From b85e8a5fe4d45241dd41204a8999cc338684d5ea Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Wed, 26 Jun 2024 20:14:10 +0200 Subject: [PATCH 1/2] Replace helm repo install instructions with oci registry instructions Signed-off-by: Jannik Hollenbach --- .helm-docs/templates.gotmpl | 2 +- .templates/new-scanner/README.md | 2 +- UPGRADING.md | 2 +- auto-discovery/cloud-aws/README.md | 2 +- .../cloud-aws/docs/README.ArtifactHub.md | 2 +- auto-discovery/kubernetes/README.md | 2 +- .../kubernetes/docs/README.ArtifactHub.md | 2 +- bin/install.sh | 4 +-- demo-targets/bodgeit/README.md | 2 +- .../bodgeit/docs/README.ArtifactHub.md | 2 +- demo-targets/dummy-ssh/README.md | 2 +- .../dummy-ssh/docs/README.ArtifactHub.md | 2 +- demo-targets/http-webhook/README.md | 2 +- .../http-webhook/docs/README.ArtifactHub.md | 2 +- demo-targets/juice-shop/README.md | 2 +- .../juice-shop/docs/README.ArtifactHub.md | 2 +- demo-targets/old-joomla/README.md | 2 +- .../old-joomla/docs/README.ArtifactHub.md | 2 +- demo-targets/old-typo3/README.md | 2 +- .../old-typo3/docs/README.ArtifactHub.md | 2 +- demo-targets/old-wordpress/README.md | 2 +- .../old-wordpress/docs/README.ArtifactHub.md | 2 +- demo-targets/swagger-petstore/README.md | 2 +- .../docs/README.ArtifactHub.md | 2 +- demo-targets/unsafe-https/README.md | 2 +- .../unsafe-https/docs/README.ArtifactHub.md | 2 +- demo-targets/vulnerable-log4j/README.md | 2 +- .../docs/README.ArtifactHub.md | 2 +- .../container-auto-discovery.md | 4 +-- .../docs/auto-discovery/installation.md | 4 +-- .../auto-discovery/service-auto-discovery.md | 4 +-- .../readme-and-helm-docs.md | 2 +- .../docs/getting-started/installation.md | 30 +++++++++---------- documentation/docs/how-tos/autodiscovery.md | 10 +++---- .../how-tos/automatically-repeating-scans.md | 4 +-- documentation/docs/how-tos/hooks.md | 6 ++-- .../docs/how-tos/persistence-storage.md | 6 ++-- .../docs/how-tos/scanning-networks.md | 6 ++-- .../docs/how-tos/scanning-web-applications.md | 4 +-- documentation/docs/how-tos/scope.md | 8 ++--- hooks/.helm-docs.gotmpl | 2 +- hooks/cascading-scans/README.md | 2 +- .../docs/README.ArtifactHub.md | 2 +- hooks/finding-post-processing/README.md | 2 +- .../docs/README.ArtifactHub.md | 2 +- hooks/generic-webhook/.helm-docs.gotmpl | 4 +-- hooks/generic-webhook/README.md | 6 ++-- .../docs/README.ArtifactHub.md | 6 ++-- hooks/notification/.helm-docs.gotmpl | 4 +-- hooks/notification/README.md | 6 ++-- hooks/notification/docs/README.ArtifactHub.md | 6 ++-- .../.helm-docs.gotmpl | 2 +- hooks/persistence-azure-monitor/README.md | 4 +-- .../docs/README.ArtifactHub.md | 4 +-- .../persistence-defectdojo/.helm-docs.gotmpl | 8 ++--- hooks/persistence-defectdojo/README.md | 10 +++---- .../docs/README.ArtifactHub.md | 10 +++---- .../docs/README.DockerHub-Hook.md | 2 +- .../.helm-docs.gotmpl | 2 +- hooks/persistence-dependencytrack/README.md | 4 +-- .../docs/README.ArtifactHub.md | 4 +-- hooks/persistence-elastic/README.md | 2 +- .../docs/README.ArtifactHub.md | 2 +- hooks/update-field-hook/.helm-docs.gotmpl | 2 +- hooks/update-field-hook/README.md | 4 +-- .../docs/README.ArtifactHub.md | 4 +-- operator/README.md | 2 +- operator/docs/README.ArtifactHub.md | 2 +- scanners/.helm-docs.gotmpl | 2 +- scanners/amass/README.md | 2 +- scanners/amass/docs/README.ArtifactHub.md | 2 +- scanners/cmseek/README.md | 2 +- scanners/cmseek/docs/README.ArtifactHub.md | 2 +- scanners/doggo/README.md | 2 +- scanners/doggo/docs/README.ArtifactHub.md | 2 +- scanners/ffuf/README.md | 2 +- scanners/ffuf/docs/README.ArtifactHub.md | 2 +- scanners/git-repo-scanner/README.md | 2 +- .../docs/README.ArtifactHub.md | 2 +- scanners/gitleaks/README.md | 2 +- scanners/gitleaks/docs/README.ArtifactHub.md | 2 +- scanners/kube-hunter/README.md | 2 +- .../kube-hunter/docs/README.ArtifactHub.md | 2 +- scanners/kubeaudit/README.md | 2 +- scanners/kubeaudit/docs/README.ArtifactHub.md | 2 +- .../kubeaudit/examples/juice-shop/README.md | 6 ++-- scanners/ncrack/.helm-docs.gotmpl | 6 ++-- scanners/ncrack/README.md | 8 ++--- scanners/ncrack/docs/README.ArtifactHub.md | 8 ++--- scanners/ncrack/examples/dummy-ssh/README.md | 4 +-- scanners/nikto/README.md | 2 +- scanners/nikto/docs/README.ArtifactHub.md | 2 +- .../nikto/examples/demo-bodgeit/README.md | 2 +- scanners/nmap/.helm-docs.gotmpl | 2 +- scanners/nmap/README.md | 4 +-- scanners/nmap/docs/README.ArtifactHub.md | 4 +-- scanners/nuclei/.helm-docs.gotmpl | 2 +- scanners/nuclei/README.md | 4 +-- scanners/nuclei/docs/README.ArtifactHub.md | 4 +-- scanners/screenshooter/README.md | 2 +- .../screenshooter/docs/README.ArtifactHub.md | 2 +- scanners/semgrep/README.md | 2 +- scanners/semgrep/docs/README.ArtifactHub.md | 2 +- scanners/ssh-audit/README.md | 2 +- scanners/ssh-audit/docs/README.ArtifactHub.md | 2 +- scanners/ssh-scan/README.md | 2 +- scanners/ssh-scan/docs/README.ArtifactHub.md | 2 +- .../ssh-scan/examples/demo-app-ssh/README.md | 2 +- scanners/sslyze/README.md | 2 +- scanners/sslyze/docs/README.ArtifactHub.md | 2 +- scanners/test-scan/README.md | 2 +- scanners/test-scan/docs/README.ArtifactHub.md | 2 +- scanners/trivy-sbom/README.md | 2 +- .../trivy-sbom/docs/README.ArtifactHub.md | 2 +- scanners/trivy/README.md | 2 +- scanners/trivy/docs/README.ArtifactHub.md | 2 +- scanners/typo3scan/README.md | 2 +- scanners/typo3scan/docs/README.ArtifactHub.md | 2 +- scanners/whatweb/README.md | 2 +- scanners/whatweb/docs/README.ArtifactHub.md | 2 +- scanners/wpscan/README.md | 2 +- scanners/wpscan/docs/README.ArtifactHub.md | 2 +- .../wpscan/examples/old-wordpress/README.md | 2 +- scanners/zap-advanced/README.md | 2 +- .../zap-advanced/docs/README.ArtifactHub.md | 2 +- scanners/zap-automation-framework/README.md | 2 +- .../docs/README.ArtifactHub.md | 2 +- scanners/zap/README.md | 2 +- scanners/zap/docs/README.ArtifactHub.md | 2 +- 129 files changed, 204 insertions(+), 204 deletions(-) diff --git a/.helm-docs/templates.gotmpl b/.helm-docs/templates.gotmpl index c99581c346..2ed683fab2 100644 --- a/.helm-docs/templates.gotmpl +++ b/.helm-docs/templates.gotmpl @@ -53,7 +53,7 @@ The {{ template "chart.name" . }} chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install {{ template "chart.name" . }} secureCodeBox/{{ template "chart.name" . }} +helm upgrade --install {{ template "chart.name" . }} oci://ghcr.io/securecodebox/helm/{{ template "chart.name" . }} ``` {{- end }} diff --git a/.templates/new-scanner/README.md b/.templates/new-scanner/README.md index 78f0916651..076ac0b05c 100644 --- a/.templates/new-scanner/README.md +++ b/.templates/new-scanner/README.md @@ -44,7 +44,7 @@ The new-scanner chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install new-scanner secureCodeBox/new-scanner +helm upgrade --install new-scanner oci://ghcr.io/securecodebox/helm/new-scanner ``` Please write how to configure the scanner diff --git a/UPGRADING.md b/UPGRADING.md index 6abda8ed51..e1e1dad8c1 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -156,7 +156,7 @@ To avoid the duplicate “scan-scan”, the scheduled scans from the container a Having the Cascading rules enabled by default on scanner helm install, has led to some confusion on the users side as mentioned in issue [#914](https://github.com/secureCodeBox/secureCodeBox/issues/914). As a result Cascading rules will have to be explicitly enabled by setting the `cascadingRules.enabled` value to `true`. For example as so: ```yaml -helm upgrade --install nmap secureCodeBox/nmap --set=cascadingRules.enabled=true +helm upgrade --install nmap oci://ghcr.io/securecodebox/helm/nmap --set=cascadingRules.enabled=true ``` ➡️ [Reference: #1347](https://github.com/secureCodeBox/secureCodeBox/pull/1347) diff --git a/auto-discovery/cloud-aws/README.md b/auto-discovery/cloud-aws/README.md index a499a4c28c..b3ad834abb 100644 --- a/auto-discovery/cloud-aws/README.md +++ b/auto-discovery/cloud-aws/README.md @@ -142,7 +142,7 @@ The auto-discovery-cloud-aws chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install auto-discovery-cloud-aws secureCodeBox/auto-discovery-cloud-aws +helm upgrade --install auto-discovery-cloud-aws oci://ghcr.io/securecodebox/helm/auto-discovery-cloud-aws ``` To directly deploy the auto-discovery-cloud-aws chart with the options for AWS configured, you can pass additional config values to helm: diff --git a/auto-discovery/cloud-aws/docs/README.ArtifactHub.md b/auto-discovery/cloud-aws/docs/README.ArtifactHub.md index 009d2fc61a..6323257226 100644 --- a/auto-discovery/cloud-aws/docs/README.ArtifactHub.md +++ b/auto-discovery/cloud-aws/docs/README.ArtifactHub.md @@ -134,7 +134,7 @@ The auto-discovery-cloud-aws chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install auto-discovery-cloud-aws secureCodeBox/auto-discovery-cloud-aws +helm upgrade --install auto-discovery-cloud-aws oci://ghcr.io/securecodebox/helm/auto-discovery-cloud-aws ``` To directly deploy the auto-discovery-cloud-aws chart with the options for AWS configured, you can pass additional config values to helm: diff --git a/auto-discovery/kubernetes/README.md b/auto-discovery/kubernetes/README.md index ed317e1219..6c0b081f24 100644 --- a/auto-discovery/kubernetes/README.md +++ b/auto-discovery/kubernetes/README.md @@ -67,7 +67,7 @@ The auto-discovery-kubernetes chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install auto-discovery-kubernetes secureCodeBox/auto-discovery-kubernetes +helm upgrade --install auto-discovery-kubernetes oci://ghcr.io/securecodebox/helm/auto-discovery-kubernetes ``` ## Requirements diff --git a/auto-discovery/kubernetes/docs/README.ArtifactHub.md b/auto-discovery/kubernetes/docs/README.ArtifactHub.md index d879665feb..d16253c044 100644 --- a/auto-discovery/kubernetes/docs/README.ArtifactHub.md +++ b/auto-discovery/kubernetes/docs/README.ArtifactHub.md @@ -59,7 +59,7 @@ The auto-discovery-kubernetes chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install auto-discovery-kubernetes secureCodeBox/auto-discovery-kubernetes +helm upgrade --install auto-discovery-kubernetes oci://ghcr.io/securecodebox/helm/auto-discovery-kubernetes ``` ## Requirements diff --git a/bin/install.sh b/bin/install.sh index 8dabff9319..1fa1450252 100755 --- a/bin/install.sh +++ b/bin/install.sh @@ -147,7 +147,7 @@ function installResources() { if [[ $unattended == 'true' ]]; then for resource in "${resources[@]}"; do - helm upgrade --install -n "$namespace" "$resource" secureCodeBox/"$resource" || + helm upgrade --install -n "$namespace" "$resource" oci://ghcr.io/securecodebox/helm/"$resource" || print "$COLOR_ERROR" "Installation of '$resource' failed" done @@ -158,7 +158,7 @@ function installResources() { read -r line if [[ $line == *[Yy] ]]; then - helm upgrade --install -n "$namespace" "$resource" secureCodeBox/"$resource" || + helm upgrade --install -n "$namespace" "$resource" oci://ghcr.io/securecodebox/helm/"$resource" || print "$COLOR_ERROR" "Installation of '$resource' failed" fi done diff --git a/demo-targets/bodgeit/README.md b/demo-targets/bodgeit/README.md index 77d19c19ee..951581c5bb 100644 --- a/demo-targets/bodgeit/README.md +++ b/demo-targets/bodgeit/README.md @@ -49,7 +49,7 @@ The bodgeit chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install bodgeit secureCodeBox/bodgeit +helm upgrade --install bodgeit oci://ghcr.io/securecodebox/helm/bodgeit ``` ## Values diff --git a/demo-targets/bodgeit/docs/README.ArtifactHub.md b/demo-targets/bodgeit/docs/README.ArtifactHub.md index 364e96279d..6cac446f50 100644 --- a/demo-targets/bodgeit/docs/README.ArtifactHub.md +++ b/demo-targets/bodgeit/docs/README.ArtifactHub.md @@ -56,7 +56,7 @@ The bodgeit chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install bodgeit secureCodeBox/bodgeit +helm upgrade --install bodgeit oci://ghcr.io/securecodebox/helm/bodgeit ``` ## Values diff --git a/demo-targets/dummy-ssh/README.md b/demo-targets/dummy-ssh/README.md index 72af29e024..e5e198eaef 100644 --- a/demo-targets/dummy-ssh/README.md +++ b/demo-targets/dummy-ssh/README.md @@ -52,7 +52,7 @@ The dummy-ssh chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install dummy-ssh secureCodeBox/dummy-ssh +helm upgrade --install dummy-ssh oci://ghcr.io/securecodebox/helm/dummy-ssh ``` ## Values diff --git a/demo-targets/dummy-ssh/docs/README.ArtifactHub.md b/demo-targets/dummy-ssh/docs/README.ArtifactHub.md index 41ab0b8362..d53e3494f3 100644 --- a/demo-targets/dummy-ssh/docs/README.ArtifactHub.md +++ b/demo-targets/dummy-ssh/docs/README.ArtifactHub.md @@ -59,7 +59,7 @@ The dummy-ssh chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install dummy-ssh secureCodeBox/dummy-ssh +helm upgrade --install dummy-ssh oci://ghcr.io/securecodebox/helm/dummy-ssh ``` ## Values diff --git a/demo-targets/http-webhook/README.md b/demo-targets/http-webhook/README.md index 632b7c40a8..50f5d423a9 100644 --- a/demo-targets/http-webhook/README.md +++ b/demo-targets/http-webhook/README.md @@ -46,7 +46,7 @@ The http-webhook chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install http-webhook secureCodeBox/http-webhook +helm upgrade --install http-webhook oci://ghcr.io/securecodebox/helm/http-webhook ``` ## Values diff --git a/demo-targets/http-webhook/docs/README.ArtifactHub.md b/demo-targets/http-webhook/docs/README.ArtifactHub.md index f0d00e3b1b..e0f398e14c 100644 --- a/demo-targets/http-webhook/docs/README.ArtifactHub.md +++ b/demo-targets/http-webhook/docs/README.ArtifactHub.md @@ -53,7 +53,7 @@ The http-webhook chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install http-webhook secureCodeBox/http-webhook +helm upgrade --install http-webhook oci://ghcr.io/securecodebox/helm/http-webhook ``` ## Values diff --git a/demo-targets/juice-shop/README.md b/demo-targets/juice-shop/README.md index 125357fc7c..9ae7adcbd4 100644 --- a/demo-targets/juice-shop/README.md +++ b/demo-targets/juice-shop/README.md @@ -49,7 +49,7 @@ The juice-shop chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install juice-shop secureCodeBox/juice-shop +helm upgrade --install juice-shop oci://ghcr.io/securecodebox/helm/juice-shop ``` ## Values diff --git a/demo-targets/juice-shop/docs/README.ArtifactHub.md b/demo-targets/juice-shop/docs/README.ArtifactHub.md index f25fa37f2b..5d88c9c7ae 100644 --- a/demo-targets/juice-shop/docs/README.ArtifactHub.md +++ b/demo-targets/juice-shop/docs/README.ArtifactHub.md @@ -56,7 +56,7 @@ The juice-shop chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install juice-shop secureCodeBox/juice-shop +helm upgrade --install juice-shop oci://ghcr.io/securecodebox/helm/juice-shop ``` ## Values diff --git a/demo-targets/old-joomla/README.md b/demo-targets/old-joomla/README.md index a7489612d7..e8c0088bd0 100644 --- a/demo-targets/old-joomla/README.md +++ b/demo-targets/old-joomla/README.md @@ -46,7 +46,7 @@ The old-joomla chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install old-joomla secureCodeBox/old-joomla +helm upgrade --install old-joomla oci://ghcr.io/securecodebox/helm/old-joomla ``` ## Values diff --git a/demo-targets/old-joomla/docs/README.ArtifactHub.md b/demo-targets/old-joomla/docs/README.ArtifactHub.md index af0b0d3c6d..7d7c8e4684 100644 --- a/demo-targets/old-joomla/docs/README.ArtifactHub.md +++ b/demo-targets/old-joomla/docs/README.ArtifactHub.md @@ -53,7 +53,7 @@ The old-joomla chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install old-joomla secureCodeBox/old-joomla +helm upgrade --install old-joomla oci://ghcr.io/securecodebox/helm/old-joomla ``` ## Values diff --git a/demo-targets/old-typo3/README.md b/demo-targets/old-typo3/README.md index 8e66785e1e..87c7a25cec 100644 --- a/demo-targets/old-typo3/README.md +++ b/demo-targets/old-typo3/README.md @@ -46,7 +46,7 @@ The old-typo3 chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install old-typo3 secureCodeBox/old-typo3 +helm upgrade --install old-typo3 oci://ghcr.io/securecodebox/helm/old-typo3 ``` ## Values diff --git a/demo-targets/old-typo3/docs/README.ArtifactHub.md b/demo-targets/old-typo3/docs/README.ArtifactHub.md index 12caa9c21c..793e4a21cf 100644 --- a/demo-targets/old-typo3/docs/README.ArtifactHub.md +++ b/demo-targets/old-typo3/docs/README.ArtifactHub.md @@ -53,7 +53,7 @@ The old-typo3 chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install old-typo3 secureCodeBox/old-typo3 +helm upgrade --install old-typo3 oci://ghcr.io/securecodebox/helm/old-typo3 ``` ## Values diff --git a/demo-targets/old-wordpress/README.md b/demo-targets/old-wordpress/README.md index b802d972c0..bb95395369 100644 --- a/demo-targets/old-wordpress/README.md +++ b/demo-targets/old-wordpress/README.md @@ -46,7 +46,7 @@ The old-wordpress chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install old-wordpress secureCodeBox/old-wordpress +helm upgrade --install old-wordpress oci://ghcr.io/securecodebox/helm/old-wordpress ``` ## Values diff --git a/demo-targets/old-wordpress/docs/README.ArtifactHub.md b/demo-targets/old-wordpress/docs/README.ArtifactHub.md index b3b0ed1c91..37e6143567 100644 --- a/demo-targets/old-wordpress/docs/README.ArtifactHub.md +++ b/demo-targets/old-wordpress/docs/README.ArtifactHub.md @@ -53,7 +53,7 @@ The old-wordpress chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install old-wordpress secureCodeBox/old-wordpress +helm upgrade --install old-wordpress oci://ghcr.io/securecodebox/helm/old-wordpress ``` ## Values diff --git a/demo-targets/swagger-petstore/README.md b/demo-targets/swagger-petstore/README.md index 5fccda95f2..1174ee3c3e 100644 --- a/demo-targets/swagger-petstore/README.md +++ b/demo-targets/swagger-petstore/README.md @@ -47,7 +47,7 @@ The swagger-petstore chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install swagger-petstore secureCodeBox/swagger-petstore +helm upgrade --install swagger-petstore oci://ghcr.io/securecodebox/helm/swagger-petstore ``` ## Values diff --git a/demo-targets/swagger-petstore/docs/README.ArtifactHub.md b/demo-targets/swagger-petstore/docs/README.ArtifactHub.md index ef5d571fee..a231aa5bb6 100644 --- a/demo-targets/swagger-petstore/docs/README.ArtifactHub.md +++ b/demo-targets/swagger-petstore/docs/README.ArtifactHub.md @@ -54,7 +54,7 @@ The swagger-petstore chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install swagger-petstore secureCodeBox/swagger-petstore +helm upgrade --install swagger-petstore oci://ghcr.io/securecodebox/helm/swagger-petstore ``` ## Values diff --git a/demo-targets/unsafe-https/README.md b/demo-targets/unsafe-https/README.md index 373a49f7b1..51d784e0d4 100644 --- a/demo-targets/unsafe-https/README.md +++ b/demo-targets/unsafe-https/README.md @@ -48,7 +48,7 @@ The unsafe-https chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install unsafe-https secureCodeBox/unsafe-https +helm upgrade --install unsafe-https oci://ghcr.io/securecodebox/helm/unsafe-https ``` ## Values diff --git a/demo-targets/unsafe-https/docs/README.ArtifactHub.md b/demo-targets/unsafe-https/docs/README.ArtifactHub.md index d1f77fa88f..15156f0aa6 100644 --- a/demo-targets/unsafe-https/docs/README.ArtifactHub.md +++ b/demo-targets/unsafe-https/docs/README.ArtifactHub.md @@ -55,7 +55,7 @@ The unsafe-https chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install unsafe-https secureCodeBox/unsafe-https +helm upgrade --install unsafe-https oci://ghcr.io/securecodebox/helm/unsafe-https ``` ## Values diff --git a/demo-targets/vulnerable-log4j/README.md b/demo-targets/vulnerable-log4j/README.md index 94dbb665a9..1fe5a3cd32 100644 --- a/demo-targets/vulnerable-log4j/README.md +++ b/demo-targets/vulnerable-log4j/README.md @@ -46,7 +46,7 @@ The vulnerable-log4j chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install vulnerable-log4j secureCodeBox/vulnerable-log4j +helm upgrade --install vulnerable-log4j oci://ghcr.io/securecodebox/helm/vulnerable-log4j ``` ## Values diff --git a/demo-targets/vulnerable-log4j/docs/README.ArtifactHub.md b/demo-targets/vulnerable-log4j/docs/README.ArtifactHub.md index d4ec00239b..5a1c1c4dd4 100644 --- a/demo-targets/vulnerable-log4j/docs/README.ArtifactHub.md +++ b/demo-targets/vulnerable-log4j/docs/README.ArtifactHub.md @@ -53,7 +53,7 @@ The vulnerable-log4j chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install vulnerable-log4j secureCodeBox/vulnerable-log4j +helm upgrade --install vulnerable-log4j oci://ghcr.io/securecodebox/helm/vulnerable-log4j ``` ## Values diff --git a/documentation/docs/auto-discovery/container-auto-discovery.md b/documentation/docs/auto-discovery/container-auto-discovery.md index 4a53f59868..35b993ccc1 100644 --- a/documentation/docs/auto-discovery/container-auto-discovery.md +++ b/documentation/docs/auto-discovery/container-auto-discovery.md @@ -24,7 +24,7 @@ If a pod consists of multiple containers, the above described logic will be appl [Trivy](/docs/scanners/trivy) is a container image scanner that is used by the Container AutoDiscovery. It has to be installed in the same namespace as the containers that you wish to scan. The following steps will install trivy in the `default` namespace: ```bash -helm upgrade --install trivy secureCodeBox/trivy +helm upgrade --install trivy oci://ghcr.io/securecodebox/helm/trivy ``` #### Deactivation @@ -32,5 +32,5 @@ helm upgrade --install trivy secureCodeBox/trivy The Container AutoDiscovery is enabled by default but can be disabled manually. ```bash -helm upgrade --namespace securecodebox-system --install auto-discovery-kubernetes secureCodeBox/auto-discovery-kubernetes --set config.containerAutoDiscovery.enabled=false +helm upgrade --namespace securecodebox-system --install auto-discovery-kubernetes oci://ghcr.io/securecodebox/helm/auto-discovery-kubernetes --set config.containerAutoDiscovery.enabled=false ``` diff --git a/documentation/docs/auto-discovery/installation.md b/documentation/docs/auto-discovery/installation.md index b06cb6b28e..2804187c23 100644 --- a/documentation/docs/auto-discovery/installation.md +++ b/documentation/docs/auto-discovery/installation.md @@ -38,7 +38,7 @@ This behavior can be configured using one of the following `resourceInclusion` m These modes can be set via the `config.resourceInclusion` parameter in the helm chart: ```bash -helm upgrade --namespace securecodebox-system --install auto-discovery-kubernetes secureCodeBox/auto-discovery-kubernetes --set config.resourceInclusion.mode="enabled-per-resource" +helm upgrade --namespace securecodebox-system --install auto-discovery-kubernetes oci://ghcr.io/securecodebox/helm/auto-discovery-kubernetes --set config.resourceInclusion.mode="enabled-per-resource" ``` The default mode is `enabled-per-namespace`. @@ -57,7 +57,7 @@ Annotating a individual resource is done as follows. Here the deployment `juice- It is done by adding the annotation to the chart values, which is then passed to the deployment template. This results into the pod containing the service/deployment always having the annotation. The process may be different in your case: ```bash -helm upgrade --install juice-shop secureCodeBox/juice-shop --set-json='annotations={"auto-discovery.securecodebox.io/enabled":"true"}' +helm upgrade --install juice-shop oci://ghcr.io/securecodebox/helm/juice-shop --set-json='annotations={"auto-discovery.securecodebox.io/enabled":"true"}' ``` You should now see a ZAP-advanced [ScheduledScan](/docs/api/crds/scheduled-scan) created for juice-shop or any other service that you have annotated. diff --git a/documentation/docs/auto-discovery/service-auto-discovery.md b/documentation/docs/auto-discovery/service-auto-discovery.md index a9ef08c247..80d63a58b8 100644 --- a/documentation/docs/auto-discovery/service-auto-discovery.md +++ b/documentation/docs/auto-discovery/service-auto-discovery.md @@ -21,7 +21,7 @@ By default the Service AutoDiscovery creates [ZAP Advanced](../scanners/zap-adva By default the Service AutoDiscovery creates ScheduledScans using the [ZAP Advanced](/docs/scanners/zap-advanced) ScanType. It has to be installed in the same namespace as the containers that you wish to scan. The following steps will install zap-advanced in the `default` namespace: ```bash -helm upgrade --install zap-advanced secureCodeBox/zap-advanced +helm upgrade --install zap-advanced oci://ghcr.io/securecodebox/helm/zap-advanced ``` #### Deactivation @@ -29,5 +29,5 @@ helm upgrade --install zap-advanced secureCodeBox/zap-advanced The Service AutoDiscovery is enabled by default but can be disabled manually. ```bash -helm upgrade --namespace securecodebox-system --install auto-discovery-kubernetes secureCodeBox/auto-discovery-kubernetes --set config.serviceAutoDiscovery.enabled=false +helm upgrade --namespace securecodebox-system --install auto-discovery-kubernetes oci://ghcr.io/securecodebox/helm/auto-discovery-kubernetes --set config.serviceAutoDiscovery.enabled=false ``` diff --git a/documentation/docs/contributing/integrating-a-hook/readme-and-helm-docs.md b/documentation/docs/contributing/integrating-a-hook/readme-and-helm-docs.md index e19cd0bafb..7302f0ee1b 100644 --- a/documentation/docs/contributing/integrating-a-hook/readme-and-helm-docs.md +++ b/documentation/docs/contributing/integrating-a-hook/readme-and-helm-docs.md @@ -34,7 +34,7 @@ This Hook will make a request to the specified `webhookUrl` containing the findi Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace. Change `webhookUrl` to your desired endpoint. -helm upgrade --install gwh secureCodeBox/generic-webhook --set webhookUrl="http://example.com/my/webhook/target" +helm upgrade --install gwh oci://ghcr.io/securecodebox/helm/generic-webhook --set webhookUrl="http://example.com/my/webhook/target" ## Chart Configuration diff --git a/documentation/docs/getting-started/installation.md b/documentation/docs/getting-started/installation.md index c319fb9f4b..37f1622e18 100644 --- a/documentation/docs/getting-started/installation.md +++ b/documentation/docs/getting-started/installation.md @@ -111,16 +111,16 @@ You can optionally deploy SCB scanner charts for each security scanner you want ```bash # The following chart will be installed in the `default` namespace by you can choose the namespace of your choice by # adding `--namespace YOURNAMESPACE` to each line -helm upgrade --install amass secureCodeBox/amass -helm upgrade --install gitleaks secureCodeBox/gitleaks -helm upgrade --install kube-hunter secureCodeBox/kube-hunter -helm upgrade --install nikto secureCodeBox/nikto -helm upgrade --install nmap secureCodeBox/nmap -helm upgrade --install ssh-scan secureCodeBox/ssh-scan -helm upgrade --install sslyze secureCodeBox/sslyze -helm upgrade --install trivy secureCodeBox/trivy -helm upgrade --install wpscan secureCodeBox/wpscan -helm upgrade --install zap secureCodeBox/zap +helm upgrade --install amass oci://ghcr.io/securecodebox/helm/amass +helm upgrade --install gitleaks oci://ghcr.io/securecodebox/helm/gitleaks +helm upgrade --install kube-hunter oci://ghcr.io/securecodebox/helm/kube-hunter +helm upgrade --install nikto oci://ghcr.io/securecodebox/helm/nikto +helm upgrade --install nmap oci://ghcr.io/securecodebox/helm/nmap +helm upgrade --install ssh-scan oci://ghcr.io/securecodebox/helm/ssh-scan +helm upgrade --install sslyze oci://ghcr.io/securecodebox/helm/sslyze +helm upgrade --install trivy oci://ghcr.io/securecodebox/helm/trivy +helm upgrade --install wpscan oci://ghcr.io/securecodebox/helm/wpscan +helm upgrade --install zap oci://ghcr.io/securecodebox/helm/zap ``` ## Install some demo targets @@ -133,11 +133,11 @@ Otherwise you could be targeted by someone else really fast 😈 ::: ```bash -helm upgrade --install dummy-ssh secureCodeBox/dummy-ssh -helm upgrade --install bodgeit secureCodeBox/bodgeit -helm upgrade --install juice-shop secureCodeBox/juice-shop -helm upgrade --install old-wordpress secureCodeBox/old-wordpress -helm upgrade --install swagger-petstore secureCodeBox/swagger-petstore +helm upgrade --install dummy-ssh oci://ghcr.io/securecodebox/helm/dummy-ssh +helm upgrade --install bodgeit oci://ghcr.io/securecodebox/helm/bodgeit +helm upgrade --install juice-shop oci://ghcr.io/securecodebox/helm/juice-shop +helm upgrade --install old-wordpress oci://ghcr.io/securecodebox/helm/old-wordpress +helm upgrade --install swagger-petstore oci://ghcr.io/securecodebox/helm/swagger-petstore ``` :::note diff --git a/documentation/docs/how-tos/autodiscovery.md b/documentation/docs/how-tos/autodiscovery.md index 78c3c62f9e..4d7b303095 100644 --- a/documentation/docs/how-tos/autodiscovery.md +++ b/documentation/docs/how-tos/autodiscovery.md @@ -43,14 +43,14 @@ This tutorial will use the `default` and `securecodebox-system` namespaces. First install the `zap-advanced` (for service AutoDiscovery) and `trivy` (for Container AutoDiscovery) scan types: ```bash -helm upgrade --install zap-advanced secureCodeBox/zap-advanced -helm upgrade --install trivy secureCodeBox/trivy +helm upgrade --install zap-advanced oci://ghcr.io/securecodebox/helm/zap-advanced +helm upgrade --install trivy oci://ghcr.io/securecodebox/helm/trivy ``` Then install the SCB AutoDiscovery (Container AutoDiscovery is explicitly enabled in this example): ```bash -helm upgrade --namespace securecodebox-system --install auto-discovery-kubernetes secureCodeBox/auto-discovery-kubernetes --set config.containerAutoDiscovery.enabled=true +helm upgrade --namespace securecodebox-system --install auto-discovery-kubernetes oci://ghcr.io/securecodebox/helm/auto-discovery-kubernetes --set config.containerAutoDiscovery.enabled=true ``` There are three so-called `resourceInclusionModes`. These control which resources the AutoDiscovery will scan. @@ -70,7 +70,7 @@ kubectl annotate namespace default auto-discovery.securecodebox.io/enabled=true Then install juice-shop as a demo target: ```bash -helm upgrade --install juice-shop secureCodeBox/juice-shop +helm upgrade --install juice-shop oci://ghcr.io/securecodebox/helm/juice-shop ``` The AutoDiscovery will create two scheduled scans after some time. One for the juice-shop service using `zap`, and one for the juice-shop container using `trivy`: @@ -85,7 +85,7 @@ scan-juice-shop-at-350cf9a6ea37138b987a3968d046e61bcd3bb18d2ec trivy Install a second juice-shop into the namespace: ```bash -helm upgrade --install juice-shop2 secureCodeBox/juice-shop +helm upgrade --install juice-shop2 oci://ghcr.io/securecodebox/helm/juice-shop ``` The AutoDiscovery will then create a second `zap` scan for the service, but no additional `trivy` container scan, as the juice-shop container is already being scanned. diff --git a/documentation/docs/how-tos/automatically-repeating-scans.md b/documentation/docs/how-tos/automatically-repeating-scans.md index b0866f32e7..68cf26c926 100644 --- a/documentation/docs/how-tos/automatically-repeating-scans.md +++ b/documentation/docs/how-tos/automatically-repeating-scans.md @@ -20,13 +20,13 @@ If not, check out the [installation](/docs/getting-started/installation/) for mo We will start by installing the typo3 scanner: ```bash -helm upgrade --install typo3scan secureCodeBox/typo3scan +helm upgrade --install typo3scan oci://ghcr.io/securecodebox/helm/typo3scan ``` And the Typo3 demo-target. This is only required if you don't already have a target you want to scan. ```bash -helm upgrade --install old-typo3 secureCodeBox/old-typo3 +helm upgrade --install old-typo3 oci://ghcr.io/securecodebox/helm/old-typo3 ``` ## Creating the Repeating Scan diff --git a/documentation/docs/how-tos/hooks.md b/documentation/docs/how-tos/hooks.md index f64ff1eb02..35ffa81c9c 100644 --- a/documentation/docs/how-tos/hooks.md +++ b/documentation/docs/how-tos/hooks.md @@ -31,14 +31,14 @@ For the sake of the tutorial, we assume that you have your Kubernetes cluster al We'll start by installing the nmap scanner: ```bash -helm upgrade --install nmap secureCodeBox/nmap +helm upgrade --install nmap oci://ghcr.io/securecodebox/helm/nmap ``` Next, we'll install two `update-field` _hooks_: ```bash -helm upgrade --install ufh1 secureCodeBox/update-field-hook --set attribute.name="category" --set attribute.value="first-hook" -helm upgrade --install ufh2 secureCodeBox/update-field-hook --set attribute.name="category" --set attribute.value="second-hook" +helm upgrade --install ufh1 oci://ghcr.io/securecodebox/helm/update-field-hook --set attribute.name="category" --set attribute.value="first-hook" +helm upgrade --install ufh2 oci://ghcr.io/securecodebox/helm/update-field-hook --set attribute.name="category" --set attribute.value="second-hook" ``` The first hook will update all _secureCodeBox_ findings such that the field `category` is set to the value `first-hook`. The second hook will set the same field to `second-hook`. diff --git a/documentation/docs/how-tos/persistence-storage.md b/documentation/docs/how-tos/persistence-storage.md index b80fe03645..b804085e64 100644 --- a/documentation/docs/how-tos/persistence-storage.md +++ b/documentation/docs/how-tos/persistence-storage.md @@ -152,12 +152,12 @@ At first, we install the operator and a scanner: # Install the operator helm repo add secureCodeBox https://charts.securecodebox.io kubectl create namespace securecodebox-system -helm --namespace securecodebox-system upgrade --install securecodebox-operator secureCodeBox/operator +helm --namespace securecodebox-system upgrade --install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator # Create a namespace for scanning - makes it easier to read logs if something went wrong kubectl create namespace scanning # Install nmap scanner for the later tutorial steps -helm upgrade --namespace scanning --install nmap secureCodeBox/nmap +helm upgrade --namespace scanning --install nmap oci://ghcr.io/securecodebox/helm/nmap ``` To install the DefectDojo hook, we need to create a secret with the API v2 Key we retrieved before: @@ -168,7 +168,7 @@ kubectl create secret generic defectdojo-credentials -n scanning \ Finally, we can install the DefectDojo hook via helm: ```bash -helm upgrade --namespace scanning --install dd secureCodeBox/persistence-defectdojo +helm upgrade --namespace scanning --install dd oci://ghcr.io/securecodebox/helm/persistence-defectdojo ``` To verify that everything works, we now start an nmap scan and check that its results are uploaded to our DefectDojo diff --git a/documentation/docs/how-tos/scanning-networks.md b/documentation/docs/how-tos/scanning-networks.md index 75ca92ac87..9808ce06d2 100644 --- a/documentation/docs/how-tos/scanning-networks.md +++ b/documentation/docs/how-tos/scanning-networks.md @@ -19,13 +19,13 @@ For the sake of the tutorial, we assume that you have your Kubernetes cluster al If not done yet, **install the nmap scanner:** ```bash -helm upgrade --install nmap secureCodeBox/nmap +helm upgrade --install nmap oci://ghcr.io/securecodebox/helm/nmap ``` Now we also need the **cascading-scans hook** (if not installed yet): ```bash -helm upgrade --install cascading-scans secureCodeBox/cascading-scans +helm upgrade --install cascading-scans oci://ghcr.io/securecodebox/helm/cascading-scans ``` Finally, setting up **Ncrack** is a little trickier though. Ncrack uses files with lists of usernames and passwords to brute-force an authentication. In its default configuration, the scanner will check for all combinations of usernames and passwords provided by our lists. You can use your own existing files or just create two **dummy files** for the purpose of the tutorial: @@ -52,7 +52,7 @@ Starting from secureCodeBox v4.0, it is also necessary to set `cascadingRules.en ::: ```bash -cat <=v1.11.0-0` The webhook URL is set as follows: ```bash -helm upgrade --install generic-webhook secureCodeBox/generic-webhook \ +helm upgrade --install generic-webhook oci://ghcr.io/securecodebox/helm/generic-webhook \ --set="webhookUrl=http://http-webhook/hello-world" ``` Two authentication methods exist for the Generic WebHook Hook. You can either use Basic authentication or API authentication. @@ -78,7 +78,7 @@ The keys for your secret mapping can also be renamed if necessary, for example ` This is usually done to reuse existing secrets. ```bash -helm upgrade --install generic-webhook secureCodeBox/generic-webhook \ +helm upgrade --install generic-webhook oci://ghcr.io/securecodebox/helm/generic-webhook \ --set="hook.authentication.apikey.headerNameKey=name" \ --set="hook.authentication.apikey.headerValueKey=value" ``` diff --git a/hooks/generic-webhook/docs/README.ArtifactHub.md b/hooks/generic-webhook/docs/README.ArtifactHub.md index 53e07797c0..31594defdd 100644 --- a/hooks/generic-webhook/docs/README.ArtifactHub.md +++ b/hooks/generic-webhook/docs/README.ArtifactHub.md @@ -48,7 +48,7 @@ The generic-webhook chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install generic-webhook secureCodeBox/generic-webhook +helm upgrade --install generic-webhook oci://ghcr.io/securecodebox/helm/generic-webhook ``` ## Requirements @@ -59,7 +59,7 @@ Kubernetes: `>=v1.11.0-0` The webhook URL is set as follows: ```bash -helm upgrade --install generic-webhook secureCodeBox/generic-webhook \ +helm upgrade --install generic-webhook oci://ghcr.io/securecodebox/helm/generic-webhook \ --set="webhookUrl=http://http-webhook/hello-world" ``` Two authentication methods exist for the Generic WebHook Hook. You can either use Basic authentication or API authentication. @@ -86,7 +86,7 @@ The keys for your secret mapping can also be renamed if necessary, for example ` This is usually done to reuse existing secrets. ```bash -helm upgrade --install generic-webhook secureCodeBox/generic-webhook \ +helm upgrade --install generic-webhook oci://ghcr.io/securecodebox/helm/generic-webhook \ --set="hook.authentication.apikey.headerNameKey=name" \ --set="hook.authentication.apikey.headerValueKey=value" ``` diff --git a/hooks/notification/.helm-docs.gotmpl b/hooks/notification/.helm-docs.gotmpl index 5bf4f31c0a..3080cdb8aa 100644 --- a/hooks/notification/.helm-docs.gotmpl +++ b/hooks/notification/.helm-docs.gotmpl @@ -172,7 +172,7 @@ data: SLACK_WEB_HOOK: NOIDONTHINKSOBASE64STUFF kubectl apply -f values_slack_secrets.yaml -helm upgrade --install nwh secureCodeBox/notification-hook --values myvalues.yaml +helm upgrade --install nwh oci://ghcr.io/securecodebox/helm/notification-hook --values myvalues.yaml ``` #### Configuration of a Slack App Notification @@ -395,7 +395,7 @@ stringData: key: YOURSECRETTRELLOAPIKEY token: YOURSECRETTRELLOAPITOKEN kubectl apply -f trello_secrets.yaml -helm upgrade --install nwh secureCodeBox/notification-hook --values trello_values.yaml +helm upgrade --install nwh oci://ghcr.io/securecodebox/helm/notification-hook --values trello_values.yaml ``` #### Configuration Of A rocket.chat Notification diff --git a/hooks/notification/README.md b/hooks/notification/README.md index 69b643d5a9..338db0e758 100644 --- a/hooks/notification/README.md +++ b/hooks/notification/README.md @@ -42,7 +42,7 @@ The notification chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install notification secureCodeBox/notification +helm upgrade --install notification oci://ghcr.io/securecodebox/helm/notification ``` ## Requirements @@ -191,7 +191,7 @@ data: SLACK_WEB_HOOK: NOIDONTHINKSOBASE64STUFF kubectl apply -f values_slack_secrets.yaml -helm upgrade --install nwh secureCodeBox/notification-hook --values myvalues.yaml +helm upgrade --install nwh oci://ghcr.io/securecodebox/helm/notification-hook --values myvalues.yaml ``` #### Configuration of a Slack App Notification @@ -414,7 +414,7 @@ stringData: key: YOURSECRETTRELLOAPIKEY token: YOURSECRETTRELLOAPITOKEN kubectl apply -f trello_secrets.yaml -helm upgrade --install nwh secureCodeBox/notification-hook --values trello_values.yaml +helm upgrade --install nwh oci://ghcr.io/securecodebox/helm/notification-hook --values trello_values.yaml ``` #### Configuration Of A rocket.chat Notification diff --git a/hooks/notification/docs/README.ArtifactHub.md b/hooks/notification/docs/README.ArtifactHub.md index b41fe0b751..8325b3c7ad 100644 --- a/hooks/notification/docs/README.ArtifactHub.md +++ b/hooks/notification/docs/README.ArtifactHub.md @@ -50,7 +50,7 @@ The notification chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install notification secureCodeBox/notification +helm upgrade --install notification oci://ghcr.io/securecodebox/helm/notification ``` ## Requirements @@ -199,7 +199,7 @@ data: SLACK_WEB_HOOK: NOIDONTHINKSOBASE64STUFF kubectl apply -f values_slack_secrets.yaml -helm upgrade --install nwh secureCodeBox/notification-hook --values myvalues.yaml +helm upgrade --install nwh oci://ghcr.io/securecodebox/helm/notification-hook --values myvalues.yaml ``` #### Configuration of a Slack App Notification @@ -422,7 +422,7 @@ stringData: key: YOURSECRETTRELLOAPIKEY token: YOURSECRETTRELLOAPITOKEN kubectl apply -f trello_secrets.yaml -helm upgrade --install nwh secureCodeBox/notification-hook --values trello_values.yaml +helm upgrade --install nwh oci://ghcr.io/securecodebox/helm/notification-hook --values trello_values.yaml ``` #### Configuration Of A rocket.chat Notification diff --git a/hooks/persistence-azure-monitor/.helm-docs.gotmpl b/hooks/persistence-azure-monitor/.helm-docs.gotmpl index 86d1378de8..48bab12a9f 100644 --- a/hooks/persistence-azure-monitor/.helm-docs.gotmpl +++ b/hooks/persistence-azure-monitor/.helm-docs.gotmpl @@ -45,7 +45,7 @@ Create a Kubernetes secret with these values using Then, configure the hook to use this secret when installing it: ```bash -helm upgrade --install persistence-azure-monitor . --wait \ +helm upgrade --install oci://ghcr.io/securecodebox/helm/persistence-azure-monitor . --wait \ --set="monitor.authentication.apiKeySecret="azure-monitor"" ``` diff --git a/hooks/persistence-azure-monitor/README.md b/hooks/persistence-azure-monitor/README.md index 26ead24099..9531745adb 100644 --- a/hooks/persistence-azure-monitor/README.md +++ b/hooks/persistence-azure-monitor/README.md @@ -44,7 +44,7 @@ The persistence-azure-monitor chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install persistence-azure-monitor secureCodeBox/persistence-azure-monitor +helm upgrade --install persistence-azure-monitor oci://ghcr.io/securecodebox/helm/persistence-azure-monitor ``` ## Requirements @@ -64,7 +64,7 @@ Create a Kubernetes secret with these values using Then, configure the hook to use this secret when installing it: ```bash -helm upgrade --install persistence-azure-monitor . --wait \ +helm upgrade --install oci://ghcr.io/securecodebox/helm/persistence-azure-monitor . --wait \ --set="monitor.authentication.apiKeySecret="azure-monitor"" ``` diff --git a/hooks/persistence-azure-monitor/docs/README.ArtifactHub.md b/hooks/persistence-azure-monitor/docs/README.ArtifactHub.md index 2e0187b163..487e922d79 100644 --- a/hooks/persistence-azure-monitor/docs/README.ArtifactHub.md +++ b/hooks/persistence-azure-monitor/docs/README.ArtifactHub.md @@ -52,7 +52,7 @@ The persistence-azure-monitor chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install persistence-azure-monitor secureCodeBox/persistence-azure-monitor +helm upgrade --install persistence-azure-monitor oci://ghcr.io/securecodebox/helm/persistence-azure-monitor ``` ## Requirements @@ -72,7 +72,7 @@ Create a Kubernetes secret with these values using Then, configure the hook to use this secret when installing it: ```bash -helm upgrade --install persistence-azure-monitor . --wait \ +helm upgrade --install oci://ghcr.io/securecodebox/helm/persistence-azure-monitor . --wait \ --set="monitor.authentication.apiKeySecret="azure-monitor"" ``` diff --git a/hooks/persistence-defectdojo/.helm-docs.gotmpl b/hooks/persistence-defectdojo/.helm-docs.gotmpl index f233d68cd6..9bc1e6c17b 100644 --- a/hooks/persistence-defectdojo/.helm-docs.gotmpl +++ b/hooks/persistence-defectdojo/.helm-docs.gotmpl @@ -62,7 +62,7 @@ limits: { For example, to set the memory limit to 512Mi, we run the following command: ```bash -helm upgrade --namespace NAMESPACE --install persistence-defectdojo secureCodeBox/persistence-defectdojo --set="hook.resources.limits.memory=512Mi" +helm upgrade --namespace NAMESPACE --install persistence-defectdojo oci://ghcr.io/securecodebox/helm/persistence-defectdojo --set="hook.resources.limits.memory=512Mi" ``` ::: @@ -109,7 +109,7 @@ Installing the _DefectDojo_ persistenceProvider hook will add a _ReadAndWrite Ho ```bash kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..." -helm upgrade --install dd secureCodeBox/persistence-defectdojo \ +helm upgrade --install dd oci://ghcr.io/securecodebox/helm/persistence-defectdojo \ --set="defectdojo.url=https://defectdojo-django.default.svc" ``` @@ -118,7 +118,7 @@ The hook will automatically import the scan results into an engagement in _Defec In case you use a _DefectDojo_ instance with a self-signed root CA, upgrade the hook with: ```bash -helm upgrade --install dd secureCodeBox/persistence-defectdojo \ +helm upgrade --install dd oci://ghcr.io/securecodebox/helm/persistence-defectdojo \ --set="defectdojo.url=https://defectdojo-django.default.svc" \ --set-json 'hook.extraVolumes=[{"name": "ca-dojo", "configMap": {"name": "ca-dojo"}}]' \ --set-json 'hook.extraVolumeMounts=[{"name": "ca-dojo", "mountPath": "/etc/ssl/certs/java/cacerts", "subPath": "cacerts", "readOnly": false}]' @@ -220,7 +220,7 @@ _DefectDojo_ >2.0.0 refined their user access rights, allowing you to restrict t ```bash kubectl create secret generic defectdojo-credentials --from-literal="apikey=08b7..." -helm upgrade --install dd secureCodeBox/persistence-defectdojo \ +helm upgrade --install dd oci://ghcr.io/securecodebox/helm/persistence-defectdojo \ --set="defectdojo.url=http://defectdojo-django.default.svc" \ --set="defectdojo.lowPrivilegedMode=true" \ --set="defectdojo.authentication.userId=42" diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md index 7fad2c4c56..3fa7422612 100644 --- a/hooks/persistence-defectdojo/README.md +++ b/hooks/persistence-defectdojo/README.md @@ -73,7 +73,7 @@ limits: { For example, to set the memory limit to 512Mi, we run the following command: ```bash -helm upgrade --namespace NAMESPACE --install persistence-defectdojo secureCodeBox/persistence-defectdojo --set="hook.resources.limits.memory=512Mi" +helm upgrade --namespace NAMESPACE --install persistence-defectdojo oci://ghcr.io/securecodebox/helm/persistence-defectdojo --set="hook.resources.limits.memory=512Mi" ``` ::: @@ -113,7 +113,7 @@ The persistence-defectdojo chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install persistence-defectdojo secureCodeBox/persistence-defectdojo +helm upgrade --install persistence-defectdojo oci://ghcr.io/securecodebox/helm/persistence-defectdojo ``` ## Requirements @@ -127,7 +127,7 @@ Installing the _DefectDojo_ persistenceProvider hook will add a _ReadAndWrite Ho ```bash kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..." -helm upgrade --install dd secureCodeBox/persistence-defectdojo \ +helm upgrade --install dd oci://ghcr.io/securecodebox/helm/persistence-defectdojo \ --set="defectdojo.url=https://defectdojo-django.default.svc" ``` @@ -136,7 +136,7 @@ The hook will automatically import the scan results into an engagement in _Defec In case you use a _DefectDojo_ instance with a self-signed root CA, upgrade the hook with: ```bash -helm upgrade --install dd secureCodeBox/persistence-defectdojo \ +helm upgrade --install dd oci://ghcr.io/securecodebox/helm/persistence-defectdojo \ --set="defectdojo.url=https://defectdojo-django.default.svc" \ --set-json 'hook.extraVolumes=[{"name": "ca-dojo", "configMap": {"name": "ca-dojo"}}]' \ --set-json 'hook.extraVolumeMounts=[{"name": "ca-dojo", "mountPath": "/etc/ssl/certs/java/cacerts", "subPath": "cacerts", "readOnly": false}]' @@ -238,7 +238,7 @@ _DefectDojo_ >2.0.0 refined their user access rights, allowing you to restrict t ```bash kubectl create secret generic defectdojo-credentials --from-literal="apikey=08b7..." -helm upgrade --install dd secureCodeBox/persistence-defectdojo \ +helm upgrade --install dd oci://ghcr.io/securecodebox/helm/persistence-defectdojo \ --set="defectdojo.url=http://defectdojo-django.default.svc" \ --set="defectdojo.lowPrivilegedMode=true" \ --set="defectdojo.authentication.userId=42" diff --git a/hooks/persistence-defectdojo/docs/README.ArtifactHub.md b/hooks/persistence-defectdojo/docs/README.ArtifactHub.md index 5eda4690ba..e371e338d7 100644 --- a/hooks/persistence-defectdojo/docs/README.ArtifactHub.md +++ b/hooks/persistence-defectdojo/docs/README.ArtifactHub.md @@ -81,7 +81,7 @@ limits: { For example, to set the memory limit to 512Mi, we run the following command: ```bash -helm upgrade --namespace NAMESPACE --install persistence-defectdojo secureCodeBox/persistence-defectdojo --set="hook.resources.limits.memory=512Mi" +helm upgrade --namespace NAMESPACE --install persistence-defectdojo oci://ghcr.io/securecodebox/helm/persistence-defectdojo --set="hook.resources.limits.memory=512Mi" ``` ::: @@ -121,7 +121,7 @@ The persistence-defectdojo chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install persistence-defectdojo secureCodeBox/persistence-defectdojo +helm upgrade --install persistence-defectdojo oci://ghcr.io/securecodebox/helm/persistence-defectdojo ``` ## Requirements @@ -135,7 +135,7 @@ Installing the _DefectDojo_ persistenceProvider hook will add a _ReadAndWrite Ho ```bash kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..." -helm upgrade --install dd secureCodeBox/persistence-defectdojo \ +helm upgrade --install dd oci://ghcr.io/securecodebox/helm/persistence-defectdojo \ --set="defectdojo.url=https://defectdojo-django.default.svc" ``` @@ -144,7 +144,7 @@ The hook will automatically import the scan results into an engagement in _Defec In case you use a _DefectDojo_ instance with a self-signed root CA, upgrade the hook with: ```bash -helm upgrade --install dd secureCodeBox/persistence-defectdojo \ +helm upgrade --install dd oci://ghcr.io/securecodebox/helm/persistence-defectdojo \ --set="defectdojo.url=https://defectdojo-django.default.svc" \ --set-json 'hook.extraVolumes=[{"name": "ca-dojo", "configMap": {"name": "ca-dojo"}}]' \ --set-json 'hook.extraVolumeMounts=[{"name": "ca-dojo", "mountPath": "/etc/ssl/certs/java/cacerts", "subPath": "cacerts", "readOnly": false}]' @@ -246,7 +246,7 @@ _DefectDojo_ >2.0.0 refined their user access rights, allowing you to restrict t ```bash kubectl create secret generic defectdojo-credentials --from-literal="apikey=08b7..." -helm upgrade --install dd secureCodeBox/persistence-defectdojo \ +helm upgrade --install dd oci://ghcr.io/securecodebox/helm/persistence-defectdojo \ --set="defectdojo.url=http://defectdojo-django.default.svc" \ --set="defectdojo.lowPrivilegedMode=true" \ --set="defectdojo.authentication.userId=42" diff --git a/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md b/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md index d0d270a027..56cb438593 100644 --- a/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md +++ b/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md @@ -92,7 +92,7 @@ limits: { For example, to set the memory limit to 512Mi, we run the following command: ```bash -helm upgrade --namespace NAMESPACE --install persistence-defectdojo secureCodeBox/persistence-defectdojo --set="hook.resources.limits.memory=512Mi" +helm upgrade --namespace NAMESPACE --install persistence-defectdojo oci://ghcr.io/securecodebox/helm/persistence-defectdojo --set="hook.resources.limits.memory=512Mi" ``` ::: diff --git a/hooks/persistence-dependencytrack/.helm-docs.gotmpl b/hooks/persistence-dependencytrack/.helm-docs.gotmpl index a1eb4627c8..8b6a847c12 100644 --- a/hooks/persistence-dependencytrack/.helm-docs.gotmpl +++ b/hooks/persistence-dependencytrack/.helm-docs.gotmpl @@ -42,7 +42,7 @@ Check the [Dependency-Track documentation][dt-api-docs], to learn how to configu ```bash kubectl create secret generic dependencytrack-credentials --from-literal="apikey=NoEs..." -helm upgrade --install dt secureCodeBox/persistence-dependencytrack \ +helm upgrade --install dt oci://ghcr.io/securecodebox/helm/persistence-dependencytrack \ --set="dependencytrack.url=https://dependency-track-backend.default.svc" ``` diff --git a/hooks/persistence-dependencytrack/README.md b/hooks/persistence-dependencytrack/README.md index 25791eb6d7..211700d709 100644 --- a/hooks/persistence-dependencytrack/README.md +++ b/hooks/persistence-dependencytrack/README.md @@ -44,7 +44,7 @@ The persistence-dependencytrack chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install persistence-dependencytrack secureCodeBox/persistence-dependencytrack +helm upgrade --install persistence-dependencytrack oci://ghcr.io/securecodebox/helm/persistence-dependencytrack ``` ## Requirements @@ -61,7 +61,7 @@ Check the [Dependency-Track documentation][dt-api-docs], to learn how to configu ```bash kubectl create secret generic dependencytrack-credentials --from-literal="apikey=NoEs..." -helm upgrade --install dt secureCodeBox/persistence-dependencytrack \ +helm upgrade --install dt oci://ghcr.io/securecodebox/helm/persistence-dependencytrack \ --set="dependencytrack.url=https://dependency-track-backend.default.svc" ``` diff --git a/hooks/persistence-dependencytrack/docs/README.ArtifactHub.md b/hooks/persistence-dependencytrack/docs/README.ArtifactHub.md index 32f9b902b3..fe2925156b 100644 --- a/hooks/persistence-dependencytrack/docs/README.ArtifactHub.md +++ b/hooks/persistence-dependencytrack/docs/README.ArtifactHub.md @@ -52,7 +52,7 @@ The persistence-dependencytrack chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install persistence-dependencytrack secureCodeBox/persistence-dependencytrack +helm upgrade --install persistence-dependencytrack oci://ghcr.io/securecodebox/helm/persistence-dependencytrack ``` ## Requirements @@ -69,7 +69,7 @@ Check the [Dependency-Track documentation][dt-api-docs], to learn how to configu ```bash kubectl create secret generic dependencytrack-credentials --from-literal="apikey=NoEs..." -helm upgrade --install dt secureCodeBox/persistence-dependencytrack \ +helm upgrade --install dt oci://ghcr.io/securecodebox/helm/persistence-dependencytrack \ --set="dependencytrack.url=https://dependency-track-backend.default.svc" ``` diff --git a/hooks/persistence-elastic/README.md b/hooks/persistence-elastic/README.md index e984b2ce1f..7892a28ebc 100644 --- a/hooks/persistence-elastic/README.md +++ b/hooks/persistence-elastic/README.md @@ -42,7 +42,7 @@ The persistence-elastic chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install persistence-elastic secureCodeBox/persistence-elastic +helm upgrade --install persistence-elastic oci://ghcr.io/securecodebox/helm/persistence-elastic ``` ## Requirements diff --git a/hooks/persistence-elastic/docs/README.ArtifactHub.md b/hooks/persistence-elastic/docs/README.ArtifactHub.md index d797196eb8..4268bc6b29 100644 --- a/hooks/persistence-elastic/docs/README.ArtifactHub.md +++ b/hooks/persistence-elastic/docs/README.ArtifactHub.md @@ -50,7 +50,7 @@ The persistence-elastic chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install persistence-elastic secureCodeBox/persistence-elastic +helm upgrade --install persistence-elastic oci://ghcr.io/securecodebox/helm/persistence-elastic ``` ## Requirements diff --git a/hooks/update-field-hook/.helm-docs.gotmpl b/hooks/update-field-hook/.helm-docs.gotmpl index f60e634fc8..ef3f076e6d 100644 --- a/hooks/update-field-hook/.helm-docs.gotmpl +++ b/hooks/update-field-hook/.helm-docs.gotmpl @@ -33,7 +33,7 @@ usecase: "Updates fields in finding results." Installing the _Update Field_ hook will add a ReadAndWrite Hook to your namespace, which can be used to add or update fields from your findings. ```bash -helm upgrade --install ufh secureCodeBox/update-field-hook --set attribute.name="category" --set attribute.value="my-own-category" +helm upgrade --install ufh oci://ghcr.io/securecodebox/helm/update-field-hook --set attribute.name="category" --set attribute.value="my-own-category" ``` > ✍ This documentation is currently work-in-progress. {{- end }} diff --git a/hooks/update-field-hook/README.md b/hooks/update-field-hook/README.md index bae0b7a2d1..f648ef6df3 100644 --- a/hooks/update-field-hook/README.md +++ b/hooks/update-field-hook/README.md @@ -41,7 +41,7 @@ The update-field-hook chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install update-field-hook secureCodeBox/update-field-hook +helm upgrade --install update-field-hook oci://ghcr.io/securecodebox/helm/update-field-hook ``` ## Requirements @@ -52,7 +52,7 @@ Kubernetes: `>=v1.11.0-0` Installing the _Update Field_ hook will add a ReadAndWrite Hook to your namespace, which can be used to add or update fields from your findings. ```bash -helm upgrade --install ufh secureCodeBox/update-field-hook --set attribute.name="category" --set attribute.value="my-own-category" +helm upgrade --install ufh oci://ghcr.io/securecodebox/helm/update-field-hook --set attribute.name="category" --set attribute.value="my-own-category" ``` > ✍ This documentation is currently work-in-progress. diff --git a/hooks/update-field-hook/docs/README.ArtifactHub.md b/hooks/update-field-hook/docs/README.ArtifactHub.md index bfee38ba54..44d6793ecb 100644 --- a/hooks/update-field-hook/docs/README.ArtifactHub.md +++ b/hooks/update-field-hook/docs/README.ArtifactHub.md @@ -49,7 +49,7 @@ The update-field-hook chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install update-field-hook secureCodeBox/update-field-hook +helm upgrade --install update-field-hook oci://ghcr.io/securecodebox/helm/update-field-hook ``` ## Requirements @@ -60,7 +60,7 @@ Kubernetes: `>=v1.11.0-0` Installing the _Update Field_ hook will add a ReadAndWrite Hook to your namespace, which can be used to add or update fields from your findings. ```bash -helm upgrade --install ufh secureCodeBox/update-field-hook --set attribute.name="category" --set attribute.value="my-own-category" +helm upgrade --install ufh oci://ghcr.io/securecodebox/helm/update-field-hook --set attribute.name="category" --set attribute.value="my-own-category" ``` > ✍ This documentation is currently work-in-progress. diff --git a/operator/README.md b/operator/README.md index 8d2363d168..42dbc652d8 100644 --- a/operator/README.md +++ b/operator/README.md @@ -45,7 +45,7 @@ The operator chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install operator secureCodeBox/operator +helm upgrade --install operator oci://ghcr.io/securecodebox/helm/operator ``` ## Requirements diff --git a/operator/docs/README.ArtifactHub.md b/operator/docs/README.ArtifactHub.md index 73bbb50bd5..017f0bd0eb 100644 --- a/operator/docs/README.ArtifactHub.md +++ b/operator/docs/README.ArtifactHub.md @@ -50,7 +50,7 @@ The operator chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install operator secureCodeBox/operator +helm upgrade --install operator oci://ghcr.io/securecodebox/helm/operator ``` ## Requirements diff --git a/scanners/.helm-docs.gotmpl b/scanners/.helm-docs.gotmpl index bf5297327b..a97b3bccf6 100644 --- a/scanners/.helm-docs.gotmpl +++ b/scanners/.helm-docs.gotmpl @@ -25,7 +25,7 @@ The {{ template "chart.name" . }} `scanType` can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install {{ template "chart.name" . }} secureCodeBox/{{ template "chart.name" . }} +helm upgrade --install {{ template "chart.name" . }} oci://ghcr.io/securecodebox/helm/{{ template "chart.name" . }} ``` {{- end }} diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 0bdba144cf..1a84f1f480 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -48,7 +48,7 @@ The amass chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install amass secureCodeBox/amass +helm upgrade --install amass oci://ghcr.io/securecodebox/helm/amass ``` ## Scanner Configuration diff --git a/scanners/amass/docs/README.ArtifactHub.md b/scanners/amass/docs/README.ArtifactHub.md index f13d93b68d..2bfdd94baa 100644 --- a/scanners/amass/docs/README.ArtifactHub.md +++ b/scanners/amass/docs/README.ArtifactHub.md @@ -53,7 +53,7 @@ The amass chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install amass secureCodeBox/amass +helm upgrade --install amass oci://ghcr.io/securecodebox/helm/amass ``` ## Scanner Configuration diff --git a/scanners/cmseek/README.md b/scanners/cmseek/README.md index d8816030d6..f0734ccdc9 100644 --- a/scanners/cmseek/README.md +++ b/scanners/cmseek/README.md @@ -44,7 +44,7 @@ The cmseek chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install cmseek secureCodeBox/cmseek +helm upgrade --install cmseek oci://ghcr.io/securecodebox/helm/cmseek ``` ## Scanner Configuration diff --git a/scanners/cmseek/docs/README.ArtifactHub.md b/scanners/cmseek/docs/README.ArtifactHub.md index ac15002a88..404ef41c79 100644 --- a/scanners/cmseek/docs/README.ArtifactHub.md +++ b/scanners/cmseek/docs/README.ArtifactHub.md @@ -51,7 +51,7 @@ The cmseek chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install cmseek secureCodeBox/cmseek +helm upgrade --install cmseek oci://ghcr.io/securecodebox/helm/cmseek ``` ## Scanner Configuration diff --git a/scanners/doggo/README.md b/scanners/doggo/README.md index 79220b4b9e..571038361b 100644 --- a/scanners/doggo/README.md +++ b/scanners/doggo/README.md @@ -43,7 +43,7 @@ The doggo chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install doggo secureCodeBox/doggo +helm upgrade --install doggo oci://ghcr.io/securecodebox/helm/doggo ``` ## Scanner Configuration diff --git a/scanners/doggo/docs/README.ArtifactHub.md b/scanners/doggo/docs/README.ArtifactHub.md index 21104a38a0..e07adebc94 100644 --- a/scanners/doggo/docs/README.ArtifactHub.md +++ b/scanners/doggo/docs/README.ArtifactHub.md @@ -50,7 +50,7 @@ The doggo chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install doggo secureCodeBox/doggo +helm upgrade --install doggo oci://ghcr.io/securecodebox/helm/doggo ``` ## Scanner Configuration diff --git a/scanners/ffuf/README.md b/scanners/ffuf/README.md index 43d6176521..4bbffc37ae 100644 --- a/scanners/ffuf/README.md +++ b/scanners/ffuf/README.md @@ -47,7 +47,7 @@ The ffuf chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install ffuf secureCodeBox/ffuf +helm upgrade --install ffuf oci://ghcr.io/securecodebox/helm/ffuf ``` ## Scanner Configuration diff --git a/scanners/ffuf/docs/README.ArtifactHub.md b/scanners/ffuf/docs/README.ArtifactHub.md index 503fe8a86f..6c43304b9e 100644 --- a/scanners/ffuf/docs/README.ArtifactHub.md +++ b/scanners/ffuf/docs/README.ArtifactHub.md @@ -52,7 +52,7 @@ The ffuf chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install ffuf secureCodeBox/ffuf +helm upgrade --install ffuf oci://ghcr.io/securecodebox/helm/ffuf ``` ## Scanner Configuration diff --git a/scanners/git-repo-scanner/README.md b/scanners/git-repo-scanner/README.md index 09b1799849..1415a9501a 100644 --- a/scanners/git-repo-scanner/README.md +++ b/scanners/git-repo-scanner/README.md @@ -43,7 +43,7 @@ The git-repo-scanner chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install git-repo-scanner secureCodeBox/git-repo-scanner +helm upgrade --install git-repo-scanner oci://ghcr.io/securecodebox/helm/git-repo-scanner ``` ## Scanner Configuration diff --git a/scanners/git-repo-scanner/docs/README.ArtifactHub.md b/scanners/git-repo-scanner/docs/README.ArtifactHub.md index cb3ee95430..b97cfb120a 100644 --- a/scanners/git-repo-scanner/docs/README.ArtifactHub.md +++ b/scanners/git-repo-scanner/docs/README.ArtifactHub.md @@ -50,7 +50,7 @@ The git-repo-scanner chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install git-repo-scanner secureCodeBox/git-repo-scanner +helm upgrade --install git-repo-scanner oci://ghcr.io/securecodebox/helm/git-repo-scanner ``` ## Scanner Configuration diff --git a/scanners/gitleaks/README.md b/scanners/gitleaks/README.md index b98d6ee61f..6a5aacc294 100644 --- a/scanners/gitleaks/README.md +++ b/scanners/gitleaks/README.md @@ -48,7 +48,7 @@ The gitleaks chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install gitleaks secureCodeBox/gitleaks +helm upgrade --install gitleaks oci://ghcr.io/securecodebox/helm/gitleaks ``` ## Scanner Configuration diff --git a/scanners/gitleaks/docs/README.ArtifactHub.md b/scanners/gitleaks/docs/README.ArtifactHub.md index 7520bf8eee..b3740782a1 100644 --- a/scanners/gitleaks/docs/README.ArtifactHub.md +++ b/scanners/gitleaks/docs/README.ArtifactHub.md @@ -53,7 +53,7 @@ The gitleaks chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install gitleaks secureCodeBox/gitleaks +helm upgrade --install gitleaks oci://ghcr.io/securecodebox/helm/gitleaks ``` ## Scanner Configuration diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md index 56bfe73fec..184d6657c6 100644 --- a/scanners/kube-hunter/README.md +++ b/scanners/kube-hunter/README.md @@ -45,7 +45,7 @@ The kube-hunter chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install kube-hunter secureCodeBox/kube-hunter +helm upgrade --install kube-hunter oci://ghcr.io/securecodebox/helm/kube-hunter ``` ## Scanner Configuration diff --git a/scanners/kube-hunter/docs/README.ArtifactHub.md b/scanners/kube-hunter/docs/README.ArtifactHub.md index a21118a739..582700dfa3 100644 --- a/scanners/kube-hunter/docs/README.ArtifactHub.md +++ b/scanners/kube-hunter/docs/README.ArtifactHub.md @@ -50,7 +50,7 @@ The kube-hunter chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install kube-hunter secureCodeBox/kube-hunter +helm upgrade --install kube-hunter oci://ghcr.io/securecodebox/helm/kube-hunter ``` ## Scanner Configuration diff --git a/scanners/kubeaudit/README.md b/scanners/kubeaudit/README.md index d022cf4397..21bca7bc8f 100644 --- a/scanners/kubeaudit/README.md +++ b/scanners/kubeaudit/README.md @@ -46,7 +46,7 @@ The kubeaudit chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install kubeaudit secureCodeBox/kubeaudit +helm upgrade --install kubeaudit oci://ghcr.io/securecodebox/helm/kubeaudit ``` ## Scanner Configuration diff --git a/scanners/kubeaudit/docs/README.ArtifactHub.md b/scanners/kubeaudit/docs/README.ArtifactHub.md index c452688ee6..2b9509bea2 100644 --- a/scanners/kubeaudit/docs/README.ArtifactHub.md +++ b/scanners/kubeaudit/docs/README.ArtifactHub.md @@ -53,7 +53,7 @@ The kubeaudit chart can be deployed via helm: ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install kubeaudit secureCodeBox/kubeaudit +helm upgrade --install kubeaudit oci://ghcr.io/securecodebox/helm/kubeaudit ``` ## Scanner Configuration diff --git a/scanners/kubeaudit/examples/juice-shop/README.md b/scanners/kubeaudit/examples/juice-shop/README.md index 1a710855fe..5fef09e03f 100644 --- a/scanners/kubeaudit/examples/juice-shop/README.md +++ b/scanners/kubeaudit/examples/juice-shop/README.md @@ -11,7 +11,7 @@ In this example we execute an kubeaudit scan against the intentional vulnerable Before executing the scan, make sure to setup juice-shop ```bash -helm upgrade --install juice-shop secureCodeBox/juice-shop --wait +helm upgrade --install juice-shop oci://ghcr.io/securecodebox/helm/juice-shop --wait ``` After that you can execute the scan in this directory: @@ -24,7 +24,7 @@ kubectl apply -f scan.yaml If you juice-shop runs in, e.g., the `kubeaudit-tests` namespace, install the chart and run the scan there too ```bash # Install HelmChart in kubeaudit-tests namespace -helm upgrade --install kubeaudit secureCodeBox/kubeaudit -n kubeaudit-tests +helm upgrade --install kubeaudit oci://ghcr.io/securecodebox/helm/kubeaudit -n kubeaudit-tests # Run scan in kubeaudit-tests namespace kubectl apply -f scan.yaml -n kubeaudit-tests ``` @@ -32,5 +32,5 @@ Also, you must adjust the namespace in the scan.yaml with the `-n` flag. Alternatively, you can set the scope of kubeaudit to cluster: ```bash -helm upgrade --install kubeaudit secureCodeBox/kubeaudit -n kubeaudit-tests --set="kubeauditScope=cluster" +helm upgrade --install kubeaudit oci://ghcr.io/securecodebox/helm/kubeaudit -n kubeaudit-tests --set="kubeauditScope=cluster" ``` \ No newline at end of file diff --git a/scanners/ncrack/.helm-docs.gotmpl b/scanners/ncrack/.helm-docs.gotmpl index ba4966a6fb..3405924b59 100644 --- a/scanners/ncrack/.helm-docs.gotmpl +++ b/scanners/ncrack/.helm-docs.gotmpl @@ -134,7 +134,7 @@ Now you only need to set the value *encryptPasswords.existingSecret* to the secrets name when installing the scanner ```bash - helm upgrade --install ncrack secureCodeBox/ncrack --set="encryptPasswords.existingSecret=" + helm upgrade --install ncrack oci://ghcr.io/securecodebox/helm/ncrack --set="encryptPasswords.existingSecret=" ``` To decrypt a password from a finding use: @@ -156,7 +156,7 @@ Now we created a secret named "ncrack-lists". Before we can use the files, we have to install the Ncrack ScanType: ```bash -cat < passwords.txt kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists # Install dummy-ssh app. We'll use ncrack to enumerate its ssh username and password -helm install dummy-ssh ./demo-targets/dummy-ssh/ --wait +helm install dummy-ssh oci://ghcr.io/securecodebox/helm/dummy-ssh/ --wait # Install the ncrack scanType and set mount the files from the ncrack-lists Kubernetes secret -cat < Date: Wed, 26 Jun 2024 21:05:58 +0200 Subject: [PATCH 2/2] Fix the most important install instruction... Signed-off-by: Jannik Hollenbach --- documentation/docs/getting-started/installation.md | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/documentation/docs/getting-started/installation.md b/documentation/docs/getting-started/installation.md index 37f1622e18..979beb1139 100644 --- a/documentation/docs/getting-started/installation.md +++ b/documentation/docs/getting-started/installation.md @@ -14,14 +14,8 @@ The secureCodeBox is running on [Kubernetes](https://kubernetes.io/). To install First of all you need to install the secureCodeBox Operator which is responsible for starting all security scans. ```bash -# Add the secureCodeBox Helm Repo -helm repo add secureCodeBox https://charts.securecodebox.io - -# Create a new namespace for the secureCodeBox Operator -kubectl create namespace securecodebox-system - -# Install the Operator & CRD's -helm --namespace securecodebox-system upgrade --install securecodebox-operator secureCodeBox/operator +# Install the Operator & CRD's into the `securecodebox-system` namespace +helm --namespace securecodebox-system upgrade --install --create-namespace securecodebox-operator oci://ghcr.io/securecodebox/helm/operator ``` If you didn't see any errors you now have the secureCodeBox Operator up and running! 🥳 🚀