From 6434d21acb86938c8594b11da46d0bba25c81781 Mon Sep 17 00:00:00 2001 From: Lukas Fischer Date: Fri, 1 Sep 2023 19:30:03 +0200 Subject: [PATCH 1/4] #349 Use node 18 in example Dockerfile We upgraded our images to node 18 in secureCodeBox/secureCodeBox#1853, this example file should mirror that. Signed-off-by: Lukas Fischer --- docs/contributing/integrating-a-hook/dockerfile.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/contributing/integrating-a-hook/dockerfile.md b/docs/contributing/integrating-a-hook/dockerfile.md index 69c68d09..605e7d18 100644 --- a/docs/contributing/integrating-a-hook/dockerfile.md +++ b/docs/contributing/integrating-a-hook/dockerfile.md @@ -11,14 +11,15 @@ The Dockerfile for a hook looks like the following. If you use the provided *hook-sdk*, you won't need to apply any changes to it. ```Dockerfile +ARG namespace ARG baseImageTag -FROM node:12-alpine as build +FROM node:18-alpine as build RUN mkdir -p /home/app WORKDIR /home/app COPY package.json package-lock.json ./ RUN npm ci --production -FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest} +FROM ${namespace:-securecodebox}/hook-sdk-nodejs:${baseImageTag:-latest} WORKDIR /home/app/hook-wrapper/hook/ COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/ COPY --chown=app:app ./hook.js ./hook.js From 3ce3eeb175d52975e9b28a746e22a35b87a286b3 Mon Sep 17 00:00:00 2001 From: Lukas Fischer Date: Fri, 1 Sep 2023 19:34:28 +0200 Subject: [PATCH 2/4] #349 Clarify contents of the scan object The hook sdk provides the hooks with an object containing information about the details kubernetes stores about the scan resource. The section documenting this object was empty before, this adds a description and an example. Signed-off-by: Lukas Fischer --- docs/contributing/integrating-a-hook/hook.md | 39 +++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/docs/contributing/integrating-a-hook/hook.md b/docs/contributing/integrating-a-hook/hook.md index 5b1437f3..3b911d4a 100644 --- a/docs/contributing/integrating-a-hook/hook.md +++ b/docs/contributing/integrating-a-hook/hook.md @@ -23,7 +23,6 @@ As parameters for `handle()` the _hook-sdk_ provides the following: - [updateRawResults()](#updaterawresults) - [updateFindings()](#updatefindings) - [scan](#scan) - - [Example](#example) - [hook.test.js](#hooktestjs) ### getRawResults() @@ -146,6 +145,44 @@ async function handle({ ### scan +The scan object contains information about the scan resource in Kubernetes. +The information is equivalent to what you get by running `kubectl get scan/ -o json` + +Example (shortened): + +```json +{ + "apiVersion": "execution.securecodebox.io/v1", + "kind": "Scan", + "metadata": { + "creationTimestamp": "2023-09-01T15:43:13Z", + "generation": 2, + "name": "trivy-image-sbom-juice-shop", + "namespace": "integration-tests", + ... + }, + "spec": { + "parameters": [ + "bkimminich/juice-shop:v15.0.0" + ], + "resourceMode": "namespaceLocal", + "resources": {}, + "scanType": "trivy-image-sbom" + }, + "status": { + "findingDownloadLink": "http://securecodebox-operator-minio...", + "findingHeadLink": "http://securecodebox-operator-minio...", + "findings": { ... }, + "orderedHookStatuses": [ ... ], + "rawResultDownloadLink": "http://securecodebox-operator-minio...", + "rawResultFile": "sbom-cyclonedx.json", + "rawResultHeadLink": "http://securecodebox-operator-minio...", + "rawResultType": "sbom-cyclonedx", + "state": "HookProcessing" + } +} +``` + ### Example This is a basic example for the _generic-webhook_ From d190b67b53c869ebcbb791f94eb91f1aff802fac Mon Sep 17 00:00:00 2001 From: Lukas Fischer Date: Fri, 1 Sep 2023 19:37:15 +0200 Subject: [PATCH 3/4] #349 Fix helm template syntax Helm doc templates require no space between the opening braces and the minus when removing whitespace. Signed-off-by: Lukas Fischer --- docs/contributing/integrating-a-hook/templates-dir.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/contributing/integrating-a-hook/templates-dir.md b/docs/contributing/integrating-a-hook/templates-dir.md index e84d2152..12b369fe 100644 --- a/docs/contributing/integrating-a-hook/templates-dir.md +++ b/docs/contributing/integrating-a-hook/templates-dir.md @@ -18,7 +18,7 @@ apiVersion: "execution.securecodebox.io/v1" kind: ScanCompletionHook metadata: name: {{ include "generic-webhook.fullname" . }} - labels: {{ - include "generic-webhook.labels" . | nindent 4 }} + labels: {{- include "generic-webhook.labels" . | nindent 4 }} spec: type: ReadOnly image: "{{ .Values.hook.image.repository }}:{{ .Values.hook.image.tag | default .Chart.Version }}" @@ -26,6 +26,6 @@ spec: env: - name: WEBHOOK_URL value: {{ .Values.webhookUrl | quote }} - affinity: {{ - toYaml .Values.hook.affinity | nindent 4 }} - tolerations: {{ - toYaml .Values.hook.tolerations | nindent 4 }} + affinity: {{- toYaml .Values.hook.affinity | nindent 4 }} + tolerations: {{- toYaml .Values.hook.tolerations | nindent 4 }} ``` From 20ea64acf1de0fd693690f1619cc1b94dac67431 Mon Sep 17 00:00:00 2001 From: Lukas Fischer Date: Fri, 1 Sep 2023 19:47:47 +0200 Subject: [PATCH 4/4] #349 Clarify how to update the generated docs Signed-off-by: Lukas Fischer --- docs/contributing/integrating-a-hook/readme-and-helm-docs.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/contributing/integrating-a-hook/readme-and-helm-docs.md b/docs/contributing/integrating-a-hook/readme-and-helm-docs.md index 3c7f931f..fe27cc5a 100644 --- a/docs/contributing/integrating-a-hook/readme-and-helm-docs.md +++ b/docs/contributing/integrating-a-hook/readme-and-helm-docs.md @@ -42,3 +42,4 @@ helm upgrade --install gwh secureCodeBox/generic-webhook --set webhookUrl="http: ``` If you want to generate the `README.md` out of your `.helm-docs.gotmpl` locally, you can use `helm-docs` (see: [https://github.com/norwoodj/helm-docs/](https://github.com/norwoodj/helm-docs/)). +You can then update all `README.md` files automatically by running `make docs` from the top level directory.