Skip to content

Commit c611b8a

Browse files
IlyesbdlalaIlyesbdlala
authored
Merge pull request #1347 from secureCodeBox/maintenance/disable-cascading-rules-by-default
Disable cascading rules by default
2 parents 474eafa + 9769cb8 commit c611b8a

18 files changed

Lines changed: 33 additions & 20 deletions

File tree

.templates/new-scanner/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -104,4 +104,4 @@ scanner:
104104

105105
cascadingRules:
106106
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
107-
enabled: true
107+
enabled: false

UPGRADING.md

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,4 +140,14 @@ These images are usually used for testing and demo purposes. If you use these im
140140
Previously scheduled scans generated by the container autodiscovery are named in the format `scan-image_name-at-image_hash`. The resulting scan pod will be called `scan-scan-image_name-at-image_hash`.
141141
To avoid the duplicate “scan-scan”, the scheduled scans from the container autodiscovery are renamed. As a result, the container autodiscovery will no longer correctly “recognize” the old scans anymore. It will instead create new scans according to the new naming scheme. The old scheduled scans must be deleted manually.
142142

143-
➡️ [Reference: #1193](https://github.com/secureCodeBox/secureCodeBox/pull/1193)
143+
➡️ [Reference: #1193](https://github.com/secureCodeBox/secureCodeBox/pull/1193)
144+
145+
146+
### Cascading rules are disabled by default
147+
Having the Cascading rules enabled by default on scanner helm install, has led to some confusion on the users side as mentioned in issue [#914](https://github.com/secureCodeBox/secureCodeBox/issues/914). As a result Cascading rules will have to be explicitly enabled by setting the `cascadingRules.enabled` value to `true`. For example as so:
148+
```yaml
149+
helm upgrade --install nmap secureCodeBox/nmap --set=cascadingRules.enabled=true
150+
```
151+
152+
➡️ [Reference: #1347](https://github.com/secureCodeBox/secureCodeBox/pull/1347)
153+

hooks/cascading-scans/Makefile

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,8 @@ deploy-test-dep-nmap:
2828
--set="parser.image.tag=$(IMG_TAG)" \
2929
--set="scanner.image.tag=$(IMG_TAG)" \
3030
--set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \
31-
--set-string="parser.env[0].value=true"
31+
--set-string="parser.env[0].value=true" \
32+
--set="cascadingRules.enabled=true"
3233

3334
.PHONY: deploy-test-dep-ncrack
3435
deploy-test-dep-ncrack:
@@ -46,7 +47,8 @@ deploy-test-dep-ncrack:
4647
--set="scanner.extraVolumes[0].name=ncrack-lists" \
4748
--set="scanner.extraVolumes[0].secret.secretName=ncrack-lists" \
4849
--set="scanner.extraVolumeMounts[0].name=ncrack-lists" \
49-
--set="scanner.extraVolumeMounts[0].mountPath=/ncrack/"
50+
--set="scanner.extraVolumeMounts[0].mountPath=/ncrack/" \
51+
--set="cascadingRules.enabled=true"
5052

5153
.PHONY: deploy-test-dep-sslyze
5254
deploy-test-dep-sslyze:
@@ -55,7 +57,8 @@ deploy-test-dep-sslyze:
5557
--set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-sslyze" \
5658
--set="parser.image.tag=$(IMG_TAG)" \
5759
--set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \
58-
--set-string="parser.env[0].value=true"
60+
--set-string="parser.env[0].value=true" \
61+
--set="cascadingRules.enabled=true"
5962

6063
.PHONY: deploy-test-deps-1 # Deploys dependencies for the nmap-ncrack test
6164
deploy-test-deps: deploy-test-dep-dummy-ssh deploy-test-dep-nmap deploy-test-dep-ncrack

scanners/cmseek/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,4 +102,4 @@ scanner:
102102

103103
cascadingRules:
104104
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
105-
enabled: true
105+
enabled: false

scanners/gitleaks/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,4 +102,4 @@ scanner:
102102

103103
cascadingRules:
104104
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
105-
enabled: true
105+
enabled: false

scanners/kube-hunter/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,4 +102,4 @@ scanner:
102102

103103
cascadingRules:
104104
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
105-
enabled: true
105+
enabled: false

scanners/ncrack/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -108,4 +108,4 @@ scanner:
108108

109109
cascadingRules:
110110
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
111-
enabled: true
111+
enabled: false

scanners/nikto/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,4 +102,4 @@ scanner:
102102

103103
cascadingRules:
104104
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
105-
enabled: true
105+
enabled: false

scanners/nmap/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,4 +103,4 @@ scanner:
103103

104104
cascadingRules:
105105
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
106-
enabled: true
106+
enabled: false

scanners/nuclei/values.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -120,4 +120,4 @@ nucleiTemplateCache:
120120

121121
cascadingRules:
122122
# cascadingRules.enabled -- Enables or disables the installation of the default cascading rules for this scanner
123-
enabled: true
123+
enabled: false

0 commit comments

Comments
 (0)