @@ The OWASP Amass Project has developed a tool to help information security profes +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.13](https://img.shields.io/badge/AppVersion-v3.13-informational?style=flat-square) + ## Deployment The AMASS scanType can be deployed via helm: From c01655e6422ce5a634a5dc0aa2320de8598bc72a Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 14:21:31 +0200 Subject: [PATCH 04/65] Trying to add additional template sections for chart template rendering --- .github/workflows/helm-docs.yaml | 2 +- _templates.gotmpl | 47 ++++++++++++++++++++++++++++++++ scanners/amass/README.md.gotmpl | 8 +++++- 3 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 _templates.gotmpl diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml index 67dce2a993..d79756696b 100644 --- a/.github/workflows/helm-docs.yaml +++ b/.github/workflows/helm-docs.yaml @@ -36,7 +36,7 @@ jobs: - name: Generate Helm Docs run: | - ./helm-docs/helm-docs + ./helm-docs/helm-docs --template-files=./_templates.gotmpl --template-files=README.md.gotmpl # Remove helm-docs download to ensure they don't get commited back rm -rf helm-docs - uses: stefanzweifel/git-auto-commit-action@v4.11.0 diff --git a/_templates.gotmpl b/_templates.gotmpl new file mode 100644 index 0000000000..300645e8a3 --- /dev/null +++ b/_templates.gotmpl @@ -0,0 +1,47 @@ +{{ define „extra.badgesSection“ -}} +

+ „secureCodeBox + „secureCodeBox +

+ +

+ „License + „GitHub + „OWASP + „Artifact + „Twitter +

+

+ „Build“ + „Maintainability“ + „Test + „Known + +

+{{- end }} + +{{ define „extra.licenceSection“ -}} +## License + +Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. +{{- end }} + +{{ define „extra.communitySection“ -}} +## Community + +You are welcome, please join us on... 👋 + +- [GitHub][scb-github] +- [Slack][scb-slack] +- [Twitter][scb-twitter] + +secureCodeBox is an official [OWASP][owasp] project. +{{- end }} + + +{{ define „extra.contributionSection“ -}} +## Contributing + +Contributions are welcome and extremely helpful 🙌 +Please have a look at [Contributing](./CONTRIBUTING.md) +{{- end }} diff --git a/scanners/amass/README.md.gotmpl b/scanners/amass/README.md.gotmpl index 8a03e82180..c281d49326 100644 --- a/scanners/amass/README.md.gotmpl +++ b/scanners/amass/README.md.gotmpl @@ -18,7 +18,7 @@ The OWASP Amass Project has developed a tool to help information security profes -{{ template "chart.badgesSection" . }} +{{ template "extra.badgesSection" . }} ## Deployment @@ -46,6 +46,12 @@ Special command line options: {{ template "chart.valuesTable" . }} +{{ template „extra.licenceSection“ . }} + +{{ template „extra.contributionSection“ . }} + +{{ template „extra.communitySection“ . }} + [owasp_amass_project]: https://owasp.org/www-project-amass/ [amass github]: https://github.com/OWASP/Amass [amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md From 50fede9edc67b867672e90747009db0d01af8e39 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 14:29:52 +0200 Subject: [PATCH 05/65] Fixing template issues --- scanners/amass/README.md.gotmpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scanners/amass/README.md.gotmpl b/scanners/amass/README.md.gotmpl index c281d49326..3f78b89032 100644 --- a/scanners/amass/README.md.gotmpl +++ b/scanners/amass/README.md.gotmpl @@ -46,11 +46,11 @@ Special command line options: {{ template "chart.valuesTable" . }} -{{ template „extra.licenceSection“ . }} +{{ template "extra.licenceSection" . }} -{{ template „extra.contributionSection“ . }} +{{ template "extra.contributionSection" . }} -{{ template „extra.communitySection“ . }} +{{ template "extra.communitySection" . }} [owasp_amass_project]: https://owasp.org/www-project-amass/ [amass github]: https://github.com/OWASP/Amass From 16178323a4ee1124169dea7c7e814a231fdfebd4 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 14:30:36 +0200 Subject: [PATCH 06/65] Fixing template issues --- _templates.gotmpl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/_templates.gotmpl b/_templates.gotmpl index 300645e8a3..9852152b1f 100644 --- a/_templates.gotmpl +++ b/_templates.gotmpl @@ -1,4 +1,4 @@ -{{ define „extra.badgesSection“ -}} +{{ define "extra.badgesSection" -}}

„secureCodeBox „secureCodeBox @@ -20,13 +20,13 @@

{{- end }} -{{ define „extra.licenceSection“ -}} +{{ define "extra.licenceSection" -}} ## License Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. {{- end }} -{{ define „extra.communitySection“ -}} +{{ define "extra.communitySection" -}} ## Community You are welcome, please join us on... 👋 @@ -39,7 +39,7 @@ secureCodeBox is an official [OWASP][owasp] project. {{- end }} -{{ define „extra.contributionSection“ -}} +{{ define "extra.contributionSection" -}} ## Contributing Contributions are welcome and extremely helpful 🙌 From d705ddb9880487a4a05933c2cdb161013f5ab65d Mon Sep 17 00:00:00 2001 From: rseedorff Date: Mon, 7 Jun 2021 12:31:03 +0000 Subject: [PATCH 07/65] Updating Helm Docs --- demo-apps/bodgeit/README.md | 2 + demo-apps/dummy-ssh/README.md | 2 + demo-apps/http-webhook/README.md | 2 + demo-apps/juice-shop/README.md | 2 + demo-apps/old-wordpress/README.md | 2 + demo-apps/swagger-petstore/README.md | 2 + demo-apps/unsafe-https/README.md | 2 + hooks/declarative-subsequent-scans/README.md | 2 + hooks/finding-post-processing/README.md | 2 + hooks/generic-webhook/README.md | 2 + hooks/notification-hook/README.md | 2 + hooks/persistence-defectdojo/README.md | 2 + hooks/persistence-elastic/README.md | 2 + hooks/teams-webhook/README.md | 2 + hooks/update-field/README.md | 2 + operator/README.md | 2 + scanners/amass/README.md | 41 +++++++++++++++++++- scanners/angularjs-csti-scanner/README.md | 2 + scanners/git-repo-scanner/README.md | 2 + scanners/gitleaks/README.md | 2 + scanners/kube-hunter/README.md | 2 + scanners/kubeaudit/README.md | 2 + scanners/ncrack/README.md | 2 + scanners/nikto/README.md | 2 + scanners/nmap/README.md | 2 + scanners/screenshooter/README.md | 2 + scanners/ssh-scan/README.md | 2 + scanners/sslyze/README.md | 2 + scanners/test-scan/README.md | 2 + scanners/trivy/README.md | 2 + scanners/wpscan/README.md | 2 + scanners/zap-advanced/README.md | 2 + scanners/zap/README.md | 2 + 33 files changed, 104 insertions(+), 1 deletion(-) diff --git a/demo-apps/bodgeit/README.md b/demo-apps/bodgeit/README.md index 8837eb2689..107c616400 100644 --- a/demo-apps/bodgeit/README.md +++ b/demo-apps/bodgeit/README.md @@ -1,3 +1,5 @@ + + --- title: "Bodgeit" category: "target" diff --git a/demo-apps/dummy-ssh/README.md b/demo-apps/dummy-ssh/README.md index bd073e22eb..fb8c375489 100644 --- a/demo-apps/dummy-ssh/README.md +++ b/demo-apps/dummy-ssh/README.md @@ -1,3 +1,5 @@ + + # dummy-ssh ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) diff --git a/demo-apps/http-webhook/README.md b/demo-apps/http-webhook/README.md index 41b6d1264e..fb9a53309e 100644 --- a/demo-apps/http-webhook/README.md +++ b/demo-apps/http-webhook/README.md @@ -1,3 +1,5 @@ + + # http-webhook ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) diff --git a/demo-apps/juice-shop/README.md b/demo-apps/juice-shop/README.md index b9caa98c32..1fa53128f9 100644 --- a/demo-apps/juice-shop/README.md +++ b/demo-apps/juice-shop/README.md @@ -1,3 +1,5 @@ + + # juice-shop ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v12.0.2](https://img.shields.io/badge/AppVersion-v12.0.2-informational?style=flat-square) diff --git a/demo-apps/old-wordpress/README.md b/demo-apps/old-wordpress/README.md index 32bdab2f2d..a6fc963983 100644 --- a/demo-apps/old-wordpress/README.md +++ b/demo-apps/old-wordpress/README.md @@ -1,3 +1,5 @@ + + # old-wordpress ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0](https://img.shields.io/badge/AppVersion-4.0-informational?style=flat-square) diff --git a/demo-apps/swagger-petstore/README.md b/demo-apps/swagger-petstore/README.md index c75ac9ea36..6866c7ea88 100644 --- a/demo-apps/swagger-petstore/README.md +++ b/demo-apps/swagger-petstore/README.md @@ -1,3 +1,5 @@ + + # swagger-petstore ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) diff --git a/demo-apps/unsafe-https/README.md b/demo-apps/unsafe-https/README.md index 56baf2dc13..8894c43c37 100644 --- a/demo-apps/unsafe-https/README.md +++ b/demo-apps/unsafe-https/README.md @@ -1,3 +1,5 @@ + + # unsafe-https ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) diff --git a/hooks/declarative-subsequent-scans/README.md b/hooks/declarative-subsequent-scans/README.md index 72ff3e16c7..b11345601e 100644 --- a/hooks/declarative-subsequent-scans/README.md +++ b/hooks/declarative-subsequent-scans/README.md @@ -1,3 +1,5 @@ + + --- title: "Cascading Scans" category: "hook" diff --git a/hooks/finding-post-processing/README.md b/hooks/finding-post-processing/README.md index d79991e768..61576a0f1a 100644 --- a/hooks/finding-post-processing/README.md +++ b/hooks/finding-post-processing/README.md @@ -1,3 +1,5 @@ + + --- title: "Finding Post Processing" category: "hook" diff --git a/hooks/generic-webhook/README.md b/hooks/generic-webhook/README.md index 70c291b2b3..c70e429377 100644 --- a/hooks/generic-webhook/README.md +++ b/hooks/generic-webhook/README.md @@ -1,3 +1,5 @@ + + --- title: "Generic WebHook" category: "hook" diff --git a/hooks/notification-hook/README.md b/hooks/notification-hook/README.md index b684b0ab04..d40714d81d 100644 --- a/hooks/notification-hook/README.md +++ b/hooks/notification-hook/README.md @@ -1,3 +1,5 @@ + + --- title: "Notification Hook" category: "hook" diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md index 12e39ebe3b..6e3391be92 100644 --- a/hooks/persistence-defectdojo/README.md +++ b/hooks/persistence-defectdojo/README.md @@ -1,3 +1,5 @@ + + --- title: "DefectDojo" category: "hook" diff --git a/hooks/persistence-elastic/README.md b/hooks/persistence-elastic/README.md index e3df2d59c4..35a1846eba 100644 --- a/hooks/persistence-elastic/README.md +++ b/hooks/persistence-elastic/README.md @@ -1,3 +1,5 @@ + + --- title: "Elasticsearch" category: "hook" diff --git a/hooks/teams-webhook/README.md b/hooks/teams-webhook/README.md index 763f6dc250..4b19cf9e75 100644 --- a/hooks/teams-webhook/README.md +++ b/hooks/teams-webhook/README.md @@ -1,3 +1,5 @@ + + --- title: "MS Teams WebHook" category: "hook" diff --git a/hooks/update-field/README.md b/hooks/update-field/README.md index 93e529d2e9..a607c645e9 100644 --- a/hooks/update-field/README.md +++ b/hooks/update-field/README.md @@ -1,3 +1,5 @@ + + --- title: "Update Field" category: "hook" diff --git a/operator/README.md b/operator/README.md index 96a4256c4e..f8b008c8f3 100644 --- a/operator/README.md +++ b/operator/README.md @@ -1,3 +1,5 @@ + + ![operator logo](https://docs.securecodebox.io/img/Logo_Color.svg) The secureCodeBox operator is running on Kubernetes and is the core component of the complete secureCodeBox stack, responsible for managing all scans and resources. diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 4e7f94fe68..e77c460157 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -1,3 +1,5 @@ + + --- title: "Amass" category: "scanner" @@ -13,7 +15,25 @@ The OWASP Amass Project has developed a tool to help information security profes -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.13](https://img.shields.io/badge/AppVersion-v3.13-informational?style=flat-square) +

+ „secureCodeBox + „secureCodeBox +

+ +

+ „License + „GitHub + „OWASP + „Artifact + „Twitter +

+

+ „Build“ + „Maintainability“ + „Test + „Known + +

## Deployment @@ -55,6 +75,25 @@ Special command line options: | scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +## License + +Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. + +## Contributing + +Contributions are welcome and extremely helpful 🙌 +Please have a look at [Contributing](./CONTRIBUTING.md) + +## Community + +You are welcome, please join us on... 👋 + +- [GitHub][scb-github] +- [Slack][scb-slack] +- [Twitter][scb-twitter] + +secureCodeBox is an official [OWASP][owasp] project. + [owasp_amass_project]: https://owasp.org/www-project-amass/ [amass github]: https://github.com/OWASP/Amass [amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md diff --git a/scanners/angularjs-csti-scanner/README.md b/scanners/angularjs-csti-scanner/README.md index 4cba60c1a6..9e3cc25586 100644 --- a/scanners/angularjs-csti-scanner/README.md +++ b/scanners/angularjs-csti-scanner/README.md @@ -1,3 +1,5 @@ + + --- title: "Angularjs CSTI Scanner" category: "scanner" diff --git a/scanners/git-repo-scanner/README.md b/scanners/git-repo-scanner/README.md index e740240a3d..9a6abc2bb6 100644 --- a/scanners/git-repo-scanner/README.md +++ b/scanners/git-repo-scanner/README.md @@ -1,3 +1,5 @@ + + --- title: "git-repo-scanner" category: "scanner" diff --git a/scanners/gitleaks/README.md b/scanners/gitleaks/README.md index 70dd2e477f..c88a2d7c9d 100644 --- a/scanners/gitleaks/README.md +++ b/scanners/gitleaks/README.md @@ -1,3 +1,5 @@ + + --- title: "Gitleaks" category: "scanner" diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md index 97f6b73375..784a40bb21 100644 --- a/scanners/kube-hunter/README.md +++ b/scanners/kube-hunter/README.md @@ -1,3 +1,5 @@ + + --- title: "kube-hunter" category: "scanner" diff --git a/scanners/kubeaudit/README.md b/scanners/kubeaudit/README.md index db43922726..566e3bf581 100644 --- a/scanners/kubeaudit/README.md +++ b/scanners/kubeaudit/README.md @@ -1,3 +1,5 @@ + + --- title: "kubeaudit" category: "scanner" diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md index 120d9e5551..9a457b7e45 100644 --- a/scanners/ncrack/README.md +++ b/scanners/ncrack/README.md @@ -1,3 +1,5 @@ + + --- title: "Ncrack" category: "scanner" diff --git a/scanners/nikto/README.md b/scanners/nikto/README.md index 4cef2af09f..cbcb97a548 100644 --- a/scanners/nikto/README.md +++ b/scanners/nikto/README.md @@ -1,3 +1,5 @@ + + --- title: "Nikto" category: "scanner" diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md index bc3b97f97c..6a4112c80f 100644 --- a/scanners/nmap/README.md +++ b/scanners/nmap/README.md @@ -1,3 +1,5 @@ + + --- title: "Nmap" category: "scanner" diff --git a/scanners/screenshooter/README.md b/scanners/screenshooter/README.md index 0af59910a9..aa735649f4 100644 --- a/scanners/screenshooter/README.md +++ b/scanners/screenshooter/README.md @@ -1,3 +1,5 @@ + + --- title: "Screenshooter" category: "scanner" diff --git a/scanners/ssh-scan/README.md b/scanners/ssh-scan/README.md index 36ef3ee5e4..3bb91dc874 100644 --- a/scanners/ssh-scan/README.md +++ b/scanners/ssh-scan/README.md @@ -1,3 +1,5 @@ + + --- title: "SSH" category: "scanner" diff --git a/scanners/sslyze/README.md b/scanners/sslyze/README.md index 92da51b267..caf8b87e89 100644 --- a/scanners/sslyze/README.md +++ b/scanners/sslyze/README.md @@ -1,3 +1,5 @@ + + --- title: "SSLyze" category: "scanner" diff --git a/scanners/test-scan/README.md b/scanners/test-scan/README.md index 94835648c2..1d001c6250 100644 --- a/scanners/test-scan/README.md +++ b/scanners/test-scan/README.md @@ -1,3 +1,5 @@ + + --- title: "test-scan" hidden: true diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md index 1f7e8821cb..050f809d90 100644 --- a/scanners/trivy/README.md +++ b/scanners/trivy/README.md @@ -1,3 +1,5 @@ + + --- title: "Trivy" category: "scanner" diff --git a/scanners/wpscan/README.md b/scanners/wpscan/README.md index af5079951b..ed0499ebd3 100644 --- a/scanners/wpscan/README.md +++ b/scanners/wpscan/README.md @@ -1,3 +1,5 @@ + + --- title: 'WPScan' path: 'scanners/wpscan' diff --git a/scanners/zap-advanced/README.md b/scanners/zap-advanced/README.md index 6524d7e810..755b029f7e 100644 --- a/scanners/zap-advanced/README.md +++ b/scanners/zap-advanced/README.md @@ -1,3 +1,5 @@ + + --- title: "ZAP Advanced" category: "scanner" diff --git a/scanners/zap/README.md b/scanners/zap/README.md index aa2a3aae85..6bcc35ec7b 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -1,3 +1,5 @@ + + --- title: "ZAP" category: "scanner" From 8ea2795d32cdaa7c35c7ce895c459ba3752d3ac5 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 15:18:17 +0200 Subject: [PATCH 08/65] removing whitespaces --- _templates.gotmpl | 4 ---- 1 file changed, 4 deletions(-) diff --git a/_templates.gotmpl b/_templates.gotmpl index 9852152b1f..fe74502243 100644 --- a/_templates.gotmpl +++ b/_templates.gotmpl @@ -19,13 +19,11 @@

{{- end }} - {{ define "extra.licenceSection" -}} ## License Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. {{- end }} - {{ define "extra.communitySection" -}} ## Community @@ -37,8 +35,6 @@ You are welcome, please join us on... 👋 secureCodeBox is an official [OWASP][owasp] project. {{- end }} - - {{ define "extra.contributionSection" -}} ## Contributing From 7a89dc3287c01a6af8338481179740a61d4b738f Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 15:23:45 +0200 Subject: [PATCH 09/65] Trying to add a new DockerHub scanner readme template --- scanners/amass/DockerHub-Scanner.md.gotmpl | 46 ++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 scanners/amass/DockerHub-Scanner.md.gotmpl diff --git a/scanners/amass/DockerHub-Scanner.md.gotmpl b/scanners/amass/DockerHub-Scanner.md.gotmpl new file mode 100644 index 0000000000..1141f5b981 --- /dev/null +++ b/scanners/amass/DockerHub-Scanner.md.gotmpl @@ -0,0 +1,46 @@ +{{- /* +SPDX-FileCopyrightText: 2020 iteratec GmbH + +SPDX-License-Identifier: Apache-2.0 +*/ -}} + +{{ template „extra.badgesSection“ . }} + +## About the Scanner + +![owasp logo](https://owasp.org/assets/images/logo.png) + +The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub] + + +## Deployment + +The AMASS scanType can be deployed via helm: + +```bash +helm upgrade --install amass secureCodeBox/amass +``` + +## Scanner Configuration + +The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. + +- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` +- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` + +Special command line options: + +- Disable generation of altered names `amass enum -noalts -d example.com` +- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` +- Disable saving data into a local database `amass enum -nolocaldb -d example.com` +- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` + +{{ template "extra.licenceSection" . }} + +{{ template "extra.contributionSection" . }} + +{{ template "extra.communitySection" . }} + +[owasp_amass_project]: https://owasp.org/www-project-amass/ +[amass github]: https://github.com/OWASP/Amass +[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md From c070ad79d800aab863c24e7779aa89f2add842d4 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 16:11:13 +0200 Subject: [PATCH 10/65] Adding a DockerHub template rendering --- .github/workflows/helm-docs.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml index d79756696b..74fc2c7e36 100644 --- a/.github/workflows/helm-docs.yaml +++ b/.github/workflows/helm-docs.yaml @@ -37,6 +37,11 @@ jobs: - name: Generate Helm Docs run: | ./helm-docs/helm-docs --template-files=./_templates.gotmpl --template-files=README.md.gotmpl + - name: Generate Docker Scanner Docs + run: | + ./helm-docs/helm-docs --template-files=./_templates.gotmpl --template-files=DockerHub-Scanner.md.gotmpl --output-file=DockerHub-Scanner-Readme.generated.md + - name: Remove Helm Docs Files + run: | # Remove helm-docs download to ensure they don't get commited back rm -rf helm-docs - uses: stefanzweifel/git-auto-commit-action@v4.11.0 From 4d34cf63c6414b9e3a346d573034d9ec84bf28d2 Mon Sep 17 00:00:00 2001 From: rseedorff Date: Mon, 7 Jun 2021 14:11:47 +0000 Subject: [PATCH 11/65] Updating Helm Docs --- .../DockerHub-Scanner-Readme.generated.md | 48 +++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 42 +++++++++++ .../DockerHub-Scanner-Readme.generated.md | 43 ++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 48 +++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 42 +++++++++++ .../DockerHub-Scanner-Readme.generated.md | 49 +++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 42 +++++++++++ .../DockerHub-Scanner-Readme.generated.md | 32 +++++++++ .../DockerHub-Scanner-Readme.generated.md | 33 +++++++++ .../DockerHub-Scanner-Readme.generated.md | 33 +++++++++ .../DockerHub-Scanner-Readme.generated.md | 34 +++++++++ .../DockerHub-Scanner-Readme.generated.md | 37 ++++++++++ .../DockerHub-Scanner-Readme.generated.md | 63 +++++++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 39 +++++++++++ .../DockerHub-Scanner-Readme.generated.md | 22 ++++++ .../DockerHub-Scanner-Readme.generated.md | 69 +++++++++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 41 +++++++++++ .../DockerHub-Scanner-Readme.generated.md | 42 +++++++++++ .../DockerHub-Scanner-Readme.generated.md | 43 ++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 43 ++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 46 +++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 45 ++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 43 ++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 48 +++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 43 ++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 43 ++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 43 ++++++++++++ .../DockerHub-Scanner-Readme.generated.md | 36 ++++++++++ .../DockerHub-Scanner-Readme.generated.md | 42 +++++++++++ .../DockerHub-Scanner-Readme.generated.md | 42 +++++++++++ .../DockerHub-Scanner-Readme.generated.md | 61 ++++++++++++++++ .../zap/DockerHub-Scanner-Readme.generated.md | 44 ++++++++++++ 32 files changed, 1381 insertions(+) create mode 100644 demo-apps/bodgeit/DockerHub-Scanner-Readme.generated.md create mode 100644 demo-apps/dummy-ssh/DockerHub-Scanner-Readme.generated.md create mode 100644 demo-apps/http-webhook/DockerHub-Scanner-Readme.generated.md create mode 100644 demo-apps/juice-shop/DockerHub-Scanner-Readme.generated.md create mode 100644 demo-apps/old-wordpress/DockerHub-Scanner-Readme.generated.md create mode 100644 demo-apps/swagger-petstore/DockerHub-Scanner-Readme.generated.md create mode 100644 demo-apps/unsafe-https/DockerHub-Scanner-Readme.generated.md create mode 100644 hooks/declarative-subsequent-scans/DockerHub-Scanner-Readme.generated.md create mode 100644 hooks/finding-post-processing/DockerHub-Scanner-Readme.generated.md create mode 100644 hooks/generic-webhook/DockerHub-Scanner-Readme.generated.md create mode 100644 hooks/notification-hook/DockerHub-Scanner-Readme.generated.md create mode 100644 hooks/persistence-defectdojo/DockerHub-Scanner-Readme.generated.md create mode 100644 hooks/persistence-elastic/DockerHub-Scanner-Readme.generated.md create mode 100644 hooks/teams-webhook/DockerHub-Scanner-Readme.generated.md create mode 100644 hooks/update-field/DockerHub-Scanner-Readme.generated.md create mode 100644 operator/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/angularjs-csti-scanner/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/git-repo-scanner/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/gitleaks/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/kube-hunter/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/kubeaudit/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/ncrack/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/nikto/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/nmap/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/screenshooter/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/ssh-scan/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/sslyze/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/test-scan/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/trivy/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/wpscan/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/zap-advanced/DockerHub-Scanner-Readme.generated.md create mode 100644 scanners/zap/DockerHub-Scanner-Readme.generated.md diff --git a/demo-apps/bodgeit/DockerHub-Scanner-Readme.generated.md b/demo-apps/bodgeit/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..2f2b0e37b4 --- /dev/null +++ b/demo-apps/bodgeit/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,48 @@ +# bodgeit + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.4.0](https://img.shields.io/badge/AppVersion-v1.4.0-informational?style=flat-square) + +The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | securecodebox@iteratec.com | | + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| annotations | object | `{}` | add annotations to the deployment, service and pods | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"docker.io/psiinon/bodgeit"` | Container Image containing the bodgeit | +| image.tag | string | defaults to the "latest" version because the appVersion tag is not available at docker.io | The image tag | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths | list | `[]` | | +| ingress.tls | list | `[]` | | +| labels | object | `{}` | add labels to the deployment, service and pods | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podSecurityContext | object | `{}` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port | int | `8080` | | +| service.type | string | `"ClusterIP"` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/dummy-ssh/DockerHub-Scanner-Readme.generated.md b/demo-apps/dummy-ssh/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..39a8eca66c --- /dev/null +++ b/demo-apps/dummy-ssh/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,42 @@ +# dummy-ssh + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) + +SSH Server for scan testing. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | securecodebox@iteratec.com | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| annotations | object | `{}` | add annotations to the deployment, service and pods | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"docker.io/securecodebox/dummy-ssh"` | Container Image | +| image.tag | string | defaults to the appVersion | The image tag | +| imagePullSecrets | list | `[]` | | +| labels | object | `{}` | add labels to the deployment, service and pods | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podSecurityContext | object | `{}` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port | int | `22` | | +| service.type | string | `"ClusterIP"` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/http-webhook/DockerHub-Scanner-Readme.generated.md b/demo-apps/http-webhook/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..1a94a5a02d --- /dev/null +++ b/demo-apps/http-webhook/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# http-webhook + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) + +A Dummy webserver to echo HTTP requests in log + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| annotations | object | `{}` | add annotations to the deployment, service and pods | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"docker.io/mendhak/http-https-echo"` | Container Image | +| image.tag | string | defaults to the latest version because the appVersion tag is not available at docker.io | The image tag | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths | list | `[]` | | +| ingress.tls | list | `[]` | | +| labels | object | `{}` | add labels to the deployment, service and pods | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | deprecated. use `labels` instead. Will be removed in v3. todo(@J12934) remove podAnnotations in v3 | +| podSecurityContext | object | `{}` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port | int | `80` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/juice-shop/DockerHub-Scanner-Readme.generated.md b/demo-apps/juice-shop/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..6500712c5c --- /dev/null +++ b/demo-apps/juice-shop/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,48 @@ +# juice-shop + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v12.7.0](https://img.shields.io/badge/AppVersion-v12.7.0-informational?style=flat-square) + +OWASP Juice Shop: Probably the most modern and sophisticated insecure web application + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | securecodebox@iteratec.com | | + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| annotations | object | `{}` | add annotations to the deployment, service and pods | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"docker.io/bkimminich/juice-shop"` | Container Image containing the juice-shop | +| image.tag | string | defaults to the appVersion | The image tag | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths | list | `[]` | | +| ingress.tls | list | `[]` | | +| labels | object | `{}` | add labels to the deployment, service and pods | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podSecurityContext | object | `{}` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port | int | `3000` | | +| service.type | string | `"ClusterIP"` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/old-wordpress/DockerHub-Scanner-Readme.generated.md b/demo-apps/old-wordpress/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..5365b0c27a --- /dev/null +++ b/demo-apps/old-wordpress/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,42 @@ +# old-wordpress + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0](https://img.shields.io/badge/AppVersion-4.0-informational?style=flat-square) + +Insecure & Outdated Wordpress Instance: Never expose it to the internet! + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | securecodebox@iteratec.com | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| annotations | object | `{}` | add annotations to the deployment, service and pods | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"docker.io/securecodebox/old-wordpress"` | Container Image | +| image.tag | string | defaults to the appVersion | The image tag | +| imagePullSecrets | list | `[]` | | +| labels | object | `{}` | add labels to the deployment, service and pods | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podSecurityContext | object | `{}` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port | int | `80` | | +| service.type | string | `"ClusterIP"` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/swagger-petstore/DockerHub-Scanner-Readme.generated.md b/demo-apps/swagger-petstore/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..46a8b3747c --- /dev/null +++ b/demo-apps/swagger-petstore/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,49 @@ +# swagger-petstore + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) + +This is the sample petstore application + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | securecodebox@iteratec.com | | + +## Source Code + +* +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| annotations | object | `{}` | add annotations to the deployment, service and pods | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"docker.io/swaggerapi/petstore"` | Container Image | +| image.tag | string | defaults to the appVersion | The image tag | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths | list | `[]` | | +| ingress.tls | list | `[]` | | +| labels | object | `{}` | add labels to the deployment, service and pods | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podSecurityContext | object | `{}` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port | int | `80` | | +| service.type | string | `"ClusterIP"` | | +| swaggerHostOverride | string | `"http://swagger-petstore.demo-apps.svc"` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/unsafe-https/DockerHub-Scanner-Readme.generated.md b/demo-apps/unsafe-https/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..98fc1d49a7 --- /dev/null +++ b/demo-apps/unsafe-https/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,42 @@ +# unsafe-https + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) + +Self-signed https Server for scan testing. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | securecodebox@iteratec.com | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| annotations | object | `{}` | add annotations to the deployment, service and pods | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"docker.io/securecodebox/unsafe-https"` | Container Image | +| image.tag | string | `nil` | | +| imagePullSecrets | list | `[]` | | +| labels | object | `{}` | add labels to the deployment, service and pods | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podSecurityContext | object | `{}` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port | int | `443` | | +| service.type | string | `"ClusterIP"` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/declarative-subsequent-scans/DockerHub-Scanner-Readme.generated.md b/hooks/declarative-subsequent-scans/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..831594360c --- /dev/null +++ b/hooks/declarative-subsequent-scans/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,32 @@ +# declarative-subsequent-scans + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +Starts possible subsequent security scans based on findings (e.g. open ports found by NMAP or subdomains found by AMASS). + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| image.repository | string | `"docker.io/securecodebox/declarative-subsequent-scans"` | Hook image repository | +| image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/finding-post-processing/DockerHub-Scanner-Readme.generated.md b/hooks/finding-post-processing/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..16c8101a3a --- /dev/null +++ b/hooks/finding-post-processing/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,33 @@ +# finding-post-processing + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +Lets you add or override a field to every finding that meets specified conditions + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| image.repository | string | `"docker.io/securecodebox/finding-post-processing"` | Hook image repository | +| image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | +| rules | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/generic-webhook/DockerHub-Scanner-Readme.generated.md b/hooks/generic-webhook/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..0d007ce5b2 --- /dev/null +++ b/hooks/generic-webhook/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,33 @@ +# generic-webhook + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +Lets you send http webhooks after scans are completed + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| image.repository | string | `"docker.io/securecodebox/generic-webhook"` | Hook image repository | +| image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | +| webhookUrl | string | `"http://example.com"` | The URL of your WebHook endpoint | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/notification-hook/DockerHub-Scanner-Readme.generated.md b/hooks/notification-hook/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..40a036ce6f --- /dev/null +++ b/hooks/notification-hook/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,34 @@ +# notification-hook + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +Lets you send a findings result summary as hook to MS Teams, Slack, e-mail and others after a scan is completed. + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| customTemplateMap.exists | bool | `false` | | +| customTemplateMap.name | string | `"config-map-name"` | | +| env[0].name | string | `"SOME_ENV_KEY"` | | +| env[0].valueFrom.secretKeyRef.key | string | `"some-key"` | | +| env[0].valueFrom.secretKeyRef.name | string | `"some-secret"` | | +| env[1].name | string | `"SMTP_CONFIG"` | | +| env[1].valueFrom.secretKeyRef.key | string | `"smtp-config-key"` | | +| env[1].valueFrom.secretKeyRef.name | string | `"some-secret"` | | +| hookJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| image.pullPolicy | string | `"Always"` | | +| image.repository | string | `"docker.io/securecodebox/notification-hook"` | Hook image repository | +| image.tag | string | defaults to the charts version | Image tag | +| notificationChannels[0].endPoint | string | `"SOME_ENV_KEY"` | | +| notificationChannels[0].name | string | `"slack"` | | +| notificationChannels[0].rules[0].matches.anyOf[0].category | string | `"Open Port"` | | +| notificationChannels[0].template | string | `"slack-messageCard"` | | +| notificationChannels[0].type | string | `"slack"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/persistence-defectdojo/DockerHub-Scanner-Readme.generated.md b/hooks/persistence-defectdojo/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..25e4d7bfab --- /dev/null +++ b/hooks/persistence-defectdojo/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,37 @@ +# persistence-defectdojo + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.0](https://img.shields.io/badge/AppVersion-1.12.0-informational?style=flat-square) + +The defectdojo persistence provider persists secureCodeBox scan results into defectdojo. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| defectdojo.authentication.apiKeyKey | string | `"apikey"` | Name of the apikey key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs | +| defectdojo.authentication.userSecret | string | `"defectdojo-credentials"` | Link a pre-existing generic secret with `username` and `apikey` key / value pairs | +| defectdojo.authentication.usernameKey | string | `"username"` | Name of the username key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs | +| defectdojo.syncFindingsBack | bool | `true` | Syncs back (two way sync) all imported findings from DefectDojo to SCB Findings Store, set to false to only import the findings to DefectDojo (one way sync). | +| defectdojo.url | string | `"http://defectdojo-django.default.svc"` | Url to the DefectDojo Instance | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | +| image.repository | string | `"docker.io/securecodebox/persistence-defectdojo"` | Hook image repository | +| image.tag | string | `nil` | Container image tag | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/persistence-elastic/DockerHub-Scanner-Readme.generated.md b/hooks/persistence-elastic/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..a6e66fb0a1 --- /dev/null +++ b/hooks/persistence-elastic/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,63 @@ +# persistence-elastic + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.9.2](https://img.shields.io/badge/AppVersion-7.9.2-informational?style=flat-square) + +The elastic persistence provider persists secureCodeBox findings into the elastic stack. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| https://helm.elastic.co | elasticsearch | 7.9.2 | +| https://helm.elastic.co | kibana | 7.9.2 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| authentication | object | `{"apiKeySecret":null,"userSecret":null}` | Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch user and apikey are mutually exclusive, only set one! | +| authentication.apiKeySecret | string | `nil` | Link a pre-existing generic secret with `id` and `key` key / value pairs | +| authentication.userSecret | string | `nil` | Link a pre-existing generic secret with `username` and `password` key / value pairs | +| dashboardImporter.image.repository | string | `"securecodebox/persistence-elastic-dashboard-importer"` | | +| dashboardImporter.image.tag | string | `nil` | | +| elasticsearch | object | `{"enabled":true,"minimumMasterNodes":1,"replicas":1}` | Configures the included elasticsearch subchart (see: https://github.com/elastic/helm-charts/tree/elasticsearch) | +| elasticsearch.enabled | bool | `true` | Enable if you want to deploy an elasticsearch service. | +| elasticsearch.minimumMasterNodes | int | `1` | The value for discovery.zen.minimum_master_nodes. Should be set to (master_eligible_nodes / 2) + 1. Ignored in Elasticsearch versions >= 7 | +| elasticsearch.replicas | int | `1` | Kubernetes replica count for the StatefulSet (i.e. how many pods) | +| externalElasticStack.elasticsearchAddress | string | `"https://elasticsearch.example.com"` | The URL of the elasticsearch service to persists all findings to. | +| externalElasticStack.enabled | bool | `false` | Enable this when you already have an Elastic Stack running to which you want to send your results | +| externalElasticStack.kibanaAddress | string | `"https://kibana.example.com"` | The URL of the kibana service used to visualize all findings. | +| fullnameOverride | string | `""` | | +| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| image.repository | string | `"docker.io/securecodebox/persistence-elastic"` | Image repository for the dashboard importer job | +| image.tag | string | defaults to the charts version | Image tag for the dashboard importer job | +| imagePullSecrets | list | `[]` | | +| indexAppendNamespace | bool | `true` | Define if the name of the namespace where this hook is deployed to must be added to the index name. The namespace can be used to separate index by tenants (namespaces). | +| indexPrefix | string | `"scbv2"` | Define a specific index prefix used for all elasticsearch indices. | +| indexSuffix | string | `"“yyyy-MM-dd”"` | Define a specific index suffix based on date pattern (YEAR (yyyy), MONTH (yyyy-MM), WEEK (yyyy-'W'W), DATE (yyyy-MM-dd)). We use Luxon for date formatting (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens) | +| kibana | object | `{"enabled":true}` | Configures included Elasticsearch subchart | +| kibana.enabled | bool | `true` | Enable if you want to deploy an kibana service (see: https://github.com/elastic/helm-charts/tree/master/kibana) | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podSecurityContext | object | `{}` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/teams-webhook/DockerHub-Scanner-Readme.generated.md b/hooks/teams-webhook/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..6976b3af97 --- /dev/null +++ b/hooks/teams-webhook/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,39 @@ +# teams-webhook + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +Lets you send a findings result summary as webhook to MS Teams, after a scan is completed. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| hookJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| image.repository | string | `"docker.io/securecodebox/teams-webhook"` | Hook image repository | +| image.tag | string | defaults to the charts version | Image tag | +| notification.rules | list | `[]` | A optional rule definition that can be used to describe in wich case a notification must be fired. If not defined / empty each scan result will be notified. | +| notification.template | string | `"messageCard"` | The MS Teams message template that should be used [messageCard | adaptiveCard]. | +| notification.url | string | `"http://example.com"` | The URL of your WebHook endpoint | +| vulnerabilityManagement.enabled | bool | `false` | | +| vulnerabilityManagement.findingsUrl | string | `"https://your-kibana-service.url/your-dashboard-path/filter:{{uid}}"` | | +| vulnerabilityManagement.name | string | `"Kibana Dashboard"` | | +| vulnerabilityManagement.url | string | `"https://your-kibana-service.url/your-dashboard-path"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/update-field/DockerHub-Scanner-Readme.generated.md b/hooks/update-field/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..5b543cbfa2 --- /dev/null +++ b/hooks/update-field/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,22 @@ +# update-field-hook + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +Lets you add or override a field to every finding + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| attribute.name | string | `"category"` | The name of the attribute you want to add to each finding result | +| attribute.value | string | `"my-own-category"` | The value of the attribute you want to add to each finding result | +| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| image.repository | string | `"docker.io/securecodebox/update-field"` | Hook image repository | +| image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/operator/DockerHub-Scanner-Readme.generated.md b/operator/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..c695419374 --- /dev/null +++ b/operator/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,69 @@ +# operator + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +secureCodeBox Operator to automate the execution of security scans on kubernetes + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| https://helm.min.io/ | minio | 7.1.2 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| customCACertificate | object | `{"certificate":"public.crt","existingCertificate":null}` | Setup for Custom CA certificates. These are automatically mounted into every secureCodeBox component (lurcher, parser & hooks). Requires that every namespace has a configmap with the CA certificate(s) | +| customCACertificate.certificate | string | `"public.crt"` | key in the configmap holding the certificate(s) | +| customCACertificate.existingCertificate | string | `nil` | name of the configMap holding the ca certificate(s), needs to be the same across all namespaces | +| image.pullPolicy | string | `"Always"` | Image pull policy | +| image.repository | string | `"docker.io/securecodebox/operator"` | The operator image repository | +| image.tag | string | defaults to the charts version | Parser image tag | +| lurcher.image.pullPolicy | string | `"Always"` | Image pull policy | +| lurcher.image.repository | string | `"docker.io/securecodebox/lurcher"` | The operator image repository | +| lurcher.image.tag | string | defaults to the charts version | Parser image tag | +| minio.defaultBucket.enabled | bool | `true` | | +| minio.defaultBucket.name | string | `"securecodebox"` | | +| minio.enabled | bool | `true` | Enable this to use minio as storage backend instead of a cloud bucket provider like AWS S3, Google Cloud Storage, DigitalOcean Spaces etc. | +| minio.resources.requests.memory | string | `"256Mi"` | | +| minio.tls.certSecret | string | `"minio-tls"` | | +| minio.tls.enabled | bool | `false` | | +| podSecurityContext | object | `{}` | Sets the securityContext on the operators pod level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | +| resources | object | `{"limits":{"cpu":"100m","memory":"30Mi"},"requests":{"cpu":"100m","memory":"20Mi"}}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| s3.authType | string | `"access-secret-key"` | Authentication method. Supports access-secret-key (used by most s3 endpoint) and aws-irsa (Used by AWS EKS IAM Role to Kubenetes Service Account Binding. Support for AWS IRSA is considered experimental in the secureCodeBox) | +| s3.awsStsEndpoint | string | `"https://sts.amazonaws.com"` | STS Endpoint used in AWS IRSA Authentication. Change this to the sts endpoint of your aws region. Only used when s3.authType is set to "aws-irsa" | +| s3.bucket | string | `"my-bucket"` | | +| s3.enabled | bool | `false` | | +| s3.endpoint | string | `"fra1.digitaloceanspaces.com"` | | +| s3.keySecret | string | `"my-secret"` | | +| s3.port | string | `nil` | | +| s3.secretAttributeNames.accesskey | string | `"accesskey"` | | +| s3.secretAttributeNames.secretkey | string | `"secretkey"` | | +| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Sets the securityContext on the operators container level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | +| securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated | +| securityContext.capabilities.drop[0] | string | `"all"` | This drops all linux privileges from the operator container. They are not required | +| securityContext.privileged | bool | `false` | Ensures that the operator container is not run in privileged mode | +| securityContext.readOnlyRootFilesystem | bool | `true` | Prevents write access to the containers file system | +| securityContext.runAsNonRoot | bool | `true` | Enforces that the Operator image is run as a non root user | +| serviceAccount.annotations | object | `{}` | Annotations of the serviceAccount the operator uses to talk to the k8s api | +| serviceAccount.labels | object | `{}` | Labels of the serviceAccount the operator uses to talk to the k8s api | +| serviceAccount.name | string | `"securecodebox-operator"` | Name of the serviceAccount the operator uses to talk to the k8s api | +| telemetryEnabled | bool | `true` | The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/angularjs-csti-scanner/DockerHub-Scanner-Readme.generated.md b/scanners/angularjs-csti-scanner/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..a0f006eb43 --- /dev/null +++ b/scanners/angularjs-csti-scanner/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,41 @@ +# angularjs-csti-scanner + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.6](https://img.shields.io/badge/AppVersion-3.0.6-informational?style=flat-square) + +A Helm chart for the angularjs csti scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"docker.io/securecodebox/scanner-angularjs-csti-scanner"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-angularjs-csti-scanner"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/git-repo-scanner/DockerHub-Scanner-Readme.generated.md b/scanners/git-repo-scanner/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..2e9b456d2b --- /dev/null +++ b/scanners/git-repo-scanner/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,42 @@ +# git-repo-scanner + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +A Helm chart for the git-repo-scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"docker.io/securecodebox/scanner-git-repo-scanner"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-git-repo-scanner"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/gitleaks/DockerHub-Scanner-Readme.generated.md b/scanners/gitleaks/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..2e905e9774 --- /dev/null +++ b/scanners/gitleaks/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# gitleaks + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v7.5.0](https://img.shields.io/badge/AppVersion-v7.5.0-informational?style=flat-square) + +A Helm chart for the gitleaks repository scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"docker.io/securecodebox/scanner-gitleaks"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the app version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-gitleaks"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[{"mountPath":"/home/","name":"gitleaks-config"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[{"configMap":{"name":"gitleaks-config"},"name":"gitleaks-config"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/kube-hunter/DockerHub-Scanner-Readme.generated.md b/scanners/kube-hunter/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..cb0201ef05 --- /dev/null +++ b/scanners/kube-hunter/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# kube-hunter + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.1](https://img.shields.io/badge/AppVersion-0.4.1-informational?style=flat-square) + +A Helm chart for the kube-hunter security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"docker.io/securecodebox/scanner-kube-hunter"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-kube-hunter"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/kubeaudit/DockerHub-Scanner-Readme.generated.md b/scanners/kubeaudit/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..820d3eaa71 --- /dev/null +++ b/scanners/kubeaudit/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,46 @@ +# kubeaudit + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.0](https://img.shields.io/badge/AppVersion-v0.14.0-informational?style=flat-square) + +A Helm chart for the kubeaudit security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| kubeauditScope | string | `"namespace"` | Automatically sets up rbac roles for kubeaudit to access the resources it scans. Can be either "cluster" (ClusterRole) or "namespace" (Role) | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-kubeaudit"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated | +| scannerJob.securityContext.capabilities.drop[0] | string | `"all"` | This drops all linux privileges from the container. | +| scannerJob.securityContext.privileged | bool | `false` | Ensures that the scanner container is not run in privileged mode | +| scannerJob.securityContext.readOnlyRootFilesystem | bool | `true` | Prevents write access to the containers file system | +| scannerJob.securityContext.runAsNonRoot | bool | `true` | Enforces that the scanner image is run as a non root user | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/ncrack/DockerHub-Scanner-Readme.generated.md b/scanners/ncrack/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..c20dd3f03d --- /dev/null +++ b/scanners/ncrack/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,45 @@ +# ncrack + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7](https://img.shields.io/badge/AppVersion-0.7-informational?style=flat-square) + +A Helm chart for the NCRACK security Scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| encryptPasswords.existingSecret | string | `nil` | secret name with a pem encoded rsa public key to encrypt identified passwords | +| encryptPasswords.key | string | `"public.key"` | name of the property in the secret with the pem encoded rsa public key | +| image.repository | string | `"docker.io/securecodebox/scanner-ncrack"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-ncrack"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/nikto/DockerHub-Scanner-Readme.generated.md b/scanners/nikto/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..39c157854b --- /dev/null +++ b/scanners/nikto/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# nikto + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) + +A Helm chart for the Nikto security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"docker.io/securecodebox/scanner-nikto"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-nikto"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/nmap/DockerHub-Scanner-Readme.generated.md b/scanners/nmap/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..dd2bf3aaba --- /dev/null +++ b/scanners/nmap/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,48 @@ +# nmap + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.91-r0](https://img.shields.io/badge/AppVersion-7.91--r0-informational?style=flat-square) + +A Helm chart for the NMAP security Scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"docker.io/securecodebox/scanner-nmap"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-nmap"` | Parser image repository | +| parserImage.tag | string | defaults to the charts appVersion | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated | +| scannerJob.securityContext.capabilities.drop[0] | string | `"all"` | This drops all linux privileges from the container. | +| scannerJob.securityContext.privileged | bool | `false` | Ensures that the scanner container is not run in privileged mode | +| scannerJob.securityContext.readOnlyRootFilesystem | bool | `true` | Prevents write access to the containers file system | +| scannerJob.securityContext.runAsNonRoot | bool | `true` | Enforces that the scanner image is run as a non root user | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/screenshooter/DockerHub-Scanner-Readme.generated.md b/scanners/screenshooter/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..746cfe66e2 --- /dev/null +++ b/scanners/screenshooter/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# screenshooter + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +A Helm chart for the Screenshooter that integrates with the secureCodeBox, which can take screenshots of your applications. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"docker.io/securecodebox/scanner-screenshooter"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-screenshooter"` | Parser image repository | +| parserImage.tag | string | defaults to the charts appVersion | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/ssh-scan/DockerHub-Scanner-Readme.generated.md b/scanners/ssh-scan/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..9616ff96ca --- /dev/null +++ b/scanners/ssh-scan/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# ssh-scan + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.44](https://img.shields.io/badge/AppVersion-0.0.44-informational?style=flat-square) + +A Helm chart for the SSH_Scan security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"mozilla/ssh_scan"` | Container Image to run the scan | +| image.tag | string | `"latest@sha256:d6f41c2c328223931b97a4ae5d35d3bb91b5c8d91871ced3d2e0cde06b1edf1f"` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-ssh-scan"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/sslyze/DockerHub-Scanner-Readme.generated.md b/scanners/sslyze/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..8b93ba98d0 --- /dev/null +++ b/scanners/sslyze/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# sslyze + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v4.0.4](https://img.shields.io/badge/AppVersion-v4.0.4-informational?style=flat-square) + +A Helm chart for the SSLyze security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"nablac0d3/sslyze"` | Container Image to run the scan | +| image.tag | string | `"latest@sha256:ff2c5c626401b1961736a5b2ae6e35a41d213e8b2712102100abf5ee46dcca71"` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-sslyze"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/test-scan/DockerHub-Scanner-Readme.generated.md b/scanners/test-scan/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..fda3a1d9c6 --- /dev/null +++ b/scanners/test-scan/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,36 @@ +# test-scan + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +A Helm chart to test the secureCodeBox operator + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | securecodebox@iteratec.com | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"docker.io/securecodebox/scanner-test-scan"` | | +| image.tag | string | `nil` | | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-test-scan"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/trivy/DockerHub-Scanner-Readme.generated.md b/scanners/trivy/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..fc0f2cdf3c --- /dev/null +++ b/scanners/trivy/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,42 @@ +# trivy + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.3](https://img.shields.io/badge/AppVersion-0.18.3-informational?style=flat-square) + +A Helm chart for the trivy security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"docker.io/aquasec/trivy"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-trivy"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/wpscan/DockerHub-Scanner-Readme.generated.md b/scanners/wpscan/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..961598b125 --- /dev/null +++ b/scanners/wpscan/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,42 @@ +# wpscan + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.8.17](https://img.shields.io/badge/AppVersion-3.8.17-informational?style=flat-square) + +A Helm chart for the WordPress security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"wpscanteam/wpscan"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-wpscan"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/zap-advanced/DockerHub-Scanner-Readme.generated.md b/scanners/zap-advanced/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..ed770e1462 --- /dev/null +++ b/scanners/zap-advanced/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,61 @@ +# zap-advanced + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.10.0](https://img.shields.io/badge/AppVersion-2.10.0-informational?style=flat-square) + +A Helm chart for the OWASP ZAP (extended with advanced authentication features) security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules | object | `{"enabled":true}` | Configurations regarding the cascading scan | +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| parseJob.backoffLimit | int | `3` | | +| parseJob.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | +| parseJob.image.repository | string | `"docker.io/securecodebox/parser-zap"` | Parser image repository | +| parseJob.image.tag | string | `nil` | Parser image tag | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[{"mountPath":"/home/securecodebox/configs/1-zap-advanced-scantype.yaml","name":"zap-advanced-scantype-config","readOnly":true,"subPath":"1-zap-advanced-scantype.yaml"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[{"configMap":{"name":"zap-advanced-scantype-config"},"name":"zap-advanced-scantype-config"},{"configMap":{"name":"zap-scripts-authentication"},"name":"zap-scripts-authentication"},{"configMap":{"name":"zap-scripts-session"},"name":"zap-scripts-session"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | +| scannerJob.image.repository | string | `"docker.io/securecodebox/scanner-zap-advanced"` | Container Image to run the scan | +| scannerJob.image.tag | string | `nil` | defaults to the charts appVersion | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| zapConfiguration | object | `{"global":{"addonInstall":["pscanrulesBeta","ascanrulesBeta","pscanrulesAlpha","ascanrulesAlpha"],"addonUpdate":true,"sessionName":"secureCodeBox"}}` | All `scanType` specific configuration options. Feel free to add more configuration options. All configuration options can be overriden by scan specific configurations if defined. Please have a look into the README.md to find more configuration options. | +| zapConfiguration.global | object | `{"addonInstall":["pscanrulesBeta","ascanrulesBeta","pscanrulesAlpha","ascanrulesAlpha"],"addonUpdate":true,"sessionName":"secureCodeBox"}` | Optional general ZAP Configurations settings. | +| zapConfiguration.global.addonInstall | list | `["pscanrulesBeta","ascanrulesBeta","pscanrulesAlpha","ascanrulesAlpha"]` | Installs additional ZAP AddOns on startup, listed by their name: | +| zapConfiguration.global.addonUpdate | bool | `true` | Updates all installed ZAP AddOns on startup if true, otherwise false. | +| zapConfiguration.global.sessionName | string | `"secureCodeBox"` | The ZAP internal Session name. Default: secureCodeBox | +| zapContainer.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| zapContainer.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) | +| zapContainer.extraVolumeMounts | list | `[{"mountPath":"/home/zap/.ZAP_D/scripts/scripts/authentication/","name":"zap-scripts-authentication","readOnly":true},{"mountPath":"/home/zap/.ZAP_D/scripts/scripts/session/","name":"zap-scripts-session","readOnly":true}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| zapContainer.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | +| zapContainer.image.repository | string | `"owasp/zap2docker-stable"` | Container Image to run the scan | +| zapContainer.image.tag | string | `nil` | defaults to the charts appVersion | +| zapContainer.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| zapContainer.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/zap/DockerHub-Scanner-Readme.generated.md b/scanners/zap/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..7e0b8c50cc --- /dev/null +++ b/scanners/zap/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,44 @@ +# zap + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.10.0](https://img.shields.io/badge/AppVersion-2.10.0-informational?style=flat-square) + +A Helm chart for the OWASP ZAP security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"owasp/zap2docker-stable"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-zap"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[{"mountPath":"/zap/wrk","name":"zap-workdir"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[{"emptyDir":{},"name":"zap-workdir"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) From 5192909b6aa9e71918ae6b8ea2e3611c0a21972d Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 16:23:45 +0200 Subject: [PATCH 12/65] Fixing whitespaces --- _templates.gotmpl | 8 ++++---- scanners/amass/DockerHub-Scanner.md.gotmpl | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/_templates.gotmpl b/_templates.gotmpl index fe74502243..cb39ad3e18 100644 --- a/_templates.gotmpl +++ b/_templates.gotmpl @@ -1,4 +1,4 @@ -{{ define "extra.badgesSection" -}} +{{- define "extra.badgesSection" -}}

„secureCodeBox „secureCodeBox @@ -19,12 +19,12 @@

{{- end }} -{{ define "extra.licenceSection" -}} +{{- define "extra.licenceSection" -}} ## License Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. {{- end }} -{{ define "extra.communitySection" -}} +{{- define "extra.communitySection" -}} ## Community You are welcome, please join us on... 👋 @@ -35,7 +35,7 @@ You are welcome, please join us on... 👋 secureCodeBox is an official [OWASP][owasp] project. {{- end }} -{{ define "extra.contributionSection" -}} +{{- define "extra.contributionSection" -}} ## Contributing Contributions are welcome and extremely helpful 🙌 diff --git a/scanners/amass/DockerHub-Scanner.md.gotmpl b/scanners/amass/DockerHub-Scanner.md.gotmpl index 1141f5b981..274a5d6515 100644 --- a/scanners/amass/DockerHub-Scanner.md.gotmpl +++ b/scanners/amass/DockerHub-Scanner.md.gotmpl @@ -4,7 +4,7 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH SPDX-License-Identifier: Apache-2.0 */ -}} -{{ template „extra.badgesSection“ . }} +{{ template "extra.badgesSection" . }} ## About the Scanner From 1f2bf8fbac6d9097703fa2a28971f7f95c071cf4 Mon Sep 17 00:00:00 2001 From: rseedorff Date: Mon, 7 Jun 2021 14:24:11 +0000 Subject: [PATCH 13/65] Updating Helm Docs --- demo-apps/bodgeit/README.md | 2 - demo-apps/dummy-ssh/README.md | 2 - demo-apps/http-webhook/README.md | 2 - demo-apps/juice-shop/README.md | 2 - demo-apps/old-wordpress/README.md | 2 - demo-apps/swagger-petstore/README.md | 2 - demo-apps/unsafe-https/README.md | 2 - hooks/declarative-subsequent-scans/README.md | 2 - hooks/finding-post-processing/README.md | 2 - hooks/generic-webhook/README.md | 2 - hooks/notification-hook/README.md | 2 - hooks/persistence-defectdojo/README.md | 2 - hooks/persistence-elastic/README.md | 2 - hooks/teams-webhook/README.md | 2 - hooks/update-field/README.md | 2 - operator/README.md | 2 - .../DockerHub-Scanner-Readme.generated.md | 70 +++++++++++++++++++ scanners/amass/README.md | 2 - scanners/angularjs-csti-scanner/README.md | 2 - scanners/git-repo-scanner/README.md | 2 - scanners/gitleaks/README.md | 2 - scanners/kube-hunter/README.md | 2 - scanners/kubeaudit/README.md | 2 - scanners/ncrack/README.md | 2 - scanners/nikto/README.md | 2 - scanners/nmap/README.md | 2 - scanners/screenshooter/README.md | 2 - scanners/ssh-scan/README.md | 2 - scanners/sslyze/README.md | 2 - scanners/test-scan/README.md | 2 - scanners/trivy/README.md | 2 - scanners/wpscan/README.md | 2 - scanners/zap-advanced/README.md | 2 - scanners/zap/README.md | 2 - 34 files changed, 70 insertions(+), 66 deletions(-) create mode 100644 scanners/amass/DockerHub-Scanner-Readme.generated.md diff --git a/demo-apps/bodgeit/README.md b/demo-apps/bodgeit/README.md index 107c616400..8837eb2689 100644 --- a/demo-apps/bodgeit/README.md +++ b/demo-apps/bodgeit/README.md @@ -1,5 +1,3 @@ - - --- title: "Bodgeit" category: "target" diff --git a/demo-apps/dummy-ssh/README.md b/demo-apps/dummy-ssh/README.md index fb8c375489..bd073e22eb 100644 --- a/demo-apps/dummy-ssh/README.md +++ b/demo-apps/dummy-ssh/README.md @@ -1,5 +1,3 @@ - - # dummy-ssh ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) diff --git a/demo-apps/http-webhook/README.md b/demo-apps/http-webhook/README.md index fb9a53309e..41b6d1264e 100644 --- a/demo-apps/http-webhook/README.md +++ b/demo-apps/http-webhook/README.md @@ -1,5 +1,3 @@ - - # http-webhook ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) diff --git a/demo-apps/juice-shop/README.md b/demo-apps/juice-shop/README.md index 1fa53128f9..b9caa98c32 100644 --- a/demo-apps/juice-shop/README.md +++ b/demo-apps/juice-shop/README.md @@ -1,5 +1,3 @@ - - # juice-shop ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v12.0.2](https://img.shields.io/badge/AppVersion-v12.0.2-informational?style=flat-square) diff --git a/demo-apps/old-wordpress/README.md b/demo-apps/old-wordpress/README.md index a6fc963983..32bdab2f2d 100644 --- a/demo-apps/old-wordpress/README.md +++ b/demo-apps/old-wordpress/README.md @@ -1,5 +1,3 @@ - - # old-wordpress ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0](https://img.shields.io/badge/AppVersion-4.0-informational?style=flat-square) diff --git a/demo-apps/swagger-petstore/README.md b/demo-apps/swagger-petstore/README.md index 6866c7ea88..c75ac9ea36 100644 --- a/demo-apps/swagger-petstore/README.md +++ b/demo-apps/swagger-petstore/README.md @@ -1,5 +1,3 @@ - - # swagger-petstore ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) diff --git a/demo-apps/unsafe-https/README.md b/demo-apps/unsafe-https/README.md index 8894c43c37..56baf2dc13 100644 --- a/demo-apps/unsafe-https/README.md +++ b/demo-apps/unsafe-https/README.md @@ -1,5 +1,3 @@ - - # unsafe-https ![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) diff --git a/hooks/declarative-subsequent-scans/README.md b/hooks/declarative-subsequent-scans/README.md index b11345601e..72ff3e16c7 100644 --- a/hooks/declarative-subsequent-scans/README.md +++ b/hooks/declarative-subsequent-scans/README.md @@ -1,5 +1,3 @@ - - --- title: "Cascading Scans" category: "hook" diff --git a/hooks/finding-post-processing/README.md b/hooks/finding-post-processing/README.md index 61576a0f1a..d79991e768 100644 --- a/hooks/finding-post-processing/README.md +++ b/hooks/finding-post-processing/README.md @@ -1,5 +1,3 @@ - - --- title: "Finding Post Processing" category: "hook" diff --git a/hooks/generic-webhook/README.md b/hooks/generic-webhook/README.md index c70e429377..70c291b2b3 100644 --- a/hooks/generic-webhook/README.md +++ b/hooks/generic-webhook/README.md @@ -1,5 +1,3 @@ - - --- title: "Generic WebHook" category: "hook" diff --git a/hooks/notification-hook/README.md b/hooks/notification-hook/README.md index d40714d81d..b684b0ab04 100644 --- a/hooks/notification-hook/README.md +++ b/hooks/notification-hook/README.md @@ -1,5 +1,3 @@ - - --- title: "Notification Hook" category: "hook" diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md index 6e3391be92..12e39ebe3b 100644 --- a/hooks/persistence-defectdojo/README.md +++ b/hooks/persistence-defectdojo/README.md @@ -1,5 +1,3 @@ - - --- title: "DefectDojo" category: "hook" diff --git a/hooks/persistence-elastic/README.md b/hooks/persistence-elastic/README.md index 35a1846eba..e3df2d59c4 100644 --- a/hooks/persistence-elastic/README.md +++ b/hooks/persistence-elastic/README.md @@ -1,5 +1,3 @@ - - --- title: "Elasticsearch" category: "hook" diff --git a/hooks/teams-webhook/README.md b/hooks/teams-webhook/README.md index 4b19cf9e75..763f6dc250 100644 --- a/hooks/teams-webhook/README.md +++ b/hooks/teams-webhook/README.md @@ -1,5 +1,3 @@ - - --- title: "MS Teams WebHook" category: "hook" diff --git a/hooks/update-field/README.md b/hooks/update-field/README.md index a607c645e9..93e529d2e9 100644 --- a/hooks/update-field/README.md +++ b/hooks/update-field/README.md @@ -1,5 +1,3 @@ - - --- title: "Update Field" category: "hook" diff --git a/operator/README.md b/operator/README.md index f8b008c8f3..96a4256c4e 100644 --- a/operator/README.md +++ b/operator/README.md @@ -1,5 +1,3 @@ - - ![operator logo](https://docs.securecodebox.io/img/Logo_Color.svg) The secureCodeBox operator is running on Kubernetes and is the core component of the complete secureCodeBox stack, responsible for managing all scans and resources. diff --git a/scanners/amass/DockerHub-Scanner-Readme.generated.md b/scanners/amass/DockerHub-Scanner-Readme.generated.md new file mode 100644 index 0000000000..022478c51b --- /dev/null +++ b/scanners/amass/DockerHub-Scanner-Readme.generated.md @@ -0,0 +1,70 @@ +

+ „secureCodeBox + „secureCodeBox +

+ +

+ „License + „GitHub + „OWASP + „Artifact + „Twitter +

+

+ „Build“ + „Maintainability“ + „Test + „Known + +

+ +## About the Scanner + +![owasp logo](https://owasp.org/assets/images/logo.png) + +The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub] + +## Deployment + +The AMASS scanType can be deployed via helm: + +```bash +helm upgrade --install amass secureCodeBox/amass +``` + +## Scanner Configuration + +The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. + +- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` +- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` + +Special command line options: + +- Disable generation of altered names `amass enum -noalts -d example.com` +- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` +- Disable saving data into a local database `amass enum -nolocaldb -d example.com` +- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` + +## License + +Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. + +## Contributing + +Contributions are welcome and extremely helpful 🙌 +Please have a look at [Contributing](./CONTRIBUTING.md) + +## Community + +You are welcome, please join us on... 👋 + +- [GitHub][scb-github] +- [Slack][scb-slack] +- [Twitter][scb-twitter] + +secureCodeBox is an official [OWASP][owasp] project. + +[owasp_amass_project]: https://owasp.org/www-project-amass/ +[amass github]: https://github.com/OWASP/Amass +[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md diff --git a/scanners/amass/README.md b/scanners/amass/README.md index e77c460157..5db618e900 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -1,5 +1,3 @@ - - --- title: "Amass" category: "scanner" diff --git a/scanners/angularjs-csti-scanner/README.md b/scanners/angularjs-csti-scanner/README.md index 9e3cc25586..4cba60c1a6 100644 --- a/scanners/angularjs-csti-scanner/README.md +++ b/scanners/angularjs-csti-scanner/README.md @@ -1,5 +1,3 @@ - - --- title: "Angularjs CSTI Scanner" category: "scanner" diff --git a/scanners/git-repo-scanner/README.md b/scanners/git-repo-scanner/README.md index 9a6abc2bb6..e740240a3d 100644 --- a/scanners/git-repo-scanner/README.md +++ b/scanners/git-repo-scanner/README.md @@ -1,5 +1,3 @@ - - --- title: "git-repo-scanner" category: "scanner" diff --git a/scanners/gitleaks/README.md b/scanners/gitleaks/README.md index c88a2d7c9d..70dd2e477f 100644 --- a/scanners/gitleaks/README.md +++ b/scanners/gitleaks/README.md @@ -1,5 +1,3 @@ - - --- title: "Gitleaks" category: "scanner" diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md index 784a40bb21..97f6b73375 100644 --- a/scanners/kube-hunter/README.md +++ b/scanners/kube-hunter/README.md @@ -1,5 +1,3 @@ - - --- title: "kube-hunter" category: "scanner" diff --git a/scanners/kubeaudit/README.md b/scanners/kubeaudit/README.md index 566e3bf581..db43922726 100644 --- a/scanners/kubeaudit/README.md +++ b/scanners/kubeaudit/README.md @@ -1,5 +1,3 @@ - - --- title: "kubeaudit" category: "scanner" diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md index 9a457b7e45..120d9e5551 100644 --- a/scanners/ncrack/README.md +++ b/scanners/ncrack/README.md @@ -1,5 +1,3 @@ - - --- title: "Ncrack" category: "scanner" diff --git a/scanners/nikto/README.md b/scanners/nikto/README.md index cbcb97a548..4cef2af09f 100644 --- a/scanners/nikto/README.md +++ b/scanners/nikto/README.md @@ -1,5 +1,3 @@ - - --- title: "Nikto" category: "scanner" diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md index 6a4112c80f..bc3b97f97c 100644 --- a/scanners/nmap/README.md +++ b/scanners/nmap/README.md @@ -1,5 +1,3 @@ - - --- title: "Nmap" category: "scanner" diff --git a/scanners/screenshooter/README.md b/scanners/screenshooter/README.md index aa735649f4..0af59910a9 100644 --- a/scanners/screenshooter/README.md +++ b/scanners/screenshooter/README.md @@ -1,5 +1,3 @@ - - --- title: "Screenshooter" category: "scanner" diff --git a/scanners/ssh-scan/README.md b/scanners/ssh-scan/README.md index 3bb91dc874..36ef3ee5e4 100644 --- a/scanners/ssh-scan/README.md +++ b/scanners/ssh-scan/README.md @@ -1,5 +1,3 @@ - - --- title: "SSH" category: "scanner" diff --git a/scanners/sslyze/README.md b/scanners/sslyze/README.md index caf8b87e89..92da51b267 100644 --- a/scanners/sslyze/README.md +++ b/scanners/sslyze/README.md @@ -1,5 +1,3 @@ - - --- title: "SSLyze" category: "scanner" diff --git a/scanners/test-scan/README.md b/scanners/test-scan/README.md index 1d001c6250..94835648c2 100644 --- a/scanners/test-scan/README.md +++ b/scanners/test-scan/README.md @@ -1,5 +1,3 @@ - - --- title: "test-scan" hidden: true diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md index 050f809d90..1f7e8821cb 100644 --- a/scanners/trivy/README.md +++ b/scanners/trivy/README.md @@ -1,5 +1,3 @@ - - --- title: "Trivy" category: "scanner" diff --git a/scanners/wpscan/README.md b/scanners/wpscan/README.md index ed0499ebd3..af5079951b 100644 --- a/scanners/wpscan/README.md +++ b/scanners/wpscan/README.md @@ -1,5 +1,3 @@ - - --- title: 'WPScan' path: 'scanners/wpscan' diff --git a/scanners/zap-advanced/README.md b/scanners/zap-advanced/README.md index 755b029f7e..6524d7e810 100644 --- a/scanners/zap-advanced/README.md +++ b/scanners/zap-advanced/README.md @@ -1,5 +1,3 @@ - - --- title: "ZAP Advanced" category: "scanner" diff --git a/scanners/zap/README.md b/scanners/zap/README.md index 6bcc35ec7b..aa2a3aae85 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -1,5 +1,3 @@ - - --- title: "ZAP" category: "scanner" From 9b9eb742c8d4c9d4c54c8d42fe0e59ee6a4049cc Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 16:35:14 +0200 Subject: [PATCH 14/65] scoping dockerhub scanner template rendering to scanners folder --- .github/workflows/helm-docs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml index 74fc2c7e36..de823b3305 100644 --- a/.github/workflows/helm-docs.yaml +++ b/.github/workflows/helm-docs.yaml @@ -39,7 +39,7 @@ jobs: ./helm-docs/helm-docs --template-files=./_templates.gotmpl --template-files=README.md.gotmpl - name: Generate Docker Scanner Docs run: | - ./helm-docs/helm-docs --template-files=./_templates.gotmpl --template-files=DockerHub-Scanner.md.gotmpl --output-file=DockerHub-Scanner-Readme.generated.md + ./helm-docs/helm-docs --chart-search-root=./scanners/ --template-files=./_templates.gotmpl --template-files=DockerHub-Scanner.md.gotmpl --output-file=DockerHub-Scanner-Readme.generated.md - name: Remove Helm Docs Files run: | # Remove helm-docs download to ensure they don't get commited back From 346b6e315331f997f3745f4111c00c0afdd05e0d Mon Sep 17 00:00:00 2001 From: rseedorff Date: Mon, 7 Jun 2021 14:35:40 +0000 Subject: [PATCH 15/65] Updating Helm Docs --- .../DockerHub-Scanner-Readme.generated.md | 88 +++++++------------ 1 file changed, 30 insertions(+), 58 deletions(-) diff --git a/scanners/amass/DockerHub-Scanner-Readme.generated.md b/scanners/amass/DockerHub-Scanner-Readme.generated.md index 022478c51b..0f0bd1356e 100644 --- a/scanners/amass/DockerHub-Scanner-Readme.generated.md +++ b/scanners/amass/DockerHub-Scanner-Readme.generated.md @@ -1,70 +1,42 @@ -

- „secureCodeBox - „secureCodeBox -

+# amass -

- „License - „GitHub - „OWASP - „Artifact - „Twitter -

-

- „Build“ - „Maintainability“ - „Test - „Known - -

+![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.13](https://img.shields.io/badge/AppVersion-v3.13-informational?style=flat-square) -## About the Scanner +A Helm chart for the Amass security scanner that integrates with the secureCodeBox. -![owasp logo](https://owasp.org/assets/images/logo.png) +**Homepage:** -The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub] +## Maintainers -## Deployment +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -The AMASS scanType can be deployed via helm: +## Source Code -```bash -helm upgrade --install amass secureCodeBox/amass -``` +* -## Scanner Configuration +## Requirements -The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. +Kubernetes: `>=v1.11.0-0` -- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` -- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` +## Values -Special command line options: +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"caffix/amass"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-amass"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[{"mountPath":"/amass/output/config.ini","name":"amass-config","subPath":"config.ini"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[{"configMap":{"name":"amass-config"},"name":"amass-config"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -- Disable generation of altered names `amass enum -noalts -d example.com` -- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` -- Disable saving data into a local database `amass enum -nolocaldb -d example.com` -- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` - -## License - -Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. - -## Contributing - -Contributions are welcome and extremely helpful 🙌 -Please have a look at [Contributing](./CONTRIBUTING.md) - -## Community - -You are welcome, please join us on... 👋 - -- [GitHub][scb-github] -- [Slack][scb-slack] -- [Twitter][scb-twitter] - -secureCodeBox is an official [OWASP][owasp] project. - -[owasp_amass_project]: https://owasp.org/www-project-amass/ -[amass github]: https://github.com/OWASP/Amass -[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) From 747ba9e59e4f9ca0e824d1cf0746cd7ca5424915 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 17:16:26 +0200 Subject: [PATCH 16/65] Removing false generated files --- .../DockerHub-Scanner-Readme.generated.md | 48 ------------- .../DockerHub-Scanner-Readme.generated.md | 42 ----------- .../DockerHub-Scanner-Readme.generated.md | 43 ------------ .../DockerHub-Scanner-Readme.generated.md | 48 ------------- .../DockerHub-Scanner-Readme.generated.md | 42 ----------- .../DockerHub-Scanner-Readme.generated.md | 49 ------------- .../DockerHub-Scanner-Readme.generated.md | 42 ----------- .../DockerHub-Scanner-Readme.generated.md | 32 --------- .../DockerHub-Scanner-Readme.generated.md | 33 --------- .../DockerHub-Scanner-Readme.generated.md | 33 --------- .../DockerHub-Scanner-Readme.generated.md | 34 --------- .../DockerHub-Scanner-Readme.generated.md | 37 ---------- .../DockerHub-Scanner-Readme.generated.md | 63 ----------------- .../DockerHub-Scanner-Readme.generated.md | 39 ----------- .../DockerHub-Scanner-Readme.generated.md | 22 ------ .../DockerHub-Scanner-Readme.generated.md | 69 ------------------- 16 files changed, 676 deletions(-) delete mode 100644 demo-apps/bodgeit/DockerHub-Scanner-Readme.generated.md delete mode 100644 demo-apps/dummy-ssh/DockerHub-Scanner-Readme.generated.md delete mode 100644 demo-apps/http-webhook/DockerHub-Scanner-Readme.generated.md delete mode 100644 demo-apps/juice-shop/DockerHub-Scanner-Readme.generated.md delete mode 100644 demo-apps/old-wordpress/DockerHub-Scanner-Readme.generated.md delete mode 100644 demo-apps/swagger-petstore/DockerHub-Scanner-Readme.generated.md delete mode 100644 demo-apps/unsafe-https/DockerHub-Scanner-Readme.generated.md delete mode 100644 hooks/declarative-subsequent-scans/DockerHub-Scanner-Readme.generated.md delete mode 100644 hooks/finding-post-processing/DockerHub-Scanner-Readme.generated.md delete mode 100644 hooks/generic-webhook/DockerHub-Scanner-Readme.generated.md delete mode 100644 hooks/notification-hook/DockerHub-Scanner-Readme.generated.md delete mode 100644 hooks/persistence-defectdojo/DockerHub-Scanner-Readme.generated.md delete mode 100644 hooks/persistence-elastic/DockerHub-Scanner-Readme.generated.md delete mode 100644 hooks/teams-webhook/DockerHub-Scanner-Readme.generated.md delete mode 100644 hooks/update-field/DockerHub-Scanner-Readme.generated.md delete mode 100644 operator/DockerHub-Scanner-Readme.generated.md diff --git a/demo-apps/bodgeit/DockerHub-Scanner-Readme.generated.md b/demo-apps/bodgeit/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 2f2b0e37b4..0000000000 --- a/demo-apps/bodgeit/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,48 +0,0 @@ -# bodgeit - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.4.0](https://img.shields.io/badge/AppVersion-v1.4.0-informational?style=flat-square) - -The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | securecodebox@iteratec.com | | - -## Source Code - -* -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| annotations | object | `{}` | add annotations to the deployment, service and pods | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"docker.io/psiinon/bodgeit"` | Container Image containing the bodgeit | -| image.tag | string | defaults to the "latest" version because the appVersion tag is not available at docker.io | The image tag | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths | list | `[]` | | -| ingress.tls | list | `[]` | | -| labels | object | `{}` | add labels to the deployment, service and pods | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `8080` | | -| service.type | string | `"ClusterIP"` | | -| tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/dummy-ssh/DockerHub-Scanner-Readme.generated.md b/demo-apps/dummy-ssh/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 39a8eca66c..0000000000 --- a/demo-apps/dummy-ssh/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,42 +0,0 @@ -# dummy-ssh - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) - -SSH Server for scan testing. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | securecodebox@iteratec.com | | - -## Source Code - -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| annotations | object | `{}` | add annotations to the deployment, service and pods | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"docker.io/securecodebox/dummy-ssh"` | Container Image | -| image.tag | string | defaults to the appVersion | The image tag | -| imagePullSecrets | list | `[]` | | -| labels | object | `{}` | add labels to the deployment, service and pods | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `22` | | -| service.type | string | `"ClusterIP"` | | -| tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/http-webhook/DockerHub-Scanner-Readme.generated.md b/demo-apps/http-webhook/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 1a94a5a02d..0000000000 --- a/demo-apps/http-webhook/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,43 +0,0 @@ -# http-webhook - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) - -A Dummy webserver to echo HTTP requests in log - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| annotations | object | `{}` | add annotations to the deployment, service and pods | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"docker.io/mendhak/http-https-echo"` | Container Image | -| image.tag | string | defaults to the latest version because the appVersion tag is not available at docker.io | The image tag | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths | list | `[]` | | -| ingress.tls | list | `[]` | | -| labels | object | `{}` | add labels to the deployment, service and pods | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | deprecated. use `labels` instead. Will be removed in v3. todo(@J12934) remove podAnnotations in v3 | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/juice-shop/DockerHub-Scanner-Readme.generated.md b/demo-apps/juice-shop/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 6500712c5c..0000000000 --- a/demo-apps/juice-shop/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,48 +0,0 @@ -# juice-shop - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v12.7.0](https://img.shields.io/badge/AppVersion-v12.7.0-informational?style=flat-square) - -OWASP Juice Shop: Probably the most modern and sophisticated insecure web application - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | securecodebox@iteratec.com | | - -## Source Code - -* -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| annotations | object | `{}` | add annotations to the deployment, service and pods | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"docker.io/bkimminich/juice-shop"` | Container Image containing the juice-shop | -| image.tag | string | defaults to the appVersion | The image tag | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths | list | `[]` | | -| ingress.tls | list | `[]` | | -| labels | object | `{}` | add labels to the deployment, service and pods | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `3000` | | -| service.type | string | `"ClusterIP"` | | -| tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/old-wordpress/DockerHub-Scanner-Readme.generated.md b/demo-apps/old-wordpress/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 5365b0c27a..0000000000 --- a/demo-apps/old-wordpress/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,42 +0,0 @@ -# old-wordpress - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0](https://img.shields.io/badge/AppVersion-4.0-informational?style=flat-square) - -Insecure & Outdated Wordpress Instance: Never expose it to the internet! - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | securecodebox@iteratec.com | | - -## Source Code - -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| annotations | object | `{}` | add annotations to the deployment, service and pods | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"docker.io/securecodebox/old-wordpress"` | Container Image | -| image.tag | string | defaults to the appVersion | The image tag | -| imagePullSecrets | list | `[]` | | -| labels | object | `{}` | add labels to the deployment, service and pods | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/swagger-petstore/DockerHub-Scanner-Readme.generated.md b/demo-apps/swagger-petstore/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 46a8b3747c..0000000000 --- a/demo-apps/swagger-petstore/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,49 +0,0 @@ -# swagger-petstore - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) - -This is the sample petstore application - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | securecodebox@iteratec.com | | - -## Source Code - -* -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| annotations | object | `{}` | add annotations to the deployment, service and pods | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"docker.io/swaggerapi/petstore"` | Container Image | -| image.tag | string | defaults to the appVersion | The image tag | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths | list | `[]` | | -| ingress.tls | list | `[]` | | -| labels | object | `{}` | add labels to the deployment, service and pods | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| swaggerHostOverride | string | `"http://swagger-petstore.demo-apps.svc"` | | -| tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/unsafe-https/DockerHub-Scanner-Readme.generated.md b/demo-apps/unsafe-https/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 98fc1d49a7..0000000000 --- a/demo-apps/unsafe-https/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,42 +0,0 @@ -# unsafe-https - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) - -Self-signed https Server for scan testing. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | securecodebox@iteratec.com | | - -## Source Code - -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| annotations | object | `{}` | add annotations to the deployment, service and pods | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"docker.io/securecodebox/unsafe-https"` | Container Image | -| image.tag | string | `nil` | | -| imagePullSecrets | list | `[]` | | -| labels | object | `{}` | add labels to the deployment, service and pods | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.port | int | `443` | | -| service.type | string | `"ClusterIP"` | | -| tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/declarative-subsequent-scans/DockerHub-Scanner-Readme.generated.md b/hooks/declarative-subsequent-scans/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 831594360c..0000000000 --- a/hooks/declarative-subsequent-scans/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,32 +0,0 @@ -# declarative-subsequent-scans - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -Starts possible subsequent security scans based on findings (e.g. open ports found by NMAP or subdomains found by AMASS). - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | secureCodeBox@iteratec.com | | - -## Source Code - -* - -## Requirements - -Kubernetes: `>=v1.11.0-0` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -| image.repository | string | `"docker.io/securecodebox/declarative-subsequent-scans"` | Hook image repository | -| image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/finding-post-processing/DockerHub-Scanner-Readme.generated.md b/hooks/finding-post-processing/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 16c8101a3a..0000000000 --- a/hooks/finding-post-processing/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,33 +0,0 @@ -# finding-post-processing - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -Lets you add or override a field to every finding that meets specified conditions - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | secureCodeBox@iteratec.com | | - -## Source Code - -* - -## Requirements - -Kubernetes: `>=v1.11.0-0` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -| image.repository | string | `"docker.io/securecodebox/finding-post-processing"` | Hook image repository | -| image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | -| rules | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/generic-webhook/DockerHub-Scanner-Readme.generated.md b/hooks/generic-webhook/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 0d007ce5b2..0000000000 --- a/hooks/generic-webhook/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,33 +0,0 @@ -# generic-webhook - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -Lets you send http webhooks after scans are completed - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | secureCodeBox@iteratec.com | | - -## Source Code - -* - -## Requirements - -Kubernetes: `>=v1.11.0-0` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -| image.repository | string | `"docker.io/securecodebox/generic-webhook"` | Hook image repository | -| image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | -| webhookUrl | string | `"http://example.com"` | The URL of your WebHook endpoint | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/notification-hook/DockerHub-Scanner-Readme.generated.md b/hooks/notification-hook/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 40a036ce6f..0000000000 --- a/hooks/notification-hook/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,34 +0,0 @@ -# notification-hook - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -Lets you send a findings result summary as hook to MS Teams, Slack, e-mail and others after a scan is completed. - -## Requirements - -Kubernetes: `>=v1.11.0-0` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| customTemplateMap.exists | bool | `false` | | -| customTemplateMap.name | string | `"config-map-name"` | | -| env[0].name | string | `"SOME_ENV_KEY"` | | -| env[0].valueFrom.secretKeyRef.key | string | `"some-key"` | | -| env[0].valueFrom.secretKeyRef.name | string | `"some-secret"` | | -| env[1].name | string | `"SMTP_CONFIG"` | | -| env[1].valueFrom.secretKeyRef.key | string | `"smtp-config-key"` | | -| env[1].valueFrom.secretKeyRef.name | string | `"some-secret"` | | -| hookJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -| image.pullPolicy | string | `"Always"` | | -| image.repository | string | `"docker.io/securecodebox/notification-hook"` | Hook image repository | -| image.tag | string | defaults to the charts version | Image tag | -| notificationChannels[0].endPoint | string | `"SOME_ENV_KEY"` | | -| notificationChannels[0].name | string | `"slack"` | | -| notificationChannels[0].rules[0].matches.anyOf[0].category | string | `"Open Port"` | | -| notificationChannels[0].template | string | `"slack-messageCard"` | | -| notificationChannels[0].type | string | `"slack"` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/persistence-defectdojo/DockerHub-Scanner-Readme.generated.md b/hooks/persistence-defectdojo/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 25e4d7bfab..0000000000 --- a/hooks/persistence-defectdojo/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,37 +0,0 @@ -# persistence-defectdojo - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.0](https://img.shields.io/badge/AppVersion-1.12.0-informational?style=flat-square) - -The defectdojo persistence provider persists secureCodeBox scan results into defectdojo. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | secureCodeBox@iteratec.com | | - -## Source Code - -* - -## Requirements - -Kubernetes: `>=v1.11.0-0` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| defectdojo.authentication.apiKeyKey | string | `"apikey"` | Name of the apikey key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs | -| defectdojo.authentication.userSecret | string | `"defectdojo-credentials"` | Link a pre-existing generic secret with `username` and `apikey` key / value pairs | -| defectdojo.authentication.usernameKey | string | `"username"` | Name of the username key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs | -| defectdojo.syncFindingsBack | bool | `true` | Syncs back (two way sync) all imported findings from DefectDojo to SCB Findings Store, set to false to only import the findings to DefectDojo (one way sync). | -| defectdojo.url | string | `"http://defectdojo-django.default.svc"` | Url to the DefectDojo Instance | -| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | -| image.repository | string | `"docker.io/securecodebox/persistence-defectdojo"` | Hook image repository | -| image.tag | string | `nil` | Container image tag | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/persistence-elastic/DockerHub-Scanner-Readme.generated.md b/hooks/persistence-elastic/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index a6e66fb0a1..0000000000 --- a/hooks/persistence-elastic/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,63 +0,0 @@ -# persistence-elastic - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.9.2](https://img.shields.io/badge/AppVersion-7.9.2-informational?style=flat-square) - -The elastic persistence provider persists secureCodeBox findings into the elastic stack. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | secureCodeBox@iteratec.com | | - -## Source Code - -* - -## Requirements - -Kubernetes: `>=v1.11.0-0` - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.elastic.co | elasticsearch | 7.9.2 | -| https://helm.elastic.co | kibana | 7.9.2 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| authentication | object | `{"apiKeySecret":null,"userSecret":null}` | Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch user and apikey are mutually exclusive, only set one! | -| authentication.apiKeySecret | string | `nil` | Link a pre-existing generic secret with `id` and `key` key / value pairs | -| authentication.userSecret | string | `nil` | Link a pre-existing generic secret with `username` and `password` key / value pairs | -| dashboardImporter.image.repository | string | `"securecodebox/persistence-elastic-dashboard-importer"` | | -| dashboardImporter.image.tag | string | `nil` | | -| elasticsearch | object | `{"enabled":true,"minimumMasterNodes":1,"replicas":1}` | Configures the included elasticsearch subchart (see: https://github.com/elastic/helm-charts/tree/elasticsearch) | -| elasticsearch.enabled | bool | `true` | Enable if you want to deploy an elasticsearch service. | -| elasticsearch.minimumMasterNodes | int | `1` | The value for discovery.zen.minimum_master_nodes. Should be set to (master_eligible_nodes / 2) + 1. Ignored in Elasticsearch versions >= 7 | -| elasticsearch.replicas | int | `1` | Kubernetes replica count for the StatefulSet (i.e. how many pods) | -| externalElasticStack.elasticsearchAddress | string | `"https://elasticsearch.example.com"` | The URL of the elasticsearch service to persists all findings to. | -| externalElasticStack.enabled | bool | `false` | Enable this when you already have an Elastic Stack running to which you want to send your results | -| externalElasticStack.kibanaAddress | string | `"https://kibana.example.com"` | The URL of the kibana service used to visualize all findings. | -| fullnameOverride | string | `""` | | -| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -| image.repository | string | `"docker.io/securecodebox/persistence-elastic"` | Image repository for the dashboard importer job | -| image.tag | string | defaults to the charts version | Image tag for the dashboard importer job | -| imagePullSecrets | list | `[]` | | -| indexAppendNamespace | bool | `true` | Define if the name of the namespace where this hook is deployed to must be added to the index name. The namespace can be used to separate index by tenants (namespaces). | -| indexPrefix | string | `"scbv2"` | Define a specific index prefix used for all elasticsearch indices. | -| indexSuffix | string | `"“yyyy-MM-dd”"` | Define a specific index suffix based on date pattern (YEAR (yyyy), MONTH (yyyy-MM), WEEK (yyyy-'W'W), DATE (yyyy-MM-dd)). We use Luxon for date formatting (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens) | -| kibana | object | `{"enabled":true}` | Configures included Elasticsearch subchart | -| kibana.enabled | bool | `true` | Enable if you want to deploy an kibana service (see: https://github.com/elastic/helm-charts/tree/master/kibana) | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podSecurityContext | object | `{}` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/teams-webhook/DockerHub-Scanner-Readme.generated.md b/hooks/teams-webhook/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 6976b3af97..0000000000 --- a/hooks/teams-webhook/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,39 +0,0 @@ -# teams-webhook - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -Lets you send a findings result summary as webhook to MS Teams, after a scan is completed. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | secureCodeBox@iteratec.com | | - -## Source Code - -* - -## Requirements - -Kubernetes: `>=v1.11.0-0` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| hookJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -| image.repository | string | `"docker.io/securecodebox/teams-webhook"` | Hook image repository | -| image.tag | string | defaults to the charts version | Image tag | -| notification.rules | list | `[]` | A optional rule definition that can be used to describe in wich case a notification must be fired. If not defined / empty each scan result will be notified. | -| notification.template | string | `"messageCard"` | The MS Teams message template that should be used [messageCard | adaptiveCard]. | -| notification.url | string | `"http://example.com"` | The URL of your WebHook endpoint | -| vulnerabilityManagement.enabled | bool | `false` | | -| vulnerabilityManagement.findingsUrl | string | `"https://your-kibana-service.url/your-dashboard-path/filter:{{uid}}"` | | -| vulnerabilityManagement.name | string | `"Kibana Dashboard"` | | -| vulnerabilityManagement.url | string | `"https://your-kibana-service.url/your-dashboard-path"` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/update-field/DockerHub-Scanner-Readme.generated.md b/hooks/update-field/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index 5b543cbfa2..0000000000 --- a/hooks/update-field/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,22 +0,0 @@ -# update-field-hook - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -Lets you add or override a field to every finding - -## Requirements - -Kubernetes: `>=v1.11.0-0` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| attribute.name | string | `"category"` | The name of the attribute you want to add to each finding result | -| attribute.value | string | `"my-own-category"` | The value of the attribute you want to add to each finding result | -| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -| image.repository | string | `"docker.io/securecodebox/update-field"` | Hook image repository | -| image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/operator/DockerHub-Scanner-Readme.generated.md b/operator/DockerHub-Scanner-Readme.generated.md deleted file mode 100644 index c695419374..0000000000 --- a/operator/DockerHub-Scanner-Readme.generated.md +++ /dev/null @@ -1,69 +0,0 @@ -# operator - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - -secureCodeBox Operator to automate the execution of security scans on kubernetes - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | secureCodeBox@iteratec.com | | - -## Source Code - -* - -## Requirements - -Kubernetes: `>=v1.11.0-0` - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.min.io/ | minio | 7.1.2 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| customCACertificate | object | `{"certificate":"public.crt","existingCertificate":null}` | Setup for Custom CA certificates. These are automatically mounted into every secureCodeBox component (lurcher, parser & hooks). Requires that every namespace has a configmap with the CA certificate(s) | -| customCACertificate.certificate | string | `"public.crt"` | key in the configmap holding the certificate(s) | -| customCACertificate.existingCertificate | string | `nil` | name of the configMap holding the ca certificate(s), needs to be the same across all namespaces | -| image.pullPolicy | string | `"Always"` | Image pull policy | -| image.repository | string | `"docker.io/securecodebox/operator"` | The operator image repository | -| image.tag | string | defaults to the charts version | Parser image tag | -| lurcher.image.pullPolicy | string | `"Always"` | Image pull policy | -| lurcher.image.repository | string | `"docker.io/securecodebox/lurcher"` | The operator image repository | -| lurcher.image.tag | string | defaults to the charts version | Parser image tag | -| minio.defaultBucket.enabled | bool | `true` | | -| minio.defaultBucket.name | string | `"securecodebox"` | | -| minio.enabled | bool | `true` | Enable this to use minio as storage backend instead of a cloud bucket provider like AWS S3, Google Cloud Storage, DigitalOcean Spaces etc. | -| minio.resources.requests.memory | string | `"256Mi"` | | -| minio.tls.certSecret | string | `"minio-tls"` | | -| minio.tls.enabled | bool | `false` | | -| podSecurityContext | object | `{}` | Sets the securityContext on the operators pod level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | -| resources | object | `{"limits":{"cpu":"100m","memory":"30Mi"},"requests":{"cpu":"100m","memory":"20Mi"}}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | -| s3.authType | string | `"access-secret-key"` | Authentication method. Supports access-secret-key (used by most s3 endpoint) and aws-irsa (Used by AWS EKS IAM Role to Kubenetes Service Account Binding. Support for AWS IRSA is considered experimental in the secureCodeBox) | -| s3.awsStsEndpoint | string | `"https://sts.amazonaws.com"` | STS Endpoint used in AWS IRSA Authentication. Change this to the sts endpoint of your aws region. Only used when s3.authType is set to "aws-irsa" | -| s3.bucket | string | `"my-bucket"` | | -| s3.enabled | bool | `false` | | -| s3.endpoint | string | `"fra1.digitaloceanspaces.com"` | | -| s3.keySecret | string | `"my-secret"` | | -| s3.port | string | `nil` | | -| s3.secretAttributeNames.accesskey | string | `"accesskey"` | | -| s3.secretAttributeNames.secretkey | string | `"secretkey"` | | -| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Sets the securityContext on the operators container level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | -| securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated | -| securityContext.capabilities.drop[0] | string | `"all"` | This drops all linux privileges from the operator container. They are not required | -| securityContext.privileged | bool | `false` | Ensures that the operator container is not run in privileged mode | -| securityContext.readOnlyRootFilesystem | bool | `true` | Prevents write access to the containers file system | -| securityContext.runAsNonRoot | bool | `true` | Enforces that the Operator image is run as a non root user | -| serviceAccount.annotations | object | `{}` | Annotations of the serviceAccount the operator uses to talk to the k8s api | -| serviceAccount.labels | object | `{}` | Labels of the serviceAccount the operator uses to talk to the k8s api | -| serviceAccount.name | string | `"securecodebox-operator"` | Name of the serviceAccount the operator uses to talk to the k8s api | -| telemetryEnabled | bool | `true` | The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) From d1d82a7741aeab308205f27a016cb0280b640414 Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Mon, 7 Jun 2021 17:24:17 +0200 Subject: [PATCH 17/65] refactored file naming --- .github/workflows/helm-docs.yaml | 2 +- ...anner-Readme.generated.md => DH-Scanner-Readme.generated.md} | 0 ...-Scanner.md.gotmpl => DH-Scanner-Readme.generated.md.gotmpl} | 0 3 files changed, 1 insertion(+), 1 deletion(-) rename scanners/amass/{DockerHub-Scanner-Readme.generated.md => DH-Scanner-Readme.generated.md} (100%) rename scanners/amass/{DockerHub-Scanner.md.gotmpl => DH-Scanner-Readme.generated.md.gotmpl} (100%) diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml index de823b3305..164da16ae0 100644 --- a/.github/workflows/helm-docs.yaml +++ b/.github/workflows/helm-docs.yaml @@ -39,7 +39,7 @@ jobs: ./helm-docs/helm-docs --template-files=./_templates.gotmpl --template-files=README.md.gotmpl - name: Generate Docker Scanner Docs run: | - ./helm-docs/helm-docs --chart-search-root=./scanners/ --template-files=./_templates.gotmpl --template-files=DockerHub-Scanner.md.gotmpl --output-file=DockerHub-Scanner-Readme.generated.md + ./helm-docs/helm-docs --chart-search-root=./scanners/ --template-files=./_templates.gotmpl --template-files=DH-Scanner-Readme.generated.md.gotmpl --output-file=DH-Scanner-Readme.generated.md - name: Remove Helm Docs Files run: | # Remove helm-docs download to ensure they don't get commited back diff --git a/scanners/amass/DockerHub-Scanner-Readme.generated.md b/scanners/amass/DH-Scanner-Readme.generated.md similarity index 100% rename from scanners/amass/DockerHub-Scanner-Readme.generated.md rename to scanners/amass/DH-Scanner-Readme.generated.md diff --git a/scanners/amass/DockerHub-Scanner.md.gotmpl b/scanners/amass/DH-Scanner-Readme.generated.md.gotmpl similarity index 100% rename from scanners/amass/DockerHub-Scanner.md.gotmpl rename to scanners/amass/DH-Scanner-Readme.generated.md.gotmpl From f2728c880c118189d321c949e4b3f51011dab863 Mon Sep 17 00:00:00 2001 From: rseedorff Date: Mon, 7 Jun 2021 15:24:43 +0000 Subject: [PATCH 18/65] Updating Helm Docs --- .../DH-Scanner-Readme.generated.md | 41 +++++++++++++ .../DH-Scanner-Readme.generated.md | 42 +++++++++++++ .../gitleaks/DH-Scanner-Readme.generated.md | 43 +++++++++++++ .../DH-Scanner-Readme.generated.md | 43 +++++++++++++ .../kubeaudit/DH-Scanner-Readme.generated.md | 46 ++++++++++++++ .../ncrack/DH-Scanner-Readme.generated.md | 45 ++++++++++++++ scanners/nikto/DH-Scanner-Readme.generated.md | 43 +++++++++++++ scanners/nmap/DH-Scanner-Readme.generated.md | 48 +++++++++++++++ .../DH-Scanner-Readme.generated.md | 43 +++++++++++++ .../ssh-scan/DH-Scanner-Readme.generated.md | 43 +++++++++++++ .../sslyze/DH-Scanner-Readme.generated.md | 43 +++++++++++++ .../test-scan/DH-Scanner-Readme.generated.md | 36 +++++++++++ scanners/trivy/DH-Scanner-Readme.generated.md | 42 +++++++++++++ .../wpscan/DH-Scanner-Readme.generated.md | 42 +++++++++++++ .../DH-Scanner-Readme.generated.md | 61 +++++++++++++++++++ scanners/zap/DH-Scanner-Readme.generated.md | 44 +++++++++++++ 16 files changed, 705 insertions(+) create mode 100644 scanners/angularjs-csti-scanner/DH-Scanner-Readme.generated.md create mode 100644 scanners/git-repo-scanner/DH-Scanner-Readme.generated.md create mode 100644 scanners/gitleaks/DH-Scanner-Readme.generated.md create mode 100644 scanners/kube-hunter/DH-Scanner-Readme.generated.md create mode 100644 scanners/kubeaudit/DH-Scanner-Readme.generated.md create mode 100644 scanners/ncrack/DH-Scanner-Readme.generated.md create mode 100644 scanners/nikto/DH-Scanner-Readme.generated.md create mode 100644 scanners/nmap/DH-Scanner-Readme.generated.md create mode 100644 scanners/screenshooter/DH-Scanner-Readme.generated.md create mode 100644 scanners/ssh-scan/DH-Scanner-Readme.generated.md create mode 100644 scanners/sslyze/DH-Scanner-Readme.generated.md create mode 100644 scanners/test-scan/DH-Scanner-Readme.generated.md create mode 100644 scanners/trivy/DH-Scanner-Readme.generated.md create mode 100644 scanners/wpscan/DH-Scanner-Readme.generated.md create mode 100644 scanners/zap-advanced/DH-Scanner-Readme.generated.md create mode 100644 scanners/zap/DH-Scanner-Readme.generated.md diff --git a/scanners/angularjs-csti-scanner/DH-Scanner-Readme.generated.md b/scanners/angularjs-csti-scanner/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..a0f006eb43 --- /dev/null +++ b/scanners/angularjs-csti-scanner/DH-Scanner-Readme.generated.md @@ -0,0 +1,41 @@ +# angularjs-csti-scanner + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.6](https://img.shields.io/badge/AppVersion-3.0.6-informational?style=flat-square) + +A Helm chart for the angularjs csti scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"docker.io/securecodebox/scanner-angularjs-csti-scanner"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-angularjs-csti-scanner"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/git-repo-scanner/DH-Scanner-Readme.generated.md b/scanners/git-repo-scanner/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..2e9b456d2b --- /dev/null +++ b/scanners/git-repo-scanner/DH-Scanner-Readme.generated.md @@ -0,0 +1,42 @@ +# git-repo-scanner + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +A Helm chart for the git-repo-scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"docker.io/securecodebox/scanner-git-repo-scanner"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-git-repo-scanner"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/gitleaks/DH-Scanner-Readme.generated.md b/scanners/gitleaks/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..2e905e9774 --- /dev/null +++ b/scanners/gitleaks/DH-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# gitleaks + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v7.5.0](https://img.shields.io/badge/AppVersion-v7.5.0-informational?style=flat-square) + +A Helm chart for the gitleaks repository scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"docker.io/securecodebox/scanner-gitleaks"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the app version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-gitleaks"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[{"mountPath":"/home/","name":"gitleaks-config"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[{"configMap":{"name":"gitleaks-config"},"name":"gitleaks-config"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/kube-hunter/DH-Scanner-Readme.generated.md b/scanners/kube-hunter/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..cb0201ef05 --- /dev/null +++ b/scanners/kube-hunter/DH-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# kube-hunter + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.1](https://img.shields.io/badge/AppVersion-0.4.1-informational?style=flat-square) + +A Helm chart for the kube-hunter security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"docker.io/securecodebox/scanner-kube-hunter"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-kube-hunter"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/kubeaudit/DH-Scanner-Readme.generated.md b/scanners/kubeaudit/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..820d3eaa71 --- /dev/null +++ b/scanners/kubeaudit/DH-Scanner-Readme.generated.md @@ -0,0 +1,46 @@ +# kubeaudit + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.0](https://img.shields.io/badge/AppVersion-v0.14.0-informational?style=flat-square) + +A Helm chart for the kubeaudit security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| kubeauditScope | string | `"namespace"` | Automatically sets up rbac roles for kubeaudit to access the resources it scans. Can be either "cluster" (ClusterRole) or "namespace" (Role) | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-kubeaudit"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated | +| scannerJob.securityContext.capabilities.drop[0] | string | `"all"` | This drops all linux privileges from the container. | +| scannerJob.securityContext.privileged | bool | `false` | Ensures that the scanner container is not run in privileged mode | +| scannerJob.securityContext.readOnlyRootFilesystem | bool | `true` | Prevents write access to the containers file system | +| scannerJob.securityContext.runAsNonRoot | bool | `true` | Enforces that the scanner image is run as a non root user | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/ncrack/DH-Scanner-Readme.generated.md b/scanners/ncrack/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..c20dd3f03d --- /dev/null +++ b/scanners/ncrack/DH-Scanner-Readme.generated.md @@ -0,0 +1,45 @@ +# ncrack + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7](https://img.shields.io/badge/AppVersion-0.7-informational?style=flat-square) + +A Helm chart for the NCRACK security Scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| encryptPasswords.existingSecret | string | `nil` | secret name with a pem encoded rsa public key to encrypt identified passwords | +| encryptPasswords.key | string | `"public.key"` | name of the property in the secret with the pem encoded rsa public key | +| image.repository | string | `"docker.io/securecodebox/scanner-ncrack"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-ncrack"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/nikto/DH-Scanner-Readme.generated.md b/scanners/nikto/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..39c157854b --- /dev/null +++ b/scanners/nikto/DH-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# nikto + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) + +A Helm chart for the Nikto security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"docker.io/securecodebox/scanner-nikto"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-nikto"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/nmap/DH-Scanner-Readme.generated.md b/scanners/nmap/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..dd2bf3aaba --- /dev/null +++ b/scanners/nmap/DH-Scanner-Readme.generated.md @@ -0,0 +1,48 @@ +# nmap + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.91-r0](https://img.shields.io/badge/AppVersion-7.91--r0-informational?style=flat-square) + +A Helm chart for the NMAP security Scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"docker.io/securecodebox/scanner-nmap"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-nmap"` | Parser image repository | +| parserImage.tag | string | defaults to the charts appVersion | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated | +| scannerJob.securityContext.capabilities.drop[0] | string | `"all"` | This drops all linux privileges from the container. | +| scannerJob.securityContext.privileged | bool | `false` | Ensures that the scanner container is not run in privileged mode | +| scannerJob.securityContext.readOnlyRootFilesystem | bool | `true` | Prevents write access to the containers file system | +| scannerJob.securityContext.runAsNonRoot | bool | `true` | Enforces that the scanner image is run as a non root user | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/screenshooter/DH-Scanner-Readme.generated.md b/scanners/screenshooter/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..746cfe66e2 --- /dev/null +++ b/scanners/screenshooter/DH-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# screenshooter + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +A Helm chart for the Screenshooter that integrates with the secureCodeBox, which can take screenshots of your applications. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"docker.io/securecodebox/scanner-screenshooter"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts version | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-screenshooter"` | Parser image repository | +| parserImage.tag | string | defaults to the charts appVersion | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/ssh-scan/DH-Scanner-Readme.generated.md b/scanners/ssh-scan/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..9616ff96ca --- /dev/null +++ b/scanners/ssh-scan/DH-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# ssh-scan + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.44](https://img.shields.io/badge/AppVersion-0.0.44-informational?style=flat-square) + +A Helm chart for the SSH_Scan security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"mozilla/ssh_scan"` | Container Image to run the scan | +| image.tag | string | `"latest@sha256:d6f41c2c328223931b97a4ae5d35d3bb91b5c8d91871ced3d2e0cde06b1edf1f"` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-ssh-scan"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/sslyze/DH-Scanner-Readme.generated.md b/scanners/sslyze/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..8b93ba98d0 --- /dev/null +++ b/scanners/sslyze/DH-Scanner-Readme.generated.md @@ -0,0 +1,43 @@ +# sslyze + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v4.0.4](https://img.shields.io/badge/AppVersion-v4.0.4-informational?style=flat-square) + +A Helm chart for the SSLyze security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"nablac0d3/sslyze"` | Container Image to run the scan | +| image.tag | string | `"latest@sha256:ff2c5c626401b1961736a5b2ae6e35a41d213e8b2712102100abf5ee46dcca71"` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-sslyze"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/test-scan/DH-Scanner-Readme.generated.md b/scanners/test-scan/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..fda3a1d9c6 --- /dev/null +++ b/scanners/test-scan/DH-Scanner-Readme.generated.md @@ -0,0 +1,36 @@ +# test-scan + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +A Helm chart to test the secureCodeBox operator + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | securecodebox@iteratec.com | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"docker.io/securecodebox/scanner-test-scan"` | | +| image.tag | string | `nil` | | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-test-scan"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/trivy/DH-Scanner-Readme.generated.md b/scanners/trivy/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..fc0f2cdf3c --- /dev/null +++ b/scanners/trivy/DH-Scanner-Readme.generated.md @@ -0,0 +1,42 @@ +# trivy + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.18.3](https://img.shields.io/badge/AppVersion-0.18.3-informational?style=flat-square) + +A Helm chart for the trivy security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"docker.io/aquasec/trivy"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-trivy"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/wpscan/DH-Scanner-Readme.generated.md b/scanners/wpscan/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..961598b125 --- /dev/null +++ b/scanners/wpscan/DH-Scanner-Readme.generated.md @@ -0,0 +1,42 @@ +# wpscan + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.8.17](https://img.shields.io/badge/AppVersion-3.8.17-informational?style=flat-square) + +A Helm chart for the WordPress security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"wpscanteam/wpscan"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-wpscan"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/zap-advanced/DH-Scanner-Readme.generated.md b/scanners/zap-advanced/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..ed770e1462 --- /dev/null +++ b/scanners/zap-advanced/DH-Scanner-Readme.generated.md @@ -0,0 +1,61 @@ +# zap-advanced + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.10.0](https://img.shields.io/badge/AppVersion-2.10.0-informational?style=flat-square) + +A Helm chart for the OWASP ZAP (extended with advanced authentication features) security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules | object | `{"enabled":true}` | Configurations regarding the cascading scan | +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| parseJob.backoffLimit | int | `3` | | +| parseJob.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | +| parseJob.image.repository | string | `"docker.io/securecodebox/parser-zap"` | Parser image repository | +| parseJob.image.tag | string | `nil` | Parser image tag | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[{"mountPath":"/home/securecodebox/configs/1-zap-advanced-scantype.yaml","name":"zap-advanced-scantype-config","readOnly":true,"subPath":"1-zap-advanced-scantype.yaml"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[{"configMap":{"name":"zap-advanced-scantype-config"},"name":"zap-advanced-scantype-config"},{"configMap":{"name":"zap-scripts-authentication"},"name":"zap-scripts-authentication"},{"configMap":{"name":"zap-scripts-session"},"name":"zap-scripts-session"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | +| scannerJob.image.repository | string | `"docker.io/securecodebox/scanner-zap-advanced"` | Container Image to run the scan | +| scannerJob.image.tag | string | `nil` | defaults to the charts appVersion | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| zapConfiguration | object | `{"global":{"addonInstall":["pscanrulesBeta","ascanrulesBeta","pscanrulesAlpha","ascanrulesAlpha"],"addonUpdate":true,"sessionName":"secureCodeBox"}}` | All `scanType` specific configuration options. Feel free to add more configuration options. All configuration options can be overriden by scan specific configurations if defined. Please have a look into the README.md to find more configuration options. | +| zapConfiguration.global | object | `{"addonInstall":["pscanrulesBeta","ascanrulesBeta","pscanrulesAlpha","ascanrulesAlpha"],"addonUpdate":true,"sessionName":"secureCodeBox"}` | Optional general ZAP Configurations settings. | +| zapConfiguration.global.addonInstall | list | `["pscanrulesBeta","ascanrulesBeta","pscanrulesAlpha","ascanrulesAlpha"]` | Installs additional ZAP AddOns on startup, listed by their name: | +| zapConfiguration.global.addonUpdate | bool | `true` | Updates all installed ZAP AddOns on startup if true, otherwise false. | +| zapConfiguration.global.sessionName | string | `"secureCodeBox"` | The ZAP internal Session name. Default: secureCodeBox | +| zapContainer.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| zapContainer.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) | +| zapContainer.extraVolumeMounts | list | `[{"mountPath":"/home/zap/.ZAP_D/scripts/scripts/authentication/","name":"zap-scripts-authentication","readOnly":true},{"mountPath":"/home/zap/.ZAP_D/scripts/scripts/session/","name":"zap-scripts-session","readOnly":true}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| zapContainer.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | +| zapContainer.image.repository | string | `"owasp/zap2docker-stable"` | Container Image to run the scan | +| zapContainer.image.tag | string | `nil` | defaults to the charts appVersion | +| zapContainer.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| zapContainer.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/zap/DH-Scanner-Readme.generated.md b/scanners/zap/DH-Scanner-Readme.generated.md new file mode 100644 index 0000000000..7e0b8c50cc --- /dev/null +++ b/scanners/zap/DH-Scanner-Readme.generated.md @@ -0,0 +1,44 @@ +# zap + +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.10.0](https://img.shields.io/badge/AppVersion-2.10.0-informational?style=flat-square) + +A Helm chart for the OWASP ZAP security scanner that integrates with the secureCodeBox. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner | +| image.repository | string | `"owasp/zap2docker-stable"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-zap"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.envFrom | list | `[]` | Optional mount environment variables from configMaps or secrets (see: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#configure-all-key-value-pairs-in-a-secret-as-container-environment-variables) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[{"mountPath":"/zap/wrk","name":"zap-workdir"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[{"emptyDir":{},"name":"zap-workdir"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) From 78c2446b1f8a38246f0ac47f0ef8b1cefdf1283d Mon Sep 17 00:00:00 2001 From: Robert Seedorff Date: Tue, 8 Jun 2021 10:31:36 +0200 Subject: [PATCH 19/65] Refactored the template generation (WIP) --- .github/workflows/helm-docs.yaml | 6 +- .helm-docs-templates.gotmpl | 54 ++++++++++++ _templates.gotmpl | 43 ---------- scanners/amass/Chart.yaml | 2 + scanners/amass/DH-Scanner-Readme.generated.md | 42 ---------- scanners/amass/README.ArtifactHub.md | 84 +++++++++++++++++++ scanners/amass/README.ArtifactHub.md.gotmpl | 26 ++++++ scanners/amass/README.DockerHub-Parser.md | 53 ++++++++++++ .../amass/README.DockerHub-Parser.md.gotmpl | 22 +++++ scanners/amass/README.DockerHub-Scanner.md | 53 ++++++++++++ .../amass/README.DockerHub-Scanner.md.gotmpl | 22 +++++ scanners/amass/README.md | 78 +++++++++-------- scanners/amass/README.md.gotmpl | 52 +++--------- ...ated.md.gotmpl => README.templates.gotmpl} | 44 +++++++--- 14 files changed, 399 insertions(+), 182 deletions(-) create mode 100644 .helm-docs-templates.gotmpl delete mode 100644 _templates.gotmpl delete mode 100644 scanners/amass/DH-Scanner-Readme.generated.md create mode 100644 scanners/amass/README.ArtifactHub.md create mode 100644 scanners/amass/README.ArtifactHub.md.gotmpl create mode 100644 scanners/amass/README.DockerHub-Parser.md create mode 100644 scanners/amass/README.DockerHub-Parser.md.gotmpl create mode 100644 scanners/amass/README.DockerHub-Scanner.md create mode 100644 scanners/amass/README.DockerHub-Scanner.md.gotmpl rename scanners/amass/{DH-Scanner-Readme.generated.md.gotmpl => README.templates.gotmpl} (59%) diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml index 164da16ae0..0aa5866a71 100644 --- a/.github/workflows/helm-docs.yaml +++ b/.github/workflows/helm-docs.yaml @@ -31,15 +31,15 @@ jobs: curl --output helm-docs.tar.gz --location https://github.com/norwoodj/helm-docs/releases/download/v1.5.0/helm-docs_1.5.0_Linux_x86_64.tar.gz tar -xvf helm-docs.tar.gz - # Verify install + # Verify installation ./helm-docs --version - name: Generate Helm Docs run: | - ./helm-docs/helm-docs --template-files=./_templates.gotmpl --template-files=README.md.gotmpl + ./helm-docs/helm-docs --template-files=./_templates.gotmpl --template-files=README.md.gotmpl --output-file=README.md - name: Generate Docker Scanner Docs run: | - ./helm-docs/helm-docs --chart-search-root=./scanners/ --template-files=./_templates.gotmpl --template-files=DH-Scanner-Readme.generated.md.gotmpl --output-file=DH-Scanner-Readme.generated.md + ./helm-docs/helm-docs --chart-search-root=./scanners/ --template-files=./../_templates.gotmpl --template-files=README.templates.gotmpl --template-files=README.DockerHub-Scanner.md.gotmpl --output-file=docs/README.DockerHub-Scanner.md - name: Remove Helm Docs Files run: | # Remove helm-docs download to ensure they don't get commited back diff --git a/.helm-docs-templates.gotmpl b/.helm-docs-templates.gotmpl new file mode 100644 index 0000000000..5321b6bd28 --- /dev/null +++ b/.helm-docs-templates.gotmpl @@ -0,0 +1,54 @@ +{{- define "extra.badgesSection" -}} +

+ License Apache-2.0 + GitHub release (latest SemVer) + OWASP Incubator Project + Artifact HUB + Twitter Follower +

+{{- end }} + +{{- define "extra.licenseSection" -}} +## License + +Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. +{{- end }} + +{{- define "extra.dockerLicenseSection" -}} +## License +View [license information](https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE) for the software contained in this image. +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) + +As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained). + +As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within. +{{- end }} + +{{- define "extra.communitySection" -}} +## Community + +You are welcome, please join us on... 👋 + +- [GitHub][scb-github] +- [Slack][scb-slack] +- [Twitter][scb-twitter] + +secureCodeBox is an official [OWASP][owasp] project. + +{{- end }} + +{{- define "extra.contributionSection" -}} +## Contributing + +Contributions are welcome and extremely helpful 🙌 +Please have a look at [Contributing](./CONTRIBUTING.md) +{{- end }} + +{{- define "extra.generalLinksSection" -}} +[owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox +[scb-github]: https://github.com/secureCodeBox/ +[scb-engine]: https://github.com/secureCodeBox/engine +[scb-twitter]: https://twitter.com/secureCodeBox +[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU +[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE +{{- end }} diff --git a/_templates.gotmpl b/_templates.gotmpl deleted file mode 100644 index cb39ad3e18..0000000000 --- a/_templates.gotmpl +++ /dev/null @@ -1,43 +0,0 @@ -{{- define "extra.badgesSection" -}} -

- „secureCodeBox - „secureCodeBox -

- -

- „License - „GitHub - „OWASP - „Artifact - „Twitter -

-

- „Build“ - „Maintainability“ - „Test - „Known - -

-{{- end }} -{{- define "extra.licenceSection" -}} -## License - -Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. -{{- end }} -{{- define "extra.communitySection" -}} -## Community - -You are welcome, please join us on... 👋 - -- [GitHub][scb-github] -- [Slack][scb-slack] -- [Twitter][scb-twitter] - -secureCodeBox is an official [OWASP][owasp] project. -{{- end }} -{{- define "extra.contributionSection" -}} -## Contributing - -Contributions are welcome and extremely helpful 🙌 -Please have a look at [Contributing](./CONTRIBUTING.md) -{{- end }} diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index 5f841afc9e..7248cf752c 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -27,3 +27,5 @@ sources: maintainers: - name: iteratec GmbH email: secureCodeBox@iteratec.com + + diff --git a/scanners/amass/DH-Scanner-Readme.generated.md b/scanners/amass/DH-Scanner-Readme.generated.md deleted file mode 100644 index 0f0bd1356e..0000000000 --- a/scanners/amass/DH-Scanner-Readme.generated.md +++ /dev/null @@ -1,42 +0,0 @@ -# amass - -![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.13](https://img.shields.io/badge/AppVersion-v3.13-informational?style=flat-square) - -A Helm chart for the Amass security scanner that integrates with the secureCodeBox. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | secureCodeBox@iteratec.com | | - -## Source Code - -* - -## Requirements - -Kubernetes: `>=v1.11.0-0` - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| image.repository | string | `"caffix/amass"` | Container Image to run the scan | -| image.tag | string | `nil` | defaults to the charts appVersion | -| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -| parserImage.repository | string | `"docker.io/securecodebox/parser-amass"` | Parser image repository | -| parserImage.tag | string | defaults to the charts version | Parser image tag | -| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | -| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | -| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | -| scannerJob.extraVolumeMounts | list | `[{"mountPath":"/amass/output/config.ini","name":"amass-config","subPath":"config.ini"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | -| scannerJob.extraVolumes | list | `[{"configMap":{"name":"amass-config"},"name":"amass-config"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | -| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | -| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | -| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/amass/README.ArtifactHub.md b/scanners/amass/README.ArtifactHub.md new file mode 100644 index 0000000000..5d1066be59 --- /dev/null +++ b/scanners/amass/README.ArtifactHub.md @@ -0,0 +1,84 @@ +

+ License Apache-2.0 + GitHub release (latest SemVer) + OWASP Incubator Project + Artifact HUB + Twitter Follower +

+ +## What is OWASP Amass? + +The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub]. + +## Deployment + +The amass `scanType` can be deployed via helm: + +```bash +helm upgrade --install amass secureCodeBox/amass +``` + +## Scanner Configuration + +The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. + +- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` +- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` + +Special command line options: + +- Disable generation of altered names `amass enum -noalts -d example.com` +- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` +- Disable saving data into a local database `amass enum -nolocaldb -d example.com` +- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` + +## Contributing + +Contributions are welcome and extremely helpful 🙌 +Please have a look at [Contributing](./CONTRIBUTING.md) + +## Community + +You are welcome, please join us on... 👋 + +- [GitHub][scb-github] +- [Slack][scb-slack] +- [Twitter][scb-twitter] + +secureCodeBox is an official [OWASP][owasp] project. + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.repository | string | `"caffix/amass"` | Container Image to run the scan | +| image.tag | string | `nil` | defaults to the charts appVersion | +| parseJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| parserImage.repository | string | `"docker.io/securecodebox/parser-amass"` | Parser image repository | +| parserImage.tag | string | defaults to the charts version | Parser image tag | +| scannerJob.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) | +| scannerJob.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) | +| scannerJob.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | +| scannerJob.extraVolumeMounts | list | `[{"mountPath":"/amass/output/config.ini","name":"amass-config","subPath":"config.ini"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.extraVolumes | list | `[{"configMap":{"name":"amass-config"},"name":"amass-config"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | +| scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +## License + +Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. + +[owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox +[scb-github]: https://github.com/secureCodeBox/ +[scb-engine]: https://github.com/secureCodeBox/engine +[scb-twitter]: https://twitter.com/secureCodeBox +[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU +[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE +[owasp_amass_project]: https://owasp.org/www-project-amass/ +[amass github]: https://github.com/OWASP/Amass +[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md \ No newline at end of file diff --git a/scanners/amass/README.ArtifactHub.md.gotmpl b/scanners/amass/README.ArtifactHub.md.gotmpl new file mode 100644 index 0000000000..508edbed7f --- /dev/null +++ b/scanners/amass/README.ArtifactHub.md.gotmpl @@ -0,0 +1,26 @@ +{{- /* +SPDX-FileCopyrightText: 2020 iteratec GmbH + +SPDX-License-Identifier: Apache-2.0 +*/ -}} + +{{ template "extra.badgesSection" . }} + +{{ template "extra.scannerAboutSection" . }} + +{{ template "extra.chartDeploymentSection" . }} + +{{ template "extra.scannerConfigurationSection" . }} + +{{ template "extra.contributionSection" . }} + +{{ template "extra.communitySection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +{{ template "extra.licenseSection" . }} + +{{ template "extra.generalLinksSection" . }} +{{ template "extra.scannerLinksSection" . }} \ No newline at end of file diff --git a/scanners/amass/README.DockerHub-Parser.md b/scanners/amass/README.DockerHub-Parser.md new file mode 100644 index 0000000000..4de2070692 --- /dev/null +++ b/scanners/amass/README.DockerHub-Parser.md @@ -0,0 +1,53 @@ +

+ License Apache-2.0 + GitHub release (latest SemVer) + OWASP Incubator Project + Artifact HUB + Twitter Follower +

+ +## Supported Tags +- `latest` (represents the latest stable release build) +- tagged releases, e.g. `v3.13` +- `unstable` (represents the latest unstable build from the master branch. Not recommended for production systems) + +## How to use this image +```bash +docker pull securecodebox/scanner-amass +``` + +## What is OWASP Amass? + +The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub]. + +## Scanner Configuration + +The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. + +- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` +- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` + +Special command line options: + +- Disable generation of altered names `amass enum -noalts -d example.com` +- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` +- Disable saving data into a local database `amass enum -nolocaldb -d example.com` +- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` + +## Community + +You are welcome, please join us on... 👋 + +- [GitHub][scb-github] +- [Slack][scb-slack] +- [Twitter][scb-twitter] + +secureCodeBox is an official [OWASP][owasp] project. + +## License +View [license information](https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE) for the software contained in this image. +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) + +As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained). + +As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within. \ No newline at end of file diff --git a/scanners/amass/README.DockerHub-Parser.md.gotmpl b/scanners/amass/README.DockerHub-Parser.md.gotmpl new file mode 100644 index 0000000000..a39a986e90 --- /dev/null +++ b/scanners/amass/README.DockerHub-Parser.md.gotmpl @@ -0,0 +1,22 @@ +{{- /* +SPDX-FileCopyrightText: 2020 iteratec GmbH + +SPDX-License-Identifier: Apache-2.0 +*/ -}} + +{{ template "extra.badgesSection" . }} + +{{ template "extra.dockerDeploymentSection" . }} + +## How to use this image +```bash +docker pull securecodebox/parser-amass +``` + +{{ template "extra.scannerAboutSection" . }} + +{{ template "extra.scannerConfigurationSection" . }} + +{{ template "extra.communitySection" . }} + +{{ template "extra.dockerLicenseSection" . }} \ No newline at end of file diff --git a/scanners/amass/README.DockerHub-Scanner.md b/scanners/amass/README.DockerHub-Scanner.md new file mode 100644 index 0000000000..4de2070692 --- /dev/null +++ b/scanners/amass/README.DockerHub-Scanner.md @@ -0,0 +1,53 @@ +

+ License Apache-2.0 + GitHub release (latest SemVer) + OWASP Incubator Project + Artifact HUB + Twitter Follower +

+ +## Supported Tags +- `latest` (represents the latest stable release build) +- tagged releases, e.g. `v3.13` +- `unstable` (represents the latest unstable build from the master branch. Not recommended for production systems) + +## How to use this image +```bash +docker pull securecodebox/scanner-amass +``` + +## What is OWASP Amass? + +The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub]. + +## Scanner Configuration + +The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. + +- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` +- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` + +Special command line options: + +- Disable generation of altered names `amass enum -noalts -d example.com` +- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` +- Disable saving data into a local database `amass enum -nolocaldb -d example.com` +- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` + +## Community + +You are welcome, please join us on... 👋 + +- [GitHub][scb-github] +- [Slack][scb-slack] +- [Twitter][scb-twitter] + +secureCodeBox is an official [OWASP][owasp] project. + +## License +View [license information](https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE) for the software contained in this image. +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) + +As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained). + +As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within. \ No newline at end of file diff --git a/scanners/amass/README.DockerHub-Scanner.md.gotmpl b/scanners/amass/README.DockerHub-Scanner.md.gotmpl new file mode 100644 index 0000000000..80bf68b3c2 --- /dev/null +++ b/scanners/amass/README.DockerHub-Scanner.md.gotmpl @@ -0,0 +1,22 @@ +{{- /* +SPDX-FileCopyrightText: 2020 iteratec GmbH + +SPDX-License-Identifier: Apache-2.0 +*/ -}} + +{{ template "extra.badgesSection" . }} + +{{ template "extra.dockerDeploymentSection" . }} + +## How to use this image +```bash +docker pull securecodebox/scanner-amass +``` + +{{ template "extra.scannerAboutSection" . }} + +{{ template "extra.scannerConfigurationSection" . }} + +{{ template "extra.communitySection" . }} + +{{ template "extra.dockerLicenseSection" . }} \ No newline at end of file diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 5db618e900..5aeb65dc2f 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -1,41 +1,29 @@ --- -title: "Amass" +title: "amass" category: "scanner" type: "Network" state: "released" -appVersion: 'v3.13' +appVersion: "v3.13" usecase: "Subdomain Enumeration Scanner" --- ![owasp logo](https://owasp.org/assets/images/logo.png) -The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub]. - - - -

- „secureCodeBox - „secureCodeBox +

+ License Apache-2.0 + GitHub release (latest SemVer) + OWASP Incubator Project + Artifact HUB + Twitter Follower

-

- „License - „GitHub - „OWASP - „Artifact - „Twitter -

-

- „Build“ - „Maintainability“ - „Test - „Known - -

+## What is OWASP Amass? + +The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub]. ## Deployment -The AMASS scanType can be deployed via helm: +The amass `scanType` can be deployed via helm: ```bash helm upgrade --install amass secureCodeBox/amass @@ -55,7 +43,26 @@ Special command line options: - Disable saving data into a local database `amass enum -nolocaldb -d example.com` - Domain names separated by commas (can be used multiple times) `amass enum -d example.com` -## Chart Configuration +## Contributing + +Contributions are welcome and extremely helpful 🙌 +Please have a look at [Contributing](./CONTRIBUTING.md) + +## Community + +You are welcome, please join us on... 👋 + +- [GitHub][scb-github] +- [Slack][scb-slack] +- [Twitter][scb-twitter] + +secureCodeBox is an official [OWASP][owasp] project. + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -77,21 +84,12 @@ Special command line options: Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. -## Contributing - -Contributions are welcome and extremely helpful 🙌 -Please have a look at [Contributing](./CONTRIBUTING.md) - -## Community - -You are welcome, please join us on... 👋 - -- [GitHub][scb-github] -- [Slack][scb-slack] -- [Twitter][scb-twitter] - -secureCodeBox is an official [OWASP][owasp] project. - +[owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox +[scb-github]: https://github.com/secureCodeBox/ +[scb-engine]: https://github.com/secureCodeBox/engine +[scb-twitter]: https://twitter.com/secureCodeBox +[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU +[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE [owasp_amass_project]: https://owasp.org/www-project-amass/ [amass github]: https://github.com/OWASP/Amass [amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md diff --git a/scanners/amass/README.md.gotmpl b/scanners/amass/README.md.gotmpl index 3f78b89032..35ff0400cd 100644 --- a/scanners/amass/README.md.gotmpl +++ b/scanners/amass/README.md.gotmpl @@ -3,55 +3,25 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH SPDX-License-Identifier: Apache-2.0 */ -}} ---- -title: "Amass" -category: "scanner" -type: "Network" -state: "released" -appVersion: '{{ template "chart.appVersion" . }}' -usecase: "Subdomain Enumeration Scanner" ---- - -![owasp logo](https://owasp.org/assets/images/logo.png) - -The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub]. - - +{{ template "extra.docsSection" . }} {{ template "extra.badgesSection" . }} -## Deployment - -The AMASS scanType can be deployed via helm: - -```bash -helm upgrade --install amass secureCodeBox/amass -``` - -## Scanner Configuration +{{ template "extra.scannerAboutSection" . }} -The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. +{{ template "extra.chartDeploymentSection" . }} -- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` -- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` +{{ template "extra.scannerConfigurationSection" . }} -Special command line options: - -- Disable generation of altered names `amass enum -noalts -d example.com` -- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` -- Disable saving data into a local database `amass enum -nolocaldb -d example.com` -- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` - -## Chart Configuration +{{ template "extra.contributionSection" . }} -{{ template "chart.valuesTable" . }} +{{ template "extra.communitySection" . }} -{{ template "extra.licenceSection" . }} +{{ template "chart.requirementsSection" . }} -{{ template "extra.contributionSection" . }} +{{ template "chart.valuesSection" . }} -{{ template "extra.communitySection" . }} +{{ template "extra.licenseSection" . }} -[owasp_amass_project]: https://owasp.org/www-project-amass/ -[amass github]: https://github.com/OWASP/Amass -[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md +{{ template "extra.generalLinksSection" . }} +{{ template "extra.scannerLinksSection" . }} diff --git a/scanners/amass/DH-Scanner-Readme.generated.md.gotmpl b/scanners/amass/README.templates.gotmpl similarity index 59% rename from scanners/amass/DH-Scanner-Readme.generated.md.gotmpl rename to scanners/amass/README.templates.gotmpl index 274a5d6515..940e97ddf8 100644 --- a/scanners/amass/DH-Scanner-Readme.generated.md.gotmpl +++ b/scanners/amass/README.templates.gotmpl @@ -4,23 +4,44 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH SPDX-License-Identifier: Apache-2.0 */ -}} -{{ template "extra.badgesSection" . }} - -## About the Scanner +{{- define "extra.docsSection" -}} +--- +title: "{{ template "chart.name" . }}" +category: "scanner" +type: "Network" +state: "released" +appVersion: "{{ template "chart.appVersion" . }}" +usecase: "Subdomain Enumeration Scanner" +--- ![owasp logo](https://owasp.org/assets/images/logo.png) -The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub] - +{{- end }} +{{- define "extra.chartDeploymentSection" -}} ## Deployment -The AMASS scanType can be deployed via helm: +The {{ template "chart.name" . }} `scanType` can be deployed via helm: ```bash -helm upgrade --install amass secureCodeBox/amass +helm upgrade --install {{ template "chart.name" . }} secureCodeBox/{{ template "chart.name" . }} ``` +{{- end }} + +{{- define "extra.dockerDeploymentSection" -}} +## Supported Tags +- `latest` (represents the latest stable release build) +- tagged releases, e.g. `{{ template "chart.appVersion" . }}` +- `unstable` (represents the latest unstable build from the master branch. Not recommended for production systems) +{{- end }} + +{{- define "extra.scannerAboutSection" -}} +## What is OWASP Amass? +The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub]. +{{- end }} + +{{- define "extra.scannerConfigurationSection" -}} ## Scanner Configuration The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. @@ -34,13 +55,10 @@ Special command line options: - Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` - Disable saving data into a local database `amass enum -nolocaldb -d example.com` - Domain names separated by commas (can be used multiple times) `amass enum -d example.com` +{{- end }} -{{ template "extra.licenceSection" . }} - -{{ template "extra.contributionSection" . }} - -{{ template "extra.communitySection" . }} - +{{- define "extra.scannerLinksSection" -}} [owasp_amass_project]: https://owasp.org/www-project-amass/ [amass github]: https://github.com/OWASP/Amass [amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md +{{- end }} \ No newline at end of file From 1c20a8ce142e2b5defde31b7e6d285f4e2baf66b Mon Sep 17 00:00:00 2001 From: rseedorff Date: Tue, 8 Jun 2021 08:32:12 +0000 Subject: [PATCH 20/65] Updating Helm Docs --- demo-apps/bodgeit/README.md | 29 +- demo-apps/dummy-ssh/README.md | 10 +- demo-apps/http-webhook/README.md | 20 +- demo-apps/juice-shop/README.md | 7 +- demo-apps/old-wordpress/README.md | 9 +- demo-apps/swagger-petstore/README.md | 9 +- demo-apps/unsafe-https/README.md | 11 +- hooks/declarative-subsequent-scans/README.md | 124 +---- hooks/finding-post-processing/README.md | 59 +-- hooks/generic-webhook/README.md | 36 +- hooks/notification-hook/README.md | 216 +-------- hooks/persistence-defectdojo/README.md | 133 +----- hooks/persistence-elastic/README.md | 43 +- hooks/teams-webhook/README.md | 49 +- hooks/update-field/README.md | 25 +- operator/README.md | 38 +- scanners/amass/README.md | 77 +-- scanners/angularjs-csti-scanner/README.md | 139 +----- scanners/git-repo-scanner/README.md | 70 +-- scanners/gitleaks/README.md | 134 +----- scanners/kube-hunter/README.md | 40 +- scanners/kubeaudit/README.md | 37 +- scanners/ncrack/README.md | 181 +------- scanners/nikto/README.md | 58 +-- scanners/nmap/README.md | 91 +--- scanners/screenshooter/README.md | 55 ++- scanners/ssh-scan/README.md | 71 +-- scanners/sslyze/README.md | 138 +----- scanners/test-scan/README.md | 25 +- scanners/trivy/README.md | 42 +- scanners/wpscan/README.md | 79 +--- scanners/zap-advanced/README.md | 464 +------------------ scanners/zap/README.md | 67 +-- 33 files changed, 500 insertions(+), 2086 deletions(-) diff --git a/demo-apps/bodgeit/README.md b/demo-apps/bodgeit/README.md index 8837eb2689..2f2b0e37b4 100644 --- a/demo-apps/bodgeit/README.md +++ b/demo-apps/bodgeit/README.md @@ -1,27 +1,23 @@ ---- -title: "Bodgeit" -category: "target" -type: "Website" -state: "released" -appVersion: "v1.4.0" -usecase: "Vulnerable WebApp based on html serverside rendering" ---- +# bodgeit -# Bodgeit +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.4.0](https://img.shields.io/badge/AppVersion-v1.4.0-informational?style=flat-square) -![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.4.0](https://img.shields.io/badge/AppVersion-v1.4.0-informational?style=flat-square) - -The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing. -BodgeIt Store is a serverside rendering based html website without any heavy javascript. +The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing **Homepage:** +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | securecodebox@iteratec.com | | + ## Source Code -* +* * -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -47,3 +43,6 @@ BodgeIt Store is a serverside rendering based html website without any heavy jav | service.port | int | `8080` | | | service.type | string | `"ClusterIP"` | | | tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/dummy-ssh/README.md b/demo-apps/dummy-ssh/README.md index bd073e22eb..39a8eca66c 100644 --- a/demo-apps/dummy-ssh/README.md +++ b/demo-apps/dummy-ssh/README.md @@ -1,9 +1,8 @@ # dummy-ssh -![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) -Vulnerable SSH Server for scan testing. -Port 22: Username root, Password: THEPASSWORDYOUCREATED +SSH Server for scan testing. **Homepage:** @@ -17,7 +16,7 @@ Port 22: Username root, Password: THEPASSWORDYOUCREATED * -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -38,3 +37,6 @@ Port 22: Username root, Password: THEPASSWORDYOUCREATED | service.port | int | `22` | | | service.type | string | `"ClusterIP"` | | | tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/http-webhook/README.md b/demo-apps/http-webhook/README.md index 41b6d1264e..1a94a5a02d 100644 --- a/demo-apps/http-webhook/README.md +++ b/demo-apps/http-webhook/README.md @@ -1,23 +1,10 @@ # http-webhook -![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) A Dummy webserver to echo HTTP requests in log -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| iteratec GmbH | securecodebox@iteratec.com | | - -## Source Code - -* -* - -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -51,3 +38,6 @@ A Dummy webserver to echo HTTP requests in log | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/juice-shop/README.md b/demo-apps/juice-shop/README.md index b9caa98c32..6500712c5c 100644 --- a/demo-apps/juice-shop/README.md +++ b/demo-apps/juice-shop/README.md @@ -1,6 +1,6 @@ # juice-shop -![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v12.0.2](https://img.shields.io/badge/AppVersion-v12.0.2-informational?style=flat-square) +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v12.7.0](https://img.shields.io/badge/AppVersion-v12.7.0-informational?style=flat-square) OWASP Juice Shop: Probably the most modern and sophisticated insecure web application @@ -17,7 +17,7 @@ OWASP Juice Shop: Probably the most modern and sophisticated insecure web applic * * -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -43,3 +43,6 @@ OWASP Juice Shop: Probably the most modern and sophisticated insecure web applic | service.port | int | `3000` | | | service.type | string | `"ClusterIP"` | | | tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/old-wordpress/README.md b/demo-apps/old-wordpress/README.md index 32bdab2f2d..5365b0c27a 100644 --- a/demo-apps/old-wordpress/README.md +++ b/demo-apps/old-wordpress/README.md @@ -1,8 +1,8 @@ # old-wordpress -![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0](https://img.shields.io/badge/AppVersion-4.0-informational?style=flat-square) +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0](https://img.shields.io/badge/AppVersion-4.0-informational?style=flat-square) -Insecure & Outdated WordPress Instance: Never expose it to the internet! +Insecure & Outdated Wordpress Instance: Never expose it to the internet! **Homepage:** @@ -16,7 +16,7 @@ Insecure & Outdated WordPress Instance: Never expose it to the internet! * -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -37,3 +37,6 @@ Insecure & Outdated WordPress Instance: Never expose it to the internet! | service.port | int | `80` | | | service.type | string | `"ClusterIP"` | | | tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/swagger-petstore/README.md b/demo-apps/swagger-petstore/README.md index c75ac9ea36..46a8b3747c 100644 --- a/demo-apps/swagger-petstore/README.md +++ b/demo-apps/swagger-petstore/README.md @@ -1,8 +1,8 @@ # swagger-petstore -![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square) -This is the sample petstore application with a restful API. +This is the sample petstore application **Homepage:** @@ -17,7 +17,7 @@ This is the sample petstore application with a restful API. * * -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -44,3 +44,6 @@ This is the sample petstore application with a restful API. | service.type | string | `"ClusterIP"` | | | swaggerHostOverride | string | `"http://swagger-petstore.demo-apps.svc"` | | | tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/demo-apps/unsafe-https/README.md b/demo-apps/unsafe-https/README.md index 56baf2dc13..98fc1d49a7 100644 --- a/demo-apps/unsafe-https/README.md +++ b/demo-apps/unsafe-https/README.md @@ -1,10 +1,8 @@ # unsafe-https -![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) -Unsafe https Server for SSL Checking. -Can be used for scanners that check for unsafe ssl certificates, as the server uses a self-signed certificate -which contains both private and public key and is not authorized by a third party. +Self-signed https Server for scan testing. **Homepage:** @@ -18,7 +16,7 @@ which contains both private and public key and is not authorized by a third part * -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -39,3 +37,6 @@ which contains both private and public key and is not authorized by a third part | service.port | int | `443` | | | service.type | string | `"ClusterIP"` | | | tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/declarative-subsequent-scans/README.md b/hooks/declarative-subsequent-scans/README.md index 72ff3e16c7..831594360c 100644 --- a/hooks/declarative-subsequent-scans/README.md +++ b/hooks/declarative-subsequent-scans/README.md @@ -1,124 +1,32 @@ ---- -title: "Cascading Scans" -category: "hook" -type: "processing" -state: "released" -usecase: "Cascading Scans based declarative Rules." ---- +# declarative-subsequent-scans - +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -## Deployment +Starts possible subsequent security scans based on findings (e.g. open ports found by NMAP or subdomains found by AMASS). -Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans. +**Homepage:** -```bash -helm upgrade --install dssh secureCodeBox/declarative-subsequent-scans -``` +## Maintainers -### Verification -```bash -kubectl get ScanCompletionHooks -NAME TYPE IMAGE -dssh ReadOnly docker.io/securecodebox/hook-declarative-subsequent-scans:latest -``` +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -## CascadingScan Rules -The CascadingRules are included directly in each helm chart of the individual scanners. -There is a configuration option `cascadingRules.enabled` for each scanner to prevent this inclusion. +## Source Code -```bash -# Check your CascadingRules -kubectl get CascadingRules -NAME STARTS INVASIVENESS INTENSIVENESS -https-tls-scan sslyze non-invasive light -imaps-tls-scan sslyze non-invasive light -nikto-http nikto non-invasive medium -nmap-smb nmap non-invasive light -pop3s-tls-scan sslyze non-invasive light -smtps-tls-scan sslyze non-invasive light -ssh-scan ssh-scan non-invasive light -zap-http zap-baseline-scan non-invasive medium -``` +* -## Starting a cascading Scan -When you start a normal Scan, no CascadingRule will be applied. To use a _CascadingRule_ the scan must be marked to allow cascading rules. -This is implemented using kubernetes label selectors, meaning that scans mark the classes of scans which are allowed to be cascaded by the current one. +## Requirements -### Example -```yaml -cat <=v1.11.0-0` -This Scan will use all CascadingRules which are labeled with a "light" intensity. -You can lookup which CascadingRules this selects by running: - -```bash -kubectl get CascadingRules -l "securecodebox.io/intensive=light" -NAME STARTS INVASIVENESS INTENSIVENESS -https-tls-scan sslyze non-invasive light -imaps-tls-scan sslyze non-invasive light -nmap-smb nmap non-invasive light -pop3s-tls-scan sslyze non-invasive light -smtps-tls-scan sslyze non-invasive light -ssh-scan ssh-scan non-invasive light -``` - -The label selectors also allow the more powerful matchExpressions selectors: - -```yaml -cat < +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -## Deployment +Lets you add or override a field to every finding that meets specified conditions -Installing the _Finding Post Processing_ hook will add a ReadAndWrite Hook to your namespace, -which can be used to add or update fields from your findings meeting specified conditions. +**Homepage:** -```bash -helm upgrade --install fpp secureCodeBox/finding-post-processing -``` +## Maintainers -## Rule Configuration +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -The rules can be defined in the values of the Chart. -The syntax and semantic for these rules are quite similar to CascadingRules (See: [secureCodeBox | CascadingRules](/docs/api/crds/cascading-rule)) -To define Rules you will have to provide the `rules` field with one or more `matches` elements. -Each `machtes` defines one Rule. -For example: +## Source Code -```yaml -rules: - - matches: - anyOf: - - category: "Open Port" - attributes: - port: 23 - state: open - override: - severity: "high" - description: "Telnet is bad" -``` +* -This Rule will match all Findings with an open port on 23 and override the severity for this finding with `high` as well as providing a new description `Telnet is bad`. +## Requirements -### matches +Kubernetes: `>=v1.11.0-0` -Within the `matches` you will have to provide `anyOf` and `override`. -In the `anyOff` contains one or more conditions to be met by the finding to match the rule. -Notice that only one of these elements needs to match the finding for the rule to match. - -### override - -The `override` field specifies the desired fields and values that need to be updated or added if the rule is matching. - -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -58,3 +28,6 @@ The `override` field specifies the desired fields and values that need to be upd | image.repository | string | `"docker.io/securecodebox/finding-post-processing"` | Hook image repository | | image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | | rules | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/generic-webhook/README.md b/hooks/generic-webhook/README.md index 70c291b2b3..0d007ce5b2 100644 --- a/hooks/generic-webhook/README.md +++ b/hooks/generic-webhook/README.md @@ -1,23 +1,26 @@ ---- -title: "Generic WebHook" -category: "hook" -type: "integration" -state: "released" -usecase: "Publishes Scan Findings as WebHook." ---- +# generic-webhook - +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -## Deployment +Lets you send http webhooks after scans are completed -Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace. +**Homepage:** -```bash -helm upgrade --install gwh secureCodeBox/generic-webhook --set webhookUrl="http://example.com/my/webhook/target" -``` -> ✍ This documentation is currently work-in-progress. +## Maintainers -## Chart Configuration +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -25,3 +28,6 @@ helm upgrade --install gwh secureCodeBox/generic-webhook --set webhookUrl="http: | image.repository | string | `"docker.io/securecodebox/generic-webhook"` | Hook image repository | | image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | | webhookUrl | string | `"http://example.com"` | The URL of your WebHook endpoint | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/notification-hook/README.md b/hooks/notification-hook/README.md index b684b0ab04..40a036ce6f 100644 --- a/hooks/notification-hook/README.md +++ b/hooks/notification-hook/README.md @@ -1,215 +1,14 @@ ---- -title: "Notification Hook" -category: "hook" -type: "integration" -state: "roadmap" -usecase: "Publishes Scan Summary to MS Teams, Slack and others." ---- +# notification-hook - +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -## Deployment +Lets you send a findings result summary as hook to MS Teams, Slack, e-mail and others after a scan is completed. -Installing the Notification hook will add a ReadOnly Hook to your namespace. +## Requirements -```bash -helm upgrade --install nwh ./hooks/notification-hook/ --values /path/to/your/values" -``` +Kubernetes: `>=v1.11.0-0` -The `values.yaml` you need depends on the notification type you want to use. -Please take a look at the documentation for each type (e.g. for slack see [Configuration of a Slack Notification](#configuration-o-a-slack-notification)) - -## Available Notifier - -- [Slack](#configuration-of-a-slack-notification) -- [Slack App](#configuration-of-a-slack-app-notification) -- [Email](#configuration-of-an-email-notification) - -## Configuration of a Notification - -The general configuration of a notification looks something like this - -```yaml -notificationChannels: - - name: slack - type: slack - template: slack-messageCard - rules: - - matches: - anyOf: - - category: "Open Port" - endPoint: "SOME_ENV" - -env: - - name: SOME_ENV - valueFrom: - secretRefKey: - secret: some-secret - key: some-key -``` - -The Notification Hook enables you to define multiple so called `notificationChannels`. A `notificationChannel` defines the Notification to a specific platform (e.g. Slack or Teams). - -The `name` is used to for debugging failing notifications. -it can be a _string_ of you choice. - -The `type` specifies the type of the notification (in this example slack). -Currently `slack` is the only available type, but we are working on others (e.g. MS Teams or email) as well. - -The `template` field defines the name of a Nunjucks template to send to your notification channel. -These templates are usually tied to their notification channel (slack templates will not work for teams). -The template `slack-messageCard` is provided by default. -Notice that for the name of the template we chose to omit the file type. -The template `slack-messageCard` will point to `slack-messageCard.njk` in the filesystem of the hook. - -The `endPoint` specifies where the notification has to go to. -To protect the actual endPoint (e.g. a webhook url) this should point to an env name defined under `env` -For slack this would be your webhook URL to slack. - -To define conditions when a notification should be created you can use `rules`. -If no rules are specified, this hook will assume that you always want to be notified. - -Under `env` you have to define additional information needed for your templates such as the actual endpoint. -`env` will be mapped to the `env` implementation of Kubernetes. -This means that you can define key-value pairs as well as providing envs via secrets (See [Define Environment Variables for a Container | Kubernetes](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)). - -### Rule Configuration - -The rules can be defined in the values of the Chart. -The syntax and semantic for these rules are quite similar to CascadingRules (See: [secureCodeBox | CascadingRules](/docs/api/crds/cascading-rule)) -To define Rules you will have to provide the `rules` field with one or more `matches` elements. -Each `machtes` defines one Rule. -For example: - -```yaml -rules: - - matches: - anyOf: - - category: "Open Port" - attributes: - port: 23 - state: open -``` - -This Rule will match all Findings with an open port on 23. - -#### matches - -Within the `matches` you will have to provide `anyOf` -`anyOf` contains one or more conditions to be met by the finding to match the rule. -Notice that only one of these elements needs to match the finding for the rule to match. - -### Configuration of a Slack Notification - -To configure a Slack notification set the `type` to `slack` and the `endPoint` to point to your env containing your Webhook URL to slack. -You can use one of the following default templates: - -- `slack-messageCard`: Sends a message with a summary listing the number of findings per category and severity. -- `slack-individual-findings-with-defectdojo`: Sends a message with a list of all findings with a link to the finding in DefectDojo. Will only work correctly if the DefectDojo hook is installed in the same namespace. - -### Configuration of a Slack App Notification - -The `slack-app` notifier is an _alternate_ way to send notifications to slack using the slack api directly rather then using webhooks. -Use `slack-app` over the normal `slack` if you want to send notifications into different slack channels on a per scan basis. - -#### Slack App Configuration - -To set it up, you'll need to create a new slack app at [https://api.slack.com/apps/](https://api.slack.com/apps/) and add the `chat:write` "Bot Token Scope" to it on the "OAuth & Permissions" tab. Then add the bot to your workspace, this will give you the access token (should begin with a `xoxb-`). - -To configure a Slack notification set the `type` to `slack-app` and reference the secret via the `SLACK_APP_TOKEN` env var. - -#### Example Config - -```yaml -notificationChannels: - - name: slack - type: slack-app - template: slack-messageCard - rules: [] - -env: - # you can create the secret via: kubectl create secret generic slack-app-token --from-literal="token=xoxb-..." - - name: SLACK_APP_TOKEN - valueFrom: - secretKeyRef: - name: slack-app-token - key: token - # configures which channel the messages are send to if the scan doesn't specify a channel - - name: SLACK_DEFAULT_CHANNEL - value: "#example-channel" -``` - -#### Supported Notification Channels - -The `slack-app` notifier supports the same message templates as the `slack` notifier. -See [slack](#configuration-of-a-slack-notification) for the supported message types. - -#### Scan / Channel Config - -You can configure to which channel the message is sent to by setting the `notification.securecodebox.io/slack-channel` to the channel the message should be sent to, the following example will send its notifications to the `#juice-shop-dev` channel in the slack workspace of the configured token. - -> Note: The channel needs to have the app you've create invited to it. Otherwise the app will not be permitted to write to it. - -```yaml -apiVersion: "execution.securecodebox.io/v1" -kind: Scan -metadata: - name: "nmap-juice-shop" - annotations: - notification.securecodebox.io/slack-channel: "#juice-shop-dev" -spec: - scanType: "nmap" - parameters: - - juice-shop.default.svc -``` - -### Configuration Of An Email Notification - -To configure an email notification set the `type` to `email` and the `endPoint` to point to your env containing your target email address. -You can use one of the following default templates: - -- `email`: Sends a email with a summary listing the number of findings per category and severity. - -Additional to this configuration you will have to provide a special smtp configuration URL. -This config reflects the transporter configuration of nodemailer (See [nodemailer | SMTP Transport](https://nodemailer.com/smtp/)). -This configuration needs to be specified under `env` in the values yaml. -The identifier for this config has to be `SMTP_CONFIG`. -A basic configuration could look like this: - -``` -... -env: - - name: SMTP_CONFIG - value: "smtp://user@domain.tld:pass@smtp.domain.tld/" -``` - -To provide a custom `from` field for your email you can specify `EMAIL_FROM` under env. -For example: - -``` -env: - - name: SMTP_CONFIG - value: "smtp://user@domain.tld:pass@smtp.domain.tld/" - - name: EMAIL_FROM - value: secureCodeBox -``` - -## Custom Message Templates - -CAUTION: Nunjucks templates allow code to be injected! Use templates from trusted sources only! - -The Notification Hook enables you to write your own message templates if the templates provided by default are not sufficient. -Templates for this hook are written using the [Nunjucks](https://mozilla.github.io/nunjucks/) templating engine. - -To fill your template with data we provide the following objects. - -| object | Details | -| -------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | -| findings | An array of the findings matching your rules (See [Finding | secureCodeBox](https://docs.securecodebox.io/docs/api/finding) | -| scan | An Object containing information about the scan that triggered the notification (See [Scan | secureCodeBox](https://docs.securecodebox.io/docs/api/crds/scan) | -| args | contains `process.env` (See: [process.env | nodejs](https://nodejs.org/api/process.html#process_process_env)) you can use this to access data defined in `env` of the `values.yaml` | - -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -230,3 +29,6 @@ To fill your template with data we provide the following objects. | notificationChannels[0].rules[0].matches.anyOf[0].category | string | `"Open Port"` | | | notificationChannels[0].template | string | `"slack-messageCard"` | | | notificationChannels[0].type | string | `"slack"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md index 12e39ebe3b..25e4d7bfab 100644 --- a/hooks/persistence-defectdojo/README.md +++ b/hooks/persistence-defectdojo/README.md @@ -1,130 +1,26 @@ ---- -title: "DefectDojo" -category: "hook" -type: "persistenceProvider" -state: "released" -usecase: "Publishes all Scan Reports to OWASP DefectDojo." ---- +# persistence-defectdojo -## About +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.0](https://img.shields.io/badge/AppVersion-1.12.0-informational?style=flat-square) -The DefectDojo hook imports the reports from scans automatically into [OWASP DefectDojo](https://www.defectdojo.org/). -The hook uses the import scan [API from DefectDojo](https://defectdojo.readthedocs.io/en/latest/api-v2-docs.html) to import the scan results. +The defectdojo persistence provider persists secureCodeBox scan results into defectdojo. -This means that only scan types are supported by the hook which are both supported by the secureCodeBox and DefectDojo. -These are: +**Homepage:** -- Nmap -- ZAP (Baseline, API Scan and Full Scan) -- SSLyze -- Trivy -- Gitleaks +## Maintainers -:::caution +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -Nikto is currently **not** supported even though it's supported by the secureCodeBox and DefectDojo as the secureCodeBox -uses the Nikto JSON format while DefectDojo uses the XML format. +## Source Code -::: +* -After uploading the results to DefectDojo, it will use the findings parsed by DefectDojo to overwrite the -original secureCodeBox findings identified by the parser. This lets you access the finding metadata like the false -positive and duplicate status from DefectDojo in further ReadOnly hooks, e.g. send out Slack notification -for non-duplicate & non-false positive findings only. +## Requirements -:::caution +Kubernetes: `>=v1.11.0-0` -Be careful when using the DefectDojo Hook in combination with other ReadAndWrite hooks. The secureCodeBox currently has -no way to guarantee that one ReadAndWrite hook gets executed before another ReadAndWrite hook. This can lead to -"lost update" problems as the DefectDojo hook will overwrite all findings, which disregards the results of previously -run ReadAndWrite hooks. -ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks. -::: - -## Runtime Configuration - -The hook will automatically import the scan results into an engagement in DefectDojo. -If the engagement doesn't exist the hook will create the engagement (CI/CD engagement) and all objects required for it -(product & product type). - -You don't need any configuration for that to work, the hook will infer engagement & product names from the scan name. -If you want more control over the names or add additional meta information like the version of the tested software you -can add these via annotation to the scan. See examples below. - -| Scan Annotation | Description | Default if not set | Notes | -| ------------------------------------------------------------------ | -------------------------- | -------------------------------------------------------------------- | ------------------------------------------------------------------------------------- | -| `defectdojo.securecodebox.io/product-type-name` | Name of the Product Type | Product Type with ID 1 (typically "Research and Development") | Product Type will be automatically created if no Product Type under that name exists | -| `defectdojo.securecodebox.io/product-name` | Name of the Product | ScheduledScan Name if Scheduled, Scan Name if it's a standalone Scan | Product will be automatically created if no Product under that name exists | -| `defectdojo.securecodebox.io/product-description` | Description of the Product | Empty String | Only used when creating the Product not used for updating | -| `defectdojo.securecodebox.io/product-tags` | Product Tags | Nothing | Only used when creating the Product not used for updating | -| `defectdojo.securecodebox.io/engagement-name` | Name of the Engagement | Scan Name | Will be automatically created if no *engagement* with that name **and** version exists | -| `defectdojo.securecodebox.io/engagement-version` | Engagement Version | Nothing | | -| `defectdojo.securecodebox.io/engagement-deduplicate-on-engagement` | Deduplicate On Engagement | false | Only used when creating the Engagement not used for updating | -| `defectdojo.securecodebox.io/engagement-tags` | Engagement Tags | Nothing | Only used when creating the Engagement not used for updating | -| `defectdojo.securecodebox.io/test-title` | Test Title | Scan Name | | - -### Simple Example Scans - -This will import the results daily into an engagements called: "zap-juiceshop-$UNIX_TIMESTAMP" (Name of the Scan created daily by the ScheduledScan), in a Product called: "zap-juiceshop" in the default DefectDojo product type. - -```yaml -apiVersion: "execution.securecodebox.io/v1" -kind: ScheduledScan -metadata: - name: "zap-juiceshop" -spec: - interval: 24h - scanSpec: - scanType: "zap-full-scan" - parameters: - - "-t" - - "http://juice-shop.demo-apps.svc:3000" -``` - -### Complete Example Scan - -This will import the results into engagement, product and product type following the labels. -The engagement will be reused by the hook for the daily scans / imports until the engagement version is increased. - -```yaml -apiVersion: "execution.securecodebox.io/v1" -kind: ScheduledScan -metadata: - name: "zap-full-scan-juiceshop" - annotations: - defectdojo.securecodebox.io/product-type-name: "OWASP" - defectdojo.securecodebox.io/product-name: "Juice Shop" - defectdojo.securecodebox.io/product-description: | - OWASP Juice Shop is probably the most modern and sophisticated insecure web application! - It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! - Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! - defectdojo.securecodebox.io/product-tags: vulnerable,appsec,owasp-top-ten,vulnapp - defectdojo.securecodebox.io/engagement-name: "Juice Shop" - defectdojo.securecodebox.io/engagement-version: "v12.6.1" - defectdojo.securecodebox.io/engagement-tags: "automated,daily" - defectdojo.securecodebox.io/engagement-deduplicate-on-engagement: "true" - defectdojo.securecodebox.io/test-title: "Juice Shop - v12.6.1" -spec: - interval: 24h - scanSpec: - scanType: "zap-full-scan" - parameters: - - "-t" - - "http://juice-shop.demo-apps.svc:3000" -``` - -## Deployment - -Installing the DefectDojo persistenceProvider hook will add a _ReadOnly Hook_ to your namespace. - -```bash -kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..." - -helm upgrade --install dd secureCodeBox/persistence-defectdojo \ - --set="defectdojo.url=https://defectdojo-django.default.svc" -``` - -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -136,3 +32,6 @@ helm upgrade --install dd secureCodeBox/persistence-defectdojo \ | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | | image.repository | string | `"docker.io/securecodebox/persistence-defectdojo"` | Hook image repository | | image.tag | string | `nil` | Container image tag | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/persistence-elastic/README.md b/hooks/persistence-elastic/README.md index e3df2d59c4..a6e66fb0a1 100644 --- a/hooks/persistence-elastic/README.md +++ b/hooks/persistence-elastic/README.md @@ -1,31 +1,31 @@ ---- -title: "Elasticsearch" -category: "hook" -type: "persistenceProvider" -state: "released" -usecase: "Publishes all Scan Findings to Elasticsearch." ---- +# persistence-elastic - +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.9.2](https://img.shields.io/badge/AppVersion-7.9.2-informational?style=flat-square) -## About -The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit [elastic.io]. +The elastic persistence provider persists secureCodeBox findings into the elastic stack. -## Deployment +**Homepage:** -Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace. +## Maintainers -```bash -helm upgrade --install elkh secureCodeBox/persistence-elastic -``` +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -## Elasticsearch Indexing +## Source Code -For the elasticsearch `indexSuffix` you can provide a date format pattern. We use [Luxon](https://moment.github.io/luxon/) to format the date. So checkout -the [Luxon documentation](https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens) to see what kind of format patterns you can use for the -`indexSuffix`. Default pattern is `yyyy-MM-dd` +* -## Chart Configuration +## Requirements + +Kubernetes: `>=v1.11.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| https://helm.elastic.co | elasticsearch | 7.9.2 | +| https://helm.elastic.co | kibana | 7.9.2 | + +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -59,4 +59,5 @@ the [Luxon documentation](https://moment.github.io/luxon/docs/manual/formatting. | securityContext | object | `{}` | | | tolerations | list | `[]` | | -[elastic.io]: https://www.elastic.co/products/elasticsearch +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/teams-webhook/README.md b/hooks/teams-webhook/README.md index 763f6dc250..6976b3af97 100644 --- a/hooks/teams-webhook/README.md +++ b/hooks/teams-webhook/README.md @@ -1,20 +1,39 @@ ---- -title: "MS Teams WebHook" -category: "hook" -type: "integration" -state: "roadmap" -usecase: "Publishes Scan Summary to MS Teams." ---- +# teams-webhook - +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -## Deployment +Lets you send a findings result summary as webhook to MS Teams, after a scan is completed. -Installing the Teams WebHook hook will add a ReadOnly Hook to your namespace. +**Homepage:** -> 🔧 The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized. +## Maintainers -```bash -helm upgrade --install twh ./hooks/teams-webhook/ --set notification.url="http://example.com/my/webhook/target" -``` -> ✍ This documentation is currently work-in-progress. +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| hookJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | +| image.repository | string | `"docker.io/securecodebox/teams-webhook"` | Hook image repository | +| image.tag | string | defaults to the charts version | Image tag | +| notification.rules | list | `[]` | A optional rule definition that can be used to describe in wich case a notification must be fired. If not defined / empty each scan result will be notified. | +| notification.template | string | `"messageCard"` | The MS Teams message template that should be used [messageCard | adaptiveCard]. | +| notification.url | string | `"http://example.com"` | The URL of your WebHook endpoint | +| vulnerabilityManagement.enabled | bool | `false` | | +| vulnerabilityManagement.findingsUrl | string | `"https://your-kibana-service.url/your-dashboard-path/filter:{{uid}}"` | | +| vulnerabilityManagement.name | string | `"Kibana Dashboard"` | | +| vulnerabilityManagement.url | string | `"https://your-kibana-service.url/your-dashboard-path"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/hooks/update-field/README.md b/hooks/update-field/README.md index 93e529d2e9..5b543cbfa2 100644 --- a/hooks/update-field/README.md +++ b/hooks/update-field/README.md @@ -1,24 +1,14 @@ ---- -title: "Update Field" -category: "hook" -type: "dataProcessing" -state: "released" -usecase: "Updates fields in finding results." ---- +# update-field-hook - +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -## Deployment +Lets you add or override a field to every finding -Installing the _Update Field_ hook will add a ReadAndWrite Hook to your namespace, which can be used to add or update fields from your findings. +## Requirements -```bash -helm upgrade --install ufh secureCodeBox/update-field --set attribute.name="category" --set attribute.value="my-own-category" -``` +Kubernetes: `>=v1.11.0-0` -> ✍ This documentation is currently work-in-progress. - -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -27,3 +17,6 @@ helm upgrade --install ufh secureCodeBox/update-field --set attribute.name="cate | hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | | image.repository | string | `"docker.io/securecodebox/update-field"` | Hook image repository | | image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/operator/README.md b/operator/README.md index 96a4256c4e..c695419374 100644 --- a/operator/README.md +++ b/operator/README.md @@ -1,23 +1,30 @@ -![operator logo](https://docs.securecodebox.io/img/Logo_Color.svg) +# operator -The secureCodeBox operator is running on Kubernetes and is the core component of the complete secureCodeBox stack, responsible for managing all scans and resources. +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) - +secureCodeBox Operator to automate the execution of security scans on kubernetes -## Deployment +**Homepage:** -The secureCodeBox Operator can be deployed via helm: +## Maintainers -```bash -# Add the secureCodeBox Helm Repo -helm repo add secureCodeBox https://charts.securecodebox.io -# Create a new namespace for the secureCodeBox Operator -kubectl create namespace securecodebox-system -# Install the Operator & CRDs -helm install securecodebox-operator secureCodeBox/operator -``` +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -## Chart Configuration +## Source Code + +* + +## Requirements + +Kubernetes: `>=v1.11.0-0` + +| Repository | Name | Version | +|------------|------|---------| +| https://helm.min.io/ | minio | 7.1.2 | + +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -57,3 +64,6 @@ helm install securecodebox-operator secureCodeBox/operator | serviceAccount.labels | object | `{}` | Labels of the serviceAccount the operator uses to talk to the k8s api | | serviceAccount.name | string | `"securecodebox-operator"` | Name of the serviceAccount the operator uses to talk to the k8s api | | telemetryEnabled | bool | `true` | The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 5aeb65dc2f..0f0bd1356e 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -1,62 +1,20 @@ ---- -title: "amass" -category: "scanner" -type: "Network" -state: "released" -appVersion: "v3.13" -usecase: "Subdomain Enumeration Scanner" ---- +# amass -![owasp logo](https://owasp.org/assets/images/logo.png) +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.13](https://img.shields.io/badge/AppVersion-v3.13-informational?style=flat-square) -

- License Apache-2.0 - GitHub release (latest SemVer) - OWASP Incubator Project - Artifact HUB - Twitter Follower -

+A Helm chart for the Amass security scanner that integrates with the secureCodeBox. -## What is OWASP Amass? +**Homepage:** -The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub]. +## Maintainers -## Deployment +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -The amass `scanType` can be deployed via helm: +## Source Code -```bash -helm upgrade --install amass secureCodeBox/amass -``` - -## Scanner Configuration - -The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. - -- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` -- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` - -Special command line options: - -- Disable generation of altered names `amass enum -noalts -d example.com` -- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` -- Disable saving data into a local database `amass enum -nolocaldb -d example.com` -- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` - -## Contributing - -Contributions are welcome and extremely helpful 🙌 -Please have a look at [Contributing](./CONTRIBUTING.md) - -## Community - -You are welcome, please join us on... 👋 - -- [GitHub][scb-github] -- [Slack][scb-slack] -- [Twitter][scb-twitter] - -secureCodeBox is an official [OWASP][owasp] project. +* ## Requirements @@ -80,16 +38,5 @@ Kubernetes: `>=v1.11.0-0` | scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -## License - -Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license]. - -[owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox -[scb-github]: https://github.com/secureCodeBox/ -[scb-engine]: https://github.com/secureCodeBox/engine -[scb-twitter]: https://twitter.com/secureCodeBox -[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU -[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE -[owasp_amass_project]: https://owasp.org/www-project-amass/ -[amass github]: https://github.com/OWASP/Amass -[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/angularjs-csti-scanner/README.md b/scanners/angularjs-csti-scanner/README.md index 4cba60c1a6..a0f006eb43 100644 --- a/scanners/angularjs-csti-scanner/README.md +++ b/scanners/angularjs-csti-scanner/README.md @@ -1,136 +1,26 @@ ---- -title: "Angularjs CSTI Scanner" -category: "scanner" -type: "Repository" -state: "in progress" -usecase: "Find AngularJS websites vulnerable to template injections" ---- +# angularjs-csti-scanner -![acstis logo](https://rawgit.com/tijme/angularjs-csti-scanner/master/.github/logo.svg?pypi=png.from.svg) +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.6](https://img.shields.io/badge/AppVersion-3.0.6-informational?style=flat-square) -AngularJS Client-Side Template Injection Scanner (acstis) is an open source scanner for -finding possible template injection vulnerabilities on websites using AngularJS. +A Helm chart for the angularjs csti scanner that integrates with the secureCodeBox. -For more information visit the projects GitHub site +**Homepage:** -## Deployment +## Maintainers -The acstis scanner can be deployed with helm: +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -```bash -helm upgrade --install acstis secureCodeBox/acstis -``` +## Source Code -## Scanner configuration +* -The only mandatory parameter is: -- `-d`: The url to scan (e.g. https://angularjs.org/). +## Requirements -Optional arguments: +Kubernetes: `>=v1.11.0-0` -```bash --c, --crawl use the crawler to scan all the entire domain --vp, --verify-payload use a javascript engine to verify if the payload was executed (otherwise false positives may occur) --av ANGULAR_VERSION, --angular-version ANGULAR_VERSION manually pass the angular version (e.g. 1.4.2) if the automatic check doesn't work --vrl VULNERABLE_REQUESTS_LOG, --vulnerable-requests-log VULNERABLE_REQUESTS_LOG log all vulnerable requests to this file (e.g. /var/logs/acstis.log or urls.log) --siv, --stop-if-vulnerable (crawler option) stop scanning if a vulnerability was found --pmm, --protocol-must-match (crawler option) only scan pages with the same protocol as the starting point (e.g. only https) --sos, --scan-other-subdomains (crawler option) also scan pages that have another subdomain than the starting point --soh, --scan-other-hostnames (crawler option) also scan pages that have another hostname than the starting point --sot, --scan-other-tlds (crawler option) also scan pages that have another tld than the starting point --md MAX_DEPTH, --max-depth MAX_DEPTH (crawler option) the maximum search depth (default is unlimited) --mt MAX_THREADS, --max-threads MAX_THREADS (crawler option) the maximum amount of simultaneous threads to use (default is 20) --iic, --ignore-invalid-certificates (crawler option) ignore invalid ssl certificates -``` - -**Do not** override the option `-vrl` or `--vulnerable-requests-log`. It is already configured for automatic findings parsing. - -### Request configuration - -Because *acstis* does not provide command line arguments for configuring the sent requests, -you have to mount a config map into the scan container on a specific location. Your additional config map should be - mounted to `/acstis/config/acstis-config.py`. For example create a config map: - - ```bash -kubectl create configmap --from-file /path/to/my/acstis-config.py acstis-config -``` - -Then, mount it into the container: - -```yaml - volumes: - - name: "acstis-config" - configMap: - name: "acstis-config" - volumeMounts: - - name: "acstis-config" - mountPath: "/acstis/config/" -``` - -#### Configuration options in *acstis-config.py* - -Add the following snippets to the *acstis-config.py* file to enable further options. -The options are python code which will be injected into the *acstis* script before execution. - -**Basic Authentication** -```text -options.identity.auth = HTTPBasicAuth("username", "password") -``` - -**Cookies** -```text -options.identity.cookies.set(name='tasty_cookie', value='yum', domain='finnwea.com', path='/cookies') -options.identity.cookies.set(name='gross_cookie', value='blech', domain='finnwea.com', path='/elsewhere') -``` - -**Headers** -```text -options.identity.headers.update({ - "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36", - "Authorization": "Bearer ey3jafoe.2jefo..." -}) -``` - -**Proxies** -```text -options.identity.proxies = { - # No authentication - # 'http': 'http://host:port', - # 'https': 'http://host:port', - - # Basic authentication - # 'http': 'http://user:pass@host:port', - # 'https': 'https://user:pass@host:port', - - # SOCKS - 'http': 'socks5://user:pass@host:port', - 'https': 'socks5://user:pass@host:port' -} -``` - -**Scope options** -```text -options.scope.protocol_must_match = False - -options.scope.subdomain_must_match = True - -options.scope.hostname_must_match = True - -options.scope.tld_must_match = True - -options.scope.max_depth = None - -options.scope.request_methods = [ - Request.METHOD_GET, - Request.METHOD_POST, - Request.METHOD_PUT, - Request.METHOD_DELETE, - Request.METHOD_OPTIONS, - Request.METHOD_HEAD -] -``` - -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -146,3 +36,6 @@ options.scope.request_methods = [ | scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/git-repo-scanner/README.md b/scanners/git-repo-scanner/README.md index e740240a3d..2e9b456d2b 100644 --- a/scanners/git-repo-scanner/README.md +++ b/scanners/git-repo-scanner/README.md @@ -1,67 +1,26 @@ ---- -title: "git-repo-scanner" -category: "scanner" -type: "Repository" -state: "in progress" -appVersion: "0.1" -usecase: "Discover git repositories" ---- +# git-repo-scanner -Git-Repo-Scanner is a small Python script which discovers repositories on GitHub or GitLab. The main purpose of this scanner -is to provide a cascading input for the [gitleaks](https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners/gitleaks). - scanner. +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) -## Deployment +A Helm chart for the git-repo-scanner that integrates with the secureCodeBox. -The git-repo-scanner can be deployed with helm: +**Homepage:** -```bash -helm upgrade --install gitleaks secureCodeBox/git-repo-scanner -``` +## Maintainers -## Scanner configuration +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -The scanner options can be divided into two groups for Gitlab and GitHub. You can choose the git -repository type with the option: +## Source Code -```bash ---git-type github -or ---git-type Gitlab -``` +* -#### GitHub -For type GitHub you can use the following options: -- `--organization`: The name of the GitHub organization you want to scan. -- `--url`: The url of the api for a GitHub enterprise server. Skip this option for repos on . -- `--access-token`: Your personal GitHub access token. -- `--ignore-repos`: A list of GitHub repository ids you want to ignore -- `--obey-rate-limit`: True to obey the rate limit of the GitHub server (default), otherwise False -- `--activity-since-duration`: Return git repo findings with repo activity (e.g. commits) more recent than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each - with optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'. -- `--activity-until-duration`: Return git repo findings with repo activity (e.g. commits) older than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with - optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'. +## Requirements -For now only organizations are supported, so the option is mandatory. We **strongly recommend** providing an access token -for authentication. If not provided the rate limiting will kick in after about 30 repositories scanned. +Kubernetes: `>=v1.11.0-0` -#### GitLab -For type GitLab you can use the following options: -- `--url`: The url of the GitLab server. -- `--access-token`: Your personal GitLab access token. -- `--group`: A specific GitLab group id you want to san, including subgroups. -- `--ignore-groups`: A list of GitLab group ids you want to ignore -- `--ignore-repos`: A list of GitLab project ids you want to ignore -- `--obey-rate-limit`: True to obey the rate limit of the GitLab server (default), otherwise False -- `--activity-since-duration`: Return git repo findings with repo activity (e.g. commits) more recent than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each - with optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'. -- `--activity-until-duration`: Return git repo findings with repo activity (e.g. commits) older than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with - optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'. - -For Gitlab, the url and the access token is mandatory. If you don't provide a specific group id, all projects -on the Gitlab server are going to be discovered. - -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -78,3 +37,6 @@ on the Gitlab server are going to be discovered. | scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/gitleaks/README.md b/scanners/gitleaks/README.md index 70dd2e477f..2e905e9774 100644 --- a/scanners/gitleaks/README.md +++ b/scanners/gitleaks/README.md @@ -1,131 +1,26 @@ ---- -title: "Gitleaks" -category: "scanner" -type: "Repository" -state: "in progress" -appVersion: "6.1.2" -usecase: "Find potential secrets in repositories" ---- +# gitleaks -![gitleaks logo](https://raw.githubusercontent.com/zricethezav/gifs/master/gitleakslogo.png) +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v7.5.0](https://img.shields.io/badge/AppVersion-v7.5.0-informational?style=flat-square) -Gitleaks is a free and open source tool for finding secrets in git repositories. -These secrets could be passwords, API keys, tokens, private keys or suspicious file names or -file extensions like *id_rsa*, *.pem*, *htpasswd*. Furthermore, gitleaks can scan your whole repository's history -with all commits up to the initial one. +A Helm chart for the gitleaks repository scanner that integrates with the secureCodeBox. -To learn more about gitleaks visit +**Homepage:** -## Deployment +## Maintainers -The gitleaks scanner can be deployed with helm: +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -```bash -# Install HelmChart (use -n to configure another namespace) -helm upgrade --install gitleaks secureCodeBox/gitleaks -``` +## Source Code -## Scanner configuration +* -For a complete overview of the configuration options checkout the -[Gitleaks documentation](https://github.com/zricethezav/gitleaks/wiki/Options). +## Requirements -The only mandatory parameters are: -- `-r`: The link to the repository you want to scan. -- `--access-token`: Only for non-public repositories. -- `--username` and `--password`: Only for non-public repositories. -- `--config-path`: The ruleset you want to use. +Kubernetes: `>=v1.11.0-0` -**Do not** override the option `--report-format` or `--report`. It is already configured for automatic findings parsing. - -## secureCodeBox extended GitLeaks Features - -:::info -If you run gitleaks based on a scheduledScan (e.g. one scan per day) it would be enough to scan all git-commits since the last executed schedule. -Instead of scanning all commits in the complete git history every day it would save a lot of resources to scan only all commits of the last day. - -_Problem is: This is a feature and configuration option gitleaks is currently not supporting._ - -That's why we created an [issue](https://github.com/zricethezav/gitleaks/issues/497) and a [pull request](https://github.com/zricethezav/gitleaks/pull/498) for that. -If you like the idea, please vote for our issue and PR. - -If you already want to use our implementation (fork) of this feature you can use our [gitleaks forked docker image](https://hub.docker.com/r/securecodebox/gitleaks) instead of the gitleaks original image. -::: - -```yaml -# Corresponding HelmChart Configuration -image: - # image.repository -- Container Image to run the scan - repository: docker.io/securecodebox/scanner-gitleaks - # image.tag -- defaults to the charts version - tag: v7.3.0 -``` - -### Deployment with extended GitLeaks -```bash -# Install HelmChart (use -n to configure another namespace) -helm upgrade --install gitleaks secureCodeBox/gitleaks \ - --set="image.repository=docker.io/securecodebox/scanner-gitleaks" \ - --set="image.tag=v7.3.0" -``` - -### Additional (Fork) Scanner configuration options -```bash ---commit-since-duration= Scan commits more recent than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each - with optional fraction and a unit suffix, such as '300ms', '-1.5h' or '2h45m'. Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'. ---commit-until-duration= Scan commits older than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with - optional fraction and a unit suffix, such as '300ms', '-1.5h' or '2h45m'. Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'. -``` - -#### Ruleset - -At this point we provide three rulesets which you can pass to the `--config-path` oprtion: - -- `/home/config_all.toml`: Includes every rule. -- `/home/config_filenames_only.toml`: Gitleaks scans only file names and extensions. -- `/home/config_no_generics.toml`: No generic rules like searching for the word *password*. With this option you won't -find something like **password = Ej2ifDk2jfeo2**, but it will reduce resulting false positives. - -If you like to provide your custom ruleset, you can create a configMap and mount it into -the scan. Checkout the examples for more information about providing your own gitleaks rules config. - -#### Other useful options are: - -- `--commit-since`: Scan commits more recent than a specific date. Ex: '2006-01-02' or '2006-01-02T15:04:05-0700' format. -- `--commit-until`: Scan commits older than a specific date. Ex: '2006-01-02' or '2006-01-02T15:04:05-0700' format. -- `--repo-config`: Load config from target repo. Config file must be ".gitleaks.toml" or "gitleaks.toml". - -#### Finding format - -It is not an easy task to classify the severity of the scans because we can't tell for sure if the finding is e.g. a real -or a testing password. Another issue is that the rate of false positives for generic rules can be very high. Therefore, -we tried to classify the severity of the finding by looking at the accuracy of the rule which detected it. Rules for AWS -secrets or Artifactory tokens are very precise, so they get a high severity. Generic rules on the other hand get a low -severity because the often produce false positives. - -**Please keep in mind that findings with a low severity can be actually -very critical.** - -#### Cascading Rules - -If you want to scan multiple repositories from GitHub or gitlab automatically at once, you should -take a look at the cascading rules which get triggered by the **git-repo-scanner**. -For more information on how to use **git-repo-scanner** checkout the -[Readme](https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners/git-repo-scanner). - -For cascading scans on public GitHub repositories you don't need any credentials. For the gitlab -and private GitHub rules you need to provide an access token via environment. You could do that with -the following commands: - -```bash -kubectl create secret generic github-access-token --from-literal="token=" -kubectl create secret generic gitlab-access-token --from-literal="token=" -``` - -For more information on how to use cascades take a look at -[Scanning Networks Example](https://docs.securecodebox.io/docs/how-tos/scanning-networks/) - -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -143,3 +38,6 @@ For more information on how to use cascades take a look at | scannerJob.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md index 97f6b73375..cb0201ef05 100644 --- a/scanners/kube-hunter/README.md +++ b/scanners/kube-hunter/README.md @@ -1,35 +1,26 @@ ---- -title: "kube-hunter" -category: "scanner" -type: "Kubernetes" -state: "released" -appVersion: "0.3.1" -usecase: "Kubernetes Vulnerability Scanner" ---- +# kube-hunter -kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster that you don't own! +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.1](https://img.shields.io/badge/AppVersion-0.4.1-informational?style=flat-square) -To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or [kube-hunter Website]. +A Helm chart for the kube-hunter security scanner that integrates with the secureCodeBox. - +**Homepage:** -## Deployment +## Maintainers -The kube-hunter ScanType can be deployed via helm: +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -```bash -helm upgrade --install kube-hunter secureCodeBox/kube-hunter -``` +## Source Code -## Scanner Configuration +* -The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples. +## Requirements -* To specify remote machines for hunting, select option 1 or use the --remote option. Example: `kube-hunter --remote some.node.com` -* To specify interface scanning, you can use the --interface option (this will scan all the machine's network interfaces). Example: `kube-hunter --interface` -* To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24` +Kubernetes: `>=v1.11.0-0` -## Chart Configuration +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -48,6 +39,5 @@ The following security scan configuration example are based on the [kube-hunter | scannerJob.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -[kube-hunter Website]: https://kube-hunter.aquasec.com/ -[kube-hunter GitHub]: https://github.com/aquasecurity/kube-hunter -[kube-hunter Documentation]: https://github.com/aquasecurity/kube-hunter#scanning-options +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/kubeaudit/README.md b/scanners/kubeaudit/README.md index db43922726..820d3eaa71 100644 --- a/scanners/kubeaudit/README.md +++ b/scanners/kubeaudit/README.md @@ -1,30 +1,26 @@ ---- -title: "kubeaudit" -category: "scanner" -type: "Kubernetes" -state: "released" -appVersion: "0.15.1" -usecase: "Kubernetes Configuration Scanner" ---- +# kubeaudit -Kubeaudit finds security misconfigurations in you Kubernetes Resources and gives tips on how to resolve these. +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.0](https://img.shields.io/badge/AppVersion-v0.14.0-informational?style=flat-square) -Kubeaudit comes with a large lists of "auditors" which test various aspects, like the SecurityContext of pods. -You can find the complete list of [auditors here](https://github.com/Shopify/kubeaudit/tree/master/docs/auditors). +A Helm chart for the kubeaudit security scanner that integrates with the secureCodeBox. -To learn more about the kubeaudit itself visit [kubeaudit GitHub]. +**Homepage:** - +## Maintainers -## Deployment +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -The kube-hunter ScanType can be deployed via helm: +## Source Code -```bash -helm upgrade --install kubeaudit secureCodeBox/kubeaudit -``` +* -## Chart Configuration +## Requirements + +Kubernetes: `>=v1.11.0-0` + +## Values | Key | Type | Default | Description | |-----|------|---------|-------------| @@ -46,4 +42,5 @@ helm upgrade --install kubeaudit secureCodeBox/kubeaudit | scannerJob.securityContext.runAsNonRoot | bool | `true` | Enforces that the scanner image is run as a non root user | | scannerJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | -[kubeaudit GitHub]: https://github.com/Shopify/kubeaudit/ +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md index 120d9e5551..c20dd3f03d 100644 --- a/scanners/ncrack/README.md +++ b/scanners/ncrack/README.md @@ -1,172 +1,26 @@ ---- -title: "Ncrack" -category: "scanner" -type: "Authentication" -state: "developing" -appVersion: "0.7" -usecase: "Network authentication bruteforcing" ---- +# ncrack -Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts. +![Version: v2.7.0-alpha1](https://img.shields.io/badge/Version-v2.7.0--alpha1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7](https://img.shields.io/badge/AppVersion-0.7-informational?style=flat-square) -To learn more about the Ncrack scanner itself visit [Ncrack GitHub] or [Ncrack Website]. +A Helm chart for the NCRACK security Scanner that integrates with the secureCodeBox. - +**Homepage:** -## Ncrack Deployment & Configuration +## Maintainers -#### Setup with custom files: -If you want to use your own files within the Ncrack scan, you have to create a secret first: +| Name | Email | Url | +| ---- | ------ | --- | +| iteratec GmbH | secureCodeBox@iteratec.com | | -```bash -kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists -``` +## Source Code - IMPORTANT: Use an extra empty line at the end of your files, otherwise the last letter of the last line will be omitted (due to a bug in k8) +* -Now we created a secret named "ncrack-lists". -Before we can use the files, we have to install the Ncrack ScanType: +## Requirements -```bash -cat <=v1.11.0-0` -This enables us now to refer to our files via `/ncrack/` in the scan.yaml. - -For a full example on how to configure Ncrack with your custom files against a ssh service, see the "dummy-ssh" example. - -#### Basic setup (no files can be mounted): - -The Ncrack ScanType can be deployed via helm: - -```bash -helm upgrade --install ncrack secureCodeBox/ncrack -``` - -#### Delete Ncrack ScanType: - -```bash -helm delete ncrack -``` - -## Scanner Configuration - -The following security scan configuration example are based on the [Ncrack Documentation], please take a look at the original documentation for more configuration examples. - -This options summary is printed when Ncrack is run with no arguments. It helps people remember the most common options, but is no substitute for the in-depth documentation in the rest of this manual. - -``` -Ncrack 0.7 ( http://ncrack.org ) -Usage: ncrack [Options] {target and service specification} -TARGET SPECIFICATION: - Can pass hostnames, IP addresses, networks, etc. - Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 - -iX : Input from Nmap's -oX XML output format - -iN : Input from Nmap's -oN Normal output format - -iL : Input from list of hosts/networks - --exclude : Exclude hosts/networks - --excludefile : Exclude list from file -SERVICE SPECIFICATION: - Can pass target specific services in ://target (standard) notation or - using -p which will be applied to all hosts in non-standard notation. - Service arguments can be specified to be host-specific, type of service-specific - (-m) or global (-g). Ex: ssh://10.0.0.10,at=10,cl=30 -m ssh:at=50 -g cd=3000 - Ex2: ncrack -p ssh,ftp:3500,25 10.0.0.10 scanme.nmap.org google.com:80,ssl - -p : services will be applied to all non-standard notation hosts - -m :: options will be applied to all services of this type - -g : options will be applied to every service globally - Misc options: - ssl: enable SSL over this service - path : used in modules like HTTP ('=' needs escaping if used) - db : used in modules like MongoDB to specify the database - domain : used in modules like WinRM to specify the domain -TIMING AND PERFORMANCE: - Options which take