Skip to content

Add path for S3 bucket files #1145

Closed
#1734
Closed
Add path for S3 bucket files#1145
#1734
Assignees
J12934
Labels
enhancementNew feature or request
Milestone
v4.0.0
@Spritekin

Description

@Spritekin
Spritekin
opened on May 2, 2022

➹ Set a path in the S3 bucket for target files

S3 is a very open file storage. A single bucket is capable of handling many types of files (backups, logs, etc). Indeed the path is quite relevant as it is also used to setup lifecycle rules.

Is your feature request related to a problem?

I would like to set a path prefix to the output file so it is easier to organise the scans and set S3 lifecycle rules so I can move the file to infrequent access or glacier storage.

Describe the solution you'd like

I would like to have an path parameter in the scan and/or the controller so I can set the target folder where a particular set of scans are saved.
For example, in the S3 section of the operator values.yaml:

# Config for external s3 systems
s3:
  # s3.enabled Enable this and disable minio if you want to directly connect agains AWS S3, Google Cloud Storage, DigitalOcean Spaces etc.
  enabled: false
  endpoint: "fra1.digitaloceanspaces.com"
  bucket: "my-bucket"
  path: "scan_path/"   <<< HERE
  port: null

The solution above is not optimal as configuration on the operator level means all the files still go to the same path but provides a bit of help organising the files.

A better alternative would be to allow setting this up on the scan level like this:

apiVersion: "execution.securecodebox.io/v1"
kind: Scan
metadata:
  name: "test-zap-slack"
  labels:
    organization: "OWASP"
spec:
  scanType: "zap-full-scan"
  outputPath: "my-target-folder/"   <<<<< HERE
  parameters:
    # target URL including the protocol
    - "-t"
    - "https://my.server.com"
    # include the alpha active and passive scan rules as well
    - "-a"                
    # show debug messages
    - "-d"
    # the number of minutes to spider for (default 1)
    - "-m"
    - "3"

Note this might be similar to #1137 . The objective of both requests is allowing multiple ways of file organisation as right now it's a bit too rigid.

Describe alternatives you've considered

Right now there aren't many choices. All files in the bucket get the prefix "scan-" and that's it. Its quite difficult to separate the scan soure just by looking at the file names.

Additional context

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

secureCodeBox

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions