diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 566c975f04..c9ae6d4488 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -310,7 +310,23 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - unit: ["amass"] + unit: + - amass + - angularjs-csti-scanner + - git-repo-scanner + - gitleaks + - kube-hunter + - kubeaudit + - ncrack + - nmap + - screenshooter + - ssh-scan + - sslyze + - test-scan + - trivy + - wpscan + - zap + - zap-advanced steps: - name: Checkout uses: actions/checkout@v2 @@ -327,14 +343,32 @@ jobs: working-directory: ./scanners/${{ matrix.unit }}/ run: make install-deps - - name: Unit Tests + - name: Parser Unit Tests working-directory: ./scanners/${{ matrix.unit }}/ - run: make unit-tests + run: make unit-tests-parser - name: Set baseImageTag To commit Hash run: | echo "baseImageTag=sha-$(git rev-parse --short HEAD)" >> $GITHUB_ENV + - name: Set ENV Var with Scanner Version + uses: mikefarah/yq@v4.4.1 + # Notice: The current version of the scanner is provided via the Chart.yaml to ensure + # there is only one place to edit the version of a scanner + with: + cmd: echo scannerVersion=$(yq e .appVersion scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV + + # Decide which Docker Meta job to run based on whether this scanner is a third party scanner, whose tag should be the Chart's appVersion + - name: Docker Meta + id: docker_meta_scanner + if: hashFiles(format('./scanners/{0}/scanner/Dockerfile', matrix.unit)) != '' + uses: crazy-max/ghaction-docker-meta@v1 + with: + images: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }} + tag-sha: true + tag-custom-only: true + tag-custom: ${{ env.scannerVersion }} + - name: Docker Meta id: docker_meta uses: crazy-max/ghaction-docker-meta@v1 @@ -353,8 +387,10 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - - name: Build + - name: Build Parser uses: docker/build-push-action@v2 + # Only if this scanner builds its own parser + if: hashFiles(format('./scanners/{0}/parser/Dockerfile', matrix.unit)) != '' with: context: ./scanners/${{ matrix.unit }}/parser/ file: ./scanners/${{ matrix.unit }}/parser/Dockerfile @@ -363,9 +399,38 @@ jobs: namespace=${{ env.DOCKER_NAMESPACE }} baseImageTag=${{ env.baseImageTag }} platforms: linux/amd64 - push: ${{ github.event_name == 'release' }} tags: ${{ steps.docker_meta.outputs.tags }} labels: ${{ steps.docker_meta.outputs.labels }} + + - name: "Push Parser Image" + if: hashFiles(format('./scanners/{0}/parser/Dockerfile', matrix.unit)) != '' + env: + TAGS: ${{ steps.docker_meta.outputs.tags }} + run: | + echo "$TAGS" | xargs --max-args 1 docker push + + - name: Build Scanner + uses: docker/build-push-action@v2 + # Only if this scanner builds its own scanner + if: hashFiles(format('./scanners/{0}/scanner/Dockerfile', matrix.unit)) != '' + with: + context: ./scanners/${{ matrix.unit }}/parser/ + file: ./scanners/${{ matrix.unit }}/parser/Dockerfile + load: true + build-args: | + scannerVersion=${{ env.scannerVersion }} + namespace=${{ env.DOCKER_NAMESPACE }} + baseImageTag=${{ env.baseImageTag }} + platforms: linux/amd64 + tags: ${{ steps.docker_meta_scanner.outputs.tags }} + labels: ${{ steps.docker_meta_scanner.outputs.labels }} + + - name: "Push Scanner Image" + if: hashFiles(format('./scanners/{0}/scanner/Dockerfile', matrix.unit)) != '' + env: + TAGS: ${{ steps.docker_meta_scanner.outputs.tags }} + run: | + echo "$TAGS" | xargs --max-args 1 docker push - name: Export Docker Images working-directory: ./scanners/${{ matrix.unit }}/ @@ -402,6 +467,26 @@ jobs: working-directory: ./scanners/${{ matrix.unit }}/ run: make integration-tests + - name: Update Docker Hub Parser Description + # Only if this scanner builds its own parser + if: hashFiles(format('./scanners/{0}/parser/Dockerfile', matrix.unit)) != '' + uses: peter-evans/dockerhub-description@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + repository: ${{ env.DOCKER_NAMESPACE }}/parser-${{ matrix.unit }} + readme-filepath: ./scanners/${{ matrix.unit }}/docs/README.DockerHub-Parser.md + + - name: Update Docker Hub Scanner Description + uses: peter-evans/dockerhub-description@v2 + # Only if this scanner builds its own scanner + if: hashFiles(format('./scanners/{0}/scanner/Dockerfile', matrix.unit)) != '' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + repository: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.unit }} + readme-filepath: ./scanners/${{ matrix.unit }}/docs/README.DockerHub-Scanner.md + # ---- Build Stage | Matrix Hooks ---- hooks: @@ -465,215 +550,6 @@ jobs: repository: ${{ env.DOCKER_NAMESPACE }}/hook-${{ matrix.hook }} readme-filepath: ./hooks/${{ matrix.hook }}/docs/README.DockerHub-Hook.md - # ---- Build Stage | Matrix Parsers ---- - - parsers: - name: "Build | Parsers" - needs: sdk - runs-on: ubuntu-latest - strategy: - matrix: - parser: - - angularjs-csti-scanner - - git-repo-scanner - - gitleaks - - kube-hunter - - kubeaudit - - ncrack - - nikto - - nmap - - screenshooter - - ssh-scan - - sslyze - - test-scan - - trivy - - wpscan - - zap - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Docker Meta - id: docker_meta - uses: crazy-max/ghaction-docker-meta@v1 - with: - images: ${{ env.DOCKER_NAMESPACE }}/parser-${{ matrix.parser }} - tag-sha: true - tag-semver: | - {{ version }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - - name: Set baseImageTag to commit hash - run: | - echo "baseImageTag=sha-$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - - name: Build and Push - uses: docker/build-push-action@v2 - with: - context: ./scanners/${{ matrix.parser }}/parser - file: ./scanners/${{ matrix.parser }}/parser/Dockerfile - build-args: | - namespace=${{ env.DOCKER_NAMESPACE }} - baseImageTag=${{ env.baseImageTag }} - platforms: linux/amd64 - push: true - tags: ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} - - - name: Update Docker Hub Description - uses: peter-evans/dockerhub-description@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - repository: ${{ env.DOCKER_NAMESPACE }}/parser-${{ matrix.parser }} - readme-filepath: ./scanners/${{ matrix.parser }}/docs/README.DockerHub-Parser.md - - # ---- Build | Scanners ---- - - # Note we only build images for scanner that don't provider official public container images - - # ---- Build | Scanners | Third Party Scanner ---- - - # This Matrix should contain Third Party Scanners - # The Tag for the Image should be the current version of the Scanner - - scanners-third-party: - name: "Build | Third Party Scanner" - needs: - - unit-python - - unit-javascript - runs-on: ubuntu-latest - strategy: - matrix: - scanner: - - angularjs-csti-scanner - - gitleaks - - kube-hunter - - kubeaudit - - ncrack - - nmap - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Set ENV Var with Scanner Version - uses: mikefarah/yq@v4.4.1 - # Notice: The current version of the scanner is provided via the Chart.yaml to ensure - # there is only one place to edit the version of a scanner - with: - cmd: echo scannerVersion=$(yq e .appVersion scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV - - - name: Docker Meta - id: docker_meta - uses: crazy-max/ghaction-docker-meta@v1 - with: - images: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }} - tag-sha: true - tag-custom-only: true - tag-custom: ${{ env.scannerVersion }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - - name: Build and Push - uses: docker/build-push-action@v2 - with: - context: ./scanners/${{ matrix.scanner }}/scanner - file: ./scanners/${{ matrix.scanner }}/scanner/Dockerfile - build-args: | - scannerVersion=${{ env.scannerVersion }} - platforms: linux/amd64 - push: true - tags: ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} - - - name: Update Docker Hub Description - uses: peter-evans/dockerhub-description@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - repository: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }} - readme-filepath: ./scanners/${{ matrix.scanner }}/docs/README.DockerHub-Scanner.md - - # ---- Build | Scanners | Custom Scanner ---- - - # This Section contains Scanners that are developed by the secureCodeBox project - # The tag for these images will be the Semver of the release - - scanners-custom: - name: "Build | Custom Scanner" - needs: - - unit-python - - unit-javascript - runs-on: ubuntu-latest - strategy: - matrix: - scanner: - - git-repo-scanner - - screenshooter - - test-scan - - zap-advanced - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Docker Meta - id: docker_meta - uses: crazy-max/ghaction-docker-meta@v1 - with: - images: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }} - tag-sha: true - tag-semver: | - {{ version }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - - name: Set baseImageTag to commit hash - run: | - echo "baseImageTag=sha-$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - - name: Build and Push - uses: docker/build-push-action@v2 - with: - context: ./scanners/${{ matrix.scanner }}/scanner - file: ./scanners/${{ matrix.scanner }}/scanner/Dockerfile - build-args: | - baseImageTag=${{ env.baseImageTag }} - platforms: linux/amd64 - push: true - tags: ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} - - - name: Update Docker Hub Description - uses: peter-evans/dockerhub-description@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - repository: ${{ env.DOCKER_NAMESPACE }}/scanner-${{ matrix.scanner }} - readme-filepath: ./scanners/${{ matrix.scanner }}/docs/README.DockerHub-Scanner.md - scanner-nikto: # This Scanner has to be build seperately because the official image is only on GitHub but not on DockerHub name: "Build | Scanner | Nikto" @@ -763,9 +639,7 @@ jobs: needs: - operator - hooks - - parsers - - scanners-third-party - - scanners-custom + - makefile-scanner - scanner-nikto runs-on: ubuntu-latest strategy: @@ -890,60 +764,6 @@ jobs: kubectl create deployment --image nginx:alpine nginx --namespace demo-targets kubectl expose deployment nginx --port 80 --namespace demo-targets - # ---- gitleaks Integration Tests ---- - - - name: "gitleaks Integration Tests" - run: | - kubectl -n integration-tests delete scans --all - helm -n integration-tests install gitleaks ./scanners/gitleaks/ \ - --set="scanner.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/scanner-gitleaks" \ - --set="scanner.image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-gitleaks" \ - --set="parser.image.tag=sha-$(git rev-parse --short HEAD)" - cd tests/integration/ - npx jest --ci --color scanner/gitleaks.test.js - - # ---- Kubehunter Integration Tests ---- - - - name: "kube-hunter Integration Tests" - run: | - helm -n integration-tests install kube-hunter ./scanners/kube-hunter/ \ - --set="scanner.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/scanner-kube-hunter" \ - --set="scanner.image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-kube-hunter" \ - --set="parser.image.tag=sha-$(git rev-parse --short HEAD)" - cd tests/integration/ - npx jest --ci --color scanner/kube-hunter.test.js - - # ---- Kubeaudit Integration Tests ---- - - - name: "kubeaudit Integration Tests" - run: | - kubectl create namespace kubeaudit-tests - helm -n kubeaudit-tests install juice-shop ./demo-targets/juice-shop/ --wait - helm -n integration-tests install kubeaudit ./scanners/kubeaudit/ \ - --set="scanner.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/scanner-kubeaudit" \ - --set="scanner.image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-kubeaudit" \ - --set="parser.image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="kubeauditScope=cluster" - cd tests/integration/ - npx jest --ci --color scanner/kubeaudit.test.js - kubectl delete namespace kubeaudit-tests - - # ---- Ncrack Integration Tests ---- - - - name: "ncrack Integration Tests" - run: | - kubectl -n integration-tests delete scans --all - helm -n integration-tests install ncrack ./scanners/ncrack/ \ - --set="scanner.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/scanner-ncrack" \ - --set="scanner.image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-ncrack" \ - --set="parser.image.tag=sha-$(git rev-parse --short HEAD)" - cd tests/integration/ - npx jest --ci --color scanner/ncrack.test.js - # ---- Nikto Integration Tests ---- - name: "nikto Integration Tests" @@ -957,19 +777,6 @@ jobs: cd tests/integration/ npx jest --ci --color scanner/nikto.test.js - # ---- Nmap Integration Tests ---- - - - name: "nmap Integration Tests" - run: | - kubectl -n integration-tests delete scans --all - helm -n integration-tests install nmap ./scanners/nmap/ \ - --set="scanner.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/scanner-nmap" \ - --set="scanner.image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-nmap" \ - --set="parser.image.tag=sha-$(git rev-parse --short HEAD)" - cd tests/integration/ - npx jest --ci --color scanner/nmap.test.js - # ---- Notification Hook Tests ---- - name: "Notification Hook Tests" @@ -989,66 +796,6 @@ jobs: npx jest --ci --color ./hooks/notification.test.js helm -n integration-tests uninstall test-scan http-webhook notification-hook - # ---- SSH_SCAN Integration Tests ---- - - - name: "ssh-scan Integration Tests" - run: | - kubectl -n integration-tests delete scans --all - helm -n integration-tests install ssh-scan ./scanners/ssh-scan/ \ - --set="parser.image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-ssh-scan" - cd tests/integration/ - npx jest --ci --color scanner/ssh-scan.test.js - - # ---- SSLyze Integration Tests ---- - - - name: "sslyze Integration Tests" - run: | - kubectl -n integration-tests delete scans --all - helm -n integration-tests install sslyze ./scanners/sslyze/ \ - --set="parser.image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-sslyze" - cd tests/integration/ - npx jest --ci --color scanner/sslyze.test.js - - # ---- WPScan Integration Tests ---- - - - name: "WPScan Integration Tests" - run: | - kubectl -n integration-tests delete scans --all - helm -n integration-tests install wpscan ./scanners/wpscan/ \ - --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-wpscan" \ - --set="parser.image.tag=sha-$(git rev-parse --short HEAD)" - cd tests/integration/ - npx jest --ci --color scanner/wpscan.test.js - - # ---- Zap Integration Tests ---- - - - name: "ZAP Integration Tests" - run: | - kubectl -n integration-tests delete scans --all - helm -n integration-tests install zap ./scanners/zap/ \ - --set="parser.image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-zap" - cd tests/integration/ - npx jest --ci --color scanner/zap.test.js - - # ---- Zap Extended Integration Tests ---- - - - name: "ZAP Extended Integration Tests" - # disable zap extended test temporarily as they slow down the pipeline too much - if: ${{ false }} - run: | - kubectl -n integration-tests delete scans --all - helm -n integration-tests install zap-advanced ./scanners/zap-advanced/ \ - --set="parser.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/parser-zap" \ - --set="parser.image.tag=sha-$(git rev-parse --short HEAD)" \ - --set="scanner.image.repository=docker.io/${{ env.DOCKER_NAMESPACE }}/scanner-zap-advanced" \ - --set="scanner.image.tag=sha-$(git rev-parse --short HEAD)" - kubectl apply -f ./scanners/zap-advanced/examples/integration-tests/scantype-configMap.yaml -n integration-tests - cd tests/integration/ - npx jest --ci --color scanner/zap-advanced.test.js - # ---- Cascading Scans ncrack Integration Test ---- - name: "cascading Scans ncrack Integration Tests" diff --git a/operator/Makefile b/operator/Makefile index 00b9878786..25ebabcfee 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -108,7 +108,7 @@ helm-deploy: --set="image.pullPolicy=IfNotPresent" \ --set="lurker.image.repository=docker.io/$(IMG_NS)/$(LURKER_IMG)" \ --set="lurker.image.tag=$(IMG_TAG)" \ - --set="lurker.pullPolicy=IfNotPresent" + --set="lurker.image.pullPolicy=IfNotPresent" install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/crd | kubectl apply -f - diff --git a/scanners.mk b/scanners.mk new file mode 100644 index 0000000000..ad0265a94d --- /dev/null +++ b/scanners.mk @@ -0,0 +1,185 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# +# +# This Makefile is intended to be used for developement and testing only. +# For using this scanner/hook in production please use the helm chart. +# See: +# +# This Makefile expects some additional software to be installed: +# - git +# - node + npm +# - docker +# - kind +# - kubectl +# - helm +# - yq + +ifeq ($(include_guard),) + $(error you should never run this makefile directly!) +endif +ifeq ($(scanner),) + $(error scanner ENV is not set) +endif + +# Thx to https://stackoverflow.com/questions/5618615/check-if-a-program-exists-from-a-makefile +EXECUTABLES = make docker kind git node npm npx kubectl helm yq +K := $(foreach exec,$(EXECUTABLES),\ + $(if $(shell which $(exec)),some string,$(error "ERROR: The prerequisites are not met to execute this makefile! No '$(exec)' found in your PATH"))) + + +# Variables you might want to override: +# +# IMG_NS: Defines the namespace under which the images are build. +# For `securecodebox/scanner-nmap` `securecodebox` is the namespace +# Defaults to `securecodebox` +# +# BASE_IMG_TAG: Defines the tag of the base image used to build this scanner/hook +# +# IMG_TAG: Tag used to tag the newly created image. Defaults to the shortend commit hash +# prefixed with `sha-` e.g. `sha-ef8de4b7` +# +# JEST_VERSION Defines the jest version used for executing the tests. Defaults to latest +# +# Examples: +# make all IMG_TAG=main +# make deploy IMG_TAG=$(git rev-parse --short HEAD) +# make integration-tests +# + +SHELL = /bin/sh + +IMG_NS ?= securecodebox +GIT_TAG ?= $$(git rev-parse --short HEAD) +BASE_IMG_TAG ?= latest +IMG_TAG ?= "sha-$(GIT_TAG)" +JEST_VERSION ?= latest + +scanner-prefix = scanner +parser-prefix = parser + +ifeq ($(custom_scanner),) + docker-build: | docker-build-parser + docker-export: | docker-export-parser + kind-import: | kind-import-parser + deploy: deploy-without-scanner +else + docker-build: | docker-build-parser docker-build-scanner + docker-export: | docker-export-parser docker-export-scanner + kind-import: | kind-import-parser kind-import-scanner + deploy: deploy-with-scanner +endif + + +test: | unit-tests-parser docker-build docker-export kind-import deploy deploy-test-deps integration-tests + +all: | clean install-deps unit-tests-parser docker-build docker-export kind-import deploy deploy-test-deps integration-tests + +.PHONY: unit-tests-parser install-deps docker-build docker-export kind-import deploy deploy-test-deps integration-tests all build test + +unit-tests-parser: + @echo ".: ๐Ÿงช Starting unit-tests for '$(scanner)' parser with 'jest@$(JEST_VERSION)'." + npx --yes --package jest@$(JEST_VERSION) jest --ci --colors --coverage --passWithNoTests ${scanner}/parser/ + +install-deps: + @echo ".: โš™๏ธ Installing all scanner specific dependencies." + cd ./.. && npm ci + cd ../../parser-sdk/nodejs && npm ci + cd ./parser/ && npm ci + +docker-build-parser: + @echo ".: โš™๏ธ Build parser with BASE_IMG_TAG: '$(BASE_IMG_TAG)'." + docker build --build-arg=baseImageTag=$(BASE_IMG_TAG) --build-arg=namespace=$(IMG_NS) -t $(IMG_NS)/$(parser-prefix)-$(scanner):$(IMG_TAG) -f ./parser/Dockerfile ./parser + +docker-export-parser: + @echo ".: โš™๏ธ Saving new docker image archive to '$(parser-prefix)-$(scanner).tar'." + docker save $(IMG_NS)/$(parser-prefix)-$(scanner):$(IMG_TAG) -o $(parser-prefix)-$(scanner).tar + +kind-import-parser: + @echo ".: ๐Ÿ’พ Importing the image archive '$(parser-prefix)-$(scanner).tar' to local kind cluster." + kind load image-archive ./$(parser-prefix)-$(scanner).tar + +docker-build-scanner: + @echo ".: โš™๏ธ Build custom scanner with BASE_IMG_TAG: '$(BASE_IMG_TAG)'." + docker build --build-arg=scannerVersion=$(shell yq e .appVersion ./Chart.yaml) --build-arg=namespace=$(IMG_NS) -t $(IMG_NS)/$(scanner-prefix)-$(scanner):$(IMG_TAG) -f ./scanner/Dockerfile ./scanner + +docker-export-scanner: + @echo ".: โš™๏ธ Saving new docker image archive to '$(scanner-prefix)-$(scanner).tar'."; \ + docker save $(IMG_NS)/$(scanner-prefix)-$(scanner):$(IMG_TAG) -o $(scanner-prefix)-$(scanner).tar; \ + +kind-import-scanner: + @echo ".: ๐Ÿ’พ Importing the image archive '$(scanner-prefix)-$(scanner).tar' to local kind cluster." + kind load image-archive ./$(scanner-prefix)-$(scanner).tar + +deploy-without-scanner: + @echo ".: ๐Ÿ’พ Deploying '$(scanner)' scanner HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install $(scanner) ./ --wait \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-$(scanner)" \ + --set="parser.image.tag=$(IMG_TAG)" + +deploy-with-scanner: + @echo ".: ๐Ÿ’พ Deploying '$(scanner)' scanner HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install $(scanner) ./ --wait \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-$(scanner)" \ + --set="parser.image.tag=$(IMG_TAG)" \ + --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-$(scanner)" \ + --set="scanner.image.tag=$(IMG_TAG)" + +deploy-test-deps: deploy-test-dep-namespace + +deploy-test-dep-namespace: + # If not exists create namespace where the tests will be executed + kubectl create namespace demo-targets --dry-run=client -o yaml | kubectl apply -f - + +deploy-test-dep-dummy-ssh: + # Install dummy-ssh app + helm -n demo-targets upgrade --install dummy-ssh ../../demo-targets/dummy-ssh/ --set="fullnameOverride=dummy-ssh" --wait + +deploy-test-dep-unsafe-https: + # Install unsafe-https app + helm -n demo-targets upgrade --install unsafe-https ../../demo-targets/unsafe-https/ --set="fullnameOverride=unsafe-https" --wait + +deploy-test-dep-bodgeit: + # Install bodgeit app + helm -n demo-targets upgrade --install bodgeit ../../demo-targets/bodgeit/ --set="fullnameOverride=bodgeit" --wait + +deploy-test-dep-petstore: + # Install bodgeit app + helm -n demo-targets upgrade --install petstore ../../demo-targets/swagger-petstore/ --set="fullnameOverride=petstore" --wait + +deploy-test-dep-old-wordpress: + # Install old-wordpress app + helm -n demo-targets upgrade --install old-wordpress ../../demo-targets/old-wordpress/ --set="fullnameOverride=old-wordpress" --wait + +deploy-test-dep-juiceshop: + # Install juiceshop app + helm -n demo-targets upgrade --install juiceshop ../../demo-targets/juice-shop/ --set="fullnameOverride=juiceshop" --wait + +deploy-test-dep-nginx: + # Delete leftover nginx's. Unfortunately can't create deployment only if not exists (like namespaces) + kubectl delete deployment nginx --namespace demo-targets --ignore-not-found --wait + kubectl delete svc nginx --namespace demo-targets --ignore-not-found --wait + # Install plain nginx server + kubectl create deployment --image nginx:alpine nginx --namespace demo-targets + kubectl expose deployment nginx --port 80 --namespace demo-targets + +install-integration-test-deps: + +integration-tests: + @echo ".: ๐Ÿฉบ Starting integration test in kind namespace 'integration-tests'." + kubectl -n integration-tests delete scans --all + cd ../../tests/integration/ && npm ci + npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests ${scanner}/integration-tests + +clean: + @echo ".: ๐Ÿงน Cleaning up all generated files." + rm -f ./$(parser-prefix)-$(scanner).tar + rm -rf ./parser/node_modules + rm -rf ./parser/coverage + rm -rf ./integration-tests/node_modules + rm -rf ./integration-tests/coverage + rm -rf ../node_modules + rm -rf ../coverage diff --git a/scanners/amass/.gitignore b/scanners/amass/.gitignore index d874ad67cc..2783dbcddf 100644 --- a/scanners/amass/.gitignore +++ b/scanners/amass/.gitignore @@ -1 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + *.tar diff --git a/scanners/amass/Makefile b/scanners/amass/Makefile index 29ef87974c..5e6855ddf1 100644 --- a/scanners/amass/Makefile +++ b/scanners/amass/Makefile @@ -4,109 +4,8 @@ # # SPDX-License-Identifier: Apache-2.0 # -# -# This Makefile is intended to be used for developement and testing only. -# For using this scanner/hook in production please use the helm chart. -# See: -# -# This Makefile expects some additional software to be installed: -# - git -# - node + npm -# - docker -# - kind -# - kubectl -# - helm - -# Thx to https://stackoverflow.com/questions/5618615/check-if-a-program-exists-from-a-makefile -EXECUTABLES = make docker kind git node npm npx kubectl helm -K := $(foreach exec,$(EXECUTABLES),\ - $(if $(shell which $(exec)),some string,$(error "ERROR: The prerequisites are not met to execute this makefile! No '$(exec)' found in your PATH"))) - - -# Variables you might want to override: -# -# IMG_NS: Defines the namespace under which the images are build. -# For `securecodebox/scanner-nmap` `securecodebox` is the namespace -# Defaults to `securecodebox` -# -# BASE_IMG_TAG: Defines the tag of the base image used to build this scanner/hook -# -# IMG_TAG: Tag used to tag the newly created image. Defaults to the shortend commit hash -# prefixed with `sha-` e.g. `sha-ef8de4b7` -# -# JEST_VERSION Defines the jest version used for executing the tests. Defaults to latest -# -# Examples: -# make all IMG_TAG=main -# make deploy IMG_TAG=$(git rev-parse --short HEAD) -# make integration-tests -# - -SHELL = /bin/sh - -IMG_NS ?= securecodebox -GIT_TAG ?= $$(git rev-parse --short HEAD) -BASE_IMG_TAG ?= latest -IMG_TAG ?= "sha-$(GIT_TAG)" -JEST_VERSION ?= latest +include_guard = set scanner = amass -scanner-prefix = scanner -parser-prefix = parser - - -build: | install-deps docker-build - -test: | unit-tests docker-export kind-import deploy deploy-test-deps integration-tests - -all: | clean install-deps unit-tests docker-build docker-export kind-import deploy deploy-test-deps integration-tests - -.PHONY: unit-tests install-deps docker-build docker-export kind-import deploy deploy-test-deps integration-tests all build test - -unit-tests: - @echo ".: ๐Ÿงช Starting unit-tests for '$(scanner)' parser with 'jest@$(JEST_VERSION)'." - cd parser && npx --yes --package jest@$(JEST_VERSION) jest --ci --colors --coverage . - -install-deps: - @echo ".: โš™๏ธ Installing all scanner specific dependencies." - cd ./.. && npm ci - cd ../../parser-sdk/nodejs && npm ci - cd ./parser/ && npm ci - -docker-build: - @echo ".: โš™๏ธ Build With BASE_IMG_TAG: '$(BASE_IMG_TAG)'." - docker build --build-arg=baseImageTag=$(BASE_IMG_TAG) --build-arg=namespace=$(IMG_NS) -t $(IMG_NS)/$(parser-prefix)-$(scanner):$(IMG_TAG) -f ./parser/Dockerfile ./parser - -docker-export: - @echo ".: โš™๏ธ Saving new docker image archive to '$(parser-prefix)-$(scanner).tar'." - docker save $(IMG_NS)/$(parser-prefix)-$(scanner):$(IMG_TAG) -o $(parser-prefix)-$(scanner).tar - -kind-import: - @echo ".: ๐Ÿ’พ Importing the image archive '$(parser-prefix)-$(scanner).tar' to local kind cluster." - kind load image-archive ./$(parser-prefix)-$(scanner).tar - -deploy: - @echo ".: ๐Ÿ’พ Deploying '$(scanner)' scanner HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." - helm -n integration-tests upgrade --install $(scanner) ./ --wait \ - --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-$(scanner)" \ - --set="parser.image.tag=$(IMG_TAG)" - -deploy-test-deps: - -install-integration-test-deps: - -integration-tests: - @echo ".: ๐Ÿฉบ Starting integration test in kind namespace 'integration-tests'." - kubectl -n integration-tests delete scans --all - cd ../../tests/integration/ && npm ci - npx --yes --package jest@$(JEST_VERSION) jest --ci --colors --coverage ./integration-tests -clean: - @echo ".: ๐Ÿงน Cleaning up all generated files." - rm -f ./$(parser-prefix)-$(scanner).tar - rm -rf ./parser/node_modules - rm -rf ./parser/coverage - rm -rf ./integration-tests/node_modules - rm -rf ./integration-tests/coverage - rm -rf ../node_modules - rm -rf ../coverage +include ../../scanners.mk diff --git a/scanners/angularjs-csti-scanner/.gitignore b/scanners/angularjs-csti-scanner/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/angularjs-csti-scanner/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/angularjs-csti-scanner/.helmignore b/scanners/angularjs-csti-scanner/.helmignore index 24bfe82395..fb9c1d2d6f 100644 --- a/scanners/angularjs-csti-scanner/.helmignore +++ b/scanners/angularjs-csti-scanner/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ -Makefile \ No newline at end of file +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* +Makefile diff --git a/scanners/angularjs-csti-scanner/Makefile b/scanners/angularjs-csti-scanner/Makefile new file mode 100644 index 0000000000..1b6157243e --- /dev/null +++ b/scanners/angularjs-csti-scanner/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = angularjs-csti-scanner +custom_scanner = set + +include ../../scanners.mk diff --git a/scanners/git-repo-scanner/.gitignore b/scanners/git-repo-scanner/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/git-repo-scanner/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/git-repo-scanner/.helmignore b/scanners/git-repo-scanner/.helmignore index 24bfe82395..fb9c1d2d6f 100644 --- a/scanners/git-repo-scanner/.helmignore +++ b/scanners/git-repo-scanner/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ -Makefile \ No newline at end of file +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* +Makefile diff --git a/scanners/git-repo-scanner/Makefile b/scanners/git-repo-scanner/Makefile new file mode 100644 index 0000000000..7311e086db --- /dev/null +++ b/scanners/git-repo-scanner/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = git-repo-scanner +custom_scanner = set + +include ../../scanners.mk diff --git a/tests/integration/scanner/git-repo-scanner.test.js b/scanners/git-repo-scanner/integration-tests/git-repo-scanner.test.js similarity index 92% rename from tests/integration/scanner/git-repo-scanner.test.js rename to scanners/git-repo-scanner/integration-tests/git-repo-scanner.test.js index cf1e690c8b..22cd7d0f02 100644 --- a/tests/integration/scanner/git-repo-scanner.test.js +++ b/scanners/git-repo-scanner/integration-tests/git-repo-scanner.test.js @@ -2,13 +2,12 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); jest.retryTimes(3); test( "gitleaks should find at least 1 repository in the GitHub secureCodeBox organisation", - 3, async () => { // This integration tests runs about 30min because of the GitHub Public API call rate limit. // If you want to speed up you need to add an valid access token like: ['--git-type', 'github', '--organization', 'secureCodeBox', '--access-token', '23476VALID2345TOKEN'], diff --git a/scanners/gitleaks/.gitignore b/scanners/gitleaks/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/gitleaks/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/gitleaks/.helmignore b/scanners/gitleaks/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/gitleaks/.helmignore +++ b/scanners/gitleaks/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/gitleaks/Makefile b/scanners/gitleaks/Makefile new file mode 100644 index 0000000000..cd91103cd2 --- /dev/null +++ b/scanners/gitleaks/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = gitleaks +custom_scanner = set + +include ../../scanners.mk diff --git a/tests/integration/scanner/gitleaks.test.js b/scanners/gitleaks/integration-tests/gitleaks.test.js similarity index 91% rename from tests/integration/scanner/gitleaks.test.js rename to scanners/gitleaks/integration-tests/gitleaks.test.js index db3dfe858a..86da618019 100644 --- a/tests/integration/scanner/gitleaks.test.js +++ b/scanners/gitleaks/integration-tests/gitleaks.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); jest.retryTimes(3); diff --git a/scanners/kube-hunter/.gitignore b/scanners/kube-hunter/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/kube-hunter/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/kube-hunter/.helmignore b/scanners/kube-hunter/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/kube-hunter/.helmignore +++ b/scanners/kube-hunter/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/kube-hunter/Makefile b/scanners/kube-hunter/Makefile new file mode 100644 index 0000000000..b10d90da53 --- /dev/null +++ b/scanners/kube-hunter/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = kube-hunter +custom_scanner = set + +include ../../scanners.mk diff --git a/tests/integration/scanner/kube-hunter.test.js b/scanners/kube-hunter/integration-tests/kube-hunter.test.js similarity index 89% rename from tests/integration/scanner/kube-hunter.test.js rename to scanners/kube-hunter/integration-tests/kube-hunter.test.js index 1376ee9864..cd3a7dd0c6 100644 --- a/tests/integration/scanner/kube-hunter.test.js +++ b/scanners/kube-hunter/integration-tests/kube-hunter.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); jest.retryTimes(3); diff --git a/scanners/kubeaudit/.gitignore b/scanners/kubeaudit/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/kubeaudit/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/kubeaudit/.helmignore b/scanners/kubeaudit/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/kubeaudit/.helmignore +++ b/scanners/kubeaudit/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/kubeaudit/Makefile b/scanners/kubeaudit/Makefile new file mode 100644 index 0000000000..f659c0037b --- /dev/null +++ b/scanners/kubeaudit/Makefile @@ -0,0 +1,27 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = kubeaudit +custom_scanner = set + +include ../../scanners.mk + +deploy-with-scanner: + @echo ".: ๐Ÿ’พ Deploying custom '$(scanner)' scanner HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install $(scanner) ./ --wait \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-$(scanner)" \ + --set="parser.image.tag=$(IMG_TAG)" \ + --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-$(scanner)" \ + --set="scanner.image.tag=$(IMG_TAG)" \ + --set="kubeauditScope=cluster" + +deploy-test-deps: + # If not exists create namespace where the tests will be executed + kubectl create namespace kubeaudit-tests --dry-run=client -o yaml | kubectl apply -f - + # Install jshop in kubeaudit-tests namespace + helm -n kubeaudit-tests upgrade --install juice-shop ../../demo-targets/juice-shop/ --wait diff --git a/tests/integration/scanner/kubeaudit.test.js b/scanners/kubeaudit/integration-tests/kubeaudit.test.js similarity index 92% rename from tests/integration/scanner/kubeaudit.test.js rename to scanners/kubeaudit/integration-tests/kubeaudit.test.js index b9261faa77..5180d03e89 100644 --- a/tests/integration/scanner/kubeaudit.test.js +++ b/scanners/kubeaudit/integration-tests/kubeaudit.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); jest.retryTimes(3); diff --git a/scanners/ncrack/.gitignore b/scanners/ncrack/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/ncrack/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/ncrack/.helmignore b/scanners/ncrack/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/ncrack/.helmignore +++ b/scanners/ncrack/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/ncrack/Makefile b/scanners/ncrack/Makefile new file mode 100644 index 0000000000..83364f2982 --- /dev/null +++ b/scanners/ncrack/Makefile @@ -0,0 +1,15 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = ncrack +custom_scanner = set + +include ../../scanners.mk + +deploy-test-deps: deploy-test-dep-dummy-ssh + diff --git a/tests/integration/scanner/ncrack.test.js b/scanners/ncrack/integration-tests/ncrack.test.js similarity index 90% rename from tests/integration/scanner/ncrack.test.js rename to scanners/ncrack/integration-tests/ncrack.test.js index db11372ce6..a715f799fe 100644 --- a/tests/integration/scanner/ncrack.test.js +++ b/scanners/ncrack/integration-tests/ncrack.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); jest.retryTimes(3); diff --git a/scanners/nikto/.gitignore b/scanners/nikto/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/nikto/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/nikto/.helmignore b/scanners/nikto/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/nikto/.helmignore +++ b/scanners/nikto/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/nikto/Makefile b/scanners/nikto/Makefile new file mode 100644 index 0000000000..7247c39b46 --- /dev/null +++ b/scanners/nikto/Makefile @@ -0,0 +1,13 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = nikto + +include ../../scanners.mk + +deploy-test-deps: deploy-test-dep-bodgeit diff --git a/tests/integration/scanner/nikto.test.js b/scanners/nikto/integration-tests/nikto.test.js similarity index 93% rename from tests/integration/scanner/nikto.test.js rename to scanners/nikto/integration-tests/nikto.test.js index 3c85494c36..251966aa6c 100644 --- a/tests/integration/scanner/nikto.test.js +++ b/scanners/nikto/integration-tests/nikto.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); jest.retryTimes(3); diff --git a/scanners/nmap/.gitignore b/scanners/nmap/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/nmap/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/nmap/.helmignore b/scanners/nmap/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/nmap/.helmignore +++ b/scanners/nmap/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/nmap/Makefile b/scanners/nmap/Makefile new file mode 100644 index 0000000000..3a9537d787 --- /dev/null +++ b/scanners/nmap/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = nmap +custom_scanner = set + +include ../../scanners.mk diff --git a/tests/integration/scanner/nmap.test.js b/scanners/nmap/integration-tests/nmap.test.js similarity index 93% rename from tests/integration/scanner/nmap.test.js rename to scanners/nmap/integration-tests/nmap.test.js index a59cd6d856..b0cd234108 100644 --- a/tests/integration/scanner/nmap.test.js +++ b/scanners/nmap/integration-tests/nmap.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); jest.retryTimes(3); diff --git a/scanners/screenshooter/.gitignore b/scanners/screenshooter/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/screenshooter/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/screenshooter/.helmignore b/scanners/screenshooter/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/screenshooter/.helmignore +++ b/scanners/screenshooter/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/screenshooter/Makefile b/scanners/screenshooter/Makefile new file mode 100644 index 0000000000..59364924ef --- /dev/null +++ b/scanners/screenshooter/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = screenshooter +custom_scanner = set + +include ../../scanners.mk diff --git a/scanners/ssh-scan/.gitignore b/scanners/ssh-scan/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/ssh-scan/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/ssh-scan/.helmignore b/scanners/ssh-scan/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/ssh-scan/.helmignore +++ b/scanners/ssh-scan/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/ssh-scan/Makefile b/scanners/ssh-scan/Makefile new file mode 100644 index 0000000000..09cb9d4e21 --- /dev/null +++ b/scanners/ssh-scan/Makefile @@ -0,0 +1,14 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = ssh-scan + +include ../../scanners.mk + +deploy-test-deps: deploy-test-dep-dummy-ssh + diff --git a/tests/integration/scanner/ssh-scan.test.js b/scanners/ssh-scan/integration-tests/ssh-scan.test.js similarity index 94% rename from tests/integration/scanner/ssh-scan.test.js rename to scanners/ssh-scan/integration-tests/ssh-scan.test.js index 13291f3ba4..19372c64db 100644 --- a/tests/integration/scanner/ssh-scan.test.js +++ b/scanners/ssh-scan/integration-tests/ssh-scan.test.js @@ -3,7 +3,7 @@ // SPDX-License-Identifier: Apache-2.0 // todo: Integrate into github ci pipeline -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); jest.retryTimes(3); diff --git a/scanners/sslyze/.gitignore b/scanners/sslyze/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/sslyze/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/sslyze/.helmignore b/scanners/sslyze/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/sslyze/.helmignore +++ b/scanners/sslyze/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/sslyze/Makefile b/scanners/sslyze/Makefile new file mode 100644 index 0000000000..d03720b427 --- /dev/null +++ b/scanners/sslyze/Makefile @@ -0,0 +1,13 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = sslyze + +include ../../scanners.mk + +deploy-test-deps: deploy-test-dep-unsafe-https diff --git a/tests/integration/scanner/sslyze.test.js b/scanners/sslyze/integration-tests/sslyze.test.js similarity index 93% rename from tests/integration/scanner/sslyze.test.js rename to scanners/sslyze/integration-tests/sslyze.test.js index b3f1acaa51..ea43b2caec 100644 --- a/tests/integration/scanner/sslyze.test.js +++ b/scanners/sslyze/integration-tests/sslyze.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); jest.retryTimes(3); diff --git a/scanners/test-scan/.gitignore b/scanners/test-scan/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/test-scan/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/test-scan/.helmignore b/scanners/test-scan/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/test-scan/.helmignore +++ b/scanners/test-scan/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/test-scan/Makefile b/scanners/test-scan/Makefile new file mode 100644 index 0000000000..c9535b25a2 --- /dev/null +++ b/scanners/test-scan/Makefile @@ -0,0 +1,12 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = test-scan +custom_scanner = set + +include ../../scanners.mk diff --git a/scanners/trivy/.gitignore b/scanners/trivy/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/trivy/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/trivy/.helmignore b/scanners/trivy/.helmignore index 64b2887490..fb9c1d2d6f 100644 --- a/scanners/trivy/.helmignore +++ b/scanners/trivy/.helmignore @@ -1,12 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/trivy/Makefile b/scanners/trivy/Makefile new file mode 100644 index 0000000000..b8a8962f38 --- /dev/null +++ b/scanners/trivy/Makefile @@ -0,0 +1,11 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = trivy + +include ../../scanners.mk diff --git a/scanners/wpscan/.gitignore b/scanners/wpscan/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/wpscan/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/wpscan/.helmignore b/scanners/wpscan/.helmignore index e661d8214b..fb9c1d2d6f 100644 --- a/scanners/wpscan/.helmignore +++ b/scanners/wpscan/.helmignore @@ -1,13 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 - +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/wpscan/Makefile b/scanners/wpscan/Makefile new file mode 100644 index 0000000000..92049456f3 --- /dev/null +++ b/scanners/wpscan/Makefile @@ -0,0 +1,14 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = wpscan + +include ../../scanners.mk + +deploy-test-deps: deploy-test-dep-old-wordpress + diff --git a/tests/integration/scanner/wpscan.test.js b/scanners/wpscan/integration-tests/wpscan.test.js similarity index 87% rename from tests/integration/scanner/wpscan.test.js rename to scanners/wpscan/integration-tests/wpscan.test.js index b57e45bc52..288df2cfaf 100644 --- a/tests/integration/scanner/wpscan.test.js +++ b/scanners/wpscan/integration-tests/wpscan.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); jest.retryTimes(3); diff --git a/scanners/zap-advanced/.gitignore b/scanners/zap-advanced/.gitignore index c342664f17..c8d3087d64 100644 --- a/scanners/zap-advanced/.gitignore +++ b/scanners/zap-advanced/.gitignore @@ -2,4 +2,5 @@ # # SPDX-License-Identifier: Apache-2.0 -/scanner/tests/results/* \ No newline at end of file +*.tar +/scanner/tests/results/* diff --git a/scanners/zap-advanced/.helmignore b/scanners/zap-advanced/.helmignore index b887daa2e3..fb9c1d2d6f 100644 --- a/scanners/zap-advanced/.helmignore +++ b/scanners/zap-advanced/.helmignore @@ -1,21 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 - +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -# this doesn't look too good but is required so that the scanners/scripts folder is included -scanner/*.* -scanner/zapclient/ -scanner/tests/ -scanner/venv/ -scanner/.pytest_cache/ -scanner/.idea/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile - -*.monopic diff --git a/scanners/zap-advanced/Makefile b/scanners/zap-advanced/Makefile new file mode 100644 index 0000000000..a962969c10 --- /dev/null +++ b/scanners/zap-advanced/Makefile @@ -0,0 +1,37 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = zap-advanced +custom_scanner = set + +include ../../scanners.mk + +unit-tests-parser: + $(MAKE) -f ../../scanners.mk unit-tests-parser include_guard=set scanner=zap + +install-deps: + cd ../zap/ && $(MAKE) install-deps + +docker-build-parser: + cd ../zap/ && $(MAKE) docker-build-parser + +docker-export-parser: + cd ../zap/ && $(MAKE) docker-export-parser + +kind-import-parser: + cd ../zap/ && $(MAKE) kind-import-parser + +deploy-with-scanner: + @echo ".: ๐Ÿ’พ Deploying custom '$(scanner)' scanner HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install $(scanner) ./ --wait \ + --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-zap" \ + --set="parser.image.tag=$(IMG_TAG)" \ + --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-$(scanner)" \ + --set="scanner.image.tag=$(IMG_TAG)" + +deploy-test-deps: deploy-test-dep-nginx deploy-test-dep-bodgeit deploy-test-dep-juiceshop deploy-test-dep-petstore diff --git a/tests/integration/scanner/zap-advanced.test.js b/scanners/zap-advanced/integration-tests/zap-advanced.test.js similarity index 97% rename from tests/integration/scanner/zap-advanced.test.js rename to scanners/zap-advanced/integration-tests/zap-advanced.test.js index a7eed30f8b..853571521b 100644 --- a/tests/integration/scanner/zap-advanced.test.js +++ b/scanners/zap-advanced/integration-tests/zap-advanced.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); jest.retryTimes(3); diff --git a/scanners/zap/.gitignore b/scanners/zap/.gitignore new file mode 100644 index 0000000000..2783dbcddf --- /dev/null +++ b/scanners/zap/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +*.tar diff --git a/scanners/zap/.helmignore b/scanners/zap/.helmignore index e661d8214b..fb9c1d2d6f 100644 --- a/scanners/zap/.helmignore +++ b/scanners/zap/.helmignore @@ -1,13 +1,40 @@ # SPDX-FileCopyrightText: 2021 iteratec GmbH # # SPDX-License-Identifier: Apache-2.0 - +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. .DS_Store - -parser/ -scanner/ -examples/ -docs/ -integration-tests/ -coverage/ +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Node.js files +node_modules/* +package.json +package-lock.json +src/* +config/* +Dockerfile +.dockerignore +*.tar +parser/* +scanner/* +integration-tests/* +examples/* +docs/* Makefile diff --git a/scanners/zap/Makefile b/scanners/zap/Makefile new file mode 100644 index 0000000000..64a1806547 --- /dev/null +++ b/scanners/zap/Makefile @@ -0,0 +1,14 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# + +include_guard = set +scanner = zap + +include ../../scanners.mk + +deploy-test-deps: deploy-test-dep-nginx + diff --git a/tests/integration/scanner/zap.test.js b/scanners/zap/integration-tests/zap.test.js similarity index 92% rename from tests/integration/scanner/zap.test.js rename to scanners/zap/integration-tests/zap.test.js index dffbe5e618..b679bff978 100644 --- a/tests/integration/scanner/zap.test.js +++ b/scanners/zap/integration-tests/zap.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers"); test( "zap baseline scan against a plain nginx container should only find couple findings",