From 4ff3a1e0855c02b16998afdd613fd91a6faf91ec Mon Sep 17 00:00:00 2001 From: Samreet Singh Date: Tue, 11 Jul 2023 10:04:19 +0200 Subject: [PATCH 1/2] Bugfix:Added Parser to release-build to resolve ErrImagePull Removed ssh-scan from release-build and scb-bot because it is deprecated Signed-off-by: Samreet Singh --- .github/workflows/release-build.yaml | 2 +- .github/workflows/scb-bot.yaml | 1 - operator/internal/telemetry/telemetry.go | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml index eb813cc0c4..fe534b7243 100644 --- a/.github/workflows/release-build.yaml +++ b/.github/workflows/release-build.yaml @@ -339,7 +339,7 @@ jobs: - nuclei - screenshooter - semgrep - - ssh-scan + - ssh-audit - sslyze - test-scan - trivy diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml index 5349eb5d6f..f83279eff4 100644 --- a/.github/workflows/scb-bot.yaml +++ b/.github/workflows/scb-bot.yaml @@ -31,7 +31,6 @@ jobs: - nuclei - semgrep - ssh-audit - - ssh-scan - sslyze - trivy - typo3scan diff --git a/operator/internal/telemetry/telemetry.go b/operator/internal/telemetry/telemetry.go index 858540fe57..607cc19135 100644 --- a/operator/internal/telemetry/telemetry.go +++ b/operator/internal/telemetry/telemetry.go @@ -38,7 +38,7 @@ var officialScanTypes map[string]bool = map[string]bool{ "nuclei": true, "screenshooter": true, "semgrep": true, - "ssh-scan": true, + "ssh-audit": true, "sslyze": true, "trivy-image": true, "trivy-filesystem": true, From 9d3ab64cdc4d63d3dc7b19eca4f8cccb7a3f2c87 Mon Sep 17 00:00:00 2001 From: Samreet Singh Date: Wed, 12 Jul 2023 11:17:35 +0200 Subject: [PATCH 2/2] Reverted removal of ssh-scan from release-build, scb-bot and telementry Signed-off-by: Samreet Singh --- .github/workflows/release-build.yaml | 2 + .github/workflows/scb-bot.yaml | 89 ++++++++++++------------ operator/internal/telemetry/telemetry.go | 1 + 3 files changed, 48 insertions(+), 44 deletions(-) diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml index fe534b7243..8ccb364eb9 100644 --- a/.github/workflows/release-build.yaml +++ b/.github/workflows/release-build.yaml @@ -339,6 +339,7 @@ jobs: - nuclei - screenshooter - semgrep + - ssh-scan - ssh-audit - sslyze - test-scan @@ -420,6 +421,7 @@ jobs: - ncrack - nmap - nikto + - ssh-scan - ssh-audit - sslyze - typo3scan diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml index f83279eff4..d2715dc48f 100644 --- a/.github/workflows/scb-bot.yaml +++ b/.github/workflows/scb-bot.yaml @@ -1,9 +1,9 @@ -# This is a Github Action workflow that runs daily at 9:15 AM UTC Time. -# It checks if any of the scanners listed in the matrix section are outdated. +# This is a Github Action workflow that runs daily at 9:15 AM UTC Time. +# It checks if any of the scanners listed in the matrix section are outdated. # If a scanner is outdated, it checks if a pull request to upgrade that scanner already exists. -# If it does not, it creates a new pull request with a title that includes the current and new versions of the scanner. +# If it does not, it creates a new pull request with a title that includes the current and new versions of the scanner. # It also includes the changelog for the new version of the scanner in the body of the pull request. -# This workflow uses a number of third-party actions to accomplish these tasks, +# This workflow uses a number of third-party actions to accomplish these tasks, # including mikefarah/yq to fetch local and remote versions of the scanners, # crazy-max/ghaction-import-gpg to import a GPG key, and jq to parse the JSON output of the scanner version API. @@ -31,6 +31,7 @@ jobs: - nuclei - semgrep - ssh-audit + - ssh-scan - sslyze - trivy - typo3scan @@ -67,49 +68,49 @@ jobs: # Fetching scanner version from remote API and making sure it's in the same format as the local version - name: Fetch latest release scanner version run: | - # Set the -e and -o pipefail options to cause the script to exit immediately - # if any command returns a non-zero exit status - set -e - set -o pipefail - - local=${{env.local}} - release=$(curl -sL ${{env.versionApi}} | jq -er ".tag_name" ) - upgrade=$release - - # Check the exit status of the curl and jq command - if [[ $? -ne 0 ]] ; then - echo "Error: Failed to download release version" - exit 1 - fi - - # We check if the first characters of local and release are different i.e whether it's "v1.0.0" or "1.0.0" - # This is to make sure that we don't compare "v1.0.0" to "1.0.0" which would result in an upgrade - # And also we want to keep the version format the same in the helm chart so that it will still correspond the the docker image tag. - # Therefore We make sure to add or remove the "v" character when necessary - - if [[ ${local:0:1} != ${release:0:1} ]] ; then - # Check if the first character of local is "v" - # In this case docker/local format is "v1.0.0" and github format is "1.0.1" - # We want the upgrade to be "v1.0.1" - if [[ ${local:0:1} == "v" ]] ; then - # set upgrade to "v" followed by the value of release. - upgrade=v${release}; - # Check if the first character of release is "v" - # in this case docker/local format is "1.0.0" and github format is "v1.0.1" - # We want the upgrade to be "1.0.1" - elif [[ ${release:0:1} == "v" ]] ; then - # set upgrade to the value of release without the "v" character - upgrade=$(echo $release| tr -d "v") - fi + # Set the -e and -o pipefail options to cause the script to exit immediately + # if any command returns a non-zero exit status + set -e + set -o pipefail + + local=${{env.local}} + release=$(curl -sL ${{env.versionApi}} | jq -er ".tag_name" ) + upgrade=$release + + # Check the exit status of the curl and jq command + if [[ $? -ne 0 ]] ; then + echo "Error: Failed to download release version" + exit 1 + fi + + # We check if the first characters of local and release are different i.e whether it's "v1.0.0" or "1.0.0" + # This is to make sure that we don't compare "v1.0.0" to "1.0.0" which would result in an upgrade + # And also we want to keep the version format the same in the helm chart so that it will still correspond the the docker image tag. + # Therefore We make sure to add or remove the "v" character when necessary + + if [[ ${local:0:1} != ${release:0:1} ]] ; then + # Check if the first character of local is "v" + # In this case docker/local format is "v1.0.0" and github format is "1.0.1" + # We want the upgrade to be "v1.0.1" + if [[ ${local:0:1} == "v" ]] ; then + # set upgrade to "v" followed by the value of release. + upgrade=v${release}; + # Check if the first character of release is "v" + # in this case docker/local format is "1.0.0" and github format is "v1.0.1" + # We want the upgrade to be "1.0.1" + elif [[ ${release:0:1} == "v" ]] ; then + # set upgrade to the value of release without the "v" character + upgrade=$(echo $release| tr -d "v") fi + fi - # Save how the latest release version looks in github releases to an environment variable - echo releaseGithub=$release >> $GITHUB_ENV - # Save how the latest release version looks in docker images to an environment variable - echo release=$upgrade >> $GITHUB_ENV - # Output bash exit code - echo exitCode=$? + # Save how the latest release version looks in github releases to an environment variable + echo releaseGithub=$release >> $GITHUB_ENV + # Save how the latest release version looks in docker images to an environment variable + echo release=$upgrade >> $GITHUB_ENV + # Output bash exit code + echo exitCode=$? - name: Check if scanner is outdated and if PR already exists if: ${{ env.release != env.local && env.release != null }} diff --git a/operator/internal/telemetry/telemetry.go b/operator/internal/telemetry/telemetry.go index 607cc19135..9ed124af93 100644 --- a/operator/internal/telemetry/telemetry.go +++ b/operator/internal/telemetry/telemetry.go @@ -39,6 +39,7 @@ var officialScanTypes map[string]bool = map[string]bool{ "screenshooter": true, "semgrep": true, "ssh-audit": true, + "ssh-scan": true, "sslyze": true, "trivy-image": true, "trivy-filesystem": true,