diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index e7b98b04cb..77ed1e26e8 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -173,6 +173,14 @@ jobs:
push: true
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
+
+ - name: Update Docker Hub Description
+ uses: peter-evans/dockerhub-description@v2
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_PASSWORD }}
+ repository: ${{ env.DOCKER_NAMESPACE }}/${{ matrix.component }}
+ readme-filepath: ./${{ matrix.component }}/docs/README.DockerHub-Core.md
# ---- Build Stage | SDK Matrix ----
@@ -275,6 +283,14 @@ jobs:
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
+ - name: Update Docker Hub Description
+ uses: peter-evans/dockerhub-description@v2
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_PASSWORD }}
+ repository: ${{ env.DOCKER_NAMESPACE }}/hook-${{ matrix.hook }}
+ readme-filepath: ./hooks/${{ matrix.hook }}/docs/README.DockerHub-Hook.md
+
# ---- Build Stage | Matrix Parsers ----
parsers:
@@ -340,6 +356,14 @@ jobs:
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
+ - name: Update Docker Hub Description
+ uses: peter-evans/dockerhub-description@v2
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_PASSWORD }}
+ repository: ${{ env.DOCKER_NAMESPACE }}/parser-${{ matrix.parser }}
+ readme-filepath: ./scanners/${{ matrix.parser }}/docs/README.DockerHub-Parser.md
+
# ---- Build | Scanners ----
# Note we only build images for scanner that don't provider official public container images
@@ -405,6 +429,14 @@ jobs:
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
+ - name: Update Docker Hub Description
+ uses: peter-evans/dockerhub-description@v2
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_PASSWORD }}
+ repository: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }}
+ readme-filepath: ./scanners/${{ matrix.scanner }}/docs/README.DockerHub-Scanner.md
+
# ---- Build | Scanners | Custom Scanner ----
# This Section contains Scanners that are developed by the secureCodeBox project
@@ -461,6 +493,14 @@ jobs:
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
+ - name: Update Docker Hub Description
+ uses: peter-evans/dockerhub-description@v2
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_PASSWORD }}
+ repository: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }}
+ readme-filepath: ./scanners/${{ matrix.scanner }}/docs/README.DockerHub-Scanner.md
+
scanner-nikto:
# This Scanner has to be build seperately because the official image is only on GitHub but not on DockerHub
name: "Build | Scanner | Nikto"
@@ -535,6 +575,14 @@ jobs:
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
+ - name: Update Docker Hub Description
+ uses: peter-evans/dockerhub-description@v2
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_PASSWORD }}
+ repository: ${{ env.DOCKER_NAMESPACE }}/scanner-nikto
+ readme-filepath: ./scb/scanners/nikto/docs/README.DockerHub-Scanner.md
+
# ---- Integration Tests ----
Integration-tests:
diff --git a/.github/workflows/helm-charts.yaml b/.github/workflows/helm-charts-release.yaml
similarity index 70%
rename from .github/workflows/helm-charts.yaml
rename to .github/workflows/helm-charts-release.yaml
index 2506c5bf32..165b40f0f5 100644
--- a/.github/workflows/helm-charts.yaml
+++ b/.github/workflows/helm-charts-release.yaml
@@ -33,7 +33,15 @@ jobs:
echo "Processing Helm Chart in $dir"
helm package --version $RELEASE_VERSION .
NAME=$(yq eval '.name' - < Chart.yaml)
- curl --silent --show-error --user "${USERNAME}:${PASSWORD}" --data-binary "@${NAME}-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts"
+ if [ -d "docs" ]; then
+ echo "Docs Folder found at: ${dir}/docs"
+ # Use prepared ArtifactHub specific README instead of the general existing one
+ cp docs/README.ArtifactHub.md README.md
+ else
+ echo "Ignoring Docs process for Chart $dir, because no `docs` folder found at: ${dir}/docs"
+ fi
+
+ curl --silent --show-error --http1.1 --user "${USERNAME}:${PASSWORD}" --data-binary "@${NAME}-${RELEASE_VERSION}.tgz" "${HELM_REGISTRY}/api/charts"
sleep 5s
)
done
diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml
index 5467cd8bee..c171e9956a 100644
--- a/.github/workflows/helm-docs.yaml
+++ b/.github/workflows/helm-docs.yaml
@@ -23,7 +23,6 @@ jobs:
passphrase: ${{ secrets.GPG_COMMITS_PASSPHRASE }}
git-user-signingkey: true
git-commit-gpgsign: true
- commit_options: '--signoff'
- name: Download Helm Docs
run: |
@@ -32,15 +31,101 @@ jobs:
curl --output helm-docs.tar.gz --location https://github.com/norwoodj/helm-docs/releases/download/v1.5.0/helm-docs_1.5.0_Linux_x86_64.tar.gz
tar -xvf helm-docs.tar.gz
- # Verify install
+ # Verify installation
./helm-docs --version
- name: Generate Helm Docs
run: |
- ./helm-docs/helm-docs
+ # Generate README.md based on Chart.yaml and template
+ ./helm-docs/helm-docs --template-files=./.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./.helm-docs/README.md.gotmpl
+
+ - name: Generate Demo-Apps Docs
+ run: |
+ # Start in the hooks folder
+ cd demo-targets
+ # https://github.com/koalaman/shellcheck/wiki/SC2044
+ find . -type f -name Chart.yaml -print0 | while IFS= read -r -d '' chart; do
+ (
+ dir="$(dirname "${chart}")"
+ echo "Processing Helm Chart in $dir"
+ cd "${dir}" || exit
+ if [ -d "docs" ]; then
+ echo "Docs Folder found at: ${dir}/docs"
+ ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Target.md.gotmpl --output-file=docs/README.DockerHub-Target.md
+ ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+ else
+ echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: ${dir}/docs"
+ fi
+ )
+ done
+
+ - name: Generate Docker Hooks Docs
+ run: |
+ # Start in the hooks folder
+ cd hooks
+ # https://github.com/koalaman/shellcheck/wiki/SC2044
+ find . -type f -name Chart.yaml -print0 | while IFS= read -r -d '' chart; do
+ (
+ dir="$(dirname "${chart}")"
+ echo "Processing Helm Chart in $dir"
+ cd "${dir}" || exit
+ if [ -d "docs" ]; then
+ echo "Docs Folder found at: ${dir}/docs"
+ ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Hook.md.gotmpl --output-file=docs/README.DockerHub-Hook.md
+ ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+ else
+ echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: ${dir}/docs"
+ fi
+ )
+ done
+
+ - name: Generate Docker Scanner Docs
+ run: |
+ # Start in the scanners folder
+ cd scanners
+ # https://github.com/koalaman/shellcheck/wiki/SC2044
+ find . -type f -name Chart.yaml -print0 | while IFS= read -r -d '' chart; do
+ (
+ dir="$(dirname "${chart}")"
+ echo "Processing Helm Chart in $dir"
+ cd "${dir}" || exit
+ if [ -d "docs" ]; then
+ echo "Docs Folder found at: ${dir}/docs"
+ if [ -d "parser" ]; then
+ echo "Parser found at: ${dir}/parser"
+ ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Parser.md.gotmpl --output-file=docs/README.DockerHub-Parser.md
+ fi
+ if [ -d "scanner" ]; then
+ echo "Scanner found at: ${dir}/parser"
+ ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.DockerHub-Scanner.md.gotmpl --output-file=docs/README.DockerHub-Scanner.md
+ fi
+ ./../../helm-docs/helm-docs --template-files=./../../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+ else
+ echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: ${dir}/docs"
+ fi
+ )
+ done
+
+ - name: Generate Core Docs
+ run: |
+ # Start in the operator folder
+ cd operator
+ if [ -d "docs" ]; then
+ echo "Docs Folder found at: operator/docs"
+ ./../helm-docs/helm-docs --template-files=./../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../.helm-docs/README.DockerHub-Core.md.gotmpl --output-file=docs/README.DockerHub-Core.md
+ ./../helm-docs/helm-docs --template-files=./../.helm-docs/templates.gotmpl --template-files=.helm-docs.gotmpl --template-files=./../.helm-docs/README.ArtifactHub.md.gotmpl --output-file=docs/README.ArtifactHub.md
+ else
+ echo "Ignoring Docs creation process for Chart $dir, because no `docs` folder found at: operator/docs"
+ fi
+
+ - name: Remove Helm Docs Files
+ run: |
# Remove helm-docs download to ensure they don't get commited back
rm -rf helm-docs
- uses: stefanzweifel/git-auto-commit-action@v4.11.0
with:
commit_message: Updating Helm Docs
commit_user_email: securecodebox@iteratec.com
+ # Optional. Used by `git-commit`.
+ # See https://git-scm.com/docs/git-commit#_options
+ commit_options: '--signoff'
diff --git a/.helm-docs/README.ArtifactHub.md.gotmpl b/.helm-docs/README.ArtifactHub.md.gotmpl
new file mode 100644
index 0000000000..ba4d0087a7
--- /dev/null
+++ b/.helm-docs/README.ArtifactHub.md.gotmpl
@@ -0,0 +1,31 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.secureCodeBoxAboutSection" . }}
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.chartDeploymentSection" . }}
+
+{{ template "extra.scannerConfigurationSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "extra.chartConfigurationSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+{{ template "extra.contributionSection" . }}
+
+{{ template "extra.communitySection" . }}
+
+{{ template "extra.licenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}
\ No newline at end of file
diff --git a/.helm-docs/README.DockerHub-Core.md.gotmpl b/.helm-docs/README.DockerHub-Core.md.gotmpl
new file mode 100644
index 0000000000..53ff017378
--- /dev/null
+++ b/.helm-docs/README.DockerHub-Core.md.gotmpl
@@ -0,0 +1,28 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.secureCodeBoxAboutSection" . }}
+
+{{ template "extra.dockerDeploymentSection" . }}
+
+## How to use this image
+This `core` image is intended to work in combination with the OWASP secureCodeBox. For more informations details please take a look at the documentation page: {{ template "chart.homepage" . }}.
+
+```bash
+docker pull securecodebox/{{ template "chart.name" . }}
+```
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.communitySection" . }}
+
+{{ template "extra.dockerLicenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}
\ No newline at end of file
diff --git a/.helm-docs/README.DockerHub-Hook.md.gotmpl b/.helm-docs/README.DockerHub-Hook.md.gotmpl
new file mode 100644
index 0000000000..a885064349
--- /dev/null
+++ b/.helm-docs/README.DockerHub-Hook.md.gotmpl
@@ -0,0 +1,28 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.secureCodeBoxAboutSection" . }}
+
+{{ template "extra.dockerDeploymentSection" . }}
+
+## How to use this image
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][{{ template "chart.homepage" . }}].
+
+```bash
+docker pull securecodebox/hook-{{ template "chart.name" . }}
+```
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.communitySection" . }}
+
+{{ template "extra.dockerLicenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}
\ No newline at end of file
diff --git a/.helm-docs/README.DockerHub-Parser.md.gotmpl b/.helm-docs/README.DockerHub-Parser.md.gotmpl
new file mode 100644
index 0000000000..5857f95785
--- /dev/null
+++ b/.helm-docs/README.DockerHub-Parser.md.gotmpl
@@ -0,0 +1,28 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.secureCodeBoxAboutSection" . }}
+
+{{ template "extra.dockerDeploymentSection" . }}
+
+## How to use this image
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: {{ template "chart.homepage" . }}.
+
+```bash
+docker pull securecodebox/parser-{{ template "chart.name" . }}
+```
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.communitySection" . }}
+
+{{ template "extra.dockerLicenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}
\ No newline at end of file
diff --git a/.helm-docs/README.DockerHub-Scanner.md.gotmpl b/.helm-docs/README.DockerHub-Scanner.md.gotmpl
new file mode 100644
index 0000000000..8c72184ed3
--- /dev/null
+++ b/.helm-docs/README.DockerHub-Scanner.md.gotmpl
@@ -0,0 +1,30 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.secureCodeBoxAboutSection" . }}
+
+{{ template "extra.dockerDeploymentSection" . }}
+
+## How to use this image
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][{{ template "chart.homepage" . }}].
+
+```bash
+docker pull securecodebox/scanner-{{ template "chart.name" . }}
+```
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.scannerConfigurationSection" . }}
+
+{{ template "extra.communitySection" . }}
+
+{{ template "extra.dockerLicenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}
\ No newline at end of file
diff --git a/.helm-docs/README.DockerHub-Target.md.gotmpl b/.helm-docs/README.DockerHub-Target.md.gotmpl
new file mode 100644
index 0000000000..63c657cb69
--- /dev/null
+++ b/.helm-docs/README.DockerHub-Target.md.gotmpl
@@ -0,0 +1,28 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.secureCodeBoxAboutSection" . }}
+
+{{ template "extra.dockerDeploymentSection" . }}
+
+## How to use this image
+This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+
+```bash
+docker pull securecodebox/{{ template "chart.name" . }}
+```
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.communitySection" . }}
+
+{{ template "extra.dockerLicenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}
\ No newline at end of file
diff --git a/.helm-docs/README.md.gotmpl b/.helm-docs/README.md.gotmpl
new file mode 100644
index 0000000000..aa7b5aa3d0
--- /dev/null
+++ b/.helm-docs/README.md.gotmpl
@@ -0,0 +1,27 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+{{ template "extra.docsSection" . }}
+
+{{ template "extra.hintSection" . }}
+
+{{ template "extra.badgesSection" . }}
+
+{{ template "extra.chartAboutSection" . }}
+
+{{ template "extra.chartDeploymentSection" . }}
+
+{{ template "extra.scannerConfigurationSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "extra.chartConfigurationSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+{{ template "extra.licenseSection" . }}
+
+{{ template "extra.generalLinksSection" . }}
+{{ template "extra.scannerLinksSection" . }}
diff --git a/.helm-docs/templates.gotmpl b/.helm-docs/templates.gotmpl
new file mode 100644
index 0000000000..e88b8d5051
--- /dev/null
+++ b/.helm-docs/templates.gotmpl
@@ -0,0 +1,104 @@
+{{- define "extra.badgesSection" -}}
+
+
+
+
+
+
+
+
+{{- end }}
+
+{{- define "extra.hintSection" -}}
+
+
+{{- end }}
+
+{{- define "extra.secureCodeBoxAboutSection" -}}
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+{{- end }}
+
+{{- define "extra.chartDeploymentSection" -}}
+## Deployment
+The {{ template "chart.name" . }} `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install {{ template "chart.name" . }} secureCodeBox/{{ template "chart.name" . }}
+```
+{{- end }}
+
+{{- define "extra.licenseSection" -}}
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+{{- end }}
+
+{{- define "extra.dockerLicenseSection" -}}
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+{{- end }}
+
+{{- define "extra.communitySection" -}}
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+{{- end }}
+
+{{- define "extra.contributionSection" -}}
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+{{- end }}
+
+{{- define "extra.generalLinksSection" -}}
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+{{- end }}
diff --git a/SECURITY.md b/SECURITY.md
index e21e69f2be..05ab9f89d8 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -12,9 +12,9 @@ is roughly every two weeks (we will usually make a new release after each review
| Version | Security Fixes* | Supported** |
| ------- | ------------------ | ------------------ |
-| 2.6.x-alpha1 | :white_check_mark: | :white_check_mark: |
-| 2.5.x | :white_check_mark: | :white_check_mark: |
-| <= 2.4.x | :x: | :x: |
+| 3.0.x-alpha1 | :white_check_mark: | :white_check_mark: |
+| 2.9.x | :white_check_mark: | :white_check_mark: |
+| <= 2.9.x | :x: | :x: |
| < 2.0 | :x: | :x: |
### Major Release (Semver)
diff --git a/demo-targets/.helm-docs.gotmpl b/demo-targets/.helm-docs.gotmpl
new file mode 100644
index 0000000000..b48b0cd9c0
--- /dev/null
+++ b/demo-targets/.helm-docs.gotmpl
@@ -0,0 +1,39 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "Bodgeit"
+category: "target"
+type: "Website"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Vulnerable WebApp based on html serverside rendering"
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is Bodgeit?
+
+### Source Code
+
+*
+*
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/demo-targets/bodgeit/README.md.gotmpl b/demo-targets/bodgeit/.helm-docs.gotmpl
similarity index 52%
rename from demo-targets/bodgeit/README.md.gotmpl
rename to demo-targets/bodgeit/.helm-docs.gotmpl
index b90e9cf81f..398edd0284 100644
--- a/demo-targets/bodgeit/README.md.gotmpl
+++ b/demo-targets/bodgeit/.helm-docs.gotmpl
@@ -3,29 +3,41 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH
SPDX-License-Identifier: Apache-2.0
*/ -}}
+
+{{- define "extra.docsSection" -}}
---
title: "Bodgeit"
category: "target"
type: "Website"
state: "released"
-appVersion: "v1.4.0"
+appVersion: "{{ template "chart.appVersion" . }}"
usecase: "Vulnerable WebApp based on html serverside rendering"
---
+{{- end }}
-# Bodgeit
-
-  
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+{{- define "extra.chartAboutSection" -}}
+## What is Bodgeit?
The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing.
BodgeIt Store is a serverside rendering based html website without any heavy javascript.
**Homepage:**
-## Source Code
+### Source Code
*
*
-## Chart Configuration
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}{{- end }}
-{{ template "chart.valuesTable" . }}
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/demo-targets/bodgeit/.helmignore b/demo-targets/bodgeit/.helmignore
index e57b6b2ff5..658df4b30a 100644
--- a/demo-targets/bodgeit/.helmignore
+++ b/demo-targets/bodgeit/.helmignore
@@ -24,3 +24,4 @@
.idea/
*.tmproj
.vscode/
+docs/
diff --git a/demo-targets/bodgeit/README.md b/demo-targets/bodgeit/README.md
index e048c14309..f8a1faa36c 100644
--- a/demo-targets/bodgeit/README.md
+++ b/demo-targets/bodgeit/README.md
@@ -7,21 +7,52 @@ appVersion: "v1.4.0"
usecase: "Vulnerable WebApp based on html serverside rendering"
---
-# Bodgeit
+
+
+
+
+
+
+
+
+
+
+
+
+## What is Bodgeit?
The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing.
BodgeIt Store is a serverside rendering based html website without any heavy javascript.
**Homepage:**
-## Source Code
+### Source Code
*
*
-## Chart Configuration
+## Deployment
+The bodgeit `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install bodgeit secureCodeBox/bodgeit
+```
+
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -47,3 +78,17 @@ BodgeIt Store is a serverside rendering based html website without any heavy jav
| service.port | int | `8080` | |
| service.type | string | `"ClusterIP"` | |
| tolerations | list | `[]` | |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/demo-targets/bodgeit/docs/README.ArtifactHub.md b/demo-targets/bodgeit/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..6276dfd269
--- /dev/null
+++ b/demo-targets/bodgeit/docs/README.ArtifactHub.md
@@ -0,0 +1,115 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is Bodgeit?
+The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing.
+BodgeIt Store is a serverside rendering based html website without any heavy javascript.
+
+**Homepage:**
+
+### Source Code
+
+*
+*
+
+## Deployment
+The bodgeit `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install bodgeit secureCodeBox/bodgeit
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| annotations | object | `{}` | add annotations to the deployment, service and pods |
+| fullnameOverride | string | `""` | |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"docker.io/psiinon/bodgeit"` | Container Image containing the bodgeit |
+| image.tag | string | defaults to the "latest" version because the appVersion tag is not available at docker.io | The image tag |
+| imagePullSecrets | list | `[]` | |
+| ingress.annotations | object | `{}` | |
+| ingress.enabled | bool | `false` | |
+| ingress.hosts[0].host | string | `"chart-example.local"` | |
+| ingress.hosts[0].paths | list | `[]` | |
+| ingress.tls | list | `[]` | |
+| labels | object | `{}` | add labels to the deployment, service and pods |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| replicaCount | int | `1` | |
+| resources | object | `{}` | |
+| securityContext | object | `{}` | |
+| service.port | int | `8080` | |
+| service.type | string | `"ClusterIP"` | |
+| tolerations | list | `[]` | |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/bodgeit/docs/README.DockerHub-Target.md b/demo-targets/bodgeit/docs/README.DockerHub-Target.md
new file mode 100644
index 0000000000..c233c5a426
--- /dev/null
+++ b/demo-targets/bodgeit/docs/README.DockerHub-Target.md
@@ -0,0 +1,88 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+
+```bash
+docker pull securecodebox/bodgeit
+```
+
+## What is Bodgeit?
+The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing.
+BodgeIt Store is a serverside rendering based html website without any heavy javascript.
+
+**Homepage:**
+
+### Source Code
+
+*
+*
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/dummy-ssh/.helm-docs.gotmpl b/demo-targets/dummy-ssh/.helm-docs.gotmpl
new file mode 100644
index 0000000000..7cf858b86a
--- /dev/null
+++ b/demo-targets/dummy-ssh/.helm-docs.gotmpl
@@ -0,0 +1,46 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "Dummy SSH"
+category: "target"
+type: "service"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Vulnerable WebApp based on html serverside rendering"
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is Dummy SSH?
+The Dummy SSH service is a vulnerable SSH Service which is aimed at people who are new to pen testing.
+
+The vulnerable SSH Server is used for for security scan testing.
+
+There are also vulnerable credentials which can be identified via bruteforcing:
+- Port 22
+- Username root,
+- Password: THEPASSWORDYOUCREATED
+
+### Source Code
+
+*
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/demo-targets/dummy-ssh/.helmignore b/demo-targets/dummy-ssh/.helmignore
index e57b6b2ff5..658df4b30a 100644
--- a/demo-targets/dummy-ssh/.helmignore
+++ b/demo-targets/dummy-ssh/.helmignore
@@ -24,3 +24,4 @@
.idea/
*.tmproj
.vscode/
+docs/
diff --git a/demo-targets/dummy-ssh/README.md b/demo-targets/dummy-ssh/README.md
index fad6568eb9..242d19359d 100644
--- a/demo-targets/dummy-ssh/README.md
+++ b/demo-targets/dummy-ssh/README.md
@@ -1,23 +1,61 @@
-# dummy-ssh
+---
+title: "Dummy SSH"
+category: "target"
+type: "service"
+state: "released"
+appVersion: "v1.0.0"
+usecase: "Vulnerable WebApp based on html serverside rendering"
+---
-  
+
+
-## Maintainers
+
+
+
+
+
+
+
+
-| Name | Email | Url |
-| ---- | ------ | --- |
-| iteratec GmbH | securecodebox@iteratec.com | |
+## What is Dummy SSH?
+The Dummy SSH service is a vulnerable SSH Service which is aimed at people who are new to pen testing.
-## Source Code
+The vulnerable SSH Server is used for for security scan testing.
+
+There are also vulnerable credentials which can be identified via bruteforcing:
+- Port 22
+- Username root,
+- Password: THEPASSWORDYOUCREATED
+
+### Source Code
*
-## Chart Configuration
+## Deployment
+The dummy-ssh `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install dummy-ssh secureCodeBox/dummy-ssh
+```
+
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -38,3 +76,17 @@ Port 22: Username root, Password: THEPASSWORDYOUCREATED
| service.port | int | `22` | |
| service.type | string | `"ClusterIP"` | |
| tolerations | list | `[]` | |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/demo-targets/dummy-ssh/README.md.gotmpl b/demo-targets/dummy-ssh/README.md.gotmpl
deleted file mode 100644
index a6a6ad3187..0000000000
--- a/demo-targets/dummy-ssh/README.md.gotmpl
+++ /dev/null
@@ -1,27 +0,0 @@
-{{- /*
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
-*/ -}}
-# dummy-ssh
-
-  
-
-Vulnerable SSH Server for scan testing.
-Port 22: Username root, Password: THEPASSWORDYOUCREATED
-
-**Homepage:**
-
-## Maintainers
-
-| Name | Email | Url |
-| ---- | ------ | --- |
-| iteratec GmbH | securecodebox@iteratec.com | |
-
-## Source Code
-
-*
-
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
diff --git a/demo-targets/dummy-ssh/docs/README.ArtifactHub.md b/demo-targets/dummy-ssh/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..cf681cb2a9
--- /dev/null
+++ b/demo-targets/dummy-ssh/docs/README.ArtifactHub.md
@@ -0,0 +1,113 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is Dummy SSH?
+The Dummy SSH service is a vulnerable SSH Service which is aimed at people who are new to pen testing.
+
+The vulnerable SSH Server is used for for security scan testing.
+
+There are also vulnerable credentials which can be identified via bruteforcing:
+- Port 22
+- Username root,
+- Password: THEPASSWORDYOUCREATED
+
+### Source Code
+
+*
+
+## Deployment
+The dummy-ssh `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install dummy-ssh secureCodeBox/dummy-ssh
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| annotations | object | `{}` | add annotations to the deployment, service and pods |
+| fullnameOverride | string | `""` | |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"docker.io/securecodebox/dummy-ssh"` | Container Image |
+| image.tag | string | defaults to the appVersion | The image tag |
+| imagePullSecrets | list | `[]` | |
+| labels | object | `{}` | add labels to the deployment, service and pods |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| replicaCount | int | `1` | |
+| resources | object | `{}` | |
+| securityContext | object | `{}` | |
+| service.port | int | `22` | |
+| service.type | string | `"ClusterIP"` | |
+| tolerations | list | `[]` | |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/dummy-ssh/docs/README.DockerHub-Target.md b/demo-targets/dummy-ssh/docs/README.DockerHub-Target.md
new file mode 100644
index 0000000000..146c53a923
--- /dev/null
+++ b/demo-targets/dummy-ssh/docs/README.DockerHub-Target.md
@@ -0,0 +1,91 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+
+```bash
+docker pull securecodebox/dummy-ssh
+```
+
+## What is Dummy SSH?
+The Dummy SSH service is a vulnerable SSH Service which is aimed at people who are new to pen testing.
+
+The vulnerable SSH Server is used for for security scan testing.
+
+There are also vulnerable credentials which can be identified via bruteforcing:
+- Port 22
+- Username root,
+- Password: THEPASSWORDYOUCREATED
+
+### Source Code
+
+*
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/http-webhook/.helm-docs.gotmpl b/demo-targets/http-webhook/.helm-docs.gotmpl
new file mode 100644
index 0000000000..995db57e3f
--- /dev/null
+++ b/demo-targets/http-webhook/.helm-docs.gotmpl
@@ -0,0 +1,40 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "HTTP WebHook"
+category: "target"
+type: "service"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Vulnerable HTTP WebHook"
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is HTTP WebHook?
+A Dummy webserver to echo HTTP requests in log.
+
+### Source Code
+
+*
+*
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/demo-targets/http-webhook/.helmignore b/demo-targets/http-webhook/.helmignore
index 1077518d9a..1841875b0d 100644
--- a/demo-targets/http-webhook/.helmignore
+++ b/demo-targets/http-webhook/.helmignore
@@ -25,3 +25,4 @@
.idea/
*.tmproj
.vscode/
+docs/
\ No newline at end of file
diff --git a/demo-targets/http-webhook/README.md b/demo-targets/http-webhook/README.md
index dba7cc4a39..e8c511c428 100644
--- a/demo-targets/http-webhook/README.md
+++ b/demo-targets/http-webhook/README.md
@@ -1,23 +1,55 @@
-# http-webhook
+---
+title: "HTTP WebHook"
+category: "target"
+type: "service"
+state: "released"
+appVersion: "1.16.0"
+usecase: "Vulnerable HTTP WebHook"
+---
-  
+
+
-## Maintainers
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is HTTP WebHook?
+A Dummy webserver to echo HTTP requests in log.
+
+### Source Code
+
+*
+*
+
+## Deployment
+The http-webhook `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install http-webhook secureCodeBox/http-webhook
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| annotations | object | `{}` | add annotations to the deployment, service and pods |
+| autoscaling.enabled | bool | `false` | |
+| autoscaling.maxReplicas | int | `100` | |
+| autoscaling.minReplicas | int | `1` | |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
+| fullnameOverride | string | `""` | |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"docker.io/mendhak/http-https-echo"` | Container Image |
+| image.tag | string | defaults to the latest version because the appVersion tag is not available at docker.io | The image tag |
+| imagePullSecrets | list | `[]` | |
+| ingress.annotations | object | `{}` | |
+| ingress.enabled | bool | `false` | |
+| ingress.hosts[0].host | string | `"chart-example.local"` | |
+| ingress.hosts[0].paths | list | `[]` | |
+| ingress.tls | list | `[]` | |
+| labels | object | `{}` | add labels to the deployment, service and pods |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| podAnnotations | object | `{}` | deprecated. use `labels` instead. Will be removed in v3. todo(@J12934) remove podAnnotations in v3 |
+| podSecurityContext | object | `{}` | |
+| replicaCount | int | `1` | |
+| resources | object | `{}` | |
+| securityContext | object | `{}` | |
+| service.port | int | `80` | |
+| service.type | string | `"ClusterIP"` | |
+| serviceAccount.annotations | object | `{}` | |
+| serviceAccount.create | bool | `true` | |
+| serviceAccount.name | string | `""` | |
+| tolerations | list | `[]` | |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/http-webhook/docs/README.DockerHub-Target.md b/demo-targets/http-webhook/docs/README.DockerHub-Target.md
new file mode 100644
index 0000000000..3b78d077d8
--- /dev/null
+++ b/demo-targets/http-webhook/docs/README.DockerHub-Target.md
@@ -0,0 +1,85 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+
+```bash
+docker pull securecodebox/http-webhook
+```
+
+## What is HTTP WebHook?
+A Dummy webserver to echo HTTP requests in log.
+
+### Source Code
+
+*
+*
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/juice-shop/.helm-docs.gotmpl b/demo-targets/juice-shop/.helm-docs.gotmpl
new file mode 100644
index 0000000000..8b94be0715
--- /dev/null
+++ b/demo-targets/juice-shop/.helm-docs.gotmpl
@@ -0,0 +1,43 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "OWASP JuiceShop"
+category: "target"
+type: "Website"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Modern insecure web application"
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is OWASP JuiceShop?
+
+OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
+
+**Homepage:**
+
+### Source Code
+
+*
+*
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/demo-targets/juice-shop/.helmignore b/demo-targets/juice-shop/.helmignore
index e57b6b2ff5..65508a63c7 100644
--- a/demo-targets/juice-shop/.helmignore
+++ b/demo-targets/juice-shop/.helmignore
@@ -24,3 +24,4 @@
.idea/
*.tmproj
.vscode/
+docs/
\ No newline at end of file
diff --git a/demo-targets/juice-shop/README.md b/demo-targets/juice-shop/README.md
index 60a1bd262f..51ec12c56b 100644
--- a/demo-targets/juice-shop/README.md
+++ b/demo-targets/juice-shop/README.md
@@ -1,23 +1,58 @@
-# juice-shop
+---
+title: "OWASP JuiceShop"
+category: "target"
+type: "Website"
+state: "released"
+appVersion: "v12.7.0"
+usecase: "Modern insecure web application"
+---
-  
+
+
+
+
+
+
+
+
+
+
+
-## Maintainers
+## What is OWASP JuiceShop?
-| Name | Email | Url |
-| ---- | ------ | --- |
-| iteratec GmbH | securecodebox@iteratec.com | |
+OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
+
+**Homepage:**
-## Source Code
+### Source Code
*
*
-## Chart Configuration
+## Deployment
+The juice-shop `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install juice-shop secureCodeBox/juice-shop
+```
+
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -43,3 +78,17 @@ OWASP Juice Shop: Probably the most modern and sophisticated insecure web applic
| service.port | int | `3000` | |
| service.type | string | `"ClusterIP"` | |
| tolerations | list | `[]` | |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/demo-targets/juice-shop/README.md.gotmpl b/demo-targets/juice-shop/README.md.gotmpl
deleted file mode 100644
index 5eff5b75ab..0000000000
--- a/demo-targets/juice-shop/README.md.gotmpl
+++ /dev/null
@@ -1,27 +0,0 @@
-{{- /*
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
-*/ -}}
-# juice-shop
-
-  
-
-OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
-
-**Homepage:**
-
-## Maintainers
-
-| Name | Email | Url |
-| ---- | ------ | --- |
-| iteratec GmbH | securecodebox@iteratec.com | |
-
-## Source Code
-
-*
-*
-
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
diff --git a/demo-targets/juice-shop/docs/README.ArtifactHub.md b/demo-targets/juice-shop/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..92d62babfc
--- /dev/null
+++ b/demo-targets/juice-shop/docs/README.ArtifactHub.md
@@ -0,0 +1,115 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is OWASP JuiceShop?
+
+OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
+
+**Homepage:**
+
+### Source Code
+
+*
+*
+
+## Deployment
+The juice-shop `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install juice-shop secureCodeBox/juice-shop
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| annotations | object | `{}` | add annotations to the deployment, service and pods |
+| fullnameOverride | string | `""` | |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"docker.io/bkimminich/juice-shop"` | Container Image containing the juice-shop |
+| image.tag | string | defaults to the appVersion | The image tag |
+| imagePullSecrets | list | `[]` | |
+| ingress.annotations | object | `{}` | |
+| ingress.enabled | bool | `false` | |
+| ingress.hosts[0].host | string | `"chart-example.local"` | |
+| ingress.hosts[0].paths | list | `[]` | |
+| ingress.tls | list | `[]` | |
+| labels | object | `{}` | add labels to the deployment, service and pods |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| replicaCount | int | `1` | |
+| resources | object | `{}` | |
+| securityContext | object | `{}` | |
+| service.port | int | `3000` | |
+| service.type | string | `"ClusterIP"` | |
+| tolerations | list | `[]` | |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/juice-shop/docs/README.DockerHub-Target.md b/demo-targets/juice-shop/docs/README.DockerHub-Target.md
new file mode 100644
index 0000000000..90d65fab18
--- /dev/null
+++ b/demo-targets/juice-shop/docs/README.DockerHub-Target.md
@@ -0,0 +1,88 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+
+```bash
+docker pull securecodebox/juice-shop
+```
+
+## What is OWASP JuiceShop?
+
+OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
+
+**Homepage:**
+
+### Source Code
+
+*
+*
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/old-wordpress/.helm-docs.gotmpl b/demo-targets/old-wordpress/.helm-docs.gotmpl
new file mode 100644
index 0000000000..4fcb913b40
--- /dev/null
+++ b/demo-targets/old-wordpress/.helm-docs.gotmpl
@@ -0,0 +1,40 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "Old Wordpress"
+category: "target"
+type: "Website"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Modern insecure web application"
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is Old Wordpress?
+
+Insecure & Outdated WordPress Instance: Never expose it to the internet!
+
+### Source Code
+
+*
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/demo-targets/old-wordpress/.helmignore b/demo-targets/old-wordpress/.helmignore
index e57b6b2ff5..65508a63c7 100644
--- a/demo-targets/old-wordpress/.helmignore
+++ b/demo-targets/old-wordpress/.helmignore
@@ -24,3 +24,4 @@
.idea/
*.tmproj
.vscode/
+docs/
\ No newline at end of file
diff --git a/demo-targets/old-wordpress/README.md b/demo-targets/old-wordpress/README.md
index 9bdb919ad4..a40a2325d1 100644
--- a/demo-targets/old-wordpress/README.md
+++ b/demo-targets/old-wordpress/README.md
@@ -1,22 +1,55 @@
-# old-wordpress
+---
+title: "Old Wordpress"
+category: "target"
+type: "Website"
+state: "released"
+appVersion: "4.0"
+usecase: "Modern insecure web application"
+---
-  
+
+
-**Homepage:**
+
+
+
+
+
+
+
+
-## Maintainers
+## What is Old Wordpress?
-| Name | Email | Url |
-| ---- | ------ | --- |
-| iteratec GmbH | securecodebox@iteratec.com | |
+Insecure & Outdated WordPress Instance: Never expose it to the internet!
-## Source Code
+### Source Code
*
-## Chart Configuration
+## Deployment
+The old-wordpress `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install old-wordpress secureCodeBox/old-wordpress
+```
+
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -37,3 +70,17 @@ Insecure & Outdated WordPress Instance: Never expose it to the internet!
| service.port | int | `80` | |
| service.type | string | `"ClusterIP"` | |
| tolerations | list | `[]` | |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/demo-targets/old-wordpress/README.md.gotmpl b/demo-targets/old-wordpress/README.md.gotmpl
deleted file mode 100644
index 4734d9ed1e..0000000000
--- a/demo-targets/old-wordpress/README.md.gotmpl
+++ /dev/null
@@ -1,26 +0,0 @@
-{{- /*
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
-*/ -}}
-# old-wordpress
-
-  
-
-Insecure & Outdated WordPress Instance: Never expose it to the internet!
-
-**Homepage:**
-
-## Maintainers
-
-| Name | Email | Url |
-| ---- | ------ | --- |
-| iteratec GmbH | securecodebox@iteratec.com | |
-
-## Source Code
-
-*
-
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
diff --git a/demo-targets/old-wordpress/docs/README.ArtifactHub.md b/demo-targets/old-wordpress/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..49d124bce3
--- /dev/null
+++ b/demo-targets/old-wordpress/docs/README.ArtifactHub.md
@@ -0,0 +1,107 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is Old Wordpress?
+
+Insecure & Outdated WordPress Instance: Never expose it to the internet!
+
+### Source Code
+
+*
+
+## Deployment
+The old-wordpress `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install old-wordpress secureCodeBox/old-wordpress
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| annotations | object | `{}` | add annotations to the deployment, service and pods |
+| fullnameOverride | string | `""` | |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"docker.io/securecodebox/old-wordpress"` | Container Image |
+| image.tag | string | defaults to the appVersion | The image tag |
+| imagePullSecrets | list | `[]` | |
+| labels | object | `{}` | add labels to the deployment, service and pods |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| replicaCount | int | `1` | |
+| resources | object | `{}` | |
+| securityContext | object | `{}` | |
+| service.port | int | `80` | |
+| service.type | string | `"ClusterIP"` | |
+| tolerations | list | `[]` | |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/old-wordpress/docs/README.DockerHub-Target.md b/demo-targets/old-wordpress/docs/README.DockerHub-Target.md
new file mode 100644
index 0000000000..76467d4dce
--- /dev/null
+++ b/demo-targets/old-wordpress/docs/README.DockerHub-Target.md
@@ -0,0 +1,85 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+
+```bash
+docker pull securecodebox/old-wordpress
+```
+
+## What is Old Wordpress?
+
+Insecure & Outdated WordPress Instance: Never expose it to the internet!
+
+### Source Code
+
+*
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/swagger-petstore/.helm-docs.gotmpl b/demo-targets/swagger-petstore/.helm-docs.gotmpl
new file mode 100644
index 0000000000..930e674e91
--- /dev/null
+++ b/demo-targets/swagger-petstore/.helm-docs.gotmpl
@@ -0,0 +1,41 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "Swagger Petstore API"
+category: "target"
+type: "Website"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Modern insecure web application"
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is "Swagger Petstore API"?
+
+This is the sample petstore application with a restful API.
+
+### Source Code
+
+*
+*
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/demo-targets/swagger-petstore/.helmignore b/demo-targets/swagger-petstore/.helmignore
index e57b6b2ff5..65508a63c7 100644
--- a/demo-targets/swagger-petstore/.helmignore
+++ b/demo-targets/swagger-petstore/.helmignore
@@ -24,3 +24,4 @@
.idea/
*.tmproj
.vscode/
+docs/
\ No newline at end of file
diff --git a/demo-targets/swagger-petstore/README.md b/demo-targets/swagger-petstore/README.md
index 792a5c1a1a..7a4cab5fd1 100644
--- a/demo-targets/swagger-petstore/README.md
+++ b/demo-targets/swagger-petstore/README.md
@@ -1,23 +1,56 @@
-# swagger-petstore
+---
+title: "Swagger Petstore API"
+category: "target"
+type: "Website"
+state: "released"
+appVersion: "1.0.3"
+usecase: "Modern insecure web application"
+---
-  
+
+
-**Homepage:**
+
+
+
+
+
+
+
+
-## Maintainers
+## What is "Swagger Petstore API"?
-| Name | Email | Url |
-| ---- | ------ | --- |
-| iteratec GmbH | securecodebox@iteratec.com | |
+This is the sample petstore application with a restful API.
-## Source Code
+### Source Code
*
*
-## Chart Configuration
+## Deployment
+The swagger-petstore `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install swagger-petstore secureCodeBox/swagger-petstore
+```
+
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -44,3 +77,17 @@ This is the sample petstore application with a restful API.
| service.type | string | `"ClusterIP"` | |
| swaggerHostOverride | string | `"http://swagger-petstore.demo-targets.svc"` | |
| tolerations | list | `[]` | |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/demo-targets/swagger-petstore/README.md.gotmpl b/demo-targets/swagger-petstore/README.md.gotmpl
deleted file mode 100644
index 48f0074d63..0000000000
--- a/demo-targets/swagger-petstore/README.md.gotmpl
+++ /dev/null
@@ -1,27 +0,0 @@
-{{- /*
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
-*/ -}}
-# swagger-petstore
-
-  
-
-This is the sample petstore application with a restful API.
-
-**Homepage:**
-
-## Maintainers
-
-| Name | Email | Url |
-| ---- | ------ | --- |
-| iteratec GmbH | securecodebox@iteratec.com | |
-
-## Source Code
-
-*
-*
-
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
diff --git a/demo-targets/swagger-petstore/docs/README.ArtifactHub.md b/demo-targets/swagger-petstore/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..ea0bde90e2
--- /dev/null
+++ b/demo-targets/swagger-petstore/docs/README.ArtifactHub.md
@@ -0,0 +1,114 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is "Swagger Petstore API"?
+
+This is the sample petstore application with a restful API.
+
+### Source Code
+
+*
+*
+
+## Deployment
+The swagger-petstore `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install swagger-petstore secureCodeBox/swagger-petstore
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| annotations | object | `{}` | add annotations to the deployment, service and pods |
+| fullnameOverride | string | `""` | |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"docker.io/swaggerapi/petstore"` | Container Image |
+| image.tag | string | defaults to the appVersion | The image tag |
+| imagePullSecrets | list | `[]` | |
+| ingress.annotations | object | `{}` | |
+| ingress.enabled | bool | `false` | |
+| ingress.hosts[0].host | string | `"chart-example.local"` | |
+| ingress.hosts[0].paths | list | `[]` | |
+| ingress.tls | list | `[]` | |
+| labels | object | `{}` | add labels to the deployment, service and pods |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| replicaCount | int | `1` | |
+| resources | object | `{}` | |
+| securityContext | object | `{}` | |
+| service.port | int | `80` | |
+| service.type | string | `"ClusterIP"` | |
+| swaggerHostOverride | string | `"http://swagger-petstore.demo-targets.svc"` | |
+| tolerations | list | `[]` | |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/swagger-petstore/docs/README.DockerHub-Target.md b/demo-targets/swagger-petstore/docs/README.DockerHub-Target.md
new file mode 100644
index 0000000000..3ae2192075
--- /dev/null
+++ b/demo-targets/swagger-petstore/docs/README.DockerHub-Target.md
@@ -0,0 +1,86 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+
+```bash
+docker pull securecodebox/swagger-petstore
+```
+
+## What is "Swagger Petstore API"?
+
+This is the sample petstore application with a restful API.
+
+### Source Code
+
+*
+*
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/unsafe-https/.helm-docs.gotmpl b/demo-targets/unsafe-https/.helm-docs.gotmpl
new file mode 100644
index 0000000000..5cf4a84971
--- /dev/null
+++ b/demo-targets/unsafe-https/.helm-docs.gotmpl
@@ -0,0 +1,42 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "Unsafe HTTPS"
+category: "target"
+type: "Website"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Modern insecure web application"
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is "Unsafe HTTPS"?
+
+Unsafe https Server for SSL Checking.
+Can be used for scanners that check for unsafe ssl certificates, as the server uses a self-signed certificate
+which contains both private and public key and is not authorized by a third party.
+
+### Source Code
+
+*
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/demo-targets/unsafe-https/.helmignore b/demo-targets/unsafe-https/.helmignore
index e57b6b2ff5..65508a63c7 100644
--- a/demo-targets/unsafe-https/.helmignore
+++ b/demo-targets/unsafe-https/.helmignore
@@ -24,3 +24,4 @@
.idea/
*.tmproj
.vscode/
+docs/
\ No newline at end of file
diff --git a/demo-targets/unsafe-https/README.md b/demo-targets/unsafe-https/README.md
index d258e5785d..f0d667421d 100644
--- a/demo-targets/unsafe-https/README.md
+++ b/demo-targets/unsafe-https/README.md
@@ -1,24 +1,57 @@
-# unsafe-https
+---
+title: "Unsafe HTTPS"
+category: "target"
+type: "Website"
+state: "released"
+appVersion: "v1.0.0"
+usecase: "Modern insecure web application"
+---
-  
+
+
+
+
+
+
+
+
+
+
+
+
+## What is "Unsafe HTTPS"?
Unsafe https Server for SSL Checking.
Can be used for scanners that check for unsafe ssl certificates, as the server uses a self-signed certificate
which contains both private and public key and is not authorized by a third party.
-**Homepage:**
+### Source Code
-## Maintainers
+*
-| Name | Email | Url |
-| ---- | ------ | --- |
-| iteratec GmbH | securecodebox@iteratec.com | |
+## Deployment
+The unsafe-https `scanType` can be deployed via helm:
-## Source Code
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install unsafe-https secureCodeBox/unsafe-https
+```
-*
-
-## Chart Configuration
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -39,3 +72,17 @@ which contains both private and public key and is not authorized by a third part
| service.port | int | `443` | |
| service.type | string | `"ClusterIP"` | |
| tolerations | list | `[]` | |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/demo-targets/unsafe-https/README.md.gotmpl b/demo-targets/unsafe-https/README.md.gotmpl
deleted file mode 100644
index 8b6e26bee7..0000000000
--- a/demo-targets/unsafe-https/README.md.gotmpl
+++ /dev/null
@@ -1,28 +0,0 @@
-{{- /*
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
-*/ -}}
-# unsafe-https
-
-  
-
-Unsafe https Server for SSL Checking.
-Can be used for scanners that check for unsafe ssl certificates, as the server uses a self-signed certificate
-which contains both private and public key and is not authorized by a third party.
-
-**Homepage:**
-
-## Maintainers
-
-| Name | Email | Url |
-| ---- | ------ | --- |
-| iteratec GmbH | securecodebox@iteratec.com | |
-
-## Source Code
-
-*
-
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
diff --git a/demo-targets/unsafe-https/docs/README.ArtifactHub.md b/demo-targets/unsafe-https/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..23615e520a
--- /dev/null
+++ b/demo-targets/unsafe-https/docs/README.ArtifactHub.md
@@ -0,0 +1,109 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is "Unsafe HTTPS"?
+
+Unsafe https Server for SSL Checking.
+Can be used for scanners that check for unsafe ssl certificates, as the server uses a self-signed certificate
+which contains both private and public key and is not authorized by a third party.
+
+### Source Code
+
+*
+
+## Deployment
+The unsafe-https `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install unsafe-https secureCodeBox/unsafe-https
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| annotations | object | `{}` | add annotations to the deployment, service and pods |
+| fullnameOverride | string | `""` | |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"docker.io/securecodebox/unsafe-https"` | Container Image |
+| image.tag | string | `nil` | |
+| imagePullSecrets | list | `[]` | |
+| labels | object | `{}` | add labels to the deployment, service and pods |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| replicaCount | int | `1` | |
+| resources | object | `{}` | |
+| securityContext | object | `{}` | |
+| service.port | int | `443` | |
+| service.type | string | `"ClusterIP"` | |
+| tolerations | list | `[]` | |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/demo-targets/unsafe-https/docs/README.DockerHub-Target.md b/demo-targets/unsafe-https/docs/README.DockerHub-Target.md
new file mode 100644
index 0000000000..9a18ece71b
--- /dev/null
+++ b/demo-targets/unsafe-https/docs/README.DockerHub-Target.md
@@ -0,0 +1,87 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This image is an potentialy vulnerable service or application which is used for demo purposes, automated tests and trainings.
+
+```bash
+docker pull securecodebox/unsafe-https
+```
+
+## What is "Unsafe HTTPS"?
+
+Unsafe https Server for SSL Checking.
+Can be used for scanners that check for unsafe ssl certificates, as the server uses a self-signed certificate
+which contains both private and public key and is not authorized by a third party.
+
+### Source Code
+
+*
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/docs/release.md b/docs/release.md
new file mode 100644
index 0000000000..ba03bdff2f
--- /dev/null
+++ b/docs/release.md
@@ -0,0 +1,13 @@
+## A list of steps to ensure after a new secureCodeBox release
+- Ensure and update all charts with a new release chartversion x.x.x-alpha1
+- Add the minor or major release version to the `helm-docs` template: `./.helm-docs/template.gotmpl
+- Ensure the all chart annotations specific for ArtifactHub are correct (e.g. release notes)
+- Check/update ./SECURITY.md
+- Check Service Tweet & Slack Notification
+-
+
+::: Note
+
+In the future we should try to automate this steps also for each release!
+
+:::
\ No newline at end of file
diff --git a/hooks/.helm-docs.gotmpl b/hooks/.helm-docs.gotmpl
new file mode 100644
index 0000000000..01eaa201da
--- /dev/null
+++ b/hooks/.helm-docs.gotmpl
@@ -0,0 +1,53 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "Name of the Hook"
+category: "hook"
+type: "processing"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Takes Screenshots of websites"
+---
+
+
+
+{{- end }}
+
+{{- define "extra.chartDeploymentSection" -}}
+## Deployment
+
+The {{ template "chart.name" . }} `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install {{ template "chart.name" . }} secureCodeBox/{{ template "chart.name" . }}
+```
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is HookName?
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
+
+...
+{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+[owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+{{- end }}
\ No newline at end of file
diff --git a/hooks/cascading-scans/.dockerignore b/hooks/cascading-scans/.dockerignore
index 51880e34e9..4bd1e65ade 100644
--- a/hooks/cascading-scans/.dockerignore
+++ b/hooks/cascading-scans/.dockerignore
@@ -2,4 +2,5 @@
#
# SPDX-License-Identifier: Apache-2.0
-node_modules/
\ No newline at end of file
+node_modules/
+docs/
\ No newline at end of file
diff --git a/hooks/cascading-scans/README.md.gotmpl b/hooks/cascading-scans/.helm-docs.gotmpl
similarity index 68%
rename from hooks/cascading-scans/README.md.gotmpl
rename to hooks/cascading-scans/.helm-docs.gotmpl
index e08bc8450e..eff1902ecc 100644
--- a/hooks/cascading-scans/README.md.gotmpl
+++ b/hooks/cascading-scans/.helm-docs.gotmpl
@@ -3,6 +3,8 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH
SPDX-License-Identifier: Apache-2.0
*/ -}}
+
+{{- define "extra.docsSection" -}}
---
title: "Cascading Scans"
category: "hook"
@@ -10,25 +12,37 @@ type: "processing"
state: "released"
usecase: "Cascading Scans based declarative Rules."
---
+{{- end }}
-
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
-## Deployment
+{{- define "extra.chartAboutSection" -}}
+## What is "Cascading Scans" Hook about?
+The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets.
+The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.
-Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans.
+<-- Todo: should be replaced with an valid docs.secureCodeBox.io link as soon as all ADRs are added there -->
+This Hook is based on the ADR https://github.com/secureCodeBox/secureCodeBox/blob/main/docs/adr/adr_0003.md
+{{- end }}
-```bash
-helm upgrade --install dssh secureCodeBox/cascading-scans
-```
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
+Installing the `Cascading Scans` hook will add a `ReadOnly Hook` to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans.
### Verification
```bash
kubectl get ScanCompletionHooks
NAME TYPE IMAGE
-dssh ReadOnly docker.io/securecodebox/cascading-scans:latest
+dssh ReadOnly docker.io/securecodebox/hook-cascading-scans:latest
```
-## CascadingScan Rules
+### CascadingScan Rules
The CascadingRules are included directly in each helm chart of the individual scanners.
There is a configuration option `cascadingRules.enabled` for each scanner to prevent this inclusion.
@@ -46,11 +60,11 @@ ssh-scan ssh-scan non-invasive light
zap-http zap-baseline-scan non-invasive medium
```
-## Starting a cascading Scan
+### Starting a cascading Scan
When you start a normal Scan, no CascadingRule will be applied. To use a _CascadingRule_ the scan must be marked to allow cascading rules.
This is implemented using kubernetes label selectors, meaning that scans mark the classes of scans which are allowed to be cascaded by the current one.
-### Example
+#### Example
```yaml
cat <
+
+
+
+
+
+
+
+
+
+
+
+
+## What is "Cascading Scans" Hook about?
+The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets.
+The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.
+
+<-- Todo: should be replaced with an valid docs.secureCodeBox.io link as soon as all ADRs are added there -->
+This Hook is based on the ADR https://github.com/secureCodeBox/secureCodeBox/blob/main/docs/adr/adr_0003.md
## Deployment
-
-Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans.
+The cascading-scans `scanType` can be deployed via helm:
```bash
-helm upgrade --install dssh secureCodeBox/cascading-scans
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install cascading-scans secureCodeBox/cascading-scans
```
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+Installing the `Cascading Scans` hook will add a `ReadOnly Hook` to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans.
+
### Verification
```bash
kubectl get ScanCompletionHooks
NAME TYPE IMAGE
-dssh ReadOnly docker.io/securecodebox/cascading-scans:latest
+dssh ReadOnly docker.io/securecodebox/hook-cascading-scans:latest
```
-## CascadingScan Rules
+### CascadingScan Rules
The CascadingRules are included directly in each helm chart of the individual scanners.
There is a configuration option `cascadingRules.enabled` for each scanner to prevent this inclusion.
@@ -41,11 +79,11 @@ ssh-scan ssh-scan non-invasive light
zap-http zap-baseline-scan non-invasive medium
```
-## Starting a cascading Scan
+### Starting a cascading Scan
When you start a normal Scan, no CascadingRule will be applied. To use a _CascadingRule_ the scan must be marked to allow cascading rules.
This is implemented using kubernetes label selectors, meaning that scans mark the classes of scans which are allowed to be cascaded by the current one.
-### Example
+#### Example
```yaml
cat <
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is "Cascading Scans" Hook about?
+The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets.
+The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.
+
+<-- Todo: should be replaced with an valid docs.secureCodeBox.io link as soon as all ADRs are added there -->
+This Hook is based on the ADR https://github.com/secureCodeBox/secureCodeBox/blob/main/docs/adr/adr_0003.md
+
+## Deployment
+The cascading-scans `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install cascading-scans secureCodeBox/cascading-scans
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+Installing the `Cascading Scans` hook will add a `ReadOnly Hook` to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans.
+
+### Verification
+```bash
+kubectl get ScanCompletionHooks
+NAME TYPE IMAGE
+dssh ReadOnly docker.io/securecodebox/hook-cascading-scans:latest
+```
+
+### CascadingScan Rules
+The CascadingRules are included directly in each helm chart of the individual scanners.
+There is a configuration option `cascadingRules.enabled` for each scanner to prevent this inclusion.
+
+```bash
+# Check your CascadingRules
+kubectl get CascadingRules
+NAME STARTS INVASIVENESS INTENSIVENESS
+https-tls-scan sslyze non-invasive light
+imaps-tls-scan sslyze non-invasive light
+nikto-http nikto non-invasive medium
+nmap-smb nmap non-invasive light
+pop3s-tls-scan sslyze non-invasive light
+smtps-tls-scan sslyze non-invasive light
+ssh-scan ssh-scan non-invasive light
+zap-http zap-baseline-scan non-invasive medium
+```
+
+### Starting a cascading Scan
+When you start a normal Scan, no CascadingRule will be applied. To use a _CascadingRule_ the scan must be marked to allow cascading rules.
+This is implemented using kubernetes label selectors, meaning that scans mark the classes of scans which are allowed to be cascaded by the current one.
+
+#### Example
+```yaml
+cat <
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/cascading-scans].
+
+```bash
+docker pull securecodebox/hook-cascading-scans
+```
+
+## What is "Cascading Scans" Hook about?
+The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets.
+The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.
+
+<-- Todo: should be replaced with an valid docs.secureCodeBox.io link as soon as all ADRs are added there -->
+This Hook is based on the ADR https://github.com/secureCodeBox/secureCodeBox/blob/main/docs/adr/adr_0003.md
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/finding-post-processing/.dockerignore b/hooks/finding-post-processing/.dockerignore
index d7d2722c0b..e538d85481 100644
--- a/hooks/finding-post-processing/.dockerignore
+++ b/hooks/finding-post-processing/.dockerignore
@@ -3,4 +3,5 @@
# SPDX-License-Identifier: Apache-2.0
node_modules/
+docs/
diff --git a/hooks/finding-post-processing/README.md.gotmpl b/hooks/finding-post-processing/.helm-docs.gotmpl
similarity index 61%
rename from hooks/finding-post-processing/README.md.gotmpl
rename to hooks/finding-post-processing/.helm-docs.gotmpl
index 859e474663..37875a64d0 100644
--- a/hooks/finding-post-processing/README.md.gotmpl
+++ b/hooks/finding-post-processing/.helm-docs.gotmpl
@@ -3,6 +3,8 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH
SPDX-License-Identifier: Apache-2.0
*/ -}}
+
+{{- define "extra.docsSection" -}}
---
title: "Finding Post Processing"
category: "hook"
@@ -10,23 +12,30 @@ type: "dataProcessing"
state: "released"
usecase: "Updates fields for findings meeting specified conditions."
---
+{{- end }}
-
-
-## Deployment
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+{{- define "extra.chartAboutSection" -}}
+## What is "Finding Post Processing" Hook about?
Installing the _Finding Post Processing_ hook will add a ReadAndWrite Hook to your namespace,
which can be used to add or update fields from your findings meeting specified conditions.
+{{- end }}
-```bash
-helm upgrade --install fpp secureCodeBox/finding-post-processing
-```
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
-## Rule Configuration
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
-The rules can be defined in the values of the Chart.
+### Rule Configuration
+The _rules_ can be defined in the `values` of the HelmChart.
The syntax and semantic for these rules are quite similar to CascadingRules (See: [secureCodeBox | CascadingRules](/docs/api/crds/cascading-rule))
-To define Rules you will have to provide the `rules` field with one or more `matches` elements.
+
+To define rules you will have to provide the `rules` field with one or more `matches` elements.
Each `machtes` defines one Rule.
For example:
@@ -43,18 +52,19 @@ rules:
description: "Telnet is bad"
```
-This Rule will match all Findings with an open port on 23 and override the severity for this finding with `high` as well as providing a new description `Telnet is bad`.
+This rule will match all findings with an open port on 23 and override the severity for this finding with `high` as well as providing a new description `Telnet is bad!`.
-### matches
+#### matches
Within the `matches` you will have to provide `anyOf` and `override`.
In the `anyOff` contains one or more conditions to be met by the finding to match the rule.
Notice that only one of these elements needs to match the finding for the rule to match.
-### override
+#### override
The `override` field specifies the desired fields and values that need to be updated or added if the rule is matching.
-## Chart Configuration
+{{- end }}
-{{ template "chart.valuesTable" . }}
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/hooks/finding-post-processing/.helmignore b/hooks/finding-post-processing/.helmignore
index e049b0cfdd..de5512a97d 100644
--- a/hooks/finding-post-processing/.helmignore
+++ b/hooks/finding-post-processing/.helmignore
@@ -32,4 +32,5 @@ src/*
config/*
Dockerfile
.dockerignore
+docs/
diff --git a/hooks/finding-post-processing/README.md b/hooks/finding-post-processing/README.md
index 6f53e21f25..89693aac6a 100644
--- a/hooks/finding-post-processing/README.md
+++ b/hooks/finding-post-processing/README.md
@@ -6,22 +6,55 @@ state: "released"
usecase: "Updates fields for findings meeting specified conditions."
---
-
+
+
+
+
+
+
+
+
+
+
+
+## What is "Finding Post Processing" Hook about?
Installing the _Finding Post Processing_ hook will add a ReadAndWrite Hook to your namespace,
which can be used to add or update fields from your findings meeting specified conditions.
+## Deployment
+The finding-post-processing `scanType` can be deployed via helm:
+
```bash
-helm upgrade --install fpp secureCodeBox/finding-post-processing
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install finding-post-processing secureCodeBox/finding-post-processing
```
-## Rule Configuration
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
-The rules can be defined in the values of the Chart.
+## Additional Chart Configurations
+
+### Rule Configuration
+The _rules_ can be defined in the `values` of the HelmChart.
The syntax and semantic for these rules are quite similar to CascadingRules (See: [secureCodeBox | CascadingRules](/docs/api/crds/cascading-rule))
-To define Rules you will have to provide the `rules` field with one or more `matches` elements.
+
+To define rules you will have to provide the `rules` field with one or more `matches` elements.
Each `machtes` defines one Rule.
For example:
@@ -38,19 +71,19 @@ rules:
description: "Telnet is bad"
```
-This Rule will match all Findings with an open port on 23 and override the severity for this finding with `high` as well as providing a new description `Telnet is bad`.
+This rule will match all findings with an open port on 23 and override the severity for this finding with `high` as well as providing a new description `Telnet is bad!`.
-### matches
+#### matches
Within the `matches` you will have to provide `anyOf` and `override`.
In the `anyOff` contains one or more conditions to be met by the finding to match the rule.
Notice that only one of these elements needs to match the finding for the rule to match.
-### override
+#### override
The `override` field specifies the desired fields and values that need to be updated or added if the rule is matching.
-## Chart Configuration
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -58,3 +91,17 @@ The `override` field specifies the desired fields and values that need to be upd
| hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
| hook.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
| rules | list | `[]` | |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/hooks/finding-post-processing/docs/README.ArtifactHub.md b/hooks/finding-post-processing/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..9efd554e39
--- /dev/null
+++ b/hooks/finding-post-processing/docs/README.ArtifactHub.md
@@ -0,0 +1,129 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is "Finding Post Processing" Hook about?
+Installing the _Finding Post Processing_ hook will add a ReadAndWrite Hook to your namespace,
+which can be used to add or update fields from your findings meeting specified conditions.
+
+## Deployment
+The finding-post-processing `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install finding-post-processing secureCodeBox/finding-post-processing
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+
+### Rule Configuration
+The _rules_ can be defined in the `values` of the HelmChart.
+The syntax and semantic for these rules are quite similar to CascadingRules (See: [secureCodeBox | CascadingRules](/docs/api/crds/cascading-rule))
+
+To define rules you will have to provide the `rules` field with one or more `matches` elements.
+Each `machtes` defines one Rule.
+For example:
+
+```yaml
+rules:
+ - matches:
+ anyOf:
+ - category: "Open Port"
+ attributes:
+ port: 23
+ state: open
+ override:
+ severity: "high"
+ description: "Telnet is bad"
+```
+
+This rule will match all findings with an open port on 23 and override the severity for this finding with `high` as well as providing a new description `Telnet is bad!`.
+
+#### matches
+
+Within the `matches` you will have to provide `anyOf` and `override`.
+In the `anyOff` contains one or more conditions to be met by the finding to match the rule.
+Notice that only one of these elements needs to match the finding for the rule to match.
+
+#### override
+
+The `override` field specifies the desired fields and values that need to be updated or added if the rule is matching.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| hook.image.repository | string | `"docker.io/securecodebox/hook-finding-post-processing"` | Hook image repository |
+| hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
+| hook.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+| rules | list | `[]` | |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/finding-post-processing/docs/README.DockerHub-Hook.md b/hooks/finding-post-processing/docs/README.DockerHub-Hook.md
new file mode 100644
index 0000000000..cd94f0e4d3
--- /dev/null
+++ b/hooks/finding-post-processing/docs/README.DockerHub-Hook.md
@@ -0,0 +1,81 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/finding-post-processing].
+
+```bash
+docker pull securecodebox/hook-finding-post-processing
+```
+
+## What is "Finding Post Processing" Hook about?
+Installing the _Finding Post Processing_ hook will add a ReadAndWrite Hook to your namespace,
+which can be used to add or update fields from your findings meeting specified conditions.
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/generic-webhook/.dockerignore b/hooks/generic-webhook/.dockerignore
index 51880e34e9..4bd1e65ade 100644
--- a/hooks/generic-webhook/.dockerignore
+++ b/hooks/generic-webhook/.dockerignore
@@ -2,4 +2,5 @@
#
# SPDX-License-Identifier: Apache-2.0
-node_modules/
\ No newline at end of file
+node_modules/
+docs/
\ No newline at end of file
diff --git a/hooks/generic-webhook/.helm-docs.gotmpl b/hooks/generic-webhook/.helm-docs.gotmpl
new file mode 100644
index 0000000000..650a574398
--- /dev/null
+++ b/hooks/generic-webhook/.helm-docs.gotmpl
@@ -0,0 +1,38 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "Generic WebHook"
+category: "hook"
+type: "integration"
+state: "released"
+usecase: "Publishes Scan Findings as WebHook."
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is "Generic WebHook" Hook about?
+Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace which is capable of sending scan results containing `findings` to a given webhook url.
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
+
+> β This documentation is currently work-in-progress.
+{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/hooks/generic-webhook/.helmignore b/hooks/generic-webhook/.helmignore
index 808f8cc105..61cd3f6ac9 100644
--- a/hooks/generic-webhook/.helmignore
+++ b/hooks/generic-webhook/.helmignore
@@ -32,3 +32,4 @@ src/*
config/*
Dockerfile
.dockerignore
+docs/
diff --git a/hooks/generic-webhook/Chart.lock b/hooks/generic-webhook/Chart.lock
deleted file mode 100644
index eb7f3a2456..0000000000
--- a/hooks/generic-webhook/Chart.lock
+++ /dev/null
@@ -1,3 +0,0 @@
-dependencies: []
-digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2020-05-26T16:56:03.119255+02:00"
diff --git a/hooks/generic-webhook/Chart.lock.license b/hooks/generic-webhook/Chart.lock.license
deleted file mode 100644
index e71098bf60..0000000000
--- a/hooks/generic-webhook/Chart.lock.license
+++ /dev/null
@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
diff --git a/hooks/generic-webhook/README.md b/hooks/generic-webhook/README.md
index 31bde16360..75ffe561e6 100644
--- a/hooks/generic-webhook/README.md
+++ b/hooks/generic-webhook/README.md
@@ -6,18 +6,52 @@ state: "released"
usecase: "Publishes Scan Findings as WebHook."
---
-
+
+
-Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace.
+
+
+
+
+
+
+
+
+
+## What is "Generic WebHook" Hook about?
+Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace which is capable of sending scan results containing `findings` to a given webhook url.
+
+## Deployment
+The generic-webhook `scanType` can be deployed via helm:
```bash
-helm upgrade --install gwh secureCodeBox/generic-webhook --set webhookUrl="http://example.com/my/webhook/target"
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install generic-webhook secureCodeBox/generic-webhook
```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+
> β This documentation is currently work-in-progress.
-## Chart Configuration
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -25,3 +59,17 @@ helm upgrade --install gwh secureCodeBox/generic-webhook --set webhookUrl="http:
| hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
| hook.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
| webhookUrl | string | `"http://example.com"` | The URL of your WebHook endpoint |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/hooks/generic-webhook/README.md.gotmpl b/hooks/generic-webhook/README.md.gotmpl
deleted file mode 100644
index a22f66fa4d..0000000000
--- a/hooks/generic-webhook/README.md.gotmpl
+++ /dev/null
@@ -1,27 +0,0 @@
-{{- /*
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
-*/ -}}
----
-title: "Generic WebHook"
-category: "hook"
-type: "integration"
-state: "released"
-usecase: "Publishes Scan Findings as WebHook."
----
-
-
-
-## Deployment
-
-Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace.
-
-```bash
-helm upgrade --install gwh secureCodeBox/generic-webhook --set webhookUrl="http://example.com/my/webhook/target"
-```
-> β This documentation is currently work-in-progress.
-
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
diff --git a/hooks/generic-webhook/docs/README.ArtifactHub.md b/hooks/generic-webhook/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..74404aa940
--- /dev/null
+++ b/hooks/generic-webhook/docs/README.ArtifactHub.md
@@ -0,0 +1,97 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is "Generic WebHook" Hook about?
+Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace which is capable of sending scan results containing `findings` to a given webhook url.
+
+## Deployment
+The generic-webhook `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install generic-webhook secureCodeBox/generic-webhook
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+
+> β This documentation is currently work-in-progress.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| hook.image.repository | string | `"docker.io/securecodebox/hook-generic-webhook"` | Hook image repository |
+| hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
+| hook.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+| webhookUrl | string | `"http://example.com"` | The URL of your WebHook endpoint |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/generic-webhook/docs/README.DockerHub-Hook.md b/hooks/generic-webhook/docs/README.DockerHub-Hook.md
new file mode 100644
index 0000000000..280ada60a0
--- /dev/null
+++ b/hooks/generic-webhook/docs/README.DockerHub-Hook.md
@@ -0,0 +1,80 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/generic-webhook].
+
+```bash
+docker pull securecodebox/hook-generic-webhook
+```
+
+## What is "Generic WebHook" Hook about?
+Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace which is capable of sending scan results containing `findings` to a given webhook url.
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/notification/.dockerignore b/hooks/notification/.dockerignore
index d7d2722c0b..e538d85481 100644
--- a/hooks/notification/.dockerignore
+++ b/hooks/notification/.dockerignore
@@ -3,4 +3,5 @@
# SPDX-License-Identifier: Apache-2.0
node_modules/
+docs/
diff --git a/hooks/notification/README.md.gotmpl b/hooks/notification/.helm-docs.gotmpl
similarity index 88%
rename from hooks/notification/README.md.gotmpl
rename to hooks/notification/.helm-docs.gotmpl
index fbeefc68ed..e17f5d7ba0 100644
--- a/hooks/notification/README.md.gotmpl
+++ b/hooks/notification/.helm-docs.gotmpl
@@ -3,17 +3,34 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH
SPDX-License-Identifier: Apache-2.0
*/ -}}
+
+{{- define "extra.docsSection" -}}
---
title: "Notification Hook"
category: "hook"
type: "integration"
-state: "roadmap"
+state: "released"
usecase: "Publishes Scan Summary to MS Teams, Slack and others."
---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is "Notification" Hook about?
+Installing the Notification WebHook hook will add a ReadOnly Hook to your namespace which is capable of sending scan results containing `findings` as messages to different tools like messangers or even email.
-
+You can customise the message templates on your behalf or use the already provided one.
+{{- end }}
-## Deployment
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
Installing the Notification hook will add a ReadOnly Hook to your namespace.
@@ -24,13 +41,13 @@ helm upgrade --install nwh ./hooks/notification-hook/ --values /path/to/your/val
The `values.yaml` you need depends on the notification type you want to use.
Please take a look at the documentation for each type (e.g. for slack see [Configuration of a Slack Notification](#configuration-o-a-slack-notification))
-## Available Notifier
+### Available Notifier
- [Slack](#configuration-of-a-slack-notification)
- [Slack App](#configuration-of-a-slack-app-notification)
- [Email](#configuration-of-an-email-notification)
-## Configuration of a Notification
+### Configuration of a Notification
The general configuration of a notification looks something like this
@@ -84,7 +101,7 @@ Under `env` you have to define additional information needed for your templates
`env` will be mapped to the `env` implementation of Kubernetes.
This means that you can define key-value pairs as well as providing envs via secrets (See [Define Environment Variables for a Container | Kubernetes](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)).
-### Rule Configuration
+#### Rule Configuration
The rules can be defined in the values of the Chart.
The syntax and semantic for these rules are quite similar to CascadingRules (See: [secureCodeBox | CascadingRules](/docs/api/crds/cascading-rule))
@@ -104,13 +121,13 @@ rules:
This Rule will match all Findings with an open port on 23.
-#### matches
+##### matches
Within the `matches` you will have to provide `anyOf`
`anyOf` contains one or more conditions to be met by the finding to match the rule.
Notice that only one of these elements needs to match the finding for the rule to match.
-### Configuration of a Slack Notification
+#### Configuration of a Slack Notification
To configure a Slack notification set the `type` to `slack` and the `endPoint` to point to your env containing your Webhook URL to slack.
You can use one of the following default templates:
@@ -118,18 +135,18 @@ You can use one of the following default templates:
- `slack-messageCard`: Sends a message with a summary listing the number of findings per category and severity.
- `slack-individual-findings-with-defectdojo`: Sends a message with a list of all findings with a link to the finding in DefectDojo. Will only work correctly if the DefectDojo hook is installed in the same namespace.
-### Configuration of a Slack App Notification
+#### Configuration of a Slack App Notification
The `slack-app` notifier is an _alternate_ way to send notifications to slack using the slack api directly rather then using webhooks.
Use `slack-app` over the normal `slack` if you want to send notifications into different slack channels on a per scan basis.
-#### Slack App Configuration
+##### Slack App Configuration
To set it up, you'll need to create a new slack app at [https://api.slack.com/apps/](https://api.slack.com/apps/) and add the `chat:write` "Bot Token Scope" to it on the "OAuth & Permissions" tab. Then add the bot to your workspace, this will give you the access token (should begin with a `xoxb-`).
To configure a Slack notification set the `type` to `slack-app` and reference the secret via the `SLACK_APP_TOKEN` env var.
-#### Example Config
+##### Example Config
```yaml
notificationChannels:
@@ -150,12 +167,12 @@ env:
value: "#example-channel"
```
-#### Supported Notification Channels
+##### Supported Notification Channels
The `slack-app` notifier supports the same message templates as the `slack` notifier.
See [slack](#configuration-of-a-slack-notification) for the supported message types.
-#### Scan / Channel Config
+##### Scan / Channel Config
You can configure to which channel the message is sent to by setting the `notification.securecodebox.io/slack-channel` to the channel the message should be sent to, the following example will send its notifications to the `#juice-shop-dev` channel in the slack workspace of the configured token.
@@ -174,7 +191,7 @@ spec:
- juice-shop.default.svc
```
-### Configuration Of An Email Notification
+#### Configuration Of An Email Notification
To configure an email notification set the `type` to `email` and the `endPoint` to point to your env containing your target email address.
You can use one of the following default templates:
@@ -210,7 +227,7 @@ env:
value: secureCodeBox
```
-## Custom Message Templates
+### Custom Message Templates
CAUTION: Nunjucks templates allow code to be injected! Use templates from trusted sources only!
@@ -224,7 +241,7 @@ To fill your template with data we provide the following objects.
| findings | An array of the findings matching your rules (See [Finding | secureCodeBox](https://docs.securecodebox.io/docs/api/finding) |
| scan | An Object containing information about the scan that triggered the notification (See [Scan | secureCodeBox](https://docs.securecodebox.io/docs/api/crds/scan) |
| args | contains `process.env` (See: [process.env | nodejs](https://nodejs.org/api/process.html#process_process_env)) you can use this to access data defined in `env` of the `values.yaml` |
+{{- end }}
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/hooks/notification/.helmignore b/hooks/notification/.helmignore
index e049b0cfdd..de5512a97d 100644
--- a/hooks/notification/.helmignore
+++ b/hooks/notification/.helmignore
@@ -32,4 +32,5 @@ src/*
config/*
Dockerfile
.dockerignore
+docs/
diff --git a/hooks/notification/Chart.lock b/hooks/notification/Chart.lock
deleted file mode 100644
index eb7f3a2456..0000000000
--- a/hooks/notification/Chart.lock
+++ /dev/null
@@ -1,3 +0,0 @@
-dependencies: []
-digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2020-05-26T16:56:03.119255+02:00"
diff --git a/hooks/notification/Chart.lock.license b/hooks/notification/Chart.lock.license
deleted file mode 100644
index e71098bf60..0000000000
--- a/hooks/notification/Chart.lock.license
+++ /dev/null
@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
diff --git a/hooks/notification/README.md b/hooks/notification/README.md
index 85c2df3b07..af712a84bf 100644
--- a/hooks/notification/README.md
+++ b/hooks/notification/README.md
@@ -2,13 +2,54 @@
title: "Notification Hook"
category: "hook"
type: "integration"
-state: "roadmap"
+state: "released"
usecase: "Publishes Scan Summary to MS Teams, Slack and others."
---
-
+
+
+
+
+
+
+
+
+
+
+
+
+## What is "Notification" Hook about?
+Installing the Notification WebHook hook will add a ReadOnly Hook to your namespace which is capable of sending scan results containing `findings` as messages to different tools like messangers or even email.
+
+You can customise the message templates on your behalf or use the already provided one.
## Deployment
+The notification `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install notification secureCodeBox/notification
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
Installing the Notification hook will add a ReadOnly Hook to your namespace.
@@ -19,13 +60,13 @@ helm upgrade --install nwh ./hooks/notification-hook/ --values /path/to/your/val
The `values.yaml` you need depends on the notification type you want to use.
Please take a look at the documentation for each type (e.g. for slack see [Configuration of a Slack Notification](#configuration-o-a-slack-notification))
-## Available Notifier
+### Available Notifier
- [Slack](#configuration-of-a-slack-notification)
- [Slack App](#configuration-of-a-slack-app-notification)
- [Email](#configuration-of-an-email-notification)
-## Configuration of a Notification
+### Configuration of a Notification
The general configuration of a notification looks something like this
@@ -79,7 +120,7 @@ Under `env` you have to define additional information needed for your templates
`env` will be mapped to the `env` implementation of Kubernetes.
This means that you can define key-value pairs as well as providing envs via secrets (See [Define Environment Variables for a Container | Kubernetes](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)).
-### Rule Configuration
+#### Rule Configuration
The rules can be defined in the values of the Chart.
The syntax and semantic for these rules are quite similar to CascadingRules (See: [secureCodeBox | CascadingRules](/docs/api/crds/cascading-rule))
@@ -99,13 +140,13 @@ rules:
This Rule will match all Findings with an open port on 23.
-#### matches
+##### matches
Within the `matches` you will have to provide `anyOf`
`anyOf` contains one or more conditions to be met by the finding to match the rule.
Notice that only one of these elements needs to match the finding for the rule to match.
-### Configuration of a Slack Notification
+#### Configuration of a Slack Notification
To configure a Slack notification set the `type` to `slack` and the `endPoint` to point to your env containing your Webhook URL to slack.
You can use one of the following default templates:
@@ -113,18 +154,18 @@ You can use one of the following default templates:
- `slack-messageCard`: Sends a message with a summary listing the number of findings per category and severity.
- `slack-individual-findings-with-defectdojo`: Sends a message with a list of all findings with a link to the finding in DefectDojo. Will only work correctly if the DefectDojo hook is installed in the same namespace.
-### Configuration of a Slack App Notification
+#### Configuration of a Slack App Notification
The `slack-app` notifier is an _alternate_ way to send notifications to slack using the slack api directly rather then using webhooks.
Use `slack-app` over the normal `slack` if you want to send notifications into different slack channels on a per scan basis.
-#### Slack App Configuration
+##### Slack App Configuration
To set it up, you'll need to create a new slack app at [https://api.slack.com/apps/](https://api.slack.com/apps/) and add the `chat:write` "Bot Token Scope" to it on the "OAuth & Permissions" tab. Then add the bot to your workspace, this will give you the access token (should begin with a `xoxb-`).
To configure a Slack notification set the `type` to `slack-app` and reference the secret via the `SLACK_APP_TOKEN` env var.
-#### Example Config
+##### Example Config
```yaml
notificationChannels:
@@ -145,12 +186,12 @@ env:
value: "#example-channel"
```
-#### Supported Notification Channels
+##### Supported Notification Channels
The `slack-app` notifier supports the same message templates as the `slack` notifier.
See [slack](#configuration-of-a-slack-notification) for the supported message types.
-#### Scan / Channel Config
+##### Scan / Channel Config
You can configure to which channel the message is sent to by setting the `notification.securecodebox.io/slack-channel` to the channel the message should be sent to, the following example will send its notifications to the `#juice-shop-dev` channel in the slack workspace of the configured token.
@@ -169,7 +210,7 @@ spec:
- juice-shop.default.svc
```
-### Configuration Of An Email Notification
+#### Configuration Of An Email Notification
To configure an email notification set the `type` to `email` and the `endPoint` to point to your env containing your target email address.
You can use one of the following default templates:
@@ -205,7 +246,7 @@ env:
value: secureCodeBox
```
-## Custom Message Templates
+### Custom Message Templates
CAUTION: Nunjucks templates allow code to be injected! Use templates from trusted sources only!
@@ -220,7 +261,7 @@ To fill your template with data we provide the following objects.
| scan | An Object containing information about the scan that triggered the notification (See [Scan | secureCodeBox](https://docs.securecodebox.io/docs/api/crds/scan) |
| args | contains `process.env` (See: [process.env | nodejs](https://nodejs.org/api/process.html#process_process_env)) you can use this to access data defined in `env` of the `values.yaml` |
-## Chart Configuration
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -241,3 +282,17 @@ To fill your template with data we provide the following objects.
| notificationChannels[0].rules[0].matches.anyOf[0].category | string | `"Open Port"` | |
| notificationChannels[0].template | string | `"slack-messageCard"` | |
| notificationChannels[0].type | string | `"slack"` | |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/hooks/notification/docs/README.ArtifactHub.md b/hooks/notification/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..2202a63645
--- /dev/null
+++ b/hooks/notification/docs/README.ArtifactHub.md
@@ -0,0 +1,320 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is "Notification" Hook about?
+Installing the Notification WebHook hook will add a ReadOnly Hook to your namespace which is capable of sending scan results containing `findings` as messages to different tools like messangers or even email.
+
+You can customise the message templates on your behalf or use the already provided one.
+
+## Deployment
+The notification `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install notification secureCodeBox/notification
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+
+Installing the Notification hook will add a ReadOnly Hook to your namespace.
+
+```bash
+helm upgrade --install nwh ./hooks/notification-hook/ --values /path/to/your/values"
+```
+
+The `values.yaml` you need depends on the notification type you want to use.
+Please take a look at the documentation for each type (e.g. for slack see [Configuration of a Slack Notification](#configuration-o-a-slack-notification))
+
+### Available Notifier
+
+- [Slack](#configuration-of-a-slack-notification)
+- [Slack App](#configuration-of-a-slack-app-notification)
+- [Email](#configuration-of-an-email-notification)
+
+### Configuration of a Notification
+
+The general configuration of a notification looks something like this
+
+```yaml
+notificationChannels:
+ - name: slack
+ type: slack
+ template: slack-messageCard
+ skipNotificationOnZeroFinding: true
+ rules:
+ - matches:
+ anyOf:
+ - category: "Open Port"
+ endPoint: "SOME_ENV"
+
+env:
+ - name: SOME_ENV
+ valueFrom:
+ secretRefKey:
+ secret: some-secret
+ key: some-key
+```
+
+The Notification Hook enables you to define multiple so called `notificationChannels`. A `notificationChannel` defines the Notification to a specific platform (e.g. Slack or Teams).
+
+The `name` is used to for debugging failing notifications.
+it can be a _string_ of you choice.
+
+The `type` specifies the type of the notification (in this example slack).
+See [Available Notifier](#available-notifier).
+
+The `template` field defines the name of a Nunjucks template to send to your notification channel.
+These templates are usually tied to their notification channel (slack templates will not work for teams).
+The template `slack-messageCard` is provided by default.
+Notice that for the name of the template we chose to omit the file type.
+The template `slack-messageCard` will point to `slack-messageCard.njk` in the filesystem of the hook.
+
+The `skipNotificationOnZeroFindings` if set to true will cause the notifier when there were no findings.
+This can happen when the scan did not identify any or if all findings were filtered out using [rules](#rule-configuration).
+Defaults to `false` if not set.
+You can use `skipNotificationOnZeroFindings` to only send out notification for non duplicate findings, e.g. by combining the DefectDojo hook with this one and filtering out the `duplicate` attribute in the rules.
+
+The `endPoint` specifies where the notification has to go to.
+To protect the actual endPoint (e.g. a webhook url) this should point to an env name defined under `env`
+For slack this would be your webhook URL to slack.
+
+To define conditions when a notification should be created you can use `rules`.
+If no rules are specified, this hook will assume that you always want to be notified.
+
+Under `env` you have to define additional information needed for your templates such as the actual endpoint.
+`env` will be mapped to the `env` implementation of Kubernetes.
+This means that you can define key-value pairs as well as providing envs via secrets (See [Define Environment Variables for a Container | Kubernetes](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)).
+
+#### Rule Configuration
+
+The rules can be defined in the values of the Chart.
+The syntax and semantic for these rules are quite similar to CascadingRules (See: [secureCodeBox | CascadingRules](/docs/api/crds/cascading-rule))
+To define Rules you will have to provide the `rules` field with one or more `matches` elements.
+Each `machtes` defines one Rule.
+For example:
+
+```yaml
+rules:
+ - matches:
+ anyOf:
+ - category: "Open Port"
+ attributes:
+ port: 23
+ state: open
+```
+
+This Rule will match all Findings with an open port on 23.
+
+##### matches
+
+Within the `matches` you will have to provide `anyOf`
+`anyOf` contains one or more conditions to be met by the finding to match the rule.
+Notice that only one of these elements needs to match the finding for the rule to match.
+
+#### Configuration of a Slack Notification
+
+To configure a Slack notification set the `type` to `slack` and the `endPoint` to point to your env containing your Webhook URL to slack.
+You can use one of the following default templates:
+
+- `slack-messageCard`: Sends a message with a summary listing the number of findings per category and severity.
+- `slack-individual-findings-with-defectdojo`: Sends a message with a list of all findings with a link to the finding in DefectDojo. Will only work correctly if the DefectDojo hook is installed in the same namespace.
+
+#### Configuration of a Slack App Notification
+
+The `slack-app` notifier is an _alternate_ way to send notifications to slack using the slack api directly rather then using webhooks.
+Use `slack-app` over the normal `slack` if you want to send notifications into different slack channels on a per scan basis.
+
+##### Slack App Configuration
+
+To set it up, you'll need to create a new slack app at [https://api.slack.com/apps/](https://api.slack.com/apps/) and add the `chat:write` "Bot Token Scope" to it on the "OAuth & Permissions" tab. Then add the bot to your workspace, this will give you the access token (should begin with a `xoxb-`).
+
+To configure a Slack notification set the `type` to `slack-app` and reference the secret via the `SLACK_APP_TOKEN` env var.
+
+##### Example Config
+
+```yaml
+notificationChannels:
+ - name: slack
+ type: slack-app
+ template: slack-messageCard
+ rules: []
+
+env:
+ # you can create the secret via: kubectl create secret generic slack-app-token --from-literal="token=xoxb-..."
+ - name: SLACK_APP_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: slack-app-token
+ key: token
+ # configures which channel the messages are send to if the scan doesn't specify a channel
+ - name: SLACK_DEFAULT_CHANNEL
+ value: "#example-channel"
+```
+
+##### Supported Notification Channels
+
+The `slack-app` notifier supports the same message templates as the `slack` notifier.
+See [slack](#configuration-of-a-slack-notification) for the supported message types.
+
+##### Scan / Channel Config
+
+You can configure to which channel the message is sent to by setting the `notification.securecodebox.io/slack-channel` to the channel the message should be sent to, the following example will send its notifications to the `#juice-shop-dev` channel in the slack workspace of the configured token.
+
+> Note: The channel needs to have the app you've create invited to it. Otherwise the app will not be permitted to write to it.
+
+```yaml
+apiVersion: "execution.securecodebox.io/v1"
+kind: Scan
+metadata:
+ name: "nmap-juice-shop"
+ annotations:
+ notification.securecodebox.io/slack-channel: "#juice-shop-dev"
+spec:
+ scanType: "nmap"
+ parameters:
+ - juice-shop.default.svc
+```
+
+#### Configuration Of An Email Notification
+
+To configure an email notification set the `type` to `email` and the `endPoint` to point to your env containing your target email address.
+You can use one of the following default templates:
+
+- `email`: Sends a email with a summary listing the number of findings per category and severity.
+
+Additional to this configuration you will have to provide a special smtp configuration URL.
+This config reflects the transporter configuration of nodemailer (See [nodemailer | SMTP Transport](https://nodemailer.com/smtp/)).
+This configuration needs to be specified under `env` in the values yaml.
+The identifier for this config has to be `SMTP_CONFIG`.
+A basic configuration could look like this:
+
+```
+notificationChannels:
+ - name: email
+ type: email
+ template: email
+ rules: []
+ endPoint: "someone@somewhere.xyz"
+env:
+ - name: SMTP_CONFIG
+ value: "smtp://user:pass@smtp.domain.tld/"
+```
+
+To provide a custom `from` field for your email you can specify `EMAIL_FROM` under env.
+For example:
+
+```
+env:
+ - name: SMTP_CONFIG
+ value: "smtp://user:pass@smtp.domain.tld/"
+ - name: EMAIL_FROM
+ value: secureCodeBox
+```
+
+### Custom Message Templates
+
+CAUTION: Nunjucks templates allow code to be injected! Use templates from trusted sources only!
+
+The Notification Hook enables you to write your own message templates if the templates provided by default are not sufficient.
+Templates for this hook are written using the [Nunjucks](https://mozilla.github.io/nunjucks/) templating engine.
+
+To fill your template with data we provide the following objects.
+
+| object | Details |
+| -------- | ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------- |
+| findings | An array of the findings matching your rules (See [Finding | secureCodeBox](https://docs.securecodebox.io/docs/api/finding) |
+| scan | An Object containing information about the scan that triggered the notification (See [Scan | secureCodeBox](https://docs.securecodebox.io/docs/api/crds/scan) |
+| args | contains `process.env` (See: [process.env | nodejs](https://nodejs.org/api/process.html#process_process_env)) you can use this to access data defined in `env` of the `values.yaml` |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| customTemplateMap.exists | bool | `false` | |
+| customTemplateMap.name | string | `"config-map-name"` | |
+| env[0].name | string | `"SOME_ENV_KEY"` | |
+| env[0].valueFrom.secretKeyRef.key | string | `"some-key"` | |
+| env[0].valueFrom.secretKeyRef.name | string | `"some-secret"` | |
+| env[1].name | string | `"SMTP_CONFIG"` | |
+| env[1].valueFrom.secretKeyRef.key | string | `"smtp-config-key"` | |
+| env[1].valueFrom.secretKeyRef.name | string | `"some-secret"` | |
+| hook.image.pullPolicy | string | `"Always"` | |
+| hook.image.repository | string | `"docker.io/securecodebox/hook-notification"` | Hook image repository |
+| hook.image.tag | string | defaults to the charts version | Image tag |
+| hook.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+| notificationChannels[0].endPoint | string | `"SOME_ENV_KEY"` | |
+| notificationChannels[0].name | string | `"slack"` | |
+| notificationChannels[0].rules[0].matches.anyOf[0].category | string | `"Open Port"` | |
+| notificationChannels[0].template | string | `"slack-messageCard"` | |
+| notificationChannels[0].type | string | `"slack"` | |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/notification/docs/README.DockerHub-Hook.md b/hooks/notification/docs/README.DockerHub-Hook.md
new file mode 100644
index 0000000000..107aa46bd3
--- /dev/null
+++ b/hooks/notification/docs/README.DockerHub-Hook.md
@@ -0,0 +1,82 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][].
+
+```bash
+docker pull securecodebox/hook-notification
+```
+
+## What is "Notification" Hook about?
+Installing the Notification WebHook hook will add a ReadOnly Hook to your namespace which is capable of sending scan results containing `findings` as messages to different tools like messangers or even email.
+
+You can customise the message templates on your behalf or use the already provided one.
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/persistence-defectdojo/.dockerignore b/hooks/persistence-defectdojo/.dockerignore
index 347c1f8eeb..d7e9b62c89 100644
--- a/hooks/persistence-defectdojo/.dockerignore
+++ b/hooks/persistence-defectdojo/.dockerignore
@@ -7,3 +7,4 @@ Dockerfile
./settings
build/
templates
+docs/
diff --git a/hooks/persistence-defectdojo/.helm-docs.gotmpl b/hooks/persistence-defectdojo/.helm-docs.gotmpl
new file mode 100644
index 0000000000..4e658225c8
--- /dev/null
+++ b/hooks/persistence-defectdojo/.helm-docs.gotmpl
@@ -0,0 +1,165 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "DefectDojo"
+category: "hook"
+type: "persistenceProvider"
+state: "released"
+usecase: "Publishes all Scan Reports to OWASP DefectDojo."
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is "Persistence DefectDojo" Hook about?
+The DefectDojo hook imports the reports from scans automatically into [OWASP DefectDojo](https://www.defectdojo.org/).
+The hook uses the import scan [API v2 from DefectDojo](https://defectdojo.readthedocs.io/en/latest/api-v2-docs.html) to import the scan results.
+
+This means that only scan types are supported by the hook which are both supported by the secureCodeBox and DefectDojo.
+These are:
+
+- Nmap
+- Nikto
+- ZAP (Baseline, API Scan and Full Scan)
+- ZAP Advanced
+- SSLyze
+- Trivy
+- Gitleaks
+
+After uploading the results to DefectDojo, it will use the findings parsed by DefectDojo to overwrite the
+original secureCodeBox findings identified by the parser. This lets you access the finding metadata like the false
+positive and duplicate status from DefectDojo in further ReadOnly hooks, e.g. send out Slack notification
+for non-duplicate & non-false positive findings only.
+
+:::caution
+
+Be careful when using the DefectDojo Hook in combination with other ReadAndWrite hooks. The secureCodeBox currently has
+no way to guarantee that one ReadAndWrite hook gets executed before another ReadAndWrite hook. This can lead to
+"lost update" problems as the DefectDojo hook will overwrite all findings, which disregards the results of previously
+run ReadAndWrite hooks.
+ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks.
+:::
+
+### Running "Persistence DefectDojo" Hook Locally from Source
+For development purposes, it can be useful to run this hook locally. You can do so by following these steps:
+
+1. Make sure you have access to a running [DefectDojo](https://github.com/DefectDojo/django-DefectDojo) instance.
+2. [Run a Scan](https://docs.securecodebox.io/docs/getting-started/first-scans) of your choice.
+3. Supply Download Links for the Scan Results (Raw Result and Findings.json). You can e.g., access them from the
+included [Minio Instance](https://docs.securecodebox.io/docs/getting-started/installation/#accessing-the-included-minio-instance)
+and upload them to a GitHub Gist.
+4. Set the following environment variables:
+
+- DEFECTDOJO_URL (e.g http://192.168.0.1:8080);
+- DEFECTDOJO_USERNAME (e.g admin)
+- DEFECTDOJO_APIKEY= (e.g. b09c.., can be fetched from the DefectDojo Settings)
+- IS_DEV=true
+- SCAN_NAME (e.g nmap-scanme.nmap.org, must be set exactly to the name of the scan used in step 2)
+
+5. Build the jar with gradle and run it with the following CLI arguments: {Raw Result Download URL} {Findings Download URL} {Raw Result Upload URL} {Findings Upload URL}.
+See the code snippet below. You have to adjust the filename of the jar for other versions than the '0.1.0-SNAPSHOT'.
+Also you will need to change the download URLs for the Raw Result and Findings to the ones from Step 3.
+
+```bash
+./gradlew build
+java -jar build/libs/defectdojo-persistenceprovider-0.1.0-SNAPSHOT.jar https://gist.githubusercontent.com/.../scanme-nmap-org.xml https://gist.githubusercontent.com/.../nmap-findings.json https://httpbin.org/put https://httpbin.org/put
+```
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
+
+Installing the DefectDojo persistenceProvider hook will add a _ReadOnly Hook_ to your namespace.
+
+```bash
+kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..."
+
+helm upgrade --install dd secureCodeBox/persistence-defectdojo \
+ --set="defectdojo.url=https://defectdojo-django.default.svc"
+```
+
+The hook will automatically import the scan results into an engagement in DefectDojo.
+If the engagement doesn't exist the hook will create the engagement (CI/CD engagement) and all objects required for it
+(product & product type).
+
+You don't need any configuration for that to work, the hook will infer engagement & product names from the scan name.
+If you want more control over the names or add additional meta information like the version of the tested software you
+can add these via annotation to the scan. See examples below.
+
+| Scan Annotation | Description | Default if not set | Notes |
+| ------------------------------------------------------------------ | -------------------------- | -------------------------------------------------------------------- | ------------------------------------------------------------------------------------- |
+| `defectdojo.securecodebox.io/product-type-name` | Name of the Product Type | Product Type with ID 1 (typically "Research and Development") | Product Type will be automatically created if no Product Type under that name exists |
+| `defectdojo.securecodebox.io/product-name` | Name of the Product | ScheduledScan Name if Scheduled, Scan Name if it's a standalone Scan | Product will be automatically created if no Product under that name exists |
+| `defectdojo.securecodebox.io/product-description` | Description of the Product | Empty String | Only used when creating the Product not used for updating |
+| `defectdojo.securecodebox.io/product-tags` | Product Tags | Nothing | Only used when creating the Product not used for updating |
+| `defectdojo.securecodebox.io/engagement-name` | Name of the Engagement | Scan Name | Will be automatically created if no *engagement* with that name **and** version exists |
+| `defectdojo.securecodebox.io/engagement-version` | Engagement Version | Nothing | |
+| `defectdojo.securecodebox.io/engagement-deduplicate-on-engagement` | Deduplicate On Engagement | false | Only used when creating the Engagement not used for updating |
+| `defectdojo.securecodebox.io/engagement-tags` | Engagement Tags | Nothing | Only used when creating the Engagement not used for updating |
+| `defectdojo.securecodebox.io/test-title` | Test Title | Scan Name | |
+
+### Simple Example Scans
+
+This will import the results daily into an engagements called: "zap-juiceshop-$UNIX_TIMESTAMP" (Name of the Scan created daily by the ScheduledScan), in a Product called: "zap-juiceshop" in the default DefectDojo product type.
+
+```yaml
+apiVersion: "execution.securecodebox.io/v1"
+kind: ScheduledScan
+metadata:
+ name: "zap-juiceshop"
+spec:
+ interval: 24h
+ scanSpec:
+ scanType: "zap-full-scan"
+ parameters:
+ - "-t"
+ - "http://juice-shop.demo-targets.svc:3000"
+```
+
+### Complete Example Scan
+
+This will import the results into engagement, product and product type following the labels.
+The engagement will be reused by the hook for the daily scans / imports until the engagement version is increased.
+
+```yaml
+apiVersion: "execution.securecodebox.io/v1"
+kind: ScheduledScan
+metadata:
+ name: "zap-full-scan-juiceshop"
+ annotations:
+ defectdojo.securecodebox.io/product-type-name: "OWASP"
+ defectdojo.securecodebox.io/product-name: "Juice Shop"
+ defectdojo.securecodebox.io/product-description: |
+ OWASP Juice Shop is probably the most modern and sophisticated insecure web application!
+ It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools!
+ Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!
+ defectdojo.securecodebox.io/product-tags: vulnerable,appsec,owasp-top-ten,vulnapp
+ defectdojo.securecodebox.io/engagement-name: "Juice Shop"
+ defectdojo.securecodebox.io/engagement-version: "v12.6.1"
+ defectdojo.securecodebox.io/engagement-tags: "automated,daily"
+ defectdojo.securecodebox.io/engagement-deduplicate-on-engagement: "true"
+ defectdojo.securecodebox.io/test-title: "Juice Shop - v12.6.1"
+spec:
+ interval: 24h
+ scanSpec:
+ scanType: "zap-full-scan"
+ parameters:
+ - "-t"
+ - "http://juice-shop.demo-targets.svc:3000"
+```
+{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/hooks/persistence-defectdojo/.helmignore b/hooks/persistence-defectdojo/.helmignore
index ac21272b41..81c9322835 100644
--- a/hooks/persistence-defectdojo/.helmignore
+++ b/hooks/persistence-defectdojo/.helmignore
@@ -40,3 +40,4 @@ gradlew.bat
settings.gradle
update.sh
build/
+docs/
\ No newline at end of file
diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md
index 02ff03c6e3..76d8563215 100644
--- a/hooks/persistence-defectdojo/README.md
+++ b/hooks/persistence-defectdojo/README.md
@@ -6,27 +6,47 @@ state: "released"
usecase: "Publishes all Scan Reports to OWASP DefectDojo."
---
-## About
-
+
+
+
+
+
+
+
+
+
+
+
+
+## What is "Persistence DefectDojo" Hook about?
The DefectDojo hook imports the reports from scans automatically into [OWASP DefectDojo](https://www.defectdojo.org/).
-The hook uses the import scan [API from DefectDojo](https://defectdojo.readthedocs.io/en/latest/api-v2-docs.html) to import the scan results.
+The hook uses the import scan [API v2 from DefectDojo](https://defectdojo.readthedocs.io/en/latest/api-v2-docs.html) to import the scan results.
This means that only scan types are supported by the hook which are both supported by the secureCodeBox and DefectDojo.
These are:
- Nmap
+- Nikto
- ZAP (Baseline, API Scan and Full Scan)
+- ZAP Advanced
- SSLyze
- Trivy
- Gitleaks
-:::caution
-
-Nikto is currently **not** supported even though it's supported by the secureCodeBox and DefectDojo as the secureCodeBox
-uses the Nikto JSON format while DefectDojo uses the XML format.
-
-:::
-
After uploading the results to DefectDojo, it will use the findings parsed by DefectDojo to overwrite the
original secureCodeBox findings identified by the parser. This lets you access the finding metadata like the false
positive and duplicate status from DefectDojo in further ReadOnly hooks, e.g. send out Slack notification
@@ -41,7 +61,53 @@ run ReadAndWrite hooks.
ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks.
:::
-## Runtime Configuration
+### Running "Persistence DefectDojo" Hook Locally from Source
+For development purposes, it can be useful to run this hook locally. You can do so by following these steps:
+
+1. Make sure you have access to a running [DefectDojo](https://github.com/DefectDojo/django-DefectDojo) instance.
+2. [Run a Scan](https://docs.securecodebox.io/docs/getting-started/first-scans) of your choice.
+3. Supply Download Links for the Scan Results (Raw Result and Findings.json). You can e.g., access them from the
+included [Minio Instance](https://docs.securecodebox.io/docs/getting-started/installation/#accessing-the-included-minio-instance)
+and upload them to a GitHub Gist.
+4. Set the following environment variables:
+
+- DEFECTDOJO_URL (e.g http://192.168.0.1:8080);
+- DEFECTDOJO_USERNAME (e.g admin)
+- DEFECTDOJO_APIKEY= (e.g. b09c.., can be fetched from the DefectDojo Settings)
+- IS_DEV=true
+- SCAN_NAME (e.g nmap-scanme.nmap.org, must be set exactly to the name of the scan used in step 2)
+
+5. Build the jar with gradle and run it with the following CLI arguments: {Raw Result Download URL} {Findings Download URL} {Raw Result Upload URL} {Findings Upload URL}.
+See the code snippet below. You have to adjust the filename of the jar for other versions than the '0.1.0-SNAPSHOT'.
+Also you will need to change the download URLs for the Raw Result and Findings to the ones from Step 3.
+
+```bash
+./gradlew build
+java -jar build/libs/defectdojo-persistenceprovider-0.1.0-SNAPSHOT.jar https://gist.githubusercontent.com/.../scanme-nmap-org.xml https://gist.githubusercontent.com/.../nmap-findings.json https://httpbin.org/put https://httpbin.org/put
+```
+
+## Deployment
+The persistence-defectdojo `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install persistence-defectdojo secureCodeBox/persistence-defectdojo
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+
+Installing the DefectDojo persistenceProvider hook will add a _ReadOnly Hook_ to your namespace.
+
+```bash
+kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..."
+
+helm upgrade --install dd secureCodeBox/persistence-defectdojo \
+ --set="defectdojo.url=https://defectdojo-django.default.svc"
+```
The hook will automatically import the scan results into an engagement in DefectDojo.
If the engagement doesn't exist the hook will create the engagement (CI/CD engagement) and all objects required for it
@@ -113,18 +179,7 @@ spec:
- "http://juice-shop.demo-targets.svc:3000"
```
-## Deployment
-
-Installing the DefectDojo persistenceProvider hook will add a _ReadOnly Hook_ to your namespace.
-
-```bash
-kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..."
-
-helm upgrade --install dd secureCodeBox/persistence-defectdojo \
- --set="defectdojo.url=https://defectdojo-django.default.svc"
-```
-
-## Chart Configuration
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -137,28 +192,16 @@ helm upgrade --install dd secureCodeBox/persistence-defectdojo \
| hook.image.repository | string | `"docker.io/securecodebox/hook-persistence-defectdojo"` | Hook image repository |
| hook.image.tag | string | `nil` | Container image tag |
-## Running Locally from Source
-For Development, it can be useful to run the Hook locally. You can do so by following these steps:
-
-1. Make sure you have access to a running [DefectDojo](https://github.com/DefectDojo/django-DefectDojo) Instance
-2. [Run a Scan](https://docs.securecodebox.io/docs/getting-started/first-scans) of your choice.
-3. Supply Download Links for the Scan Results (Raw Result and Findings.json). You can e.g., access them from the
-included [Minio Instance](https://docs.securecodebox.io/docs/getting-started/installation/#accessing-the-included-minio-instance)
-and upload them to a GitHub gist.
-
-4. Set the following environment variables
+## License
+[](https://opensource.org/licenses/Apache-2.0)
-- DEFECTDOJO_URL (e.g http://192.168.0.228:8080);
-- DEFECTDOJO_USERNAME (e.g admin)
-- DEFECTDOJO_APIKEY= (e.g. b09c.., can be fetched from the DefectDojo Settings)
-- IS_DEV=true
-- SCAN_NAME (e.g nmap-scanme.nmap.org, must be set exactly to the name of the scan used in step 2)
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
-5. Build the jar with gradle and run it with the following CLI arguments: {Raw Result Download URL} {Findings Download URL} {Raw Result Upload URL} {Findings Upload URL}.
-See the code snippet below. You have to adjust the filename of the jar for other versions than the '0.1.0-SNAPSHOT'.
-Also you will need to change the download URLs for the Raw Result and Findings to the ones from Step 3.
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
-```bash
-./gradlew build
-java -jar build/libs/defectdojo-persistenceprovider-0.1.0-SNAPSHOT.jar https://gist.githubusercontent.com/.../scanme-nmap-org.xml https://gist.githubusercontent.com/.../nmap-findings.json https://httpbin.org/put https://httpbin.org/put
-```
diff --git a/hooks/persistence-defectdojo/docs/README.ArtifactHub.md b/hooks/persistence-defectdojo/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..7fe4838f2f
--- /dev/null
+++ b/hooks/persistence-defectdojo/docs/README.ArtifactHub.md
@@ -0,0 +1,229 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is "Persistence DefectDojo" Hook about?
+The DefectDojo hook imports the reports from scans automatically into [OWASP DefectDojo](https://www.defectdojo.org/).
+The hook uses the import scan [API v2 from DefectDojo](https://defectdojo.readthedocs.io/en/latest/api-v2-docs.html) to import the scan results.
+
+This means that only scan types are supported by the hook which are both supported by the secureCodeBox and DefectDojo.
+These are:
+
+- Nmap
+- Nikto
+- ZAP (Baseline, API Scan and Full Scan)
+- ZAP Advanced
+- SSLyze
+- Trivy
+- Gitleaks
+
+After uploading the results to DefectDojo, it will use the findings parsed by DefectDojo to overwrite the
+original secureCodeBox findings identified by the parser. This lets you access the finding metadata like the false
+positive and duplicate status from DefectDojo in further ReadOnly hooks, e.g. send out Slack notification
+for non-duplicate & non-false positive findings only.
+
+:::caution
+
+Be careful when using the DefectDojo Hook in combination with other ReadAndWrite hooks. The secureCodeBox currently has
+no way to guarantee that one ReadAndWrite hook gets executed before another ReadAndWrite hook. This can lead to
+"lost update" problems as the DefectDojo hook will overwrite all findings, which disregards the results of previously
+run ReadAndWrite hooks.
+ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks.
+:::
+
+### Running "Persistence DefectDojo" Hook Locally from Source
+For development purposes, it can be useful to run this hook locally. You can do so by following these steps:
+
+1. Make sure you have access to a running [DefectDojo](https://github.com/DefectDojo/django-DefectDojo) instance.
+2. [Run a Scan](https://docs.securecodebox.io/docs/getting-started/first-scans) of your choice.
+3. Supply Download Links for the Scan Results (Raw Result and Findings.json). You can e.g., access them from the
+included [Minio Instance](https://docs.securecodebox.io/docs/getting-started/installation/#accessing-the-included-minio-instance)
+and upload them to a GitHub Gist.
+4. Set the following environment variables:
+
+- DEFECTDOJO_URL (e.g http://192.168.0.1:8080);
+- DEFECTDOJO_USERNAME (e.g admin)
+- DEFECTDOJO_APIKEY= (e.g. b09c.., can be fetched from the DefectDojo Settings)
+- IS_DEV=true
+- SCAN_NAME (e.g nmap-scanme.nmap.org, must be set exactly to the name of the scan used in step 2)
+
+5. Build the jar with gradle and run it with the following CLI arguments: {Raw Result Download URL} {Findings Download URL} {Raw Result Upload URL} {Findings Upload URL}.
+See the code snippet below. You have to adjust the filename of the jar for other versions than the '0.1.0-SNAPSHOT'.
+Also you will need to change the download URLs for the Raw Result and Findings to the ones from Step 3.
+
+```bash
+./gradlew build
+java -jar build/libs/defectdojo-persistenceprovider-0.1.0-SNAPSHOT.jar https://gist.githubusercontent.com/.../scanme-nmap-org.xml https://gist.githubusercontent.com/.../nmap-findings.json https://httpbin.org/put https://httpbin.org/put
+```
+
+## Deployment
+The persistence-defectdojo `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install persistence-defectdojo secureCodeBox/persistence-defectdojo
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+
+Installing the DefectDojo persistenceProvider hook will add a _ReadOnly Hook_ to your namespace.
+
+```bash
+kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..."
+
+helm upgrade --install dd secureCodeBox/persistence-defectdojo \
+ --set="defectdojo.url=https://defectdojo-django.default.svc"
+```
+
+The hook will automatically import the scan results into an engagement in DefectDojo.
+If the engagement doesn't exist the hook will create the engagement (CI/CD engagement) and all objects required for it
+(product & product type).
+
+You don't need any configuration for that to work, the hook will infer engagement & product names from the scan name.
+If you want more control over the names or add additional meta information like the version of the tested software you
+can add these via annotation to the scan. See examples below.
+
+| Scan Annotation | Description | Default if not set | Notes |
+| ------------------------------------------------------------------ | -------------------------- | -------------------------------------------------------------------- | ------------------------------------------------------------------------------------- |
+| `defectdojo.securecodebox.io/product-type-name` | Name of the Product Type | Product Type with ID 1 (typically "Research and Development") | Product Type will be automatically created if no Product Type under that name exists |
+| `defectdojo.securecodebox.io/product-name` | Name of the Product | ScheduledScan Name if Scheduled, Scan Name if it's a standalone Scan | Product will be automatically created if no Product under that name exists |
+| `defectdojo.securecodebox.io/product-description` | Description of the Product | Empty String | Only used when creating the Product not used for updating |
+| `defectdojo.securecodebox.io/product-tags` | Product Tags | Nothing | Only used when creating the Product not used for updating |
+| `defectdojo.securecodebox.io/engagement-name` | Name of the Engagement | Scan Name | Will be automatically created if no *engagement* with that name **and** version exists |
+| `defectdojo.securecodebox.io/engagement-version` | Engagement Version | Nothing | |
+| `defectdojo.securecodebox.io/engagement-deduplicate-on-engagement` | Deduplicate On Engagement | false | Only used when creating the Engagement not used for updating |
+| `defectdojo.securecodebox.io/engagement-tags` | Engagement Tags | Nothing | Only used when creating the Engagement not used for updating |
+| `defectdojo.securecodebox.io/test-title` | Test Title | Scan Name | |
+
+### Simple Example Scans
+
+This will import the results daily into an engagements called: "zap-juiceshop-$UNIX_TIMESTAMP" (Name of the Scan created daily by the ScheduledScan), in a Product called: "zap-juiceshop" in the default DefectDojo product type.
+
+```yaml
+apiVersion: "execution.securecodebox.io/v1"
+kind: ScheduledScan
+metadata:
+ name: "zap-juiceshop"
+spec:
+ interval: 24h
+ scanSpec:
+ scanType: "zap-full-scan"
+ parameters:
+ - "-t"
+ - "http://juice-shop.demo-targets.svc:3000"
+```
+
+### Complete Example Scan
+
+This will import the results into engagement, product and product type following the labels.
+The engagement will be reused by the hook for the daily scans / imports until the engagement version is increased.
+
+```yaml
+apiVersion: "execution.securecodebox.io/v1"
+kind: ScheduledScan
+metadata:
+ name: "zap-full-scan-juiceshop"
+ annotations:
+ defectdojo.securecodebox.io/product-type-name: "OWASP"
+ defectdojo.securecodebox.io/product-name: "Juice Shop"
+ defectdojo.securecodebox.io/product-description: |
+ OWASP Juice Shop is probably the most modern and sophisticated insecure web application!
+ It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools!
+ Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!
+ defectdojo.securecodebox.io/product-tags: vulnerable,appsec,owasp-top-ten,vulnapp
+ defectdojo.securecodebox.io/engagement-name: "Juice Shop"
+ defectdojo.securecodebox.io/engagement-version: "v12.6.1"
+ defectdojo.securecodebox.io/engagement-tags: "automated,daily"
+ defectdojo.securecodebox.io/engagement-deduplicate-on-engagement: "true"
+ defectdojo.securecodebox.io/test-title: "Juice Shop - v12.6.1"
+spec:
+ interval: 24h
+ scanSpec:
+ scanType: "zap-full-scan"
+ parameters:
+ - "-t"
+ - "http://juice-shop.demo-targets.svc:3000"
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| defectdojo.authentication.apiKeyKey | string | `"apikey"` | Name of the apikey key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs |
+| defectdojo.authentication.userSecret | string | `"defectdojo-credentials"` | Link a pre-existing generic secret with `username` and `apikey` key / value pairs |
+| defectdojo.authentication.usernameKey | string | `"username"` | Name of the username key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs |
+| defectdojo.syncFindingsBack | bool | `true` | Syncs back (two way sync) all imported findings from DefectDojo to SCB Findings Store, set to false to only import the findings to DefectDojo (one way sync). |
+| defectdojo.url | string | `"http://defectdojo-django.default.svc"` | Url to the DefectDojo Instance |
+| hook.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images |
+| hook.image.repository | string | `"docker.io/securecodebox/hook-persistence-defectdojo"` | Hook image repository |
+| hook.image.tag | string | `nil` | Container image tag |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md b/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md
new file mode 100644
index 0000000000..077a777617
--- /dev/null
+++ b/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md
@@ -0,0 +1,131 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/defectdojo].
+
+```bash
+docker pull securecodebox/hook-persistence-defectdojo
+```
+
+## What is "Persistence DefectDojo" Hook about?
+The DefectDojo hook imports the reports from scans automatically into [OWASP DefectDojo](https://www.defectdojo.org/).
+The hook uses the import scan [API v2 from DefectDojo](https://defectdojo.readthedocs.io/en/latest/api-v2-docs.html) to import the scan results.
+
+This means that only scan types are supported by the hook which are both supported by the secureCodeBox and DefectDojo.
+These are:
+
+- Nmap
+- Nikto
+- ZAP (Baseline, API Scan and Full Scan)
+- ZAP Advanced
+- SSLyze
+- Trivy
+- Gitleaks
+
+After uploading the results to DefectDojo, it will use the findings parsed by DefectDojo to overwrite the
+original secureCodeBox findings identified by the parser. This lets you access the finding metadata like the false
+positive and duplicate status from DefectDojo in further ReadOnly hooks, e.g. send out Slack notification
+for non-duplicate & non-false positive findings only.
+
+:::caution
+
+Be careful when using the DefectDojo Hook in combination with other ReadAndWrite hooks. The secureCodeBox currently has
+no way to guarantee that one ReadAndWrite hook gets executed before another ReadAndWrite hook. This can lead to
+"lost update" problems as the DefectDojo hook will overwrite all findings, which disregards the results of previously
+run ReadAndWrite hooks.
+ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks.
+:::
+
+### Running "Persistence DefectDojo" Hook Locally from Source
+For development purposes, it can be useful to run this hook locally. You can do so by following these steps:
+
+1. Make sure you have access to a running [DefectDojo](https://github.com/DefectDojo/django-DefectDojo) instance.
+2. [Run a Scan](https://docs.securecodebox.io/docs/getting-started/first-scans) of your choice.
+3. Supply Download Links for the Scan Results (Raw Result and Findings.json). You can e.g., access them from the
+included [Minio Instance](https://docs.securecodebox.io/docs/getting-started/installation/#accessing-the-included-minio-instance)
+and upload them to a GitHub Gist.
+4. Set the following environment variables:
+
+- DEFECTDOJO_URL (e.g http://192.168.0.1:8080);
+- DEFECTDOJO_USERNAME (e.g admin)
+- DEFECTDOJO_APIKEY= (e.g. b09c.., can be fetched from the DefectDojo Settings)
+- IS_DEV=true
+- SCAN_NAME (e.g nmap-scanme.nmap.org, must be set exactly to the name of the scan used in step 2)
+
+5. Build the jar with gradle and run it with the following CLI arguments: {Raw Result Download URL} {Findings Download URL} {Raw Result Upload URL} {Findings Upload URL}.
+See the code snippet below. You have to adjust the filename of the jar for other versions than the '0.1.0-SNAPSHOT'.
+Also you will need to change the download URLs for the Raw Result and Findings to the ones from Step 3.
+
+```bash
+./gradlew build
+java -jar build/libs/defectdojo-persistenceprovider-0.1.0-SNAPSHOT.jar https://gist.githubusercontent.com/.../scanme-nmap-org.xml https://gist.githubusercontent.com/.../nmap-findings.json https://httpbin.org/put https://httpbin.org/put
+```
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/persistence-elastic/.dockerignore b/hooks/persistence-elastic/.dockerignore
index 51880e34e9..4bd1e65ade 100644
--- a/hooks/persistence-elastic/.dockerignore
+++ b/hooks/persistence-elastic/.dockerignore
@@ -2,4 +2,5 @@
#
# SPDX-License-Identifier: Apache-2.0
-node_modules/
\ No newline at end of file
+node_modules/
+docs/
\ No newline at end of file
diff --git a/hooks/persistence-elastic/.gitignore b/hooks/persistence-elastic/.gitignore
index 5eefd31005..51880e34e9 100644
--- a/hooks/persistence-elastic/.gitignore
+++ b/hooks/persistence-elastic/.gitignore
@@ -2,4 +2,4 @@
#
# SPDX-License-Identifier: Apache-2.0
-node_modules
\ No newline at end of file
+node_modules/
\ No newline at end of file
diff --git a/hooks/persistence-elastic/README.md.gotmpl b/hooks/persistence-elastic/.helm-docs.gotmpl
similarity index 64%
rename from hooks/persistence-elastic/README.md.gotmpl
rename to hooks/persistence-elastic/.helm-docs.gotmpl
index 18e0f67bc6..720607e21c 100644
--- a/hooks/persistence-elastic/README.md.gotmpl
+++ b/hooks/persistence-elastic/.helm-docs.gotmpl
@@ -3,6 +3,8 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH
SPDX-License-Identifier: Apache-2.0
*/ -}}
+
+{{- define "extra.docsSection" -}}
---
title: "Elasticsearch"
category: "hook"
@@ -10,30 +12,34 @@ type: "persistenceProvider"
state: "released"
usecase: "Publishes all Scan Findings to Elasticsearch."
---
+{{- end }}
-
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
-## About
+{{- define "extra.chartAboutSection" -}}
+## What is "Persistence ElasticSearch" Hook about?
The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit [elastic.io].
-## Deployment
-
Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace.
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
-```bash
-helm upgrade --install elkh secureCodeBox/persistence-elastic
-```
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
-## Elasticsearch Indexing
+### Elasticsearch Indexing
For the elasticsearch `indexSuffix` you can provide a date format pattern. We use [Luxon](https://moment.github.io/luxon/) to format the date. So checkout
the [Luxon documentation](https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens) to see what kind of format patterns you can use for the
`indexSuffix`. Default pattern is `yyyy-MM-dd`
+{{- end }}
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
-
-
+{{- define "extra.scannerLinksSection" -}}
[elastic.io]: https://www.elastic.co/products/elasticsearch
+{{- end }}
\ No newline at end of file
diff --git a/hooks/persistence-elastic/.helmignore b/hooks/persistence-elastic/.helmignore
index 808f8cc105..61cd3f6ac9 100644
--- a/hooks/persistence-elastic/.helmignore
+++ b/hooks/persistence-elastic/.helmignore
@@ -32,3 +32,4 @@ src/*
config/*
Dockerfile
.dockerignore
+docs/
diff --git a/hooks/persistence-elastic/Chart.lock b/hooks/persistence-elastic/Chart.lock
deleted file mode 100644
index 945e659466..0000000000
--- a/hooks/persistence-elastic/Chart.lock
+++ /dev/null
@@ -1,9 +0,0 @@
-dependencies:
-- name: elasticsearch
- repository: https://helm.elastic.co
- version: 7.9.2
-- name: kibana
- repository: https://helm.elastic.co
- version: 7.9.2
-digest: sha256:e47a0c36a3ded9bc2cab9b2482dfa117dd2c3b9950d92d19d92cf47ac774ad69
-generated: "2020-10-07T10:47:56.519541956+02:00"
diff --git a/hooks/persistence-elastic/Chart.lock.license b/hooks/persistence-elastic/Chart.lock.license
deleted file mode 100644
index e71098bf60..0000000000
--- a/hooks/persistence-elastic/Chart.lock.license
+++ /dev/null
@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
diff --git a/hooks/persistence-elastic/README.md b/hooks/persistence-elastic/README.md
index 0d23c70700..93c207619c 100644
--- a/hooks/persistence-elastic/README.md
+++ b/hooks/persistence-elastic/README.md
@@ -6,26 +6,63 @@ state: "released"
usecase: "Publishes all Scan Findings to Elasticsearch."
---
-
+
+
+
+
+
+
+
+
+
+
+
+
+## What is "Persistence ElasticSearch" Hook about?
+The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit [elastic.io].
Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace.
+## Deployment
+The persistence-elastic `scanType` can be deployed via helm:
+
```bash
-helm upgrade --install elkh secureCodeBox/persistence-elastic
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install persistence-elastic secureCodeBox/persistence-elastic
```
-## Elasticsearch Indexing
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://helm.elastic.co | elasticsearch | 7.9.2 |
+| https://helm.elastic.co | kibana | 7.9.2 |
+
+## Additional Chart Configurations
+
+### Elasticsearch Indexing
For the elasticsearch `indexSuffix` you can provide a date format pattern. We use [Luxon](https://moment.github.io/luxon/) to format the date. So checkout
the [Luxon documentation](https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens) to see what kind of format patterns you can use for the
`indexSuffix`. Default pattern is `yyyy-MM-dd`
-## Chart Configuration
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -59,4 +96,16 @@ the [Luxon documentation](https://moment.github.io/luxon/docs/manual/formatting.
| securityContext | object | `{}` | |
| tolerations | list | `[]` | |
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
[elastic.io]: https://www.elastic.co/products/elasticsearch
diff --git a/hooks/persistence-elastic/docs/README.ArtifactHub.md b/hooks/persistence-elastic/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..44cae4de7c
--- /dev/null
+++ b/hooks/persistence-elastic/docs/README.ArtifactHub.md
@@ -0,0 +1,134 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is "Persistence ElasticSearch" Hook about?
+The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit [elastic.io].
+
+Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace.
+
+## Deployment
+The persistence-elastic `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install persistence-elastic secureCodeBox/persistence-elastic
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://helm.elastic.co | elasticsearch | 7.9.2 |
+| https://helm.elastic.co | kibana | 7.9.2 |
+
+## Additional Chart Configurations
+
+### Elasticsearch Indexing
+
+For the elasticsearch `indexSuffix` you can provide a date format pattern. We use [Luxon](https://moment.github.io/luxon/) to format the date. So checkout
+the [Luxon documentation](https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens) to see what kind of format patterns you can use for the
+`indexSuffix`. Default pattern is `yyyy-MM-dd`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| authentication | object | `{"apiKeySecret":null,"userSecret":null}` | Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch user and apikey are mutually exclusive, only set one! |
+| authentication.apiKeySecret | string | `nil` | Link a pre-existing generic secret with `id` and `key` key / value pairs |
+| authentication.userSecret | string | `nil` | Link a pre-existing generic secret with `username` and `password` key / value pairs |
+| dashboardImporter.image.repository | string | `"securecodebox/persistence-elastic-dashboard-importer"` | |
+| dashboardImporter.image.tag | string | `nil` | |
+| elasticsearch | object | `{"enabled":true,"minimumMasterNodes":1,"replicas":1}` | Configures the included elasticsearch subchart (see: https://github.com/elastic/helm-charts/tree/elasticsearch) |
+| elasticsearch.enabled | bool | `true` | Enable if you want to deploy an elasticsearch service. |
+| elasticsearch.minimumMasterNodes | int | `1` | The value for discovery.zen.minimum_master_nodes. Should be set to (master_eligible_nodes / 2) + 1. Ignored in Elasticsearch versions >= 7 |
+| elasticsearch.replicas | int | `1` | Kubernetes replica count for the StatefulSet (i.e. how many pods) |
+| externalElasticStack.elasticsearchAddress | string | `"https://elasticsearch.example.com"` | The URL of the elasticsearch service to persists all findings to. |
+| externalElasticStack.enabled | bool | `false` | Enable this when you already have an Elastic Stack running to which you want to send your results |
+| externalElasticStack.kibanaAddress | string | `"https://kibana.example.com"` | The URL of the kibana service used to visualize all findings. |
+| fullnameOverride | string | `""` | |
+| hook.image.repository | string | `"docker.io/securecodebox/hook-persistence-elastic"` | Hook image repository |
+| hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
+| hook.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+| imagePullSecrets | list | `[]` | |
+| indexAppendNamespace | bool | `true` | Define if the name of the namespace where this hook is deployed to must be added to the index name. The namespace can be used to separate index by tenants (namespaces). |
+| indexPrefix | string | `"scbv2"` | Define a specific index prefix used for all elasticsearch indices. |
+| indexSuffix | string | `"βyyyy-MM-ddβ"` | Define a specific index suffix based on date pattern (YEAR (yyyy), MONTH (yyyy-MM), WEEK (yyyy-'W'W), DATE (yyyy-MM-dd)). We use Luxon for date formatting (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens) |
+| kibana | object | `{"enabled":true}` | Configures included Elasticsearch subchart |
+| kibana.enabled | bool | `true` | Enable if you want to deploy an kibana service (see: https://github.com/elastic/helm-charts/tree/master/kibana) |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| resources | object | `{}` | |
+| securityContext | object | `{}` | |
+| tolerations | list | `[]` | |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[elastic.io]: https://www.elastic.co/products/elasticsearch
\ No newline at end of file
diff --git a/hooks/persistence-elastic/docs/README.DockerHub-Hook.md b/hooks/persistence-elastic/docs/README.DockerHub-Hook.md
new file mode 100644
index 0000000000..90e661404d
--- /dev/null
+++ b/hooks/persistence-elastic/docs/README.DockerHub-Hook.md
@@ -0,0 +1,83 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/elasticsearch].
+
+```bash
+docker pull securecodebox/hook-persistence-elastic
+```
+
+## What is "Persistence ElasticSearch" Hook about?
+The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit [elastic.io].
+
+Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace.
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[elastic.io]: https://www.elastic.co/products/elasticsearch
\ No newline at end of file
diff --git a/hooks/teams-webhook/.dockerignore b/hooks/teams-webhook/.dockerignore
index 51880e34e9..4bd1e65ade 100644
--- a/hooks/teams-webhook/.dockerignore
+++ b/hooks/teams-webhook/.dockerignore
@@ -2,4 +2,5 @@
#
# SPDX-License-Identifier: Apache-2.0
-node_modules/
\ No newline at end of file
+node_modules/
+docs/
\ No newline at end of file
diff --git a/hooks/teams-webhook/.gitignore b/hooks/teams-webhook/.gitignore
index 5eefd31005..51880e34e9 100644
--- a/hooks/teams-webhook/.gitignore
+++ b/hooks/teams-webhook/.gitignore
@@ -2,4 +2,4 @@
#
# SPDX-License-Identifier: Apache-2.0
-node_modules
\ No newline at end of file
+node_modules/
\ No newline at end of file
diff --git a/hooks/teams-webhook/.helm-docs.gotmpl b/hooks/teams-webhook/.helm-docs.gotmpl
new file mode 100644
index 0000000000..fe723dbca4
--- /dev/null
+++ b/hooks/teams-webhook/.helm-docs.gotmpl
@@ -0,0 +1,37 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "MS Teams WebHook"
+category: "hook"
+type: "integration"
+state: "roadmap"
+usecase: "Publishes Scan Summary to MS Teams."
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is "Teams Webhook" Hook about?
+> π§ This chart is deprecated and will be replaced by the more general `notification-hook` soon
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
+
+> β This documentation is currently work-in-progress.
+{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/hooks/teams-webhook/.helmignore b/hooks/teams-webhook/.helmignore
index 808f8cc105..61cd3f6ac9 100644
--- a/hooks/teams-webhook/.helmignore
+++ b/hooks/teams-webhook/.helmignore
@@ -32,3 +32,4 @@ src/*
config/*
Dockerfile
.dockerignore
+docs/
diff --git a/hooks/teams-webhook/Chart.lock b/hooks/teams-webhook/Chart.lock
deleted file mode 100644
index eb7f3a2456..0000000000
--- a/hooks/teams-webhook/Chart.lock
+++ /dev/null
@@ -1,3 +0,0 @@
-dependencies: []
-digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2020-05-26T16:56:03.119255+02:00"
diff --git a/hooks/teams-webhook/Chart.lock.license b/hooks/teams-webhook/Chart.lock.license
deleted file mode 100644
index e71098bf60..0000000000
--- a/hooks/teams-webhook/Chart.lock.license
+++ /dev/null
@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
diff --git a/hooks/teams-webhook/Chart.yaml b/hooks/teams-webhook/Chart.yaml
index 69b0a98791..e5a6a84881 100644
--- a/hooks/teams-webhook/Chart.yaml
+++ b/hooks/teams-webhook/Chart.yaml
@@ -25,4 +25,7 @@ maintainers:
- name: iteratec GmbH
email: secureCodeBox@iteratec.com
+# Will be replaced by the more general notification-hook soon
+deprecated: true
+
dependencies: []
diff --git a/hooks/teams-webhook/README.md b/hooks/teams-webhook/README.md
index 5dd6722970..46df93835e 100644
--- a/hooks/teams-webhook/README.md
+++ b/hooks/teams-webhook/README.md
@@ -6,20 +6,52 @@ state: "roadmap"
usecase: "Publishes Scan Summary to MS Teams."
---
-
+
+
+
+
+
+
+
+
+
+
+
-Installing the Teams WebHook hook will add a ReadOnly Hook to your namespace.
+## What is "Teams Webhook" Hook about?
+> π§ This chart is deprecated and will be replaced by the more general `notification-hook` soon
-> π§ The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized.
+## Deployment
+The teams-webhook `scanType` can be deployed via helm:
```bash
-helm upgrade --install twh ./hooks/teams-webhook/ --set notification.url="http://example.com/my/webhook/target"
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install teams-webhook secureCodeBox/teams-webhook
```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+
> β This documentation is currently work-in-progress.
-## Chart Configuration
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -33,3 +65,17 @@ helm upgrade --install twh ./hooks/teams-webhook/ --set notification.url="http:/
| vulnerabilityManagement.findingsUrl | string | `"https://your-kibana-service.url/your-dashboard-path/filter:{{uid}}"` | |
| vulnerabilityManagement.name | string | `"Kibana Dashboard"` | |
| vulnerabilityManagement.url | string | `"https://your-kibana-service.url/your-dashboard-path"` | |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/hooks/teams-webhook/README.md.gotmpl b/hooks/teams-webhook/README.md.gotmpl
deleted file mode 100644
index 2a33183f5d..0000000000
--- a/hooks/teams-webhook/README.md.gotmpl
+++ /dev/null
@@ -1,30 +0,0 @@
-{{- /*
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
-*/ -}}
----
-title: "MS Teams WebHook"
-category: "hook"
-type: "integration"
-state: "roadmap"
-usecase: "Publishes Scan Summary to MS Teams."
----
-
-
-
-## Deployment
-
-Installing the Teams WebHook hook will add a ReadOnly Hook to your namespace.
-
-> π§ The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized.
-
-
-```bash
-helm upgrade --install twh ./hooks/teams-webhook/ --set notification.url="http://example.com/my/webhook/target"
-```
-> β This documentation is currently work-in-progress.
-
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
diff --git a/hooks/teams-webhook/docs/README.ArtifactHub.md b/hooks/teams-webhook/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..1627d29870
--- /dev/null
+++ b/hooks/teams-webhook/docs/README.ArtifactHub.md
@@ -0,0 +1,103 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is "Teams Webhook" Hook about?
+> π§ This chart is deprecated and will be replaced by the more general `notification-hook` soon
+
+## Deployment
+The teams-webhook `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install teams-webhook secureCodeBox/teams-webhook
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+
+> β This documentation is currently work-in-progress.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| hook.image.repository | string | `"docker.io/securecodebox/hook-teams-webhook"` | Hook image repository |
+| hook.image.tag | string | defaults to the charts version | Image tag |
+| hook.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+| notification.rules | list | `[]` | A optional rule definition that can be used to describe in wich case a notification must be fired. If not defined / empty each scan result will be notified. |
+| notification.template | string | `"messageCard"` | The MS Teams message template that should be used [messageCard | adaptiveCard]. |
+| notification.url | string | `"http://example.com"` | The URL of your WebHook endpoint |
+| vulnerabilityManagement.enabled | bool | `false` | |
+| vulnerabilityManagement.findingsUrl | string | `"https://your-kibana-service.url/your-dashboard-path/filter:{{uid}}"` | |
+| vulnerabilityManagement.name | string | `"Kibana Dashboard"` | |
+| vulnerabilityManagement.url | string | `"https://your-kibana-service.url/your-dashboard-path"` | |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/teams-webhook/docs/README.DockerHub-Hook.md b/hooks/teams-webhook/docs/README.DockerHub-Hook.md
new file mode 100644
index 0000000000..bd6d213294
--- /dev/null
+++ b/hooks/teams-webhook/docs/README.DockerHub-Hook.md
@@ -0,0 +1,80 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/hooks/ms-teams-webhook].
+
+```bash
+docker pull securecodebox/hook-teams-webhook
+```
+
+## What is "Teams Webhook" Hook about?
+> π§ This chart is deprecated and will be replaced by the more general `notification-hook` soon
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/update-field/.dockerignore b/hooks/update-field/.dockerignore
index 51880e34e9..4bd1e65ade 100644
--- a/hooks/update-field/.dockerignore
+++ b/hooks/update-field/.dockerignore
@@ -2,4 +2,5 @@
#
# SPDX-License-Identifier: Apache-2.0
-node_modules/
\ No newline at end of file
+node_modules/
+docs/
\ No newline at end of file
diff --git a/hooks/update-field/.gitignore b/hooks/update-field/.gitignore
index 5eefd31005..51880e34e9 100644
--- a/hooks/update-field/.gitignore
+++ b/hooks/update-field/.gitignore
@@ -2,4 +2,4 @@
#
# SPDX-License-Identifier: Apache-2.0
-node_modules
\ No newline at end of file
+node_modules/
\ No newline at end of file
diff --git a/hooks/update-field/.helm-docs.gotmpl b/hooks/update-field/.helm-docs.gotmpl
new file mode 100644
index 0000000000..a7c5ba51ca
--- /dev/null
+++ b/hooks/update-field/.helm-docs.gotmpl
@@ -0,0 +1,42 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "Update Field"
+category: "hook"
+type: "dataProcessing"
+state: "released"
+usecase: "Updates fields in finding results."
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is "Update Field" Hook about?
+
+> β This documentation is currently work-in-progress.
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
+Installing the _Update Field_ hook will add a ReadAndWrite Hook to your namespace, which can be used to add or update fields from your findings.
+
+```bash
+helm upgrade --install ufh secureCodeBox/update-field --set attribute.name="category" --set attribute.value="my-own-category"
+```
+> β This documentation is currently work-in-progress.
+{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/hooks/update-field/.helmignore b/hooks/update-field/.helmignore
index 808f8cc105..61cd3f6ac9 100644
--- a/hooks/update-field/.helmignore
+++ b/hooks/update-field/.helmignore
@@ -32,3 +32,4 @@ src/*
config/*
Dockerfile
.dockerignore
+docs/
diff --git a/hooks/update-field/Chart.lock b/hooks/update-field/Chart.lock
deleted file mode 100644
index eb7f3a2456..0000000000
--- a/hooks/update-field/Chart.lock
+++ /dev/null
@@ -1,3 +0,0 @@
-dependencies: []
-digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2020-05-26T16:56:03.119255+02:00"
diff --git a/hooks/update-field/Chart.lock.license b/hooks/update-field/Chart.lock.license
deleted file mode 100644
index e71098bf60..0000000000
--- a/hooks/update-field/Chart.lock.license
+++ /dev/null
@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
diff --git a/hooks/update-field/README.md b/hooks/update-field/README.md
index ab506f922f..82bde6330e 100644
--- a/hooks/update-field/README.md
+++ b/hooks/update-field/README.md
@@ -6,19 +6,57 @@ state: "released"
usecase: "Updates fields in finding results."
---
-
+
+
+
+
+
+
+
+
+
+
+
+
+## What is "Update Field" Hook about?
+
+> β This documentation is currently work-in-progress.
## Deployment
+The update-field-hook `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install update-field-hook secureCodeBox/update-field-hook
+```
+
+## Requirements
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
Installing the _Update Field_ hook will add a ReadAndWrite Hook to your namespace, which can be used to add or update fields from your findings.
```bash
helm upgrade --install ufh secureCodeBox/update-field --set attribute.name="category" --set attribute.value="my-own-category"
```
-
> β This documentation is currently work-in-progress.
-## Chart Configuration
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -27,3 +65,17 @@ helm upgrade --install ufh secureCodeBox/update-field --set attribute.name="cate
| hook.image.repository | string | `"docker.io/securecodebox/hook-update-field"` | Hook image repository |
| hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
| hook.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/hooks/update-field/README.md.gotmpl b/hooks/update-field/README.md.gotmpl
deleted file mode 100644
index 88b62f34f5..0000000000
--- a/hooks/update-field/README.md.gotmpl
+++ /dev/null
@@ -1,28 +0,0 @@
-{{- /*
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
-*/ -}}
----
-title: "Update Field"
-category: "hook"
-type: "dataProcessing"
-state: "released"
-usecase: "Updates fields in finding results."
----
-
-
-
-## Deployment
-
-Installing the _Update Field_ hook will add a ReadAndWrite Hook to your namespace, which can be used to add or update fields from your findings.
-
-```bash
-helm upgrade --install ufh secureCodeBox/update-field --set attribute.name="category" --set attribute.value="my-own-category"
-```
-
-> β This documentation is currently work-in-progress.
-
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
diff --git a/hooks/update-field/docs/README.ArtifactHub.md b/hooks/update-field/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..8ef1e2637d
--- /dev/null
+++ b/hooks/update-field/docs/README.ArtifactHub.md
@@ -0,0 +1,103 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is "Update Field" Hook about?
+
+> β This documentation is currently work-in-progress.
+
+## Deployment
+The update-field-hook `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install update-field-hook secureCodeBox/update-field-hook
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+Installing the _Update Field_ hook will add a ReadAndWrite Hook to your namespace, which can be used to add or update fields from your findings.
+
+```bash
+helm upgrade --install ufh secureCodeBox/update-field --set attribute.name="category" --set attribute.value="my-own-category"
+```
+> β This documentation is currently work-in-progress.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| attribute.name | string | `"category"` | The name of the attribute you want to add to each finding result |
+| attribute.value | string | `"my-own-category"` | The value of the attribute you want to add to each finding result |
+| hook.image.repository | string | `"docker.io/securecodebox/hook-update-field"` | Hook image repository |
+| hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
+| hook.ttlSecondsAfterFinished | string | `nil` | Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/hooks/update-field/docs/README.DockerHub-Hook.md b/hooks/update-field/docs/README.DockerHub-Hook.md
new file mode 100644
index 0000000000..ea532bcc41
--- /dev/null
+++ b/hooks/update-field/docs/README.DockerHub-Hook.md
@@ -0,0 +1,81 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `hook` image is intended to work in combination with other `parser` images to read or manipulate `findings` results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][].
+
+```bash
+docker pull securecodebox/hook-update-field-hook
+```
+
+## What is "Update Field" Hook about?
+
+> β This documentation is currently work-in-progress.
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/lurcher/docs/README.DockerHub-Core.md b/lurcher/docs/README.DockerHub-Core.md
new file mode 100644
index 0000000000..4ecab2691c
--- /dev/null
+++ b/lurcher/docs/README.DockerHub-Core.md
@@ -0,0 +1,84 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `lurcher` image is intended to work in combination with the OWASP secureCodeBox. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/getting-started/installation.
+
+```bash
+docker pull securecodebox/lurcher
+```
+
+## What is secureCodeBox Operator?
+The secureCodeBox operator is running on Kubernetes and is the core component of the complete secureCodeBox stack, responsible for managing all scans and resources.
+
+**Homepage:**
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+View [license information](https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE) for the software contained in this image.
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/operator/.dockerignore b/operator/.dockerignore
index c88e03ad58..e9b7657d83 100644
--- a/operator/.dockerignore
+++ b/operator/.dockerignore
@@ -7,3 +7,4 @@
!**/*.go
!**/*.mod
!**/*.sum
+docs/
\ No newline at end of file
diff --git a/operator/.helm-docs.gotmpl b/operator/.helm-docs.gotmpl
new file mode 100644
index 0000000000..e149f92ffd
--- /dev/null
+++ b/operator/.helm-docs.gotmpl
@@ -0,0 +1,53 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "secreCodeBox Operator"
+category: "core"
+type: "Operator"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "secureCodeBox Operator is the core componente."
+---
+
+
+
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is secureCodeBox Operator?
+The secureCodeBox operator is running on Kubernetes and is the core component of the complete secureCodeBox stack, responsible for managing all scans and resources.
+
+**Homepage:**
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
+## Deployment
+
+The secureCodeBox Operator can be deployed via helm:
+
+```bash
+# Add the secureCodeBox Helm Repo
+helm repo add secureCodeBox https://charts.securecodebox.io
+# Create a new namespace for the secureCodeBox Operator
+kubectl create namespace securecodebox-system
+# Install the Operator & CRDs
+helm install securecodebox-operator secureCodeBox/operator
+```
+{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/operator/.helmignore b/operator/.helmignore
index 3f2a04fa15..8015b606ab 100644
--- a/operator/.helmignore
+++ b/operator/.helmignore
@@ -40,3 +40,4 @@ main.go
Makefile
PROJECT
README.md.gotmpl
+docs/
\ No newline at end of file
diff --git a/operator/README.md b/operator/README.md
index 96a4256c4e..dd85224c26 100644
--- a/operator/README.md
+++ b/operator/README.md
@@ -1,8 +1,60 @@
+---
+title: "secreCodeBox Operator"
+category: "core"
+type: "Operator"
+state: "released"
+appVersion: ""
+usecase: "secureCodeBox Operator is the core componente."
+---
+
+
+
+
+
+
+
+
+
+
+
+
+
+## What is secureCodeBox Operator?
The secureCodeBox operator is running on Kubernetes and is the core component of the complete secureCodeBox stack, responsible for managing all scans and resources.
-
+**Homepage:**
+
+## Deployment
+The operator `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install operator secureCodeBox/operator
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://helm.min.io/ | minio | 7.1.2 |
## Deployment
@@ -17,7 +69,7 @@ kubectl create namespace securecodebox-system
helm install securecodebox-operator secureCodeBox/operator
```
-## Chart Configuration
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -57,3 +109,17 @@ helm install securecodebox-operator secureCodeBox/operator
| serviceAccount.labels | object | `{}` | Labels of the serviceAccount the operator uses to talk to the k8s api |
| serviceAccount.name | string | `"securecodebox-operator"` | Name of the serviceAccount the operator uses to talk to the k8s api |
| telemetryEnabled | bool | `true` | The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/operator/README.md.gotmpl b/operator/README.md.gotmpl
deleted file mode 100644
index 1149ced6f6..0000000000
--- a/operator/README.md.gotmpl
+++ /dev/null
@@ -1,27 +0,0 @@
-{{- /*
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
-*/ -}}
-
-
-The secureCodeBox operator is running on Kubernetes and is the core component of the complete secureCodeBox stack, responsible for managing all scans and resources.
-
-
-
-## Deployment
-
-The secureCodeBox Operator can be deployed via helm:
-
-```bash
-# Add the secureCodeBox Helm Repo
-helm repo add secureCodeBox https://charts.securecodebox.io
-# Create a new namespace for the secureCodeBox Operator
-kubectl create namespace securecodebox-system
-# Install the Operator & CRDs
-helm install securecodebox-operator secureCodeBox/operator
-```
-
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
diff --git a/operator/docs/README.ArtifactHub.md b/operator/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..b6fb30e954
--- /dev/null
+++ b/operator/docs/README.ArtifactHub.md
@@ -0,0 +1,144 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is secureCodeBox Operator?
+The secureCodeBox operator is running on Kubernetes and is the core component of the complete secureCodeBox stack, responsible for managing all scans and resources.
+
+**Homepage:**
+
+## Deployment
+The operator `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install operator secureCodeBox/operator
+```
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://helm.min.io/ | minio | 7.1.2 |
+
+## Deployment
+
+The secureCodeBox Operator can be deployed via helm:
+
+```bash
+# Add the secureCodeBox Helm Repo
+helm repo add secureCodeBox https://charts.securecodebox.io
+# Create a new namespace for the secureCodeBox Operator
+kubectl create namespace securecodebox-system
+# Install the Operator & CRDs
+helm install securecodebox-operator secureCodeBox/operator
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| customCACertificate | object | `{"certificate":"public.crt","existingCertificate":null}` | Setup for Custom CA certificates. These are automatically mounted into every secureCodeBox component (lurcher, parser & hooks). Requires that every namespace has a configmap with the CA certificate(s) |
+| customCACertificate.certificate | string | `"public.crt"` | key in the configmap holding the certificate(s) |
+| customCACertificate.existingCertificate | string | `nil` | name of the configMap holding the ca certificate(s), needs to be the same across all namespaces |
+| image.pullPolicy | string | `"Always"` | Image pull policy |
+| image.repository | string | `"docker.io/securecodebox/operator"` | The operator image repository |
+| image.tag | string | defaults to the charts version | Parser image tag |
+| lurcher.image.pullPolicy | string | `"Always"` | Image pull policy |
+| lurcher.image.repository | string | `"docker.io/securecodebox/lurcher"` | The operator image repository |
+| lurcher.image.tag | string | defaults to the charts version | Parser image tag |
+| minio.defaultBucket.enabled | bool | `true` | |
+| minio.defaultBucket.name | string | `"securecodebox"` | |
+| minio.enabled | bool | `true` | Enable this to use minio as storage backend instead of a cloud bucket provider like AWS S3, Google Cloud Storage, DigitalOcean Spaces etc. |
+| minio.resources.requests.memory | string | `"256Mi"` | |
+| minio.tls.certSecret | string | `"minio-tls"` | |
+| minio.tls.enabled | bool | `false` | |
+| podSecurityContext | object | `{}` | Sets the securityContext on the operators pod level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container |
+| resources | object | `{"limits":{"cpu":"100m","memory":"30Mi"},"requests":{"cpu":"100m","memory":"20Mi"}}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
+| s3.authType | string | `"access-secret-key"` | Authentication method. Supports access-secret-key (used by most s3 endpoint) and aws-irsa (Used by AWS EKS IAM Role to Kubenetes Service Account Binding. Support for AWS IRSA is considered experimental in the secureCodeBox) |
+| s3.awsStsEndpoint | string | `"https://sts.amazonaws.com"` | STS Endpoint used in AWS IRSA Authentication. Change this to the sts endpoint of your aws region. Only used when s3.authType is set to "aws-irsa" |
+| s3.bucket | string | `"my-bucket"` | |
+| s3.enabled | bool | `false` | |
+| s3.endpoint | string | `"fra1.digitaloceanspaces.com"` | |
+| s3.keySecret | string | `"my-secret"` | |
+| s3.port | string | `nil` | |
+| s3.secretAttributeNames.accesskey | string | `"accesskey"` | |
+| s3.secretAttributeNames.secretkey | string | `"secretkey"` | |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Sets the securityContext on the operators container level. See: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
+| securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated |
+| securityContext.capabilities.drop[0] | string | `"all"` | This drops all linux privileges from the operator container. They are not required |
+| securityContext.privileged | bool | `false` | Ensures that the operator container is not run in privileged mode |
+| securityContext.readOnlyRootFilesystem | bool | `true` | Prevents write access to the containers file system |
+| securityContext.runAsNonRoot | bool | `true` | Enforces that the Operator image is run as a non root user |
+| serviceAccount.annotations | object | `{}` | Annotations of the serviceAccount the operator uses to talk to the k8s api |
+| serviceAccount.labels | object | `{}` | Labels of the serviceAccount the operator uses to talk to the k8s api |
+| serviceAccount.name | string | `"securecodebox-operator"` | Name of the serviceAccount the operator uses to talk to the k8s api |
+| telemetryEnabled | bool | `true` | The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/operator/docs/README.DockerHub-Core.md b/operator/docs/README.DockerHub-Core.md
new file mode 100644
index 0000000000..416c3a30b2
--- /dev/null
+++ b/operator/docs/README.DockerHub-Core.md
@@ -0,0 +1,82 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `core` image is intended to work in combination with the OWASP secureCodeBox. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/getting-started/installation.
+
+```bash
+docker pull securecodebox/operator
+```
+
+## What is secureCodeBox Operator?
+The secureCodeBox operator is running on Kubernetes and is the core component of the complete secureCodeBox stack, responsible for managing all scans and resources.
+
+**Homepage:**
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/scanners/.helm-docs.gotmpl b/scanners/.helm-docs.gotmpl
new file mode 100644
index 0000000000..f9e2420416
--- /dev/null
+++ b/scanners/.helm-docs.gotmpl
@@ -0,0 +1,57 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "Name of the Scanner"
+category: "scanner"
+type: "WebApplication"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Takes Screenshots of websites"
+---
+
+
+
+{{- end }}
+
+{{- define "extra.chartDeploymentSection" -}}
+## Deployment
+
+The {{ template "chart.name" . }} `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install {{ template "chart.name" . }} secureCodeBox/{{ template "chart.name" . }}
+```
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is ScannerName?
+
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}
+## Scanner Configuration
+
+...
+{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
+
+...
+{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+[owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+{{- end }}
\ No newline at end of file
diff --git a/scanners/amass/README.md.gotmpl b/scanners/amass/.helm-docs.gotmpl
similarity index 57%
rename from scanners/amass/README.md.gotmpl
rename to scanners/amass/.helm-docs.gotmpl
index 20bb6c408b..dac648cec5 100644
--- a/scanners/amass/README.md.gotmpl
+++ b/scanners/amass/.helm-docs.gotmpl
@@ -3,29 +3,34 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH
SPDX-License-Identifier: Apache-2.0
*/ -}}
+
+{{- define "extra.docsSection" -}}
---
title: "Amass"
category: "scanner"
type: "Network"
state: "released"
-appVersion: "3.10.4"
+appVersion: "{{ template "chart.appVersion" . }}"
usecase: "Subdomain Enumeration Scanner"
---
-The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub].
-
-
+{{- end }}
-## Deployment
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
-The AMASS scanType can be deployed via helm:
+{{- define "extra.chartAboutSection" -}}
+## What is OWASP Amass?
-```bash
-helm upgrade --install amass secureCodeBox/amass
-```
+The [OWASP Amass Project][owasp_amass_project] has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP Amass Project][owasp_amass_project] or [Amass GitHub].
+{{- end }}
+{{- define "extra.scannerConfigurationSection" -}}
## Scanner Configuration
The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples.
@@ -39,11 +44,12 @@ Special command line options:
- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com`
- Disable saving data into a local database `amass enum -nolocaldb -d example.com`
- Domain names separated by commas (can be used multiple times) `amass enum -d example.com`
+{{- end }}
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
+{{- define "extra.chartConfigurationSection" -}}{{- end }}
+{{- define "extra.scannerLinksSection" -}}
[owasp_amass_project]: https://owasp.org/www-project-amass/
[amass github]: https://github.com/OWASP/Amass
[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md
+{{- end }}
\ No newline at end of file
diff --git a/scanners/amass/.helmignore b/scanners/amass/.helmignore
index 7e5a65ff89..5df91458a9 100644
--- a/scanners/amass/.helmignore
+++ b/scanners/amass/.helmignore
@@ -6,3 +6,4 @@
parser/
scanner/
examples/
+docs/
diff --git a/scanners/amass/README.md b/scanners/amass/README.md
index 207c5b801c..e4154a296c 100644
--- a/scanners/amass/README.md
+++ b/scanners/amass/README.md
@@ -3,21 +3,47 @@ title: "Amass"
category: "scanner"
type: "Network"
state: "released"
-appVersion: "3.10.4"
+appVersion: "v3.13"
usecase: "Subdomain Enumeration Scanner"
---
-The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP_Amass_Project] or [Amass GitHub].
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP Amass?
-The AMASS scanType can be deployed via helm:
+The [OWASP Amass Project][owasp_amass_project] has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP Amass Project][owasp_amass_project] or [Amass GitHub].
+
+## Deployment
+The amass `scanType` can be deployed via helm:
```bash
+# Install HelmChart (use -n to configure another namespace)
helm upgrade --install amass secureCodeBox/amass
```
@@ -35,7 +61,11 @@ Special command line options:
- Disable saving data into a local database `amass enum -nolocaldb -d example.com`
- Domain names separated by commas (can be used multiple times) `amass enum -d example.com`
-## Chart Configuration
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -54,6 +84,18 @@ Special command line options:
| scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
[owasp_amass_project]: https://owasp.org/www-project-amass/
[amass github]: https://github.com/OWASP/Amass
[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md
diff --git a/scanners/amass/docs/README.ArtifactHub.md b/scanners/amass/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..7dede51627
--- /dev/null
+++ b/scanners/amass/docs/README.ArtifactHub.md
@@ -0,0 +1,121 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is OWASP Amass?
+
+The [OWASP Amass Project][owasp_amass_project] has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP Amass Project][owasp_amass_project] or [Amass GitHub].
+
+## Deployment
+The amass `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install amass secureCodeBox/amass
+```
+
+## Scanner Configuration
+
+The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples.
+
+- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com`
+- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com`
+
+Special command line options:
+
+- Disable generation of altered names `amass enum -noalts -d example.com`
+- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com`
+- Disable saving data into a local database `amass enum -nolocaldb -d example.com`
+- Domain names separated by commas (can be used multiple times) `amass enum -d example.com`
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| parser.image.repository | string | `"docker.io/securecodebox/parser-amass"` | Parser image repository |
+| parser.image.tag | string | defaults to the charts version | Parser image tag |
+| parser.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+| scanner.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) |
+| scanner.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) |
+| scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
+| scanner.extraVolumeMounts | list | `[{"mountPath":"/amass/output/config.ini","name":"amass-config","subPath":"config.ini"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.extraVolumes | list | `[{"configMap":{"name":"amass-config"},"name":"amass-config"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.image.repository | string | `"caffix/amass"` | Container Image to run the scan |
+| scanner.image.tag | string | `nil` | defaults to the charts appVersion |
+| scanner.nameAppend | string | `nil` | append a string to the default scantype name. |
+| scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
+| scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
+| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[owasp_amass_project]: https://owasp.org/www-project-amass/
+[amass github]: https://github.com/OWASP/Amass
+[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md
\ No newline at end of file
diff --git a/scanners/amass/docs/README.DockerHub-Parser.md b/scanners/amass/docs/README.DockerHub-Parser.md
new file mode 100644
index 0000000000..55b8420063
--- /dev/null
+++ b/scanners/amass/docs/README.DockerHub-Parser.md
@@ -0,0 +1,84 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/Amass.
+
+```bash
+docker pull securecodebox/parser-amass
+```
+
+## What is OWASP Amass?
+
+The [OWASP Amass Project][owasp_amass_project] has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit [OWASP Amass Project][owasp_amass_project] or [Amass GitHub].
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[owasp_amass_project]: https://owasp.org/www-project-amass/
+[amass github]: https://github.com/OWASP/Amass
+[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md
\ No newline at end of file
diff --git a/scanners/angularjs-csti-scanner/README.md.gotmpl b/scanners/angularjs-csti-scanner/.helm-docs.gotmpl
similarity index 83%
rename from scanners/angularjs-csti-scanner/README.md.gotmpl
rename to scanners/angularjs-csti-scanner/.helm-docs.gotmpl
index 1dfc8f8325..966e9dddfa 100644
--- a/scanners/angularjs-csti-scanner/README.md.gotmpl
+++ b/scanners/angularjs-csti-scanner/.helm-docs.gotmpl
@@ -3,30 +3,38 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH
SPDX-License-Identifier: Apache-2.0
*/ -}}
+
+{{- define "extra.docsSection" -}}
---
title: "Angularjs CSTI Scanner"
category: "scanner"
-type: "Repository"
-state: "in progress"
+type: "WebApplication"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
usecase: "Find AngularJS websites vulnerable to template injections"
---
-AngularJS Client-Side Template Injection Scanner (acstis) is an open source scanner for
-finding possible template injection vulnerabilities on websites using AngularJS.
+{{- end }}
-For more information visit the projects GitHub site
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `{{ template "chart.appVersion" . }}`
+{{- end }}
-## Deployment
+{{- define "extra.chartAboutSection" -}}
+## What is AngularJS Client-Side Template Injection Scanner (acstis)?
-The acstis scanner can be deployed with helm:
+The AngularJS Client-Side Template Injection Scanner (acstis) is an open source scanner for
+finding possible template injection vulnerabilities on websites using AngularJS.
-```bash
-helm upgrade --install acstis secureCodeBox/acstis
-```
+For more information visit the projects [GitHub site][acstis-github].
+{{- end }}
-## Scanner configuration
+{{- define "extra.scannerConfigurationSection" -}}
+## Scanner Configuration
The only mandatory parameter is:
- `-d`: The url to scan (e.g. https://angularjs.org/).
@@ -49,7 +57,10 @@ Optional arguments:
```
**Do not** override the option `-vrl` or `--vulnerable-requests-log`. It is already configured for automatic findings parsing.
+{{- end }}
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
### Request configuration
Because *acstis* does not provide command line arguments for configuring the sent requests,
@@ -134,7 +145,8 @@ options.scope.request_methods = [
Request.METHOD_HEAD
]
```
+{{- end }}
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
+{{- define "extra.scannerLinksSection" -}}
+[acstis-github]: https://github.com/tijme/angularjs-csti-scanner
+{{- end }}
\ No newline at end of file
diff --git a/scanners/angularjs-csti-scanner/.helmignore b/scanners/angularjs-csti-scanner/.helmignore
index 295c727ae9..3ceac5b1b7 100644
--- a/scanners/angularjs-csti-scanner/.helmignore
+++ b/scanners/angularjs-csti-scanner/.helmignore
@@ -6,4 +6,5 @@
parser/
scanner/
examples/
+docs/
diff --git a/scanners/angularjs-csti-scanner/README.md b/scanners/angularjs-csti-scanner/README.md
index 6bf259fcb8..22caa21039 100644
--- a/scanners/angularjs-csti-scanner/README.md
+++ b/scanners/angularjs-csti-scanner/README.md
@@ -1,27 +1,56 @@
---
title: "Angularjs CSTI Scanner"
category: "scanner"
-type: "Repository"
-state: "in progress"
+type: "WebApplication"
+state: "released"
+appVersion: "3.0.6"
usecase: "Find AngularJS websites vulnerable to template injections"
---
-AngularJS Client-Side Template Injection Scanner (acstis) is an open source scanner for
+
+
+
+
+
+
+
+
+
+
+
+
+## What is AngularJS Client-Side Template Injection Scanner (acstis)?
+
+The AngularJS Client-Side Template Injection Scanner (acstis) is an open source scanner for
finding possible template injection vulnerabilities on websites using AngularJS.
-For more information visit the projects GitHub site
+For more information visit the projects [GitHub site][acstis-github].
## Deployment
-
-The acstis scanner can be deployed with helm:
+The angularjs-csti-scanner `scanType` can be deployed via helm:
```bash
-helm upgrade --install acstis secureCodeBox/acstis
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install angularjs-csti-scanner secureCodeBox/angularjs-csti-scanner
```
-## Scanner configuration
+## Scanner Configuration
The only mandatory parameter is:
- `-d`: The url to scan (e.g. https://angularjs.org/).
@@ -45,6 +74,11 @@ Optional arguments:
**Do not** override the option `-vrl` or `--vulnerable-requests-log`. It is already configured for automatic findings parsing.
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
### Request configuration
Because *acstis* does not provide command line arguments for configuring the sent requests,
@@ -130,7 +164,7 @@ options.scope.request_methods = [
]
```
-## Chart Configuration
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -147,3 +181,17 @@ options.scope.request_methods = [
| scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
| scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[acstis-github]: https://github.com/tijme/angularjs-csti-scanner
diff --git a/scanners/angularjs-csti-scanner/docs/README.ArtifactHub.md b/scanners/angularjs-csti-scanner/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..a4e889c7aa
--- /dev/null
+++ b/scanners/angularjs-csti-scanner/docs/README.ArtifactHub.md
@@ -0,0 +1,217 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is AngularJS Client-Side Template Injection Scanner (acstis)?
+
+The AngularJS Client-Side Template Injection Scanner (acstis) is an open source scanner for
+finding possible template injection vulnerabilities on websites using AngularJS.
+
+For more information visit the projects [GitHub site][acstis-github].
+
+## Deployment
+The angularjs-csti-scanner `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install angularjs-csti-scanner secureCodeBox/angularjs-csti-scanner
+```
+
+## Scanner Configuration
+
+The only mandatory parameter is:
+- `-d`: The url to scan (e.g. https://angularjs.org/).
+
+Optional arguments:
+
+```bash
+-c, --crawl use the crawler to scan all the entire domain
+-vp, --verify-payload use a javascript engine to verify if the payload was executed (otherwise false positives may occur)
+-av ANGULAR_VERSION, --angular-version ANGULAR_VERSION manually pass the angular version (e.g. 1.4.2) if the automatic check doesn't work
+-vrl VULNERABLE_REQUESTS_LOG, --vulnerable-requests-log VULNERABLE_REQUESTS_LOG log all vulnerable requests to this file (e.g. /var/logs/acstis.log or urls.log)
+-siv, --stop-if-vulnerable (crawler option) stop scanning if a vulnerability was found
+-pmm, --protocol-must-match (crawler option) only scan pages with the same protocol as the starting point (e.g. only https)
+-sos, --scan-other-subdomains (crawler option) also scan pages that have another subdomain than the starting point
+-soh, --scan-other-hostnames (crawler option) also scan pages that have another hostname than the starting point
+-sot, --scan-other-tlds (crawler option) also scan pages that have another tld than the starting point
+-md MAX_DEPTH, --max-depth MAX_DEPTH (crawler option) the maximum search depth (default is unlimited)
+-mt MAX_THREADS, --max-threads MAX_THREADS (crawler option) the maximum amount of simultaneous threads to use (default is 20)
+-iic, --ignore-invalid-certificates (crawler option) ignore invalid ssl certificates
+```
+
+**Do not** override the option `-vrl` or `--vulnerable-requests-log`. It is already configured for automatic findings parsing.
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+### Request configuration
+
+Because *acstis* does not provide command line arguments for configuring the sent requests,
+you have to mount a config map into the scan container on a specific location. Your additional config map should be
+ mounted to `/acstis/config/acstis-config.py`. For example create a config map:
+
+ ```bash
+kubectl create configmap --from-file /path/to/my/acstis-config.py acstis-config
+```
+
+Then, mount it into the container:
+
+```yaml
+ volumes:
+ - name: "acstis-config"
+ configMap:
+ name: "acstis-config"
+ volumeMounts:
+ - name: "acstis-config"
+ mountPath: "/acstis/config/"
+```
+
+#### Configuration options in *acstis-config.py*
+
+Add the following snippets to the *acstis-config.py* file to enable further options.
+The options are python code which will be injected into the *acstis* script before execution.
+
+**Basic Authentication**
+```text
+options.identity.auth = HTTPBasicAuth("username", "password")
+```
+
+**Cookies**
+```text
+options.identity.cookies.set(name='tasty_cookie', value='yum', domain='finnwea.com', path='/cookies')
+options.identity.cookies.set(name='gross_cookie', value='blech', domain='finnwea.com', path='/elsewhere')
+```
+
+**Headers**
+```text
+options.identity.headers.update({
+ "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36",
+ "Authorization": "Bearer ey3jafoe.2jefo..."
+})
+```
+
+**Proxies**
+```text
+options.identity.proxies = {
+ # No authentication
+ # 'http': 'http://host:port',
+ # 'https': 'http://host:port',
+
+ # Basic authentication
+ # 'http': 'http://user:pass@host:port',
+ # 'https': 'https://user:pass@host:port',
+
+ # SOCKS
+ 'http': 'socks5://user:pass@host:port',
+ 'https': 'socks5://user:pass@host:port'
+}
+```
+
+**Scope options**
+```text
+options.scope.protocol_must_match = False
+
+options.scope.subdomain_must_match = True
+
+options.scope.hostname_must_match = True
+
+options.scope.tld_must_match = True
+
+options.scope.max_depth = None
+
+options.scope.request_methods = [
+ Request.METHOD_GET,
+ Request.METHOD_POST,
+ Request.METHOD_PUT,
+ Request.METHOD_DELETE,
+ Request.METHOD_OPTIONS,
+ Request.METHOD_HEAD
+]
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| parser.image.repository | string | `"docker.io/securecodebox/parser-angularjs-csti-scanner"` | Parser image repository |
+| parser.image.tag | string | defaults to the charts version | Parser image tag |
+| parser.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+| scanner.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) |
+| scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
+| scanner.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.image.repository | string | `"docker.io/securecodebox/scanner-angularjs-csti-scanner"` | Container Image to run the scan |
+| scanner.image.tag | string | `nil` | defaults to the charts version |
+| scanner.nameAppend | string | `nil` | append a string to the default scantype name. |
+| scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
+| scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
+| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[acstis-github]: https://github.com/tijme/angularjs-csti-scanner
\ No newline at end of file
diff --git a/scanners/angularjs-csti-scanner/docs/README.DockerHub-Parser.md b/scanners/angularjs-csti-scanner/docs/README.DockerHub-Parser.md
new file mode 100644
index 0000000000..ea1cdf2a4a
--- /dev/null
+++ b/scanners/angularjs-csti-scanner/docs/README.DockerHub-Parser.md
@@ -0,0 +1,85 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `3.0.6`
+
+## How to use this image
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/angularjs-csti-scanner.
+
+```bash
+docker pull securecodebox/parser-angularjs-csti-scanner
+```
+
+## What is AngularJS Client-Side Template Injection Scanner (acstis)?
+
+The AngularJS Client-Side Template Injection Scanner (acstis) is an open source scanner for
+finding possible template injection vulnerabilities on websites using AngularJS.
+
+For more information visit the projects [GitHub site][acstis-github].
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[acstis-github]: https://github.com/tijme/angularjs-csti-scanner
\ No newline at end of file
diff --git a/scanners/angularjs-csti-scanner/docs/README.DockerHub-Scanner.md b/scanners/angularjs-csti-scanner/docs/README.DockerHub-Scanner.md
new file mode 100644
index 0000000000..ae7b58df98
--- /dev/null
+++ b/scanners/angularjs-csti-scanner/docs/README.DockerHub-Scanner.md
@@ -0,0 +1,109 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `3.0.6`
+
+## How to use this image
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/angularjs-csti-scanner].
+
+```bash
+docker pull securecodebox/scanner-angularjs-csti-scanner
+```
+
+## What is AngularJS Client-Side Template Injection Scanner (acstis)?
+
+The AngularJS Client-Side Template Injection Scanner (acstis) is an open source scanner for
+finding possible template injection vulnerabilities on websites using AngularJS.
+
+For more information visit the projects [GitHub site][acstis-github].
+
+## Scanner Configuration
+
+The only mandatory parameter is:
+- `-d`: The url to scan (e.g. https://angularjs.org/).
+
+Optional arguments:
+
+```bash
+-c, --crawl use the crawler to scan all the entire domain
+-vp, --verify-payload use a javascript engine to verify if the payload was executed (otherwise false positives may occur)
+-av ANGULAR_VERSION, --angular-version ANGULAR_VERSION manually pass the angular version (e.g. 1.4.2) if the automatic check doesn't work
+-vrl VULNERABLE_REQUESTS_LOG, --vulnerable-requests-log VULNERABLE_REQUESTS_LOG log all vulnerable requests to this file (e.g. /var/logs/acstis.log or urls.log)
+-siv, --stop-if-vulnerable (crawler option) stop scanning if a vulnerability was found
+-pmm, --protocol-must-match (crawler option) only scan pages with the same protocol as the starting point (e.g. only https)
+-sos, --scan-other-subdomains (crawler option) also scan pages that have another subdomain than the starting point
+-soh, --scan-other-hostnames (crawler option) also scan pages that have another hostname than the starting point
+-sot, --scan-other-tlds (crawler option) also scan pages that have another tld than the starting point
+-md MAX_DEPTH, --max-depth MAX_DEPTH (crawler option) the maximum search depth (default is unlimited)
+-mt MAX_THREADS, --max-threads MAX_THREADS (crawler option) the maximum amount of simultaneous threads to use (default is 20)
+-iic, --ignore-invalid-certificates (crawler option) ignore invalid ssl certificates
+```
+
+**Do not** override the option `-vrl` or `--vulnerable-requests-log`. It is already configured for automatic findings parsing.
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[acstis-github]: https://github.com/tijme/angularjs-csti-scanner
\ No newline at end of file
diff --git a/scanners/git-repo-scanner/README.md.gotmpl b/scanners/git-repo-scanner/.helm-docs.gotmpl
similarity index 84%
rename from scanners/git-repo-scanner/README.md.gotmpl
rename to scanners/git-repo-scanner/.helm-docs.gotmpl
index 5798f3dc8c..8fb7f0bcf6 100644
--- a/scanners/git-repo-scanner/README.md.gotmpl
+++ b/scanners/git-repo-scanner/.helm-docs.gotmpl
@@ -3,29 +3,35 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH
SPDX-License-Identifier: Apache-2.0
*/ -}}
+
+{{- define "extra.docsSection" -}}
---
-title: "git-repo-scanner"
+title: "Git Repo Scanner"
category: "scanner"
type: "Repository"
-state: "in progress"
-appVersion: "0.1"
-usecase: "Discover git repositories"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Discover Git repositories"
---
-Git-Repo-Scanner is a small Python script which discovers repositories on GitHub or GitLab. The main purpose of this scanner
-is to provide a cascading input for the [gitleaks](https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners/gitleaks).
- scanner.
-
+{{- end }}
-## Deployment
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+{{- end }}
-The git-repo-scanner can be deployed with helm:
+{{- define "extra.chartAboutSection" -}}
+## What is Git-Repo-Scanner?
-```bash
-helm upgrade --install gitleaks secureCodeBox/git-repo-scanner
-```
+Git-Repo-Scanner is a small Python script which discovers repositories on GitHub or GitLab. The main purpose of this scanner
+is to provide a cascading input for the [gitleaks](https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners/gitleaks).
+ scanner.
+{{- end }}
-## Scanner configuration
+{{- define "extra.scannerConfigurationSection" -}}
+## Scanner Configuration
The scanner options can be divided into two groups for Gitlab and GitHub. You can choose the git
repository type with the option:
@@ -67,7 +73,10 @@ For type GitLab you can use the following options:
For Gitlab, the url and the access token is mandatory. If you don't provide a specific group id, all projects
on the Gitlab server are going to be discovered.
+{{- end }}
-## Chart Configuration
+{{- define "extra.chartConfigurationSection" -}}
+{{- end }}
-{{ template "chart.valuesTable" . }}
+{{- define "extra.scannerLinksSection" -}}
+{{- end }}
\ No newline at end of file
diff --git a/scanners/git-repo-scanner/.helmignore b/scanners/git-repo-scanner/.helmignore
index 7e5a65ff89..5df91458a9 100644
--- a/scanners/git-repo-scanner/.helmignore
+++ b/scanners/git-repo-scanner/.helmignore
@@ -6,3 +6,4 @@
parser/
scanner/
examples/
+docs/
diff --git a/scanners/git-repo-scanner/Chart.yaml b/scanners/git-repo-scanner/Chart.yaml
index c62a60c01e..728874556b 100644
--- a/scanners/git-repo-scanner/Chart.yaml
+++ b/scanners/git-repo-scanner/Chart.yaml
@@ -9,6 +9,7 @@ description: A Helm chart for the git-repo-scanner that integrates with the secu
type: application
# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
version: v2.7.0-alpha1
+appVersion: 1.0
kubeVersion: ">=v1.11.0-0"
keywords:
diff --git a/scanners/git-repo-scanner/README.md b/scanners/git-repo-scanner/README.md
index 5a133090b0..b843b92686 100644
--- a/scanners/git-repo-scanner/README.md
+++ b/scanners/git-repo-scanner/README.md
@@ -1,25 +1,53 @@
---
-title: "git-repo-scanner"
+title: "Git Repo Scanner"
category: "scanner"
type: "Repository"
-state: "in progress"
-appVersion: "0.1"
-usecase: "Discover git repositories"
+state: "released"
+appVersion: "1.0"
+usecase: "Discover Git repositories"
---
+
+
+
+
+
+
+
+
+
+
+
+
+## What is Git-Repo-Scanner?
+
Git-Repo-Scanner is a small Python script which discovers repositories on GitHub or GitLab. The main purpose of this scanner
is to provide a cascading input for the [gitleaks](https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners/gitleaks).
scanner.
## Deployment
-
-The git-repo-scanner can be deployed with helm:
+The git-repo-scanner `scanType` can be deployed via helm:
```bash
-helm upgrade --install gitleaks secureCodeBox/git-repo-scanner
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install git-repo-scanner secureCodeBox/git-repo-scanner
```
-## Scanner configuration
+## Scanner Configuration
The scanner options can be divided into two groups for Gitlab and GitHub. You can choose the git
repository type with the option:
@@ -61,7 +89,11 @@ For type GitLab you can use the following options:
For Gitlab, the url and the access token is mandatory. If you don't provide a specific group id, all projects
on the Gitlab server are going to be discovered.
-## Chart Configuration
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -79,3 +111,17 @@ on the Gitlab server are going to be discovered.
| scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
| scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+
diff --git a/scanners/git-repo-scanner/docs/README.ArtifactHub.md b/scanners/git-repo-scanner/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..f64d69315a
--- /dev/null
+++ b/scanners/git-repo-scanner/docs/README.ArtifactHub.md
@@ -0,0 +1,148 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is Git-Repo-Scanner?
+
+Git-Repo-Scanner is a small Python script which discovers repositories on GitHub or GitLab. The main purpose of this scanner
+is to provide a cascading input for the [gitleaks](https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners/gitleaks).
+ scanner.
+
+## Deployment
+The git-repo-scanner `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install git-repo-scanner secureCodeBox/git-repo-scanner
+```
+
+## Scanner Configuration
+
+The scanner options can be divided into two groups for Gitlab and GitHub. You can choose the git
+repository type with the option:
+
+```bash
+--git-type github
+or
+--git-type Gitlab
+```
+
+#### GitHub
+For type GitHub you can use the following options:
+- `--organization`: The name of the GitHub organization you want to scan.
+- `--url`: The url of the api for a GitHub enterprise server. Skip this option for repos on .
+- `--access-token`: Your personal GitHub access token.
+- `--ignore-repos`: A list of GitHub repository ids you want to ignore
+- `--obey-rate-limit`: True to obey the rate limit of the GitHub server (default), otherwise False
+- `--activity-since-duration`: Return git repo findings with repo activity (e.g. commits) more recent than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+- `--activity-until-duration`: Return git repo findings with repo activity (e.g. commits) older than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with
+ optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+
+For now only organizations are supported, so the option is mandatory. We **strongly recommend** providing an access token
+for authentication. If not provided the rate limiting will kick in after about 30 repositories scanned.
+
+#### GitLab
+For type GitLab you can use the following options:
+- `--url`: The url of the GitLab server.
+- `--access-token`: Your personal GitLab access token.
+- `--group`: A specific GitLab group id you want to san, including subgroups.
+- `--ignore-groups`: A list of GitLab group ids you want to ignore
+- `--ignore-repos`: A list of GitLab project ids you want to ignore
+- `--obey-rate-limit`: True to obey the rate limit of the GitLab server (default), otherwise False
+- `--activity-since-duration`: Return git repo findings with repo activity (e.g. commits) more recent than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+- `--activity-until-duration`: Return git repo findings with repo activity (e.g. commits) older than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with
+ optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+
+For Gitlab, the url and the access token is mandatory. If you don't provide a specific group id, all projects
+on the Gitlab server are going to be discovered.
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| parser.image.repository | string | `"docker.io/securecodebox/parser-git-repo-scanner"` | Parser image repository |
+| parser.image.tag | string | defaults to the charts version | Parser image tag |
+| parser.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+| scanner.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) |
+| scanner.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) |
+| scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
+| scanner.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.image.repository | string | `"docker.io/securecodebox/scanner-git-repo-scanner"` | Container Image to run the scan |
+| scanner.image.tag | string | `nil` | defaults to the charts version |
+| scanner.nameAppend | string | `nil` | append a string to the default scantype name. |
+| scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
+| scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
+| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/scanners/git-repo-scanner/docs/README.DockerHub-Parser.md b/scanners/git-repo-scanner/docs/README.DockerHub-Parser.md
new file mode 100644
index 0000000000..fc0c9ebec9
--- /dev/null
+++ b/scanners/git-repo-scanner/docs/README.DockerHub-Parser.md
@@ -0,0 +1,83 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/git-repo-scanner.
+
+```bash
+docker pull securecodebox/parser-git-repo-scanner
+```
+
+## What is Git-Repo-Scanner?
+
+Git-Repo-Scanner is a small Python script which discovers repositories on GitHub or GitLab. The main purpose of this scanner
+is to provide a cascading input for the [gitleaks](https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners/gitleaks).
+ scanner.
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/scanners/git-repo-scanner/docs/README.DockerHub-Scanner.md b/scanners/git-repo-scanner/docs/README.DockerHub-Scanner.md
new file mode 100644
index 0000000000..94dedac6e4
--- /dev/null
+++ b/scanners/git-repo-scanner/docs/README.DockerHub-Scanner.md
@@ -0,0 +1,125 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `2.9.0`, `2.8.0`, `2.7.0`
+
+## How to use this image
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/git-repo-scanner].
+
+```bash
+docker pull securecodebox/scanner-git-repo-scanner
+```
+
+## What is Git-Repo-Scanner?
+
+Git-Repo-Scanner is a small Python script which discovers repositories on GitHub or GitLab. The main purpose of this scanner
+is to provide a cascading input for the [gitleaks](https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners/gitleaks).
+ scanner.
+
+## Scanner Configuration
+
+The scanner options can be divided into two groups for Gitlab and GitHub. You can choose the git
+repository type with the option:
+
+```bash
+--git-type github
+or
+--git-type Gitlab
+```
+
+#### GitHub
+For type GitHub you can use the following options:
+- `--organization`: The name of the GitHub organization you want to scan.
+- `--url`: The url of the api for a GitHub enterprise server. Skip this option for repos on .
+- `--access-token`: Your personal GitHub access token.
+- `--ignore-repos`: A list of GitHub repository ids you want to ignore
+- `--obey-rate-limit`: True to obey the rate limit of the GitHub server (default), otherwise False
+- `--activity-since-duration`: Return git repo findings with repo activity (e.g. commits) more recent than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+- `--activity-until-duration`: Return git repo findings with repo activity (e.g. commits) older than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with
+ optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+
+For now only organizations are supported, so the option is mandatory. We **strongly recommend** providing an access token
+for authentication. If not provided the rate limiting will kick in after about 30 repositories scanned.
+
+#### GitLab
+For type GitLab you can use the following options:
+- `--url`: The url of the GitLab server.
+- `--access-token`: Your personal GitLab access token.
+- `--group`: A specific GitLab group id you want to san, including subgroups.
+- `--ignore-groups`: A list of GitLab group ids you want to ignore
+- `--ignore-repos`: A list of GitLab project ids you want to ignore
+- `--obey-rate-limit`: True to obey the rate limit of the GitLab server (default), otherwise False
+- `--activity-since-duration`: Return git repo findings with repo activity (e.g. commits) more recent than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+- `--activity-until-duration`: Return git repo findings with repo activity (e.g. commits) older than a specific date expressed by a duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with
+ optional fraction and a unit suffix, such as '1h' or '2h45m'. Valid time units are 'm', 'h', 'd', 'w'.
+
+For Gitlab, the url and the access token is mandatory. If you don't provide a specific group id, all projects
+on the Gitlab server are going to be discovered.
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/scanners/gitleaks/README.md.gotmpl b/scanners/gitleaks/.helm-docs.gotmpl
similarity index 88%
rename from scanners/gitleaks/README.md.gotmpl
rename to scanners/gitleaks/.helm-docs.gotmpl
index be2b481746..65f9402f84 100644
--- a/scanners/gitleaks/README.md.gotmpl
+++ b/scanners/gitleaks/.helm-docs.gotmpl
@@ -3,34 +3,39 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH
SPDX-License-Identifier: Apache-2.0
*/ -}}
+
+{{- define "extra.docsSection" -}}
---
title: "Gitleaks"
category: "scanner"
type: "Repository"
-state: "in progress"
-appVersion: "6.1.2"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
usecase: "Find potential secrets in repositories"
---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `{{ template "chart.appVersion" . }}`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is Gitleaks?
Gitleaks is a free and open source tool for finding secrets in git repositories.
These secrets could be passwords, API keys, tokens, private keys or suspicious file names or
file extensions like *id_rsa*, *.pem*, *htpasswd*. Furthermore, gitleaks can scan your whole repository's history
with all commits up to the initial one.
-To learn more about gitleaks visit
-
-## Deployment
-
-The gitleaks scanner can be deployed with helm:
-
-```bash
-# Install HelmChart (use -n to configure another namespace)
-helm upgrade --install gitleaks secureCodeBox/gitleaks
-```
+To learn more about gitleaks visit .
+{{- end }}
-## Scanner configuration
+{{- define "extra.scannerConfigurationSection" -}}
+## Scanner Configuration
For a complete overview of the configuration options checkout the
[Gitleaks documentation](https://github.com/zricethezav/gitleaks/wiki/Options).
@@ -41,9 +46,24 @@ The only mandatory parameters are:
- `--username` and `--password`: Only for non-public repositories.
- `--config-path`: The ruleset you want to use.
+#### Ruleset
+
+At this point we provide three rulesets which you can pass to the `--config-path` oprtion:
+
+- `/home/config_all.toml`: Includes every rule.
+- `/home/config_filenames_only.toml`: Gitleaks scans only file names and extensions.
+- `/home/config_no_generics.toml`: No generic rules like searching for the word *password*. With this option you won't
+find something like **password = Ej2ifDk2jfeo2**, but it will reduce resulting false positives.
+
+If you like to provide your custom ruleset, you can create a configMap and mount it into
+the scan. Checkout the examples for more information about providing your own gitleaks rules config.
+{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
**Do not** override the option `--report-format` or `--report`. It is already configured for automatic findings parsing.
-## secureCodeBox extended GitLeaks Features
+## Additional Chart Configurations
+### secureCodeBox extended GitLeaks Features
:::info
If you run gitleaks based on a scheduledScan (e.g. one scan per day) it would be enough to scan all git-commits since the last executed schedule.
@@ -67,7 +87,7 @@ scanner:
tag: v7.3.0
```
-### Deployment with extended GitLeaks
+#### Deployment with extended GitLeaks
```bash
# Install HelmChart (use -n to configure another namespace)
helm upgrade --install gitleaks secureCodeBox/gitleaks \
@@ -75,7 +95,7 @@ helm upgrade --install gitleaks secureCodeBox/gitleaks \
--set="scanner.image.tag=v7.3.0"
```
-### Additional (Fork) Scanner configuration options
+#### Additional (Fork) Scanner configuration options
```bash
--commit-since-duration= Scan commits more recent than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each
with optional fraction and a unit suffix, such as '300ms', '-1.5h' or '2h45m'. Valid time units are 'ns', 'us' (or 'Β΅s'), 'ms', 's', 'm', 'h'.
@@ -83,18 +103,6 @@ helm upgrade --install gitleaks secureCodeBox/gitleaks \
optional fraction and a unit suffix, such as '300ms', '-1.5h' or '2h45m'. Valid time units are 'ns', 'us' (or 'Β΅s'), 'ms', 's', 'm', 'h'.
```
-#### Ruleset
-
-At this point we provide three rulesets which you can pass to the `--config-path` oprtion:
-
-- `/home/config_all.toml`: Includes every rule.
-- `/home/config_filenames_only.toml`: Gitleaks scans only file names and extensions.
-- `/home/config_no_generics.toml`: No generic rules like searching for the word *password*. With this option you won't
-find something like **password = Ej2ifDk2jfeo2**, but it will reduce resulting false positives.
-
-If you like to provide your custom ruleset, you can create a configMap and mount it into
-the scan. Checkout the examples for more information about providing your own gitleaks rules config.
-
#### Other useful options are:
- `--commit-since`: Scan commits more recent than a specific date. Ex: '2006-01-02' or '2006-01-02T15:04:05-0700' format.
@@ -130,8 +138,7 @@ kubectl create secret generic gitlab-access-token --from-literal="token=
+
+
+
+
+
+
+
+
+
+
+
+## What is Gitleaks?
Gitleaks is a free and open source tool for finding secrets in git repositories.
These secrets could be passwords, API keys, tokens, private keys or suspicious file names or
file extensions like *id_rsa*, *.pem*, *htpasswd*. Furthermore, gitleaks can scan your whole repository's history
with all commits up to the initial one.
-To learn more about gitleaks visit
+To learn more about gitleaks visit .
## Deployment
-
-The gitleaks scanner can be deployed with helm:
+The gitleaks `scanType` can be deployed via helm:
```bash
# Install HelmChart (use -n to configure another namespace)
helm upgrade --install gitleaks secureCodeBox/gitleaks
```
-## Scanner configuration
+## Scanner Configuration
For a complete overview of the configuration options checkout the
[Gitleaks documentation](https://github.com/zricethezav/gitleaks/wiki/Options).
@@ -36,9 +62,26 @@ The only mandatory parameters are:
- `--username` and `--password`: Only for non-public repositories.
- `--config-path`: The ruleset you want to use.
+#### Ruleset
+
+At this point we provide three rulesets which you can pass to the `--config-path` oprtion:
+
+- `/home/config_all.toml`: Includes every rule.
+- `/home/config_filenames_only.toml`: Gitleaks scans only file names and extensions.
+- `/home/config_no_generics.toml`: No generic rules like searching for the word *password*. With this option you won't
+find something like **password = Ej2ifDk2jfeo2**, but it will reduce resulting false positives.
+
+If you like to provide your custom ruleset, you can create a configMap and mount it into
+the scan. Checkout the examples for more information about providing your own gitleaks rules config.
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
**Do not** override the option `--report-format` or `--report`. It is already configured for automatic findings parsing.
-## secureCodeBox extended GitLeaks Features
+## Additional Chart Configurations
+### secureCodeBox extended GitLeaks Features
:::info
If you run gitleaks based on a scheduledScan (e.g. one scan per day) it would be enough to scan all git-commits since the last executed schedule.
@@ -62,7 +105,7 @@ scanner:
tag: v7.3.0
```
-### Deployment with extended GitLeaks
+#### Deployment with extended GitLeaks
```bash
# Install HelmChart (use -n to configure another namespace)
helm upgrade --install gitleaks secureCodeBox/gitleaks \
@@ -70,7 +113,7 @@ helm upgrade --install gitleaks secureCodeBox/gitleaks \
--set="scanner.image.tag=v7.3.0"
```
-### Additional (Fork) Scanner configuration options
+#### Additional (Fork) Scanner configuration options
```bash
--commit-since-duration= Scan commits more recent than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each
with optional fraction and a unit suffix, such as '300ms', '-1.5h' or '2h45m'. Valid time units are 'ns', 'us' (or 'Β΅s'), 'ms', 's', 'm', 'h'.
@@ -78,18 +121,6 @@ helm upgrade --install gitleaks secureCodeBox/gitleaks \
optional fraction and a unit suffix, such as '300ms', '-1.5h' or '2h45m'. Valid time units are 'ns', 'us' (or 'Β΅s'), 'ms', 's', 'm', 'h'.
```
-#### Ruleset
-
-At this point we provide three rulesets which you can pass to the `--config-path` oprtion:
-
-- `/home/config_all.toml`: Includes every rule.
-- `/home/config_filenames_only.toml`: Gitleaks scans only file names and extensions.
-- `/home/config_no_generics.toml`: No generic rules like searching for the word *password*. With this option you won't
-find something like **password = Ej2ifDk2jfeo2**, but it will reduce resulting false positives.
-
-If you like to provide your custom ruleset, you can create a configMap and mount it into
-the scan. Checkout the examples for more information about providing your own gitleaks rules config.
-
#### Other useful options are:
- `--commit-since`: Scan commits more recent than a specific date. Ex: '2006-01-02' or '2006-01-02T15:04:05-0700' format.
@@ -126,7 +157,7 @@ kubectl create secret generic gitlab-access-token --from-literal="token=
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is Gitleaks?
+Gitleaks is a free and open source tool for finding secrets in git repositories.
+These secrets could be passwords, API keys, tokens, private keys or suspicious file names or
+file extensions like *id_rsa*, *.pem*, *htpasswd*. Furthermore, gitleaks can scan your whole repository's history
+with all commits up to the initial one.
+
+To learn more about gitleaks visit .
+
+## Deployment
+The gitleaks `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install gitleaks secureCodeBox/gitleaks
+```
+
+## Scanner Configuration
+
+For a complete overview of the configuration options checkout the
+[Gitleaks documentation](https://github.com/zricethezav/gitleaks/wiki/Options).
+
+The only mandatory parameters are:
+- `-r`: The link to the repository you want to scan.
+- `--access-token`: Only for non-public repositories.
+- `--username` and `--password`: Only for non-public repositories.
+- `--config-path`: The ruleset you want to use.
+
+#### Ruleset
+
+At this point we provide three rulesets which you can pass to the `--config-path` oprtion:
+
+- `/home/config_all.toml`: Includes every rule.
+- `/home/config_filenames_only.toml`: Gitleaks scans only file names and extensions.
+- `/home/config_no_generics.toml`: No generic rules like searching for the word *password*. With this option you won't
+find something like **password = Ej2ifDk2jfeo2**, but it will reduce resulting false positives.
+
+If you like to provide your custom ruleset, you can create a configMap and mount it into
+the scan. Checkout the examples for more information about providing your own gitleaks rules config.
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+**Do not** override the option `--report-format` or `--report`. It is already configured for automatic findings parsing.
+
+## Additional Chart Configurations
+### secureCodeBox extended GitLeaks Features
+
+:::info
+If you run gitleaks based on a scheduledScan (e.g. one scan per day) it would be enough to scan all git-commits since the last executed schedule.
+Instead of scanning all commits in the complete git history every day it would save a lot of resources to scan only all commits of the last day.
+
+_Problem is: This is a feature and configuration option gitleaks is currently not supporting._
+
+That's why we created an [issue](https://github.com/zricethezav/gitleaks/issues/497) and a [pull request](https://github.com/zricethezav/gitleaks/pull/498) for that.
+If you like the idea, please vote for our issue and PR.
+
+If you already want to use our implementation (fork) of this feature you can use our [gitleaks forked docker image](https://hub.docker.com/r/securecodebox/gitleaks) instead of the gitleaks original image.
+:::
+
+```yaml
+# Corresponding HelmChart Configuration
+scanner:
+ image:
+ # scanner.image.repository -- Container Image to run the scan
+ repository: docker.io/securecodebox/scanner-gitleaks
+ # scanner.image.tag -- defaults to the charts version
+ tag: v7.3.0
+```
+
+#### Deployment with extended GitLeaks
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install gitleaks secureCodeBox/gitleaks \
+ --set="scanner.image.repository=docker.io/securecodebox/scanner-gitleaks" \
+ --set="scanner.image.tag=v7.3.0"
+```
+
+#### Additional (Fork) Scanner configuration options
+```bash
+--commit-since-duration= Scan commits more recent than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each
+ with optional fraction and a unit suffix, such as '300ms', '-1.5h' or '2h45m'. Valid time units are 'ns', 'us' (or 'Β΅s'), 'ms', 's', 'm', 'h'.
+--commit-until-duration= Scan commits older than a specific date expresed by an duration (now + duration). A duration string is a possibly signed sequence of decimal numbers, each with
+ optional fraction and a unit suffix, such as '300ms', '-1.5h' or '2h45m'. Valid time units are 'ns', 'us' (or 'Β΅s'), 'ms', 's', 'm', 'h'.
+```
+
+#### Other useful options are:
+
+- `--commit-since`: Scan commits more recent than a specific date. Ex: '2006-01-02' or '2006-01-02T15:04:05-0700' format.
+- `--commit-until`: Scan commits older than a specific date. Ex: '2006-01-02' or '2006-01-02T15:04:05-0700' format.
+- `--repo-config`: Load config from target repo. Config file must be ".gitleaks.toml" or "gitleaks.toml".
+
+#### Finding format
+
+It is not an easy task to classify the severity of the scans because we can't tell for sure if the finding is e.g. a real
+or a testing password. Another issue is that the rate of false positives for generic rules can be very high. Therefore,
+we tried to classify the severity of the finding by looking at the accuracy of the rule which detected it. Rules for AWS
+secrets or Artifactory tokens are very precise, so they get a high severity. Generic rules on the other hand get a low
+severity because the often produce false positives.
+
+**Please keep in mind that findings with a low severity can be actually
+very critical.**
+
+#### Cascading Rules
+
+If you want to scan multiple repositories from GitHub or gitlab automatically at once, you should
+take a look at the cascading rules which get triggered by the **git-repo-scanner**.
+For more information on how to use **git-repo-scanner** checkout the
+[Readme](https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners/git-repo-scanner).
+
+For cascading scans on public GitHub repositories you don't need any credentials. For the gitlab
+and private GitHub rules you need to provide an access token via environment. You could do that with
+the following commands:
+
+```bash
+kubectl create secret generic github-access-token --from-literal="token="
+kubectl create secret generic gitlab-access-token --from-literal="token="
+```
+
+For more information on how to use cascades take a look at
+[Scanning Networks Example](https://docs.securecodebox.io/docs/how-tos/scanning-networks/)
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner |
+| parser.image.repository | string | `"docker.io/securecodebox/parser-gitleaks"` | Parser image repository |
+| parser.image.tag | string | defaults to the charts version | Parser image tag |
+| parser.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+| scanner.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) |
+| scanner.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) |
+| scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
+| scanner.extraVolumeMounts | list | `[{"mountPath":"/home/","name":"gitleaks-config"}]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.extraVolumes | list | `[{"configMap":{"name":"gitleaks-config"},"name":"gitleaks-config"}]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.image.repository | string | `"docker.io/securecodebox/scanner-gitleaks"` | Container Image to run the scan |
+| scanner.image.tag | string | `nil` | defaults to the app version |
+| scanner.nameAppend | string | `nil` | append a string to the default scantype name. |
+| scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
+| scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
+| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/scanners/gitleaks/docs/README.DockerHub-Parser.md b/scanners/gitleaks/docs/README.DockerHub-Parser.md
new file mode 100644
index 0000000000..c81e214566
--- /dev/null
+++ b/scanners/gitleaks/docs/README.DockerHub-Parser.md
@@ -0,0 +1,85 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `v7.5.0`
+
+## How to use this image
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/gitleaks.
+
+```bash
+docker pull securecodebox/parser-gitleaks
+```
+
+## What is Gitleaks?
+Gitleaks is a free and open source tool for finding secrets in git repositories.
+These secrets could be passwords, API keys, tokens, private keys or suspicious file names or
+file extensions like *id_rsa*, *.pem*, *htpasswd*. Furthermore, gitleaks can scan your whole repository's history
+with all commits up to the initial one.
+
+To learn more about gitleaks visit .
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/scanners/gitleaks/docs/README.DockerHub-Scanner.md b/scanners/gitleaks/docs/README.DockerHub-Scanner.md
new file mode 100644
index 0000000000..d51058dd63
--- /dev/null
+++ b/scanners/gitleaks/docs/README.DockerHub-Scanner.md
@@ -0,0 +1,108 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `v7.5.0`
+
+## How to use this image
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/gitleaks].
+
+```bash
+docker pull securecodebox/scanner-gitleaks
+```
+
+## What is Gitleaks?
+Gitleaks is a free and open source tool for finding secrets in git repositories.
+These secrets could be passwords, API keys, tokens, private keys or suspicious file names or
+file extensions like *id_rsa*, *.pem*, *htpasswd*. Furthermore, gitleaks can scan your whole repository's history
+with all commits up to the initial one.
+
+To learn more about gitleaks visit .
+
+## Scanner Configuration
+
+For a complete overview of the configuration options checkout the
+[Gitleaks documentation](https://github.com/zricethezav/gitleaks/wiki/Options).
+
+The only mandatory parameters are:
+- `-r`: The link to the repository you want to scan.
+- `--access-token`: Only for non-public repositories.
+- `--username` and `--password`: Only for non-public repositories.
+- `--config-path`: The ruleset you want to use.
+
+#### Ruleset
+
+At this point we provide three rulesets which you can pass to the `--config-path` oprtion:
+
+- `/home/config_all.toml`: Includes every rule.
+- `/home/config_filenames_only.toml`: Gitleaks scans only file names and extensions.
+- `/home/config_no_generics.toml`: No generic rules like searching for the word *password*. With this option you won't
+find something like **password = Ej2ifDk2jfeo2**, but it will reduce resulting false positives.
+
+If you like to provide your custom ruleset, you can create a configMap and mount it into
+the scan. Checkout the examples for more information about providing your own gitleaks rules config.
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
diff --git a/scanners/kube-hunter/README.md.gotmpl b/scanners/kube-hunter/.helm-docs.gotmpl
similarity index 72%
rename from scanners/kube-hunter/README.md.gotmpl
rename to scanners/kube-hunter/.helm-docs.gotmpl
index 49256d61b9..d2af9dfd57 100644
--- a/scanners/kube-hunter/README.md.gotmpl
+++ b/scanners/kube-hunter/.helm-docs.gotmpl
@@ -3,29 +3,32 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH
SPDX-License-Identifier: Apache-2.0
*/ -}}
+
+{{- define "extra.docsSection" -}}
---
title: "kube-hunter"
category: "scanner"
type: "Kubernetes"
state: "released"
-appVersion: "0.3.1"
+appVersion: "{{ template "chart.appVersion" . }}"
usecase: "Kubernetes Vulnerability Scanner"
---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `{{ template "chart.appVersion" . }}`
+{{- end }}
+{{- define "extra.chartAboutSection" -}}
+## What is kube-hunter?
kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster that you don't own!
To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or [kube-hunter Website].
+{{- end }}
-
-
-## Deployment
-
-The kube-hunter ScanType can be deployed via helm:
-
-```bash
-helm upgrade --install kube-hunter secureCodeBox/kube-hunter
-```
-
+{{- define "extra.scannerConfigurationSection" -}}
## Scanner Configuration
The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples.
@@ -33,11 +36,13 @@ The following security scan configuration example are based on the [kube-hunter
* To specify remote machines for hunting, select option 1 or use the --remote option. Example: `kube-hunter --remote some.node.com`
* To specify interface scanning, you can use the --interface option (this will scan all the machine's network interfaces). Example: `kube-hunter --interface`
* To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24`
+{{- end }}
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
+{{- define "extra.chartConfigurationSection" -}}
+{{- end }}
+{{- define "extra.scannerLinksSection" -}}
[kube-hunter Website]: https://kube-hunter.aquasec.com/
[kube-hunter GitHub]: https://github.com/aquasecurity/kube-hunter
[kube-hunter Documentation]: https://github.com/aquasecurity/kube-hunter#scanning-options
+{{- end }}
\ No newline at end of file
diff --git a/scanners/kube-hunter/.helmignore b/scanners/kube-hunter/.helmignore
index 7e5a65ff89..5df91458a9 100644
--- a/scanners/kube-hunter/.helmignore
+++ b/scanners/kube-hunter/.helmignore
@@ -6,3 +6,4 @@
parser/
scanner/
examples/
+docs/
diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md
index 80964c4190..8ff4cab51b 100644
--- a/scanners/kube-hunter/README.md
+++ b/scanners/kube-hunter/README.md
@@ -3,21 +3,46 @@ title: "kube-hunter"
category: "scanner"
type: "Kubernetes"
state: "released"
-appVersion: "0.3.1"
+appVersion: "0.4.1"
usecase: "Kubernetes Vulnerability Scanner"
---
+
+
+
+
+
+
+
+
+
+
+
+
+## What is kube-hunter?
kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster that you don't own!
To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or [kube-hunter Website].
-
-
## Deployment
-
-The kube-hunter ScanType can be deployed via helm:
+The kube-hunter `scanType` can be deployed via helm:
```bash
+# Install HelmChart (use -n to configure another namespace)
helm upgrade --install kube-hunter secureCodeBox/kube-hunter
```
@@ -29,7 +54,11 @@ The following security scan configuration example are based on the [kube-hunter
* To specify interface scanning, you can use the --interface option (this will scan all the machine's network interfaces). Example: `kube-hunter --interface`
* To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24`
-## Chart Configuration
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -49,6 +78,18 @@ The following security scan configuration example are based on the [kube-hunter
| scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
[kube-hunter Website]: https://kube-hunter.aquasec.com/
[kube-hunter GitHub]: https://github.com/aquasecurity/kube-hunter
[kube-hunter Documentation]: https://github.com/aquasecurity/kube-hunter#scanning-options
diff --git a/scanners/kube-hunter/docs/README.ArtifactHub.md b/scanners/kube-hunter/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..0b5bb4e7c6
--- /dev/null
+++ b/scanners/kube-hunter/docs/README.ArtifactHub.md
@@ -0,0 +1,117 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is kube-hunter?
+kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster that you don't own!
+
+To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or [kube-hunter Website].
+
+## Deployment
+The kube-hunter `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install kube-hunter secureCodeBox/kube-hunter
+```
+
+## Scanner Configuration
+
+The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples.
+
+* To specify remote machines for hunting, select option 1 or use the --remote option. Example: `kube-hunter --remote some.node.com`
+* To specify interface scanning, you can use the --interface option (this will scan all the machine's network interfaces). Example: `kube-hunter --interface`
+* To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24`
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| cascadingRules.enabled | bool | `true` | Enables or disables the installation of the default cascading rules for this scanner |
+| parser.image.repository | string | `"docker.io/securecodebox/parser-kube-hunter"` | Parser image repository |
+| parser.image.tag | string | defaults to the charts version | Parser image tag |
+| parser.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+| scanner.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) |
+| scanner.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) |
+| scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
+| scanner.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.image.repository | string | `"docker.io/securecodebox/scanner-kube-hunter"` | Container Image to run the scan |
+| scanner.image.tag | string | `nil` | defaults to the charts version |
+| scanner.nameAppend | string | `nil` | append a string to the default scantype name. |
+| scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
+| scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
+| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[kube-hunter Website]: https://kube-hunter.aquasec.com/
+[kube-hunter GitHub]: https://github.com/aquasecurity/kube-hunter
+[kube-hunter Documentation]: https://github.com/aquasecurity/kube-hunter#scanning-options
\ No newline at end of file
diff --git a/scanners/kube-hunter/docs/README.DockerHub-Parser.md b/scanners/kube-hunter/docs/README.DockerHub-Parser.md
new file mode 100644
index 0000000000..b7b9c231be
--- /dev/null
+++ b/scanners/kube-hunter/docs/README.DockerHub-Parser.md
@@ -0,0 +1,85 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `0.4.1`
+
+## How to use this image
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/kube-hunter.
+
+```bash
+docker pull securecodebox/parser-kube-hunter
+```
+
+## What is kube-hunter?
+kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster that you don't own!
+
+To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or [kube-hunter Website].
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[kube-hunter Website]: https://kube-hunter.aquasec.com/
+[kube-hunter GitHub]: https://github.com/aquasecurity/kube-hunter
+[kube-hunter Documentation]: https://github.com/aquasecurity/kube-hunter#scanning-options
\ No newline at end of file
diff --git a/scanners/kube-hunter/docs/README.DockerHub-Scanner.md b/scanners/kube-hunter/docs/README.DockerHub-Scanner.md
new file mode 100644
index 0000000000..e59338aa8f
--- /dev/null
+++ b/scanners/kube-hunter/docs/README.DockerHub-Scanner.md
@@ -0,0 +1,93 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `0.4.1`
+
+## How to use this image
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/kube-hunter].
+
+```bash
+docker pull securecodebox/scanner-kube-hunter
+```
+
+## What is kube-hunter?
+kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster that you don't own!
+
+To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or [kube-hunter Website].
+
+## Scanner Configuration
+
+The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples.
+
+* To specify remote machines for hunting, select option 1 or use the --remote option. Example: `kube-hunter --remote some.node.com`
+* To specify interface scanning, you can use the --interface option (this will scan all the machine's network interfaces). Example: `kube-hunter --interface`
+* To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24`
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[kube-hunter Website]: https://kube-hunter.aquasec.com/
+[kube-hunter GitHub]: https://github.com/aquasecurity/kube-hunter
+[kube-hunter Documentation]: https://github.com/aquasecurity/kube-hunter#scanning-options
\ No newline at end of file
diff --git a/scanners/kubeaudit/.helm-docs.gotmpl b/scanners/kubeaudit/.helm-docs.gotmpl
new file mode 100644
index 0000000000..f6a7ba72f8
--- /dev/null
+++ b/scanners/kubeaudit/.helm-docs.gotmpl
@@ -0,0 +1,49 @@
+{{- /*
+SPDX-FileCopyrightText: 2020 iteratec GmbH
+
+SPDX-License-Identifier: Apache-2.0
+*/ -}}
+
+{{- define "extra.docsSection" -}}
+---
+title: "kubeaudit"
+category: "scanner"
+type: "Kubernetes"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
+usecase: "Kubernetes Configuration Scanner"
+---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `{{ template "chart.appVersion" . }}`
+{{- end }}
+
+{{- define "extra.chartAboutSection" -}}
+## What is Kubeaudit?
+Kubeaudit finds security misconfigurations in you Kubernetes Resources and gives tips on how to resolve these.
+
+Kubeaudit comes with a large lists of "auditors" which test various aspects, like the SecurityContext of pods.
+You can find the complete list of [auditors here](https://github.com/Shopify/kubeaudit/tree/master/docs/auditors).
+
+To learn more about the kubeaudit itself visit [kubeaudit GitHub].
+{{- end }}
+
+{{- define "extra.scannerConfigurationSection" -}}
+## Scanner Configuration
+
+The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples.
+
+* To specify remote machines for hunting, select option 1 or use the --remote option. Example: `kube-hunter --remote some.node.com`
+* To specify interface scanning, you can use the --interface option (this will scan all the machine's network interfaces). Example: `kube-hunter --interface`
+* To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24`
+{{- end }}
+
+{{- define "extra.chartConfigurationSection" -}}
+{{- end }}
+
+{{- define "extra.scannerLinksSection" -}}
+[kubeaudit GitHub]: https://github.com/Shopify/kubeaudit/
+{{- end }}
\ No newline at end of file
diff --git a/scanners/kubeaudit/.helmignore b/scanners/kubeaudit/.helmignore
index 7e5a65ff89..5df91458a9 100644
--- a/scanners/kubeaudit/.helmignore
+++ b/scanners/kubeaudit/.helmignore
@@ -6,3 +6,4 @@
parser/
scanner/
examples/
+docs/
diff --git a/scanners/kubeaudit/Chart.yaml b/scanners/kubeaudit/Chart.yaml
index 34f3caeba0..0eb52be5c6 100644
--- a/scanners/kubeaudit/Chart.yaml
+++ b/scanners/kubeaudit/Chart.yaml
@@ -8,7 +8,7 @@ description: A Helm chart for the kubeaudit security scanner that integrates wit
type: application
version: v2.7.0-alpha1
-appVersion: v0.14.0
+appVersion: v0.14.1
kubeVersion: ">=v1.11.0-0"
keywords:
@@ -20,6 +20,7 @@ home: https://docs.securecodebox.io/docs/scanners/kubeaudit
icon: https://docs.securecodebox.io/img/integrationIcons/kubeaudit.svg
sources:
- https://github.com/secureCodeBox/secureCodeBox
+ - https://github.com/Shopify/kubeaudit/
maintainers:
- name: iteratec GmbH
email: secureCodeBox@iteratec.com
diff --git a/scanners/kubeaudit/README.md b/scanners/kubeaudit/README.md
index c7eaf042bc..f982e9eeb6 100644
--- a/scanners/kubeaudit/README.md
+++ b/scanners/kubeaudit/README.md
@@ -3,10 +3,37 @@ title: "kubeaudit"
category: "scanner"
type: "Kubernetes"
state: "released"
-appVersion: "0.15.1"
+appVersion: "v0.14.1"
usecase: "Kubernetes Configuration Scanner"
---
+
+
+
+
+
+
+
+
+
+
+
+
+## What is Kubeaudit?
Kubeaudit finds security misconfigurations in you Kubernetes Resources and gives tips on how to resolve these.
Kubeaudit comes with a large lists of "auditors" which test various aspects, like the SecurityContext of pods.
@@ -14,17 +41,27 @@ You can find the complete list of [auditors here](https://github.com/Shopify/kub
To learn more about the kubeaudit itself visit [kubeaudit GitHub].
-
-
## Deployment
-
-The kube-hunter ScanType can be deployed via helm:
+The kubeaudit `scanType` can be deployed via helm:
```bash
+# Install HelmChart (use -n to configure another namespace)
helm upgrade --install kubeaudit secureCodeBox/kubeaudit
```
-## Chart Configuration
+## Scanner Configuration
+
+The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples.
+
+* To specify remote machines for hunting, select option 1 or use the --remote option. Example: `kube-hunter --remote some.node.com`
+* To specify interface scanning, you can use the --interface option (this will scan all the machine's network interfaces). Example: `kube-hunter --interface`
+* To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24`
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -47,4 +84,16 @@ helm upgrade --install kubeaudit secureCodeBox/kubeaudit
| scanner.securityContext.runAsNonRoot | bool | `true` | Enforces that the scanner image is run as a non root user |
| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
[kubeaudit GitHub]: https://github.com/Shopify/kubeaudit/
diff --git a/scanners/kubeaudit/README.md.gotmpl b/scanners/kubeaudit/README.md.gotmpl
deleted file mode 100644
index 4fd76e8e50..0000000000
--- a/scanners/kubeaudit/README.md.gotmpl
+++ /dev/null
@@ -1,36 +0,0 @@
-{{- /*
-SPDX-FileCopyrightText: 2020 iteratec GmbH
-
-SPDX-License-Identifier: Apache-2.0
-*/ -}}
----
-title: "kubeaudit"
-category: "scanner"
-type: "Kubernetes"
-state: "released"
-appVersion: "0.15.1"
-usecase: "Kubernetes Configuration Scanner"
----
-
-Kubeaudit finds security misconfigurations in you Kubernetes Resources and gives tips on how to resolve these.
-
-Kubeaudit comes with a large lists of "auditors" which test various aspects, like the SecurityContext of pods.
-You can find the complete list of [auditors here](https://github.com/Shopify/kubeaudit/tree/master/docs/auditors).
-
-To learn more about the kubeaudit itself visit [kubeaudit GitHub].
-
-
-
-## Deployment
-
-The kube-hunter ScanType can be deployed via helm:
-
-```bash
-helm upgrade --install kubeaudit secureCodeBox/kubeaudit
-```
-
-## Chart Configuration
-
-{{ template "chart.valuesTable" . }}
-
-[kubeaudit GitHub]: https://github.com/Shopify/kubeaudit/
diff --git a/scanners/kubeaudit/docs/README.ArtifactHub.md b/scanners/kubeaudit/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..93475c65a8
--- /dev/null
+++ b/scanners/kubeaudit/docs/README.ArtifactHub.md
@@ -0,0 +1,121 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is Kubeaudit?
+Kubeaudit finds security misconfigurations in you Kubernetes Resources and gives tips on how to resolve these.
+
+Kubeaudit comes with a large lists of "auditors" which test various aspects, like the SecurityContext of pods.
+You can find the complete list of [auditors here](https://github.com/Shopify/kubeaudit/tree/master/docs/auditors).
+
+To learn more about the kubeaudit itself visit [kubeaudit GitHub].
+
+## Deployment
+The kubeaudit `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install kubeaudit secureCodeBox/kubeaudit
+```
+
+## Scanner Configuration
+
+The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples.
+
+* To specify remote machines for hunting, select option 1 or use the --remote option. Example: `kube-hunter --remote some.node.com`
+* To specify interface scanning, you can use the --interface option (this will scan all the machine's network interfaces). Example: `kube-hunter --interface`
+* To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24`
+
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| kubeauditScope | string | `"namespace"` | Automatically sets up rbac roles for kubeaudit to access the resources it scans. Can be either "cluster" (ClusterRole) or "namespace" (Role) |
+| parser.image.repository | string | `"docker.io/securecodebox/parser-kubeaudit"` | Parser image repository |
+| parser.image.tag | string | defaults to the charts version | Parser image tag |
+| parser.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+| scanner.backoffLimit | int | 3 | There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see: https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) |
+| scanner.env | list | `[]` | Optional environment variables mapped into each scanJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/) |
+| scanner.extraContainers | list | `[]` | Optional additional Containers started with each scanJob (see: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
+| scanner.extraVolumeMounts | list | `[]` | Optional VolumeMounts mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.extraVolumes | list | `[]` | Optional Volumes mapped into each scanJob (see: https://kubernetes.io/docs/concepts/storage/volumes/) |
+| scanner.nameAppend | string | `nil` | append a string to the default scantype name. |
+| scanner.resources | object | `{}` | CPU/memory resource requests/limits (see: https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/, https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/) |
+| scanner.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
+| scanner.securityContext.allowPrivilegeEscalation | bool | `false` | Ensure that users privileges cannot be escalated |
+| scanner.securityContext.capabilities.drop[0] | string | `"all"` | This drops all linux privileges from the container. |
+| scanner.securityContext.privileged | bool | `false` | Ensures that the scanner container is not run in privileged mode |
+| scanner.securityContext.readOnlyRootFilesystem | bool | `true` | Prevents write access to the containers file system |
+| scanner.securityContext.runAsNonRoot | bool | `true` | Enforces that the scanner image is run as a non root user |
+| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
+
+## Contributing
+
+Contributions are welcome and extremely helpful π
+Please have a look at [Contributing](./CONTRIBUTING.md)
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[kubeaudit GitHub]: https://github.com/Shopify/kubeaudit/
\ No newline at end of file
diff --git a/scanners/kubeaudit/docs/README.DockerHub-Parser.md b/scanners/kubeaudit/docs/README.DockerHub-Parser.md
new file mode 100644
index 0000000000..1bdb0b38b7
--- /dev/null
+++ b/scanners/kubeaudit/docs/README.DockerHub-Parser.md
@@ -0,0 +1,86 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `v0.14.1`
+
+## How to use this image
+This `parser` image is intended to work in combination with the corresponding security scanner docker image to parse the `findings` results. For more informations details please take a look at the documentation page: https://docs.securecodebox.io/docs/scanners/kubeaudit.
+
+```bash
+docker pull securecodebox/parser-kubeaudit
+```
+
+## What is Kubeaudit?
+Kubeaudit finds security misconfigurations in you Kubernetes Resources and gives tips on how to resolve these.
+
+Kubeaudit comes with a large lists of "auditors" which test various aspects, like the SecurityContext of pods.
+You can find the complete list of [auditors here](https://github.com/Shopify/kubeaudit/tree/master/docs/auditors).
+
+To learn more about the kubeaudit itself visit [kubeaudit GitHub].
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[kubeaudit GitHub]: https://github.com/Shopify/kubeaudit/
\ No newline at end of file
diff --git a/scanners/kubeaudit/docs/README.DockerHub-Scanner.md b/scanners/kubeaudit/docs/README.DockerHub-Scanner.md
new file mode 100644
index 0000000000..6aa6fee316
--- /dev/null
+++ b/scanners/kubeaudit/docs/README.DockerHub-Scanner.md
@@ -0,0 +1,94 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `v0.14.1`
+
+## How to use this image
+This `scanner` image is intended to work in combination with the corresponding `parser` image to parse the scanner `findings` to generic secureCodeBox results. For more informations details please take a look at the [project page][scb-docs] or [documentation page][https://docs.securecodebox.io/docs/scanners/kubeaudit].
+
+```bash
+docker pull securecodebox/scanner-kubeaudit
+```
+
+## What is Kubeaudit?
+Kubeaudit finds security misconfigurations in you Kubernetes Resources and gives tips on how to resolve these.
+
+Kubeaudit comes with a large lists of "auditors" which test various aspects, like the SecurityContext of pods.
+You can find the complete list of [auditors here](https://github.com/Shopify/kubeaudit/tree/master/docs/auditors).
+
+To learn more about the kubeaudit itself visit [kubeaudit GitHub].
+
+## Scanner Configuration
+
+The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples.
+
+* To specify remote machines for hunting, select option 1 or use the --remote option. Example: `kube-hunter --remote some.node.com`
+* To specify interface scanning, you can use the --interface option (this will scan all the machine's network interfaces). Example: `kube-hunter --interface`
+* To specify a specific CIDR to scan, use the --cidr option. Example: `kube-hunter --cidr 192.168.0.0/24`
+
+## Community
+
+You are welcome, please join us on... π
+
+- [GitHub][scb-github]
+- [Slack][scb-slack]
+- [Twitter][scb-twitter]
+
+secureCodeBox is an official [OWASP][scb-owasp] project.
+
+## License
+[](https://opensource.org/licenses/Apache-2.0)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
+
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
+[kubeaudit GitHub]: https://github.com/Shopify/kubeaudit/
\ No newline at end of file
diff --git a/scanners/ncrack/README.md.gotmpl b/scanners/ncrack/.helm-docs.gotmpl
similarity index 91%
rename from scanners/ncrack/README.md.gotmpl
rename to scanners/ncrack/.helm-docs.gotmpl
index cb90430b59..26e346afdf 100644
--- a/scanners/ncrack/README.md.gotmpl
+++ b/scanners/ncrack/.helm-docs.gotmpl
@@ -3,67 +3,33 @@ SPDX-FileCopyrightText: 2020 iteratec GmbH
SPDX-License-Identifier: Apache-2.0
*/ -}}
+
+{{- define "extra.docsSection" -}}
---
title: "Ncrack"
category: "scanner"
type: "Authentication"
-state: "developing"
-appVersion: "0.7"
+state: "released"
+appVersion: "{{ template "chart.appVersion" . }}"
usecase: "Network authentication bruteforcing"
---
+{{- end }}
+
+{{- define "extra.dockerDeploymentSection" -}}
+## Supported Tags
+- `latest` (represents the latest stable release build)
+- tagged releases, e.g. `{{ template "chart.appVersion" . }}`
+{{- end }}
+{{- define "extra.chartAboutSection" -}}
+## What is Ncrack?
Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
To learn more about the Ncrack scanner itself visit [Ncrack GitHub] or [Ncrack Website].
-
-
-## Ncrack Deployment & Configuration
-
-#### Setup with custom files:
-If you want to use your own files within the Ncrack scan, you have to create a secret first:
-
-```bash
-kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists
-```
-
- IMPORTANT: Use an extra empty line at the end of your files, otherwise the last letter of the last line will be omitted (due to a bug in k8)
-
-
-Now we created a secret named "ncrack-lists".
-Before we can use the files, we have to install the Ncrack ScanType:
-
-```bash
-cat <` in the scan.yaml.
-
-For a full example on how to configure Ncrack with your custom files against a ssh service, see the "dummy-ssh" example.
-
-#### Basic setup (no files can be mounted):
-
-The Ncrack ScanType can be deployed via helm:
-
-```bash
-helm upgrade --install ncrack secureCodeBox/ncrack
-```
-
-#### Delete Ncrack ScanType:
-
-```bash
-helm delete ncrack
-```
+{{- end }}
+{{- define "extra.scannerConfigurationSection" -}}
## Scanner Configuration
The following security scan configuration example are based on the [Ncrack Documentation], please take a look at the original documentation for more configuration examples.
@@ -142,8 +108,13 @@ EXAMPLES:
ncrack -v -iX ~/nmap.xml -g CL=5,to=1h
SEE THE MAN PAGE (http://nmap.org/ncrack/man.html) FOR MORE OPTIONS AND EXAMPLES
```
+{{- end }}
-## Password encryption
+{{- define "extra.chartConfigurationSection" -}}
+## Additional Chart Configurations
+### Ncrack Deployment & Configuration
+
+#### Password encryption
Because **Ncrack** findings are very sensitive, you probably don't want every *secureCodeBox* user to see them. In order
to address this issue we provide an option that lets you encrypt found passwords with public key crypto. Just
@@ -172,15 +143,52 @@ To decrypt a password from a finding use:
base64 encryptedPassword -d | openssl rsautl -decrypt -inkey key.pem -out decryptedPassword.txt
```
-## Chart Configuration
+#### Setup with custom files:
+If you want to use your own files within the Ncrack scan, you have to create a secret first:
-{{ template "chart.valuesTable" . }}
+```bash
+kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists
+```
----
+ IMPORTANT: Use an extra empty line at the end of your files, otherwise the last letter of the last line will be omitted (due to a bug in k8)
+
+Now we created a secret named "ncrack-lists".
+Before we can use the files, we have to install the Ncrack ScanType:
+
+```bash
+cat <` in the scan.yaml.
-> π§ The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized.
+For a full example on how to configure Ncrack with your custom files against a ssh service, see the "dummy-ssh" example.
+
+#### Basic setup (no files can be mounted):
+
+The Ncrack ScanType can be deployed via helm:
+
+```bash
+helm upgrade --install ncrack secureCodeBox/ncrack
+```
+
+#### Delete Ncrack ScanType:
+
+```bash
+helm delete ncrack
+```
+{{- end }}
+{{- define "extra.scannerLinksSection" -}}
[Ncrack Website]: https://nmap.org/ncrack/
[Ncrack GitHub]: https://github.com/nmap/ncrack
[Ncrack Documentation]: https://nmap.org/ncrack/man.html
+{{- end }}
\ No newline at end of file
diff --git a/scanners/ncrack/.helmignore b/scanners/ncrack/.helmignore
index 295c727ae9..3ceac5b1b7 100644
--- a/scanners/ncrack/.helmignore
+++ b/scanners/ncrack/.helmignore
@@ -6,4 +6,5 @@
parser/
scanner/
examples/
+docs/
diff --git a/scanners/ncrack/README.md b/scanners/ncrack/README.md
index 735d5f3488..aa84887d75 100644
--- a/scanners/ncrack/README.md
+++ b/scanners/ncrack/README.md
@@ -2,62 +2,50 @@
title: "Ncrack"
category: "scanner"
type: "Authentication"
-state: "developing"
+state: "released"
appVersion: "0.7"
usecase: "Network authentication bruteforcing"
---
+
+
+
+
+
+
+
+
+
+
+
+
+## What is Ncrack?
Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
To learn more about the Ncrack scanner itself visit [Ncrack GitHub] or [Ncrack Website].
-
-
-## Ncrack Deployment & Configuration
-
-#### Setup with custom files:
-If you want to use your own files within the Ncrack scan, you have to create a secret first:
-
-```bash
-kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists
-```
-
- IMPORTANT: Use an extra empty line at the end of your files, otherwise the last letter of the last line will be omitted (due to a bug in k8)
-
-Now we created a secret named "ncrack-lists".
-Before we can use the files, we have to install the Ncrack ScanType:
-
-```bash
-cat <` in the scan.yaml.
-
-For a full example on how to configure Ncrack with your custom files against a ssh service, see the "dummy-ssh" example.
-
-#### Basic setup (no files can be mounted):
-
-The Ncrack ScanType can be deployed via helm:
+## Deployment
+The ncrack `scanType` can be deployed via helm:
```bash
+# Install HelmChart (use -n to configure another namespace)
helm upgrade --install ncrack secureCodeBox/ncrack
```
-#### Delete Ncrack ScanType:
-
-```bash
-helm delete ncrack
-```
-
## Scanner Configuration
The following security scan configuration example are based on the [Ncrack Documentation], please take a look at the original documentation for more configuration examples.
@@ -137,7 +125,14 @@ EXAMPLES:
SEE THE MAN PAGE (http://nmap.org/ncrack/man.html) FOR MORE OPTIONS AND EXAMPLES
```
-## Password encryption
+## Requirements
+
+Kubernetes: `>=v1.11.0-0`
+
+## Additional Chart Configurations
+### Ncrack Deployment & Configuration
+
+#### Password encryption
Because **Ncrack** findings are very sensitive, you probably don't want every *secureCodeBox* user to see them. In order
to address this issue we provide an option that lets you encrypt found passwords with public key crypto. Just
@@ -166,7 +161,50 @@ To decrypt a password from a finding use:
base64 encryptedPassword -d | openssl rsautl -decrypt -inkey key.pem -out decryptedPassword.txt
```
-## Chart Configuration
+#### Setup with custom files:
+If you want to use your own files within the Ncrack scan, you have to create a secret first:
+
+```bash
+kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists
+```
+
+ IMPORTANT: Use an extra empty line at the end of your files, otherwise the last letter of the last line will be omitted (due to a bug in k8)
+
+Now we created a secret named "ncrack-lists".
+Before we can use the files, we have to install the Ncrack ScanType:
+
+```bash
+cat <` in the scan.yaml.
+
+For a full example on how to configure Ncrack with your custom files against a ssh service, see the "dummy-ssh" example.
+
+#### Basic setup (no files can be mounted):
+
+The Ncrack ScanType can be deployed via helm:
+
+```bash
+helm upgrade --install ncrack secureCodeBox/ncrack
+```
+
+#### Delete Ncrack ScanType:
+
+```bash
+helm delete ncrack
+```
+
+## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
@@ -188,10 +226,18 @@ base64 encryptedPassword -d | openssl rsautl -decrypt -inkey key.pem -out decryp
| scanner.securityContext | object | `{}` | Optional securityContext set on scanner container (see: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
| scanner.ttlSecondsAfterFinished | string | `nil` | seconds after which the kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ |
----
+## License
+[](https://opensource.org/licenses/Apache-2.0)
-> π§ The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized.
+Code of secureCodeBox is licensed under the [Apache License 2.0][scb-license].
+[scb-owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox
+[scb-docs]: https://docs.securecodebox.io/
+[scb-site]: https://www.securecodebox.io/
+[scb-github]: https://github.com/secureCodeBox/
+[scb-twitter]: https://twitter.com/secureCodeBox
+[scb-slack]: https://join.slack.com/t/securecodebox/shared_invite/enQtNDU3MTUyOTM0NTMwLTBjOWRjNjVkNGEyMjQ0ZGMyNDdlYTQxYWQ4MzNiNGY3MDMxNThkZjJmMzY2NDRhMTk3ZWM3OWFkYmY1YzUxNTU
+[scb-license]: https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
[Ncrack Website]: https://nmap.org/ncrack/
[Ncrack GitHub]: https://github.com/nmap/ncrack
[Ncrack Documentation]: https://nmap.org/ncrack/man.html
diff --git a/scanners/ncrack/docs/README.ArtifactHub.md b/scanners/ncrack/docs/README.ArtifactHub.md
new file mode 100644
index 0000000000..5269a36f8c
--- /dev/null
+++ b/scanners/ncrack/docs/README.ArtifactHub.md
@@ -0,0 +1,265 @@
+
+
+
+
+
+
+
+
+
+
+
+
+## What is OWASP secureCodeBox?
+
+
+
+
+
+_[OWASP secureCodeBox][scb-github]_ is an automated and scalable open source solution that can be used to integrate various *security vulnerability scanners* with a simple and lightweight interface. The _secureCodeBox_ mission is to support *DevSecOps* Teams to make it easy to automate security vulnerability testing in different scenarios.
+
+With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
+
+The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To install it you need [Helm](https://helm.sh), a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.
+
+### Quickstart with secureCodeBox on kubernetes
+
+You can find resources to help you get started on our [documentation website](https://docs.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://docs.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://docs.securecodebox.io/docs/getting-started/first-scans) with it.
+
+## What is Ncrack?
+Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
+
+To learn more about the Ncrack scanner itself visit [Ncrack GitHub] or [Ncrack Website].
+
+## Deployment
+The ncrack `scanType` can be deployed via helm:
+
+```bash
+# Install HelmChart (use -n to configure another namespace)
+helm upgrade --install ncrack secureCodeBox/ncrack
+```
+
+## Scanner Configuration
+
+The following security scan configuration example are based on the [Ncrack Documentation], please take a look at the original documentation for more configuration examples.
+
+This options summary is printed when Ncrack is run with no arguments. It helps people remember the most common options, but is no substitute for the in-depth documentation in the rest of this manual.
+
+```
+Ncrack 0.7 ( http://ncrack.org )
+Usage: ncrack [Options] {target and service specification}
+TARGET SPECIFICATION:
+ Can pass hostnames, IP addresses, networks, etc.
+ Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
+ -iX : Input from Nmap's -oX XML output format
+ -iN : Input from Nmap's -oN Normal output format
+ -iL : Input from list of hosts/networks
+ --exclude : Exclude hosts/networks
+ --excludefile : Exclude list from file
+SERVICE SPECIFICATION:
+ Can pass target specific services in ://target (standard) notation or
+ using -p which will be applied to all hosts in non-standard notation.
+ Service arguments can be specified to be host-specific, type of service-specific
+ (-m) or global (-g). Ex: ssh://10.0.0.10,at=10,cl=30 -m ssh:at=50 -g cd=3000
+ Ex2: ncrack -p ssh,ftp:3500,25 10.0.0.10 scanme.nmap.org google.com:80,ssl
+ -p : services will be applied to all non-standard notation hosts
+ -m :: options will be applied to all services of this type
+ -g : options will be applied to every service globally
+ Misc options:
+ ssl: enable SSL over this service
+ path : used in modules like HTTP ('=' needs escaping if used)
+ db : used in modules like MongoDB to specify the database
+ domain : used in modules like WinRM to specify the domain
+TIMING AND PERFORMANCE:
+ Options which take
+ 
+ 
+ 
+ 
+ 
+
+