Merge pull request #785 from secureCodeBox/fix/missing-semgrep-build

J12934 · web-flow · commit aaff91c2ff25 · 2021-10-28T16:38:46.000+02:00
Add Missing Semgrep Release Build
diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml
@@ -279,6 +279,7 @@ jobs:
           - nmap
           - nuclei
           - screenshooter
+          - semgrep
           - ssh-scan
           - sslyze
           - test-scan
diff --git a/hooks/notification/README.md b/hooks/notification/README.md
@@ -126,7 +126,7 @@ This means that you can define key-value pairs as well as providing envs via sec
 The rules can be defined in the values of the Chart.
 The syntax and semantic for these rules are quite similar to CascadingRules (See: [secureCodeBox | CascadingRules](/docs/api/crds/cascading-rule))
 To define Rules you will have to provide the `rules` field with one or more `matches` elements.
-Each `machtes` defines one Rule.
+Each `matches` defines one Rule.
 For example:
 
 ```yaml
@@ -147,14 +147,52 @@ Within the `matches` you will have to provide `anyOf`
 `anyOf` contains one or more conditions to be met by the finding to match the rule.
 Notice that only one of these elements needs to match the finding for the rule to match.
 
-#### Configuration of a Slack Notification
+#### Configuration of a Slack Notification (WebHook)
 
 To configure a Slack notification set the `type` to `slack` and the `endPoint` to point to your env containing your Webhook URL to slack.
 You can use one of the following default templates:
 
 - `slack-messageCard`: Sends a message with a summary listing the number of findings per category and severity.
 - `slack-individual-findings-with-defectdojo`: Sends a message with a list of all findings with a link to the finding in DefectDojo. Will only work correctly if the DefectDojo hook is installed in the same namespace.
 
+##### Example Config
+
+The below example shows how to create a helm values chart and load secrets for access.
+You must have `endPoint` point to a [defined environment variable](https://github.com/secureCodeBox/secureCodeBox/blob/main/hooks/notification/hook/hook.ts#L20), not a string.
+
+```
+# cat myvalues.yaml
+
+notificationChannels:
+  - name: nmapopenports
+    type: slack
+    template: slack-messageCard
+    skipNotificationOnZeroFinding: true
+    rules:
+      - matches:
+          anyOf:
+            - category: "Open Port"
+    endPoint: POINTER_TO_ENV
+env:
+    - name: POINTER_TO_ENV
+      valueFrom:
+        secretKeyRef:
+            name: myslacksecret
+            key: SLACK_WEB_HOOK
+
+# cat values_slack_secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+    name: myslacksecret
+type: Opaque
+data:
+    SLACK_WEB_HOOK: NOIDONTHINKSOBASE64STUFF
+
+kubectl apply -f values_slack_secrets.yaml
+helm upgrade --install nwh secureCodeBox/notification-hook --values myvalues.yaml
+```
+
 #### Configuration of a Slack App Notification
 
 The `slack-app` notifier is an _alternate_ way to send notifications to slack using the slack api directly rather then using webhooks.
@@ -247,7 +285,7 @@ env:
     value: secureCodeBox
 ```
 
-### Configuration Of A MS Teams Notification
+#### Configuration Of A MS Teams Notification
 
 To configure a MS Teams notification you need to set the type to `ms-teams`.
 In `endPoint` you need to specify the MS Teams webhook.
