secureCodeBox · J12934 · Jun 18, 2021 · Jun 10, 2021 · Jun 10, 2021 · Jun 10, 2021
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -613,13 +613,13 @@ jobs:
       - name: "Hooks (ReadAndWrite) Integration Tests"
         run: |
           helm -n integration-tests install update-category ./hooks/update-field/ \
-            --set="image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/hook-update-field" \
-            --set="image.tag=sha-$(git rev-parse --short HEAD)" \
+            --set="hook.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/hook-update-field" \
+            --set="hook.image.tag=sha-$(git rev-parse --short HEAD)" \
             --set="attribute.name=category" \
             --set="attribute.value=fancy-category"
           helm -n integration-tests install update-severity ./hooks/update-field/ \
-            --set="image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/hook-update-field" \
-            --set="image.tag=sha-$(git rev-parse --short HEAD)" \
+            --set="hook.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/hook-update-field" \
+            --set="hook.image.tag=sha-$(git rev-parse --short HEAD)" \
             --set="attribute.name=severity" \
             --set="attribute.value=high"
           helm -n integration-tests install test-scan ./scanners/test-scan/ \
@@ -642,9 +642,9 @@ jobs:
             --set="scanner.image.tag=sha-$(git rev-parse --short HEAD)"
           helm -n integration-tests install http-webhook ./demo-apps/http-webhook
           helm -n integration-tests install ro-hook ./hooks/generic-webhook/ \
-            --set="image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/hook-generic-webhook" \
+            --set="hook.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/hook-generic-webhook" \
             --set="webhookUrl=http://http-webhook/hallo-welt" \
-            --set="image.tag=sha-$(git rev-parse --short HEAD)"
+            --set="hook.image.tag=sha-$(git rev-parse --short HEAD)"
           cd tests/integration/
           npx jest --ci --color generic/read-only-hook.test.js
           helm -n integration-tests uninstall test-scan http-webhook ro-hook
@@ -772,8 +772,8 @@ jobs:
           helm -n integration-tests install http-webhook ./demo-apps/http-webhook --wait
 
           helm -n integration-tests install notification-hook ./hooks/notification --values tests/integration/hooks/__testFiles__/notification-values.yaml \
-            --set="image.repository=docker.io/${{env.DOCKER_NAMESPACE }}/hook-notification" \
-            --set="image.tag=sha-$(git rev-parse --short HEAD)"
+            --set="hook.image.repository=docker.io/${{env.DOCKER_NAMESPACE }}/hook-notification" \
+            --set="hook.image.tag=sha-$(git rev-parse --short HEAD)"
 
           cd tests/integration/
           npx jest --ci --color ./hooks/notification.test.js
@@ -848,8 +848,8 @@ jobs:
           kubectl create namespace cascading-tests
           # Install cascading-scans hook
           helm upgrade --install dssh ./hooks/cascading-scans/ -n cascading-tests \
-            --set="image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/hook-cascading-scans" \
-            --set="image.tag=sha-$(git rev-parse --short HEAD)"
+            --set="hook.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/hook-cascading-scans" \
+            --set="hook.image.tag=sha-$(git rev-parse --short HEAD)"
           # Install nmap
           helm -n cascading-tests install nmap ./scanners/nmap/ \
             --set="scanner.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/scanner-nmap" \
@@ -891,8 +891,8 @@ jobs:
           kubectl create namespace cascading-tests
           # Install cascading-scans hook
           helm upgrade --install dssh ./hooks/cascading-scans/ -n cascading-tests --wait \
-            --set="image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/hook-cascading-scans" \
-            --set="image.tag=sha-$(git rev-parse --short HEAD)"
+            --set="hook.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/hook-cascading-scans" \
+            --set="hook.image.tag=sha-$(git rev-parse --short HEAD)"
           # Install unsafe-https
           helm upgrade --install unsafe-https ./demo-apps/unsafe-https/ -n cascading-tests --wait
           # Install nmap

diff --git a/hooks/cascading-scans/README.md b/hooks/cascading-scans/README.md
@@ -119,6 +119,6 @@ zap-http         zap-baseline-scan   non-invasive   medium
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
-| image.repository | string | `"docker.io/securecodebox/hook-cascading-scans"` | Hook image repository |
-| image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
+| hook.image.repository | string | `"docker.io/securecodebox/hook-cascading-scans"` | Hook image repository |
+| hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
+| hook.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
diff --git a/hooks/cascading-scans/templates/cascading-scans-hook.yaml b/hooks/cascading-scans/templates/cascading-scans-hook.yaml
@@ -10,8 +10,8 @@ metadata:
     {{- include "cascading-scans.labels" . | nindent 4 }}
 spec:
   type: ReadOnly
-  image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}"
+  image: "{{ .Values.hook.image.repository }}:{{ .Values.hook.image.tag | default .Chart.Version }}"
   imagePullSecrets:
     - name: "securecodebox"
-  ttlSecondsAfterFinished: {{ .Values.hookJob.ttlSecondsAfterFinished }}
+  ttlSecondsAfterFinished: {{ .Values.hook.ttlSecondsAfterFinished }}
   serviceAccountName: cascading-scans
diff --git a/hooks/cascading-scans/values.yaml b/hooks/cascading-scans/values.yaml
@@ -6,13 +6,13 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-image:
-  # image.repository -- Hook image repository
-  repository: docker.io/securecodebox/hook-cascading-scans
-  # image.tag -- The image Tag defaults to the charts version if not defined.
-  # @default -- defaults to the charts version
-  tag: null
+hook:
+  image:
+    # hook.image.repository -- Hook image repository
+    repository: docker.io/securecodebox/hook-cascading-scans
+    # hook.image.tag -- The image Tag defaults to the charts version if not defined.
+    # @default -- defaults to the charts version
+    tag: null
 
-hookJob:
-  # hookJob.ttlSecondsAfterFinished -- Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
+  # hook.ttlSecondsAfterFinished -- Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
   ttlSecondsAfterFinished: null
diff --git a/hooks/finding-post-processing/README.md b/hooks/finding-post-processing/README.md
@@ -54,7 +54,7 @@ The `override` field specifies the desired fields and values that need to be upd
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
-| image.repository | string | `"docker.io/securecodebox/hook-finding-post-processing"` | Hook image repository |
-| image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
+| hook.image.repository | string | `"docker.io/securecodebox/hook-finding-post-processing"` | Hook image repository |
+| hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
+| hook.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
 | rules | list | `[]` |  |
diff --git a/hooks/finding-post-processing/templates/finding-post-processing-hook.yaml b/hooks/finding-post-processing/templates/finding-post-processing-hook.yaml
@@ -10,7 +10,7 @@ metadata:
     {{- include "finding-post-processing.labels" . | nindent 4 }}
 spec:
   type: ReadAndWrite
-  image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}"
+  image: "{{ .Values.hook.image.repository }}:{{ .Values.hook.image.tag | default .Chart.Version }}"
   env:
     - name: RULES
       value: {{ .Values.rules | toJson | quote }}
diff --git a/hooks/finding-post-processing/values.yaml b/hooks/finding-post-processing/values.yaml
@@ -6,14 +6,8 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-image:
-  # image.repository -- Hook image repository
-  repository: docker.io/securecodebox/hook-finding-post-processing
-  # image.tag -- The image Tag defaults to the charts version if not defined.
-  # @default -- defaults to the charts version
-  tag: null
-
-rules: []
+rules:
+  []
   #- matches:
   #    anyOf:
   #      - category: "Open Port"
@@ -28,6 +22,13 @@ rules: []
   #    severity: "high"
   #    description: "Telnet is bad"
 
-hookJob:
-  # hookJob.ttlSecondsAfterFinished -- Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
+hook:
+  image:
+    # hook.image.repository -- Hook image repository
+    repository: docker.io/securecodebox/hook-finding-post-processing
+    # hook.image.tag -- The image Tag defaults to the charts version if not defined.
+    # @default -- defaults to the charts version
+    tag: null
+
+  # hook.ttlSecondsAfterFinished -- Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
   ttlSecondsAfterFinished: null
diff --git a/hooks/generic-webhook/README.md b/hooks/generic-webhook/README.md
@@ -21,7 +21,7 @@ helm upgrade --install gwh secureCodeBox/generic-webhook --set webhookUrl="http:
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| hookJob.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
-| image.repository | string | `"docker.io/securecodebox/hook-generic-webhook"` | Hook image repository |
-| image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
+| hook.image.repository | string | `"docker.io/securecodebox/hook-generic-webhook"` | Hook image repository |
+| hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
+| hook.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
 | webhookUrl | string | `"http://example.com"` | The URL of your WebHook endpoint |
diff --git a/hooks/generic-webhook/templates/webhook-hook.yaml b/hooks/generic-webhook/templates/webhook-hook.yaml
@@ -10,8 +10,8 @@ metadata:
     {{- include "generic-webhook.labels" . | nindent 4 }}
 spec:
   type: ReadOnly
-  image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}"
-  ttlSecondsAfterFinished: {{ .Values.hookJob.ttlSecondsAfterFinished }}
+  image: "{{ .Values.hook.image.repository }}:{{ .Values.hook.image.tag | default .Chart.Version }}"
+  ttlSecondsAfterFinished: {{ .Values.hook.ttlSecondsAfterFinished }}
   env:
     - name: WEBHOOK_URL
       value: {{ .Values.webhookUrl | quote }}
diff --git a/hooks/generic-webhook/values.yaml b/hooks/generic-webhook/values.yaml
@@ -9,13 +9,13 @@
 # webhookUrl -- The URL of your WebHook endpoint
 webhookUrl: "http://example.com"
 
-image:
-  # image.repository -- Hook image repository
-  repository: docker.io/securecodebox/hook-generic-webhook
-  # image.tag -- The image Tag defaults to the charts version if not defined.
-  # @default -- defaults to the charts version
-  tag: null
+hook:
+  image:
+    # hook.image.repository -- Hook image repository
+    repository: docker.io/securecodebox/hook-generic-webhook
+    # hook.image.tag -- The image Tag defaults to the charts version if not defined.
+    # @default -- defaults to the charts version
+    tag: null
 
-hookJob:
-  # hookJob.ttlSecondsAfterFinished -- Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
+  # hook.ttlSecondsAfterFinished -- Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
   ttlSecondsAfterFinished: null
diff --git a/hooks/notification/README.md b/hooks/notification/README.md
@@ -221,10 +221,10 @@ To fill your template with data we provide the following objects.
 | env[1].name | string | `"SMTP_CONFIG"` |  |
 | env[1].valueFrom.secretKeyRef.key | string | `"smtp-config-key"` |  |
 | env[1].valueFrom.secretKeyRef.name | string | `"some-secret"` |  |
-| hookJob.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
-| image.pullPolicy | string | `"Always"` |  |
-| image.repository | string | `"docker.io/securecodebox/hook-notification"` | Hook image repository |
-| image.tag | string | defaults to the charts version | Image tag |
+| hook.image.pullPolicy | string | `"Always"` |  |
+| hook.image.repository | string | `"docker.io/securecodebox/hook-notification"` | Hook image repository |
+| hook.image.tag | string | defaults to the charts version | Image tag |
+| hook.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
 | notificationChannels[0].endPoint | string | `"SOME_ENV_KEY"` |  |
 | notificationChannels[0].name | string | `"slack"` |  |
 | notificationChannels[0].rules[0].matches.anyOf[0].category | string | `"Open Port"` |  |

diff --git a/hooks/notification/templates/notification-hook.yaml b/hooks/notification/templates/notification-hook.yaml
@@ -8,9 +8,9 @@ metadata:
   name: {{ include "notification-hook.fullname" . }}
 spec:
   type: ReadOnly
-  imagePullPolicy: "{{ .Values.image.pullPolicy }}" 
-  image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}"
-  ttlSecondsAfterFinished: {{ .Values.hookJob.ttlSecondsAfterFinished }}
+  imagePullPolicy: "{{ .Values.hook.image.pullPolicy }}"
+  image: "{{ .Values.hook.image.repository }}:{{ .Values.hook.image.tag | default .Chart.Version }}"
+  ttlSecondsAfterFinished: {{ .Values.hook.ttlSecondsAfterFinished }}
   volumes:
     - name: {{ .Release.Name }}-config
       configMap:

diff --git a/hooks/notification/values.yaml b/hooks/notification/values.yaml
@@ -6,16 +6,16 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-image:
-  # image.repository -- Hook image repository
-  repository: docker.io/securecodebox/hook-notification
-  # image.tag -- Image tag
-  # @default -- defaults to the charts version
-  tag: null
-  pullPolicy: Always
+hook:
+  image:
+    # hook.image.repository -- Hook image repository
+    repository: docker.io/securecodebox/hook-notification
+    # hook.image.tag -- Image tag
+    # @default -- defaults to the charts version
+    tag: null
+    pullPolicy: Always
 
-hookJob:
-  # hookJob.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
+  # hook.ttlSecondsAfterFinished -- seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/
   ttlSecondsAfterFinished: null
 
 notificationChannels:

diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md
@@ -133,6 +133,6 @@ helm upgrade --install dd secureCodeBox/persistence-defectdojo \
 | defectdojo.authentication.usernameKey | string | `"username"` | Name of the username key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs |
 | defectdojo.syncFindingsBack | bool | `true` | Syncs back (two way sync) all imported findings from DefectDojo to SCB Findings Store, set to false to only import the findings to DefectDojo (one way sync). |
 | defectdojo.url | string | `"http://defectdojo-django.default.svc"` | Url to the DefectDojo Instance |
-| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
-| image.repository | string | `"docker.io/securecodebox/hook-persistence-defectdojo"` | Hook image repository |
-| image.tag | string | `nil` | Container image tag |
+| hook.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
+| hook.image.repository | string | `"docker.io/securecodebox/hook-persistence-defectdojo"` | Hook image repository |
+| hook.image.tag | string | `nil` | Container image tag |
diff --git a/hooks/persistence-defectdojo/templates/persistence-provider.yaml b/hooks/persistence-defectdojo/templates/persistence-provider.yaml
@@ -15,8 +15,8 @@ spec:
   {{- else }}
   type: ReadOnly
   {{- end }}
-  image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.Version }}"
-  imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+  image: "{{ .Values.hook.image.repository }}:{{ .Values.hook.image.tag | default .Chart.Version }}"
+  imagePullPolicy: "{{ .Values.hook.image.pullPolicy }}"
   env:
     - name: DEFECTDOJO_URL
       value: {{ .Values.defectdojo.url | quote }}

diff --git a/hooks/persistence-defectdojo/values.yaml b/hooks/persistence-defectdojo/values.yaml
@@ -6,14 +6,15 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-image:
-  # image.repository -- Hook image repository
-  repository: docker.io/securecodebox/hook-persistence-defectdojo
-  # -- Container image tag
-  # @default -- defaults to the charts version
-  tag: null
-  # -- Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
-  pullPolicy: IfNotPresent
+hook:
+  image:
+    # hook.image.repository -- Hook image repository
+    repository: docker.io/securecodebox/hook-persistence-defectdojo
+    # -- Container image tag
+    # @default -- defaults to the charts version
+    tag: null
+    # -- Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+    pullPolicy: IfNotPresent
 
 defectdojo:
   # -- Syncs back (two way sync) all imported findings from DefectDojo to SCB Findings Store, set to false to only import the findings to DefectDojo (one way sync).