You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/developer-guide/README.md
+12-10Lines changed: 12 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@
4
4
5
5
### Implementing your first scanner as microservice
6
6
7
-
The scanner services are the parts of the secureCodeBox which are actually running the scans. These services have three responsibilities:
7
+
The scanner services are the part of the secureCodeBox which are executing the scans. These services have three responsibilities:
8
8
9
9
1. Fetch scan tasks and their configuration from the secureCodeBox Engine. This is done via the Rest API of the engine.
10
10
2. Run the scan. This can be done in multiple different variants like running shell scripts, calling a programmatic api, RPC, Rest APIs etc.
@@ -16,29 +16,31 @@ The entire functionality of a scanner is summed up in the following flow diagram
16
16
17
17
You can implement your scanner microservice in which ever language you want. We have implemented our scanner using Java, JavaScript (NodeJS) and Ruby. If you choose to use NodeJS we have published a [npm package](https://www.npmjs.com/package/@securecodebox/scanner-scaffolding) which handles the communication with the engine for you.
18
18
19
-
### Using the scan job API
19
+
### Using the scan job api
20
20
21
-
The secureCodeBox Scan Job API is used to fetch new tasks from the engine.
21
+
The secureCodeBox scan job api is used to fetch new tasks from the engine.
22
22
The API is documented using Swagger. You can check this out by running the Engine and navigate to `/swagger-ui.html#/scan-job-resource`.
23
23
24
24
### Developing a process model
25
25
26
-
To get your scanner into the secureCodeBox Engine you need to write a plugin. This plugins contains a BPMN Model of your Scan Process. This Model defines the following things:
26
+
To integrate a new scanner into the secureCodeBox Engine you need to write a plugin. This plugins contains a BPMN Model of your Scan Process. This Model defines the following things:
27
27
28
-
* Name and Id of the process
28
+
* Name and Id of the process.
29
29
* A topic name for the task queue (e.g. `nikto_webserverscan`). Every scanner has one queue on which all scans jobs are inserted by the engine and then completed by the scan services. In Camunda these are called External Service Tasks.
30
-
* Transformation of results. If the scanner returns results in a format incompatible with the secureCodeBox finding format you can transform the data inside the engine before persisting it.(Note that the transformation can also be done in the Scan Service)
30
+
* Transformation of results. If the scanner returns results in a format incompatible with the secureCodeBox finding format you can transform the data inside the engine before persisting it.(Note that the transformation can also be done in the Scan Service)
31
31
32
-
To get quickly up and running creating a new process model you can simply copy an existing one. You can find the [prepackaged processes here](https://github.com/secureCodeBox/engine/tree/master/scb-scanprocesses). If you want to get started with a simple one take a look at the nikto process which contains the bare minimum of logic in the process model. Camunda provides a free modelling tool for the BPMN models which you can [download here](https://camunda.com/download/modeler/).
32
+
To get quickly up and running on creating a new process model you can simply copy an existing one. You can find the [prepackaged processes here](https://github.com/secureCodeBox/engine/tree/master/scb-scanprocesses). If you want to get started with a simple one, take a look at the nikto process. This process only contains the bare minimum of logic in the process model.
33
+
34
+
To edit these models, Camunda provides a free modelling tool for the BPMN models which you can [download here](https://camunda.com/download/modeler/).
33
35
34
36
If you copied a process model you need to change a few things according to your new scan process:
35
37
36
-
* Update the **name** and **id** of the process. You can edit this in the right side-panel of the Camunda Editor once you have opened the model.
38
+
* Update the **name** and **id** of the process. You can edit this in side-panel on the right hand side of the Camunda Editor once you have opened the model.
37
39
* Update the **topic-name** of the External Service Task.
38
40
* Update the references to configuration **forms** to your own configuration forms. See [create process forms](#create-process-forms)
39
41
40
42
When you finished the Process Modell compile it to a jar.
41
-
> **Note**: Take a look at the other scan processes to see how.
43
+
> **Note**: Take a look at the prepackaged scan processes to see how.
42
44
43
45
Just put your `custom-process.jar` to the `./plugins` folder. This folder is also registered as docker volume. So you can add the plugin without rebuilding the docker container.
44
46
@@ -58,4 +60,4 @@ The Forms are HTML Documents with embedded AngularJS code for custom logic.
58
60
59
61
There are some parts, both logic and definitions, which are shared across processes. These pieces are extracted into its own module. You can include this module in your own code and reuse it.
60
62
61
-
> **Note**: If you write your scanner in a JVM langauage you can use the report and finding definitions inside the scanner not just inside the engine plugin.
63
+
> **Note**: If you write your scanner in a JVM langauage you can use the report and finding definitions inside the scanner not just inside the engine plugin.
0 commit comments