Build plugins and run

To generate the .so files and run the code, execute the following script

make run

Generate binary and run SMM binary

make build
./smm

Create the distribution build

make dist

Repository scan configuration

and describe the configuration inside repo-details.yml in a structure that looks similar to the following.

name: Repository Details
repository:
  - name: virality
    ecr: xxx.dkr.ecr.us-east-1.amazonaws.com/ci:v1.3.1
    aws:
      log-group-name: playground
      log-stream-name: playground-stream

Passing flags to the binary

./smm  repo -yml=scan-details.yml
  github -token=SECRET_TOKEN -owner=GITHUB_OWNER

Available Plugins

• NODE EOL
• DJANGO EOL
• REACT EOL
• README
• PYTHON EOL
• REPOVULN
  • Uses trivy to scan repos
  • All linked tests run with version 0.38.3
  • GitHub workflow also assumes the above version
  • For the plugin to be able to scan private repositories, value to GITHUB_TOKEN must be provided in the shell that is executing the code. See, test.env for example. This is used internally by trivy as written in the documentation here
• ECRVULN
  • Uses trivy to scan repos
  • All linked tests run with version 0.38.3
  • For the plugin to able to scan private ECR images values to AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_DEFAULT_REGION must be provided in the shell as described in the trivy docs
• LATESTPATCHDJANGO
• LATESTPATCHNODE
• LATESTPATCHPYTHON
• HASLOGGING
  • Uses AWS config stored inside ~/.aws/config or the AWS ENV exported in the shell running the program
• HASJSONLOGGING
  • Uses AWS config stored inside ~/.aws/config or the AWS ENV exported in the shell running the program
• MINCOV
• GOEOL

Description of Maturity Values

MaturityValues are defined here.

To Create a New Plugin

• Create a new directory inside plugins directory
• Implement Check as defined in types/commontypes.go
• Import a variable named Check of type T that implements Check method

Example

To create a plugin named HasAutomatedTests

package main

import "SMM/types"

// HasAutomatedTests creates a custom type
type HasAutomatedTests struct {
}

// Check holds the logic that decides the value of MaturityCheck
func (hat HasAutomatedTests) Check(repoPath string) types.MaturityCheck {
	// Custom Logic Inside the Check Method
	return types.Yes
}

// Check is exported from this plugin file
var Check HasAutomatedTests

Running the plugin

runner.go reads the .so files in all the plugins directory and invokes Check method. It creates a new type ExtendedMaturityCheck with the same underlying type MaturityCheck but adds new methods to check the EOL of the stack.

Working with the configuration variables

To export the environment variables, run

source test.env

test.env will have variables as shown below exported to the shell running the code

export STAGE=test
export TOKEN=
export OWNER=
export NODE=issue-test
export EMPTY=

Running the test cases

To open coverage report along with running the test cases

make test