Skip to content

Commit 23f35e0

Browse files
J12934J12934
authored
Merge pull request #805 from EndPositive/reverse-matches
Introduce scope limiter on cascading rules to enforce scope
2 parents b20e639 + 2dabb0f commit 23f35e0

87 files changed

Lines changed: 3341 additions & 708 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.templates/new-scanner/templates/new-scanner-parse-definition.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,3 +12,5 @@ spec:
1212
ttlSecondsAfterFinished: {{ .Values.parser.ttlSecondsAfterFinished }}
1313
env:
1414
{{- toYaml .Values.parser.env | nindent 4 }}
15+
scopeLimiterAliases:
16+
{{- toYaml .Values.parser.scopeLimiterAliases | nindent 4 }}

.templates/new-scanner/values.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@ parser:
1717
# parser.env -- Optional environment variables mapped into each parseJob (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)
1818
env: []
1919

20+
# parser.scopeLimiterAliases -- Optional finding aliases to be used in the scopeLimiter.
21+
scopeLimiterAliases: {}
22+
2023
scanner:
2124
image:
2225
# scanner.image.repository -- Container Image to run the scan

hooks/cascading-scans/hook/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,10 @@ RUN mkdir -p /home/app
1515
WORKDIR /home/app
1616
COPY package.json package-lock.json ./
1717
RUN npm ci
18-
COPY hook.ts scan-helpers.ts kubernetes-label-selector.ts ./
18+
COPY hook.ts scan-helpers.ts scope-limiter.ts kubernetes-label-selector.ts ./
1919
RUN npm run build
2020

2121
FROM ${namespace:-securecodebox}/hook-sdk-nodejs:${baseImageTag:-latest}
2222
WORKDIR /home/app/hook-wrapper/hook/
2323
COPY --from=install --chown=app:app /home/app/node_modules/ ./node_modules/
24-
COPY --from=build --chown=app:app /home/app/hook.js /home/app/hook.js.map /home/app/scan-helpers.js /home/app/scan-helpers.js.map /home/app/kubernetes-label-selector.js /home/app/kubernetes-label-selector.js.map ./
24+
COPY --from=build --chown=app:app /home/app/hook.js /home/app/hook.js.map /home/app/scan-helpers.js /home/app/scan-helpers.js.map /home/app/scope-limiter.js /home/app/scope-limiter.js.map /home/app/kubernetes-label-selector.js /home/app/kubernetes-label-selector.js.map ./

0 commit comments

Comments
 (0)