diff --git a/scanners/amass/README.md b/scanners/amass/README.md index c51df90630..207c5b801c 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -49,6 +49,7 @@ Special command line options: | scanner.extraVolumes | list | `[{"configMap":{"name":"amass-config"},"name":"amass-config"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.image.repository | string | `"caffix/amass"` | Container Image to run the scan | | scanner.image.tag | string | `nil` | defaults to the charts appVersion | +| scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | diff --git a/scanners/amass/templates/amass-scan-type.yaml b/scanners/amass/templates/amass-scan-type.yaml index d7b19b5ead..fb55ed6b0a 100644 --- a/scanners/amass/templates/amass-scan-type.yaml +++ b/scanners/amass/templates/amass-scan-type.yaml @@ -4,7 +4,7 @@ apiVersion: "execution.securecodebox.io/v1" kind: ScanType metadata: - name: "amass" + name: "amass{{ .Values.scanner.nameAppend | default ""}}" spec: extractResults: # amass saves it's result now in json but in "json lines" format diff --git a/scanners/amass/values.yaml b/scanners/amass/values.yaml index 0664e36f5b..7ac9fd6719 100644 --- a/scanners/amass/values.yaml +++ b/scanners/amass/values.yaml @@ -19,6 +19,10 @@ scanner: repository: caffix/amass # scanner.image.tag -- defaults to the charts appVersion tag: null + + # scanner.nameAppend -- append a string to the default scantype name. + nameAppend: null + # scanner.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ ttlSecondsAfterFinished: null # scanner.backoffLimit -- There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) diff --git a/scanners/angularjs-csti-scanner/README.md b/scanners/angularjs-csti-scanner/README.md index 49171a04df..6bf259fcb8 100644 --- a/scanners/angularjs-csti-scanner/README.md +++ b/scanners/angularjs-csti-scanner/README.md @@ -143,6 +143,7 @@ options.scope.request_methods = [ | scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.image.repository | string | `"docker.io/securecodebox/scanner-angularjs-csti-scanner"` | Container Image to run the scan | | scanner.image.tag | string | `nil` | defaults to the charts version | +| scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | diff --git a/scanners/angularjs-csti-scanner/templates/angularjs-csti-scanner-scan-type.yaml b/scanners/angularjs-csti-scanner/templates/angularjs-csti-scanner-scan-type.yaml index a7c0285f95..97552e3917 100644 --- a/scanners/angularjs-csti-scanner/templates/angularjs-csti-scanner-scan-type.yaml +++ b/scanners/angularjs-csti-scanner/templates/angularjs-csti-scanner-scan-type.yaml @@ -5,7 +5,7 @@ apiVersion: "execution.securecodebox.io/v1" kind: ScanType metadata: - name: "angularjs-csti-scanner" + name: "angularjs-csti-scanner{{ .Values.scanner.nameAppend | default ""}}" spec: extractResults: type: acstis-log diff --git a/scanners/angularjs-csti-scanner/values.yaml b/scanners/angularjs-csti-scanner/values.yaml index fe8820b2a1..6abf93370d 100644 --- a/scanners/angularjs-csti-scanner/values.yaml +++ b/scanners/angularjs-csti-scanner/values.yaml @@ -19,6 +19,9 @@ scanner: # scanner.image.tag -- defaults to the charts version tag: null + # scanner.nameAppend -- append a string to the default scantype name. + nameAppend: null + # scanner.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ ttlSecondsAfterFinished: null diff --git a/scanners/git-repo-scanner/README.md b/scanners/git-repo-scanner/README.md index 42b33d1974..5a133090b0 100644 --- a/scanners/git-repo-scanner/README.md +++ b/scanners/git-repo-scanner/README.md @@ -75,6 +75,7 @@ on the Gitlab server are going to be discovered. | scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.image.repository | string | `"docker.io/securecodebox/scanner-git-repo-scanner"` | Container Image to run the scan | | scanner.image.tag | string | `nil` | defaults to the charts version | +| scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | diff --git a/scanners/git-repo-scanner/templates/git-repo-scanner-scan-type.yaml b/scanners/git-repo-scanner/templates/git-repo-scanner-scan-type.yaml index 5707bb6e50..bfdc2be49b 100644 --- a/scanners/git-repo-scanner/templates/git-repo-scanner-scan-type.yaml +++ b/scanners/git-repo-scanner/templates/git-repo-scanner-scan-type.yaml @@ -5,7 +5,7 @@ apiVersion: "execution.securecodebox.io/v1" kind: ScanType metadata: - name: "git-repo-scanner" + name: "git-repo-scanner{{ .Values.scanner.nameAppend | default ""}}" spec: extractResults: type: git-repo-scanner-json diff --git a/scanners/git-repo-scanner/values.yaml b/scanners/git-repo-scanner/values.yaml index 733bb62b2e..1ecdc4b7ca 100644 --- a/scanners/git-repo-scanner/values.yaml +++ b/scanners/git-repo-scanner/values.yaml @@ -21,6 +21,9 @@ scanner: # scanner.image.tag -- defaults to the charts version tag: null + # scanner.nameAppend -- append a string to the default scantype name. + nameAppend: null + # scanner.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ ttlSecondsAfterFinished: null # scanner.backoffLimit -- There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) diff --git a/scanners/gitleaks/README.md b/scanners/gitleaks/README.md index 1db60e3af1..67a5004aa0 100644 --- a/scanners/gitleaks/README.md +++ b/scanners/gitleaks/README.md @@ -140,6 +140,7 @@ For more information on how to use cascades take a look at | scanner.extraVolumes | list | `[{"configMap":{"name":"gitleaks-config"},"name":"gitleaks-config"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.image.repository | string | `"docker.io/securecodebox/scanner-gitleaks"` | Container Image to run the scan | | scanner.image.tag | string | `nil` | defaults to the app version | +| scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | diff --git a/scanners/gitleaks/templates/gitleaks-scan-type.yaml b/scanners/gitleaks/templates/gitleaks-scan-type.yaml index 3bb7fbf643..4c4191b502 100644 --- a/scanners/gitleaks/templates/gitleaks-scan-type.yaml +++ b/scanners/gitleaks/templates/gitleaks-scan-type.yaml @@ -5,7 +5,7 @@ apiVersion: "execution.securecodebox.io/v1" kind: ScanType metadata: - name: "gitleaks" + name: "gitleaks{{ .Values.scanner.nameAppend | default ""}}" spec: extractResults: type: gitleaks-json diff --git a/scanners/gitleaks/values.yaml b/scanners/gitleaks/values.yaml index e0ab599b43..e610308444 100644 --- a/scanners/gitleaks/values.yaml +++ b/scanners/gitleaks/values.yaml @@ -20,6 +20,9 @@ scanner: # scanner.image.tag -- defaults to the app version tag: null + # scanner.nameAppend -- append a string to the default scantype name. + nameAppend: null + # scanner.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ ttlSecondsAfterFinished: null # scanner.backoffLimit -- There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md index 3233ea467a..80964c4190 100644 --- a/scanners/kube-hunter/README.md +++ b/scanners/kube-hunter/README.md @@ -44,6 +44,7 @@ The following security scan configuration example are based on the [kube-hunter | scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.image.repository | string | `"docker.io/securecodebox/scanner-kube-hunter"` | Container Image to run the scan | | scanner.image.tag | string | `nil` | defaults to the charts version | +| scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | diff --git a/scanners/kube-hunter/templates/kubehunter-scan-type.yaml b/scanners/kube-hunter/templates/kubehunter-scan-type.yaml index 974f21f2d9..b75c7f6ad3 100644 --- a/scanners/kube-hunter/templates/kubehunter-scan-type.yaml +++ b/scanners/kube-hunter/templates/kubehunter-scan-type.yaml @@ -5,7 +5,7 @@ apiVersion: 'execution.securecodebox.io/v1' kind: ScanType metadata: - name: 'kube-hunter' + name: 'kube-hunter{{ .Values.scanner.nameAppend | default ""}}' spec: extractResults: type: kube-hunter-json diff --git a/scanners/kube-hunter/values.yaml b/scanners/kube-hunter/values.yaml index b3d7acbed3..33578b4e39 100644 --- a/scanners/kube-hunter/values.yaml +++ b/scanners/kube-hunter/values.yaml @@ -20,6 +20,9 @@ scanner: # scanner.image.tag -- defaults to the charts version tag: null + # scanner.nameAppend -- append a string to the default scantype name. + nameAppend: null + # scanner.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ ttlSecondsAfterFinished: null # scanner.backoffLimit -- There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) diff --git a/scanners/kubeaudit/README.md b/scanners/kubeaudit/README.md index 4ca2d200cd..c7eaf042bc 100644 --- a/scanners/kubeaudit/README.md +++ b/scanners/kubeaudit/README.md @@ -37,6 +37,7 @@ helm upgrade --install kubeaudit secureCodeBox/kubeaudit | scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) | | scanner.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | +| scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | scanner.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scanner.securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated | diff --git a/scanners/kubeaudit/templates/kubeaudit-scan-type.yaml b/scanners/kubeaudit/templates/kubeaudit-scan-type.yaml index 9d398ade59..1201da1192 100644 --- a/scanners/kubeaudit/templates/kubeaudit-scan-type.yaml +++ b/scanners/kubeaudit/templates/kubeaudit-scan-type.yaml @@ -5,7 +5,7 @@ apiVersion: "execution.securecodebox.io/v1" kind: ScanType metadata: - name: "kubeaudit" + name: "kubeaudit{{ .Values.scanner.nameAppend | default ""}}" spec: extractResults: type: kubeaudit-jsonl diff --git a/scanners/kubeaudit/values.yaml b/scanners/kubeaudit/values.yaml index 6a21963f88..ef3150b826 100644 --- a/scanners/kubeaudit/values.yaml +++ b/scanners/kubeaudit/values.yaml @@ -15,6 +15,9 @@ parser: ttlSecondsAfterFinished: null scanner: + # scanner.nameAppend -- append a string to the default scantype name. + nameAppend: null + # scanner.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ ttlSecondsAfterFinished: null # scanner.backoffLimit -- There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md index 1f9a4fbd06..735d5f3488 100644 --- a/scanners/ncrack/README.md +++ b/scanners/ncrack/README.md @@ -183,6 +183,7 @@ base64 encryptedPassword -d | openssl rsautl -decrypt -inkey key.pem -out decryp | scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.image.repository | string | `"docker.io/securecodebox/scanner-ncrack"` | Container Image to run the scan | | scanner.image.tag | string | `nil` | defaults to the charts appVersion | +| scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | diff --git a/scanners/ncrack/templates/ncrack-scan-type.yaml b/scanners/ncrack/templates/ncrack-scan-type.yaml index 51c839ca9b..5491a45d5a 100644 --- a/scanners/ncrack/templates/ncrack-scan-type.yaml +++ b/scanners/ncrack/templates/ncrack-scan-type.yaml @@ -5,7 +5,7 @@ apiVersion: "execution.securecodebox.io/v1" kind: ScanType metadata: - name: "ncrack" + name: "ncrack{{ .Values.scanner.nameAppend | default ""}}" spec: extractResults: type: ncrack-xml diff --git a/scanners/ncrack/values.yaml b/scanners/ncrack/values.yaml index 45c164314a..40942ca373 100644 --- a/scanners/ncrack/values.yaml +++ b/scanners/ncrack/values.yaml @@ -25,6 +25,9 @@ scanner: # scanner.image.tag -- defaults to the charts appVersion tag: null + # scanner.nameAppend -- append a string to the default scantype name. + nameAppend: null + # scanner.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ ttlSecondsAfterFinished: null # scanner.backoffLimit -- There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) diff --git a/scanners/nikto/README.md b/scanners/nikto/README.md index 68e9e60d71..65885cdf95 100644 --- a/scanners/nikto/README.md +++ b/scanners/nikto/README.md @@ -63,6 +63,7 @@ Nikto also has a comprehensive list of [command line options documented](https:/ | scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) | | scanner.image.repository | string | `"docker.io/securecodebox/scanner-nikto"` | Container Image to run the scan | | scanner.image.tag | string | `nil` | defaults to the charts appVersion | +| scanner.nameAppend | string | `nil` | append a string to the default scantype name. | | scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) | | scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ | diff --git a/scanners/nikto/templates/nikto-scan-type.yaml b/scanners/nikto/templates/nikto-scan-type.yaml index 91cb055afe..b9da290b19 100644 --- a/scanners/nikto/templates/nikto-scan-type.yaml +++ b/scanners/nikto/templates/nikto-scan-type.yaml @@ -5,7 +5,7 @@ apiVersion: 'execution.securecodebox.io/v1' kind: ScanType metadata: - name: 'nikto' + name: 'nikto{{ .Values.scanner.nameAppend | default ""}}' spec: extractResults: type: nikto-json diff --git a/scanners/nikto/values.yaml b/scanners/nikto/values.yaml index 29e3efceb9..afe97f29a2 100644 --- a/scanners/nikto/values.yaml +++ b/scanners/nikto/values.yaml @@ -19,6 +19,9 @@ scanner: # scanner.image.tag -- defaults to the charts appVersion tag: null + # scanner.nameAppend -- append a string to the default scantype name. + nameAppend: null + # scanner.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ ttlSecondsAfterFinished: null # scanner.backoffLimit -- There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md index 2eb9731937..58cfc23139 100644 --- a/scanners/nmap/README.md +++ b/scanners/nmap/README.md @@ -53,6 +53,7 @@ You can deploy the ScanType with the config like this: ```bash cat <