-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added new security scanner: nuclei #605
Conversation
Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
to implement the function by ourself Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
the nuclei-templates for all pods Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com> Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
b668694
to
48031e4
Compare
Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
configuration option Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nicely done :) Would suggest to add integration tests, however.
Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
When I try to install the scanner via helm, I get the following error:
Seems like the value for activeDeadlineSeconds must be set manually before the scanner can be installed. I guess this behavior is not intended? |
Wouldn't the cache volume currently block multiple nuclei scanners from running at the same time? And should the cache volume be filled by something like a CronJob which periodically refreshes the cache and the scans having this volume mounted as readOnly? Also should this be turned on by default, as many storage k8s environments don't support ReadOnlyMany: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes |
@J12934 Yes you are right, in practice this happens sometimes, the nuclei scan then will be executed in a more serialized way, but is is not always the case 🤷🏻♂️ I already tried to find another solution at the nuclei project side, but this will take some time to finish: projectdiscovery/nuclei#895 |
update Job to ensure always up-to-date nuclei templates without hitting the GH ratelimit Signed-off-by: Robert Seedorff <Robert.Seedorff@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
The cache would otherwise be empty untill the first cronjob gets triggered. Untill then every scan would fail. Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pushed some small changes / fixes.
PR is ready to merge now IMO 👍
Description
This PR if applied integrates a new security scanner with the secureCodeBox: nuclei
Checklist
npm test
runs for the whole project.