From 42df145137535843bedf3525e58e646666ccf9a2 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach Date: Thu, 27 Jun 2024 15:40:59 +0200 Subject: [PATCH] Fix missing instructions which still point to the old registry Signed-off-by: Jannik Hollenbach --- auto-discovery/cloud-aws/.helm-docs.gotmpl | 2 +- auto-discovery/cloud-aws/README.md | 2 +- .../cloud-aws/docs/README.ArtifactHub.md | 2 +- bin/install.sh | 2 +- documentation/blog/2022-01-18-log4shell.md | 2 +- documentation/docs/11-telemetry.md | 2 +- .../09_architecture_decisions/adr_0012.md | 2 +- documentation/docs/auto-discovery/installation.md | 2 +- .../docs/contributing/local-deployment.md | 2 +- documentation/docs/getting-started/first-scans.md | 2 +- .../docs/getting-started/troubleshooting.md | 14 ++++++++------ .../docs/getting-started/uninstallation.md | 2 +- documentation/docs/how-tos/hooks.md | 4 ++-- documentation/docs/how-tos/persistence-storage.md | 9 ++++----- operator/.helm-docs.gotmpl | 2 +- operator/README.md | 2 +- operator/docs/README.ArtifactHub.md | 2 +- scanners/nikto/examples/demo-juice-shop/README.md | 2 +- 18 files changed, 29 insertions(+), 28 deletions(-) diff --git a/auto-discovery/cloud-aws/.helm-docs.gotmpl b/auto-discovery/cloud-aws/.helm-docs.gotmpl index b7469db9c5..5612b9d223 100644 --- a/auto-discovery/cloud-aws/.helm-docs.gotmpl +++ b/auto-discovery/cloud-aws/.helm-docs.gotmpl @@ -129,7 +129,7 @@ To directly deploy the auto-discovery-cloud-aws chart with the options for AWS c ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install {{ template "chart.name" . }} secureCodeBox/{{ template "chart.name" . }} --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}" +helm upgrade --install {{ template "chart.name" . }} oci://ghcr.io/securecodebox/helm/{{ template "chart.name" . }} --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}" ``` {{- end }} diff --git a/auto-discovery/cloud-aws/README.md b/auto-discovery/cloud-aws/README.md index b3ad834abb..8a58299b3c 100644 --- a/auto-discovery/cloud-aws/README.md +++ b/auto-discovery/cloud-aws/README.md @@ -149,7 +149,7 @@ To directly deploy the auto-discovery-cloud-aws chart with the options for AWS c ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install auto-discovery-cloud-aws secureCodeBox/auto-discovery-cloud-aws --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}" +helm upgrade --install auto-discovery-cloud-aws oci://ghcr.io/securecodebox/helm/auto-discovery-cloud-aws --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}" ``` ## Requirements diff --git a/auto-discovery/cloud-aws/docs/README.ArtifactHub.md b/auto-discovery/cloud-aws/docs/README.ArtifactHub.md index 6323257226..3dbbfcf5c0 100644 --- a/auto-discovery/cloud-aws/docs/README.ArtifactHub.md +++ b/auto-discovery/cloud-aws/docs/README.ArtifactHub.md @@ -141,7 +141,7 @@ To directly deploy the auto-discovery-cloud-aws chart with the options for AWS c ```bash # Install HelmChart (use -n to configure another namespace) -helm upgrade --install auto-discovery-cloud-aws secureCodeBox/auto-discovery-cloud-aws --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}" +helm upgrade --install auto-discovery-cloud-aws oci://ghcr.io/securecodebox/helm/auto-discovery-cloud-aws --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}" ``` ## Requirements diff --git a/bin/install.sh b/bin/install.sh index 1fa1450252..6f76f0b526 100755 --- a/bin/install.sh +++ b/bin/install.sh @@ -118,7 +118,7 @@ function createNamespaceAndInstallOperator() { print "Installing the operator in the '$SCB_SYSTEM_NAMESPACE' namespace" - if [[ $(helm -n "$SCB_SYSTEM_NAMESPACE" upgrade --install securecodebox-operator secureCodeBox/operator) ]]; then + if [[ $(helm -n "$SCB_SYSTEM_NAMESPACE" upgrade --install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator) ]]; then print "$COLOR_OK" "Successfully installed the operator in namespace '$SCB_SYSTEM_NAMESPACE'!" else print "$COLOR_ERROR" "Operator installation failed in namespace '$SCB_SYSTEM_NAMESPACE', cancelling installation!" && exit 1 diff --git a/documentation/blog/2022-01-18-log4shell.md b/documentation/blog/2022-01-18-log4shell.md index 4c316eef89..7a8f1af9e2 100644 --- a/documentation/blog/2022-01-18-log4shell.md +++ b/documentation/blog/2022-01-18-log4shell.md @@ -257,7 +257,7 @@ For hosts sitting in internal networks, we used nmap ([with the secureCodeBox `n After enumerating the targets, we triggered the actual Nuclei scans using another cascading rule. -Most scanner helm charts in the secureCodeBox come with cascading rules by default. E.g. the [rule used to trigger the nmap port scans on amass findings](https://github.com/secureCodeBox/secureCodeBox/blob/main/scanners/nmap/cascading-rules/hostscan.yaml) is included by default in the nmap helm chart GitHub. With the nuclei cascading rule we wanted to have more control over the configuration of the automatically created cascaded scans so we disabled the cascading rules included by default in the helm chart (`helm install nuclei secureCodeBox/nuclei --set="cascadingRules.enabled=false"`) and created our own, incorporating our custom nuclei configuration described above. The rule then looked like the following (reusing the ConfigMap created in the example above): +Most scanner helm charts in the secureCodeBox come with cascading rules by default. E.g. the [rule used to trigger the nmap port scans on amass findings](https://github.com/secureCodeBox/secureCodeBox/blob/main/scanners/nmap/cascading-rules/hostscan.yaml) is included by default in the nmap helm chart GitHub. With the nuclei cascading rule we wanted to have more control over the configuration of the automatically created cascaded scans so we disabled the cascading rules included by default in the helm chart (`helm install nuclei oci://ghcr.io/securecodebox/helm/nuclei --set="cascadingRules.enabled=false"`) and created our own, incorporating our custom nuclei configuration described above. The rule then looked like the following (reusing the ConfigMap created in the example above): ```yaml apiVersion: "cascading.securecodebox.io/v1" diff --git a/documentation/docs/11-telemetry.md b/documentation/docs/11-telemetry.md index edaec04363..7f6c36927f 100644 --- a/documentation/docs/11-telemetry.md +++ b/documentation/docs/11-telemetry.md @@ -25,7 +25,7 @@ The data is submitted every 24 hours. When the Operator starts, the first data-p The collection of telemetry data can be completely disabled by setting the `telemetryEnabled` to `false`, e.g: ```bash -helm install securecodebox-operator secureCodeBox/operator --set="telemetryEnabled=false" +helm install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator --set="telemetryEnabled=false" ``` ## Telemetry Code diff --git a/documentation/docs/architecture/09_architecture_decisions/adr_0012.md b/documentation/docs/architecture/09_architecture_decisions/adr_0012.md index f7f0b3818a..91a2d80e57 100644 --- a/documentation/docs/architecture/09_architecture_decisions/adr_0012.md +++ b/documentation/docs/architecture/09_architecture_decisions/adr_0012.md @@ -17,7 +17,7 @@ sidebar_label: "ADR-0012" ## Context -Currently all custom resources for the secureCodeBox are isolated into the namespace they are installed from. If you start a scan of type nmap in namespace `demo-one` you'll have to have the `ScanType` (and the corresponding `ParseDefinition`) nmap installed in `demo-one`. This is usually not a big issue as installing a `ScanType` is pretty easy (`helm install nmap secureCodeBox/nmap --namespace demo-one`). +Currently all custom resources for the secureCodeBox are isolated into the namespace they are installed from. If you start a scan of type nmap in namespace `demo-one` you'll have to have the `ScanType` (and the corresponding `ParseDefinition`) nmap installed in `demo-one`. This is usually not a big issue as installing a `ScanType` is pretty easy (`helm install nmap oci://ghcr.io/securecodebox/helm/nmap --namespace demo-one`). If you then want to start other scans for other targets you might want to create another namespace `demo-two`. To run scans in `demo-two` you'll also have to install nmap in that namespace. diff --git a/documentation/docs/auto-discovery/installation.md b/documentation/docs/auto-discovery/installation.md index 2804187c23..18c5420c28 100644 --- a/documentation/docs/auto-discovery/installation.md +++ b/documentation/docs/auto-discovery/installation.md @@ -14,7 +14,7 @@ sidebar_position: 1 The secureCodeBox (SCB) AutoDiscovery is packaged as a helm chart. As the AutoDiscovery works by creating (Scheduled)Scan custom resources for the discovered resources it requires the operator to be installed first. ```bash -helm install --namespace securecodebox-system auto-discovery-kubernetes secureCodeBox/auto-discovery-kubernetes +helm install --namespace securecodebox-system auto-discovery-kubernetes oci://ghcr.io/securecodebox/helm/auto-discovery-kubernetes ``` ## Configuration diff --git a/documentation/docs/contributing/local-deployment.md b/documentation/docs/contributing/local-deployment.md index afa2aa6031..9b445fcb8a 100644 --- a/documentation/docs/contributing/local-deployment.md +++ b/documentation/docs/contributing/local-deployment.md @@ -64,7 +64,7 @@ securecodebox$ helm repo add secureCodeBox https://charts.securecodebox.io [...] securecodebox$ kubectl create namespace securecodebox-system namespace/securecodebox-system created -securecodebox$ helm --namespace securecodebox-system upgrade --install securecodebox-operator secureCodeBox/operator +securecodebox$ helm --namespace securecodebox-system upgrade --install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator Release "securecodebox-operator" does not exist. Installing it now. NAME: securecodebox-operator LAST DEPLOYED: Fri Jan 26 14:34:50 2024 diff --git a/documentation/docs/getting-started/first-scans.md b/documentation/docs/getting-started/first-scans.md index 3b3f8eb20e..5acc6b0a2b 100644 --- a/documentation/docs/getting-started/first-scans.md +++ b/documentation/docs/getting-started/first-scans.md @@ -17,7 +17,7 @@ Before we can start scans, we need to install their `ScanTypes`, these tell the In this guide, we'll use the [Nmap Port & Network Scanner](https://nmap.org), as it is fast and relatively easy to use. We can install the Nmap ScanType via Helm (Make sure to add the helm repo first. See [Installation](/docs/getting-started/installation)): ```bash -helm install nmap secureCodeBox/nmap +helm install nmap oci://ghcr.io/securecodebox/helm/nmap ``` To verify or to see which ScanTypes are installed in your current Namespace you can run: diff --git a/documentation/docs/getting-started/troubleshooting.md b/documentation/docs/getting-started/troubleshooting.md index ceda6aa5dc..0fc1751098 100644 --- a/documentation/docs/getting-started/troubleshooting.md +++ b/documentation/docs/getting-started/troubleshooting.md @@ -17,18 +17,20 @@ to create an issue in our [GitHub Repository](https://github.com/secureCodeBox/s ### *helm upgrade --install* does not work -* Check if you have added the secureCodeBox repository: -```bash -helm repo add secureCodeBox https://charts.securecodebox.io -``` -* Check your spelling: Helm repo is case-sensitive and no backslash at the end of a resource +In most cases this is related to the helm repository missing. secureCodeBox used a classic helm in the default install instructions until 4.6.0. +Since 4.6.0 it's recommended to install our helm charts using the helm charts from the Open Container Initiative (OCI) images. + +E.g. + ```bash +# OUTDATE +helm upgrade --install nmap secureCodeBox/nmap # WRONG! helm upgrade --install nmap securecodebox/nmap # ALSO WRONG! helm upgrade --install nmap secureCodeBox/nmap/ # CORRECT -helm upgrade --install nmap secureCodeBox/nmap +helm upgrade --install nmap oci://ghcr.io/securecodebox/helm/nmap ``` ## Running scans diff --git a/documentation/docs/getting-started/uninstallation.md b/documentation/docs/getting-started/uninstallation.md index af215f7862..a14176a90f 100644 --- a/documentation/docs/getting-started/uninstallation.md +++ b/documentation/docs/getting-started/uninstallation.md @@ -12,7 +12,7 @@ path: "docs/getting-started/uninstallation" If you want to uninstall every scanner and every hook you can simply delete the namespace in which they were installed (if you did not install any resources you still need in the same namespace). -If you want to uninstall specific scanners or hooks you can delete them via `helm`. For example if you installed nmap using `helm install nmap secureCodeBox/nmap` you can delete nmap like this: +If you want to uninstall specific scanners or hooks you can delete them via `helm`. For example if you installed nmap using `helm install nmap oci://ghcr.io/securecodebox/helm/nmap` you can delete nmap like this: ```bash helm delete nmap diff --git a/documentation/docs/how-tos/hooks.md b/documentation/docs/how-tos/hooks.md index 35ffa81c9c..f7735ba72c 100644 --- a/documentation/docs/how-tos/hooks.md +++ b/documentation/docs/how-tos/hooks.md @@ -113,7 +113,7 @@ By default, all _hooks_ have a priority of `0`. If we set `ufh2` hook's priority to `1`, we'll observe that it will execute before `ufh1`. ```bash -helm upgrade --install ufh2 secureCodeBox/update-field-hook --set hook.priority="1" --set attribute.name="category" --set attribute.value="second-hook" +helm upgrade --install ufh2 oci://ghcr.io/securecodebox/helm/update-field-hook --set hook.priority="1" --set attribute.name="category" --set attribute.value="second-hook" ``` ```bash @@ -210,7 +210,7 @@ The following labels are available by default: You can also deploy _secureCodeBox_ _hooks_ with your own labels like so: ```bash -helm upgrade --install ufh2 secureCodeBox/update-field-hook --set hook.labels.securecodebox="rocks" --set attribute.name="category" --set attribute.value="second-hook" +helm upgrade --install ufh2 oci://ghcr.io/securecodebox/helm/update-field-hook --set hook.labels.securecodebox="rocks" --set attribute.name="category" --set attribute.value="second-hook" ``` This will add your custom label to the _secureCodeBox_ hook so that you can select is with `hookSelector`. diff --git a/documentation/docs/how-tos/persistence-storage.md b/documentation/docs/how-tos/persistence-storage.md index b804085e64..91bb15994e 100644 --- a/documentation/docs/how-tos/persistence-storage.md +++ b/documentation/docs/how-tos/persistence-storage.md @@ -277,16 +277,15 @@ At first, we create a cluster and the *secureCodeBox* namespace and operator: ```bash minikube start -kubectl create namespace securecodebox-system -helm --namespace securecodebox-system upgrade --install securecodebox-operator secureCodeBox/operator +helm --namespace securecodebox-system --create-namespace upgrade --install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator ``` Next, we simply install an exemplary scanner and the *persistence-elastic* hook. Note that Kibana is enabled by default. ```bash # Scanner and ElasticSearch should be in the same namespace kubectl create namespace elastic -helm --namespace elastic upgrade --install nmap secureCodeBox/nmap -helm --namespace elastic upgrade --install persistence-elastic secureCodeBox/persistence-elastic +helm --namespace elastic upgrade --install nmap oci://ghcr.io/securecodebox/helm/nmap +helm --namespace elastic upgrade --install persistence-elastic oci://ghcr.io/securecodebox/helm/persistence-elastic ``` That's it! Let us run an example scan (same as above for DefectDojo): @@ -361,7 +360,7 @@ Connecting the SCB to a persistence provider, especially DefectDojo, can sometim ```shell # $YOURLOCALIP should look something like http://192.168.2.242:8080 - helm upgrade --install persistence-defectdojo secureCodeBox/persistence-defectdojo \ + helm upgrade --install persistence-defectdojo oci://ghcr.io/securecodebox/helm/persistence-defectdojo \ --set="defectdojo.url=$YOURLOCALIP" ``` diff --git a/operator/.helm-docs.gotmpl b/operator/.helm-docs.gotmpl index bcc909fcd3..78ea35a2e4 100644 --- a/operator/.helm-docs.gotmpl +++ b/operator/.helm-docs.gotmpl @@ -45,7 +45,7 @@ helm repo add secureCodeBox https://charts.securecodebox.io # Create a new namespace for the secureCodeBox Operator kubectl create namespace securecodebox-system # Install the Operator & CRDs -helm install securecodebox-operator secureCodeBox/operator +helm install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator ``` {{- end }} diff --git a/operator/README.md b/operator/README.md index 42dbc652d8..2be56750a0 100644 --- a/operator/README.md +++ b/operator/README.md @@ -66,7 +66,7 @@ helm repo add secureCodeBox https://charts.securecodebox.io # Create a new namespace for the secureCodeBox Operator kubectl create namespace securecodebox-system # Install the Operator & CRDs -helm install securecodebox-operator secureCodeBox/operator +helm install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator ``` ## Values diff --git a/operator/docs/README.ArtifactHub.md b/operator/docs/README.ArtifactHub.md index 017f0bd0eb..96f0900379 100644 --- a/operator/docs/README.ArtifactHub.md +++ b/operator/docs/README.ArtifactHub.md @@ -71,7 +71,7 @@ helm repo add secureCodeBox https://charts.securecodebox.io # Create a new namespace for the secureCodeBox Operator kubectl create namespace securecodebox-system # Install the Operator & CRDs -helm install securecodebox-operator secureCodeBox/operator +helm install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator ``` ## Values diff --git a/scanners/nikto/examples/demo-juice-shop/README.md b/scanners/nikto/examples/demo-juice-shop/README.md index 34c7d3bd80..be5e6ebf08 100644 --- a/scanners/nikto/examples/demo-juice-shop/README.md +++ b/scanners/nikto/examples/demo-juice-shop/README.md @@ -9,5 +9,5 @@ In this example we execute an kubeaudit scan against the intentional vulnerable Before executing the scan, make sure to setup juice-shop ```bash -helm upgrade --install juice-shop secureCodeBox/juice-shop --wait +helm upgrade --install juice-shop oci://ghcr.io/securecodebox/helm/juice-shop --wait ```