Skip to content
This repository was archived by the owner on Sep 6, 2023. It is now read-only.

Expand and update hook integration docs #350

Merged
Zero3141 merged 4 commits into from
Sep 4, 2023
Merged

Expand and update hook integration docs #350

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6434d21
#349 Use node 18 in example Dockerfile
Sep 1, 2023
3ce3eeb
#349 Clarify contents of the scan object
Sep 1, 2023
d190b67
#349 Fix helm template syntax
Sep 1, 2023
20ea64a
#349 Clarify how to update the generated docs
Sep 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions docs/contributing/integrating-a-hook/dockerfile.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,15 @@ The Dockerfile for a hook looks like the following.
If you use the provided *hook-sdk*, you won't need to apply any changes to it.

```Dockerfile
ARG namespace
ARG baseImageTag
FROM node:12-alpine as build
FROM node:18-alpine as build
RUN mkdir -p /home/app
WORKDIR /home/app
COPY package.json package-lock.json ./
RUN npm ci --production

FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest}
FROM ${namespace:-securecodebox}/hook-sdk-nodejs:${baseImageTag:-latest}
WORKDIR /home/app/hook-wrapper/hook/
COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/
COPY --chown=app:app ./hook.js ./hook.js
Expand Down
39 changes: 38 additions & 1 deletion docs/contributing/integrating-a-hook/hook.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ As parameters for `handle()` the _hook-sdk_ provides the following:
- [updateRawResults()](#updaterawresults)
- [updateFindings()](#updatefindings)
- [scan](#scan)
- [Example](#example)
- [hook.test.js](#hooktestjs)

### getRawResults()
Expand Down Expand Up @@ -146,6 +145,44 @@ async function handle({

### scan

The scan object contains information about the scan resource in Kubernetes.
The information is equivalent to what you get by running `kubectl get scan/<name> -o json`

Example (shortened):

```json
{
"apiVersion": "execution.securecodebox.io/v1",
"kind": "Scan",
"metadata": {
"creationTimestamp": "2023-09-01T15:43:13Z",
"generation": 2,
"name": "trivy-image-sbom-juice-shop",
"namespace": "integration-tests",
...
},
"spec": {
"parameters": [
"bkimminich/juice-shop:v15.0.0"
],
"resourceMode": "namespaceLocal",
"resources": {},
"scanType": "trivy-image-sbom"
},
"status": {
"findingDownloadLink": "http://securecodebox-operator-minio...",
"findingHeadLink": "http://securecodebox-operator-minio...",
"findings": { ... },
"orderedHookStatuses": [ ... ],
"rawResultDownloadLink": "http://securecodebox-operator-minio...",
"rawResultFile": "sbom-cyclonedx.json",
"rawResultHeadLink": "http://securecodebox-operator-minio...",
"rawResultType": "sbom-cyclonedx",
"state": "HookProcessing"
}
}
```

### Example

This is a basic example for the _generic-webhook_
Expand Down
1 change: 1 addition & 0 deletions docs/contributing/integrating-a-hook/readme-and-helm-docs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,4 @@ helm upgrade --install gwh secureCodeBox/generic-webhook --set webhookUrl="http:
```

If you want to generate the `README.md` out of your `.helm-docs.gotmpl` locally, you can use `helm-docs` (see: [https://github.com/norwoodj/helm-docs/](https://github.com/norwoodj/helm-docs/)).
You can then update all `README.md` files automatically by running `make docs` from the top level directory.
6 changes: 3 additions & 3 deletions docs/contributing/integrating-a-hook/templates-dir.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,14 @@ apiVersion: "execution.securecodebox.io/v1"
kind: ScanCompletionHook
metadata:
name: {{ include "generic-webhook.fullname" . }}
labels: {{ - include "generic-webhook.labels" . | nindent 4 }}
labels: {{- include "generic-webhook.labels" . | nindent 4 }}
spec:
type: ReadOnly
image: "{{ .Values.hook.image.repository }}:{{ .Values.hook.image.tag | default .Chart.Version }}"
ttlSecondsAfterFinished: {{ .Values.hook.ttlSecondsAfterFinished }}
env:
- name: WEBHOOK_URL
value: {{ .Values.webhookUrl | quote }}
affinity: {{ - toYaml .Values.hook.affinity | nindent 4 }}
tolerations: {{ - toYaml .Values.hook.tolerations | nindent 4 }}
affinity: {{- toYaml .Values.hook.affinity | nindent 4 }}
tolerations: {{- toYaml .Values.hook.tolerations | nindent 4 }}
```