secureCodeBox · J12934 · Sep 5, 2022 · Aug 11, 2022 · Aug 11, 2022 · Aug 11, 2022
diff --git a/.codeclimate.yml b/.codeclimate.yml
@@ -47,7 +47,7 @@ exclude_patterns:
   - "**/*.test.js"
   - "**/*.test.ts"
   - "**/*.d.ts"
-  # Generated 
+  # Generated
   - "**/hooks/cascading-scans/scan-helpers.js"
   - "**/hooks/cascading-scans/hook.js"
   # Auto Generated by kubernetes java client

diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -2,46 +2,46 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-name-template: 'v$NEXT_PATCH_VERSION'
-tag-template: 'v$NEXT_PATCH_VERSION'
+name-template: "v$NEXT_PATCH_VERSION"
+tag-template: "v$NEXT_PATCH_VERSION"
 categories:
-  - title: '💣 Breaking'
-    label: 'breaking'
-  - title: '🚀 Features'
-    label: 'enhancement'
-  - title: '🚓 Security Scanner'
-    label: 'scanner'
-  - title: '⚓️ Hooks'
-    label: 'hook'
-  - title: '🐛 Bug Fixes'
-    label: 'bug'
-  - title: '🧪 Test'
-    labels: 
-      - 'test'
-      - 'testing' 
-  - title: '📚 Documentation'
-    labels: 
-      - 'docs'
-      - 'documentation'
-  - title: '🔧 Maintenance'
-    label: 'maintenance'
-  - title: '📌 Dependencies'
-    label: 'dependencies'
-change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+  - title: "💣 Breaking"
+    label: "breaking"
+  - title: "🚀 Features"
+    label: "enhancement"
+  - title: "🚓 Security Scanner"
+    label: "scanner"
+  - title: "⚓️ Hooks"
+    label: "hook"
+  - title: "🐛 Bug Fixes"
+    label: "bug"
+  - title: "🧪 Test"
+    labels:
+      - "test"
+      - "testing"
+  - title: "📚 Documentation"
+    labels:
+      - "docs"
+      - "documentation"
+  - title: "🔧 Maintenance"
+    label: "maintenance"
+  - title: "📌 Dependencies"
+    label: "dependencies"
+change-template: "- $TITLE @$AUTHOR (#$NUMBER)"
 exclude-labels:
-  - 'skip-changelog'
+  - "skip-changelog"
 template: |
   ## Changes
   This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉
 
   ![GitHub commits since tagged version](https://img.shields.io/github/commits-since/secureCodeBox/secureCodeBox/$PREVIOUS_TAG) ![GitHub Repo stars](https://img.shields.io/github/stars/secureCodeBox/secureCodeBox?style=social) ![Twitter URL](https://img.shields.io/twitter/url?style=social&url=https%3A%2F%2Fgithub.com%2FsecureCodeBox%2FsecureCodeBox%2Freleases%2Ftag%2Flatest)
 
   $CHANGES
-  
+
   ## Distribution
   [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/secureCodeBox)](https://artifacthub.io/packages/search?repo=securecodebox)
   [![Docker Hub](https://img.shields.io/badge/Docker%20Hub-secureCodeBox-blue?style=flat&logo=docker&color=lightblue&labelColor=blue&logoColor=white)](https://hub.docker.com/u/securecodebox) 
-  
+
   ## Contributors
   Thanks to all our contributors supporting this project 🤗
   $CONTRIBUTORS
diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml
@@ -70,4 +70,4 @@ jobs:
           commit_user_email: securecodebox@iteratec.com
           # Optional. Used by `git-commit`.
           # See https://git-scm.com/docs/git-commit#_options
-          commit_options: '--signoff'
+          commit_options: "--signoff"
diff --git a/.github/workflows/release-tweet.yaml b/.github/workflows/release-tweet.yaml
@@ -5,7 +5,7 @@
 name: "Tweet about release"
 on:
   release:
-    types: [ released ]
+    types: [released]
 jobs:
   build:
     runs-on: ubuntu-latest

diff --git a/.mega-linter.yml b/.mega-linter.yml
@@ -4,16 +4,31 @@
 APPLY_FIXES: none # all, none, or list of linter keys
 # ENABLE: # If you use ENABLE variable, all other languages/formats/tooling-formats will be disabled by default
 # ENABLE_LINTERS: # If you use ENABLE_LINTERS variable, all other linters will be disabled by default
+
+ENABLE_LINTERS: # Most linters are chosen for how popular (i.e stars on Github) they are, or how fast they are, unless stated otherwise
+  # Languages
+  - BASH_SHFMT # Using shfmt instead of shellcheck because it has auto-fixes.
+  - GO_GOLANGCI_LINT
+  - DOCKERFILE_HADOLINT
+  - GO_GOLANGCI_LINT
+  - GROOVY_NPM_GROOVY_LINT
+  - JAVA_CHECKSTYLE
+  - JAVASCRIPT_ES # linter used in Project already.
+  - TYPESCRIPT_ES # linter used in Project already.
+  - PHP_PHPSTAN
+  - PYTHON_BLACK
+  # Formats
+  - JSON_ESLINT_PLUGIN_JSONC # Only supported linter that has auto-fixes.
+  - YAML_PRETTIER # Only supported linter that has auto-fixes.
+  # Tooling formats
+  - ACTION_ACTIONLINT
+  # Other
+  - SPELL_MISSPELL # SPELL_CSPELL has a lot of false positives and does not have auto-fixes
+
 DISABLE:
   - COPYPASTE # Comment to enable checks of excessive copy-pastes
   - MARKDOWN # Disable markdown as the readmes are generated automatically
   - CREDENTIALS # Disable checks for credentials, as there are some false positives in the repo for documentation purposes (e.g demo-targets)
-DISABLE_LINTERS:
-  - JAVASCRIPT_STANDARD # standard is a javascript linter that by design can not be configured in any way. This project uses eslint anyways.
-  - TYPESCRIPT_STANDARD # standard is a typescript linter that by design can not be configured in any way. This project uses eslint anyways.
-  - SPELL_CSPELL # disable cspell because if finds way to many false positives and it would be way to much work to exclude all false positives
-  - EDITORCONFIG_EDITORCONFIG_CHECKER # this linter complains about non important stuff like tabs instead of spaces etc. Disabled because its annoying
-  - PYTHON_MYPY # fails because missing cache file "error: --install-types failed (no mypy cache directory)". See https://github.com/python/mypy/issues/10600#issuecomment-857351152
 
 SHOW_ELAPSED_TIME: true
 DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass
@@ -24,4 +39,4 @@ VALIDATE_ALL_CODEBASE: false
 IGNORE_GENERATED_FILES: true
 
 # disable useless alpaca ascii art that gets printed at the start of the linting
-PRINT_ALPACA: false
+PRINT_ALPACA: false
diff --git a/.prettierrc.yaml b/.prettierrc.yaml
@@ -0,0 +1 @@
+bracketSpacing: false
diff --git a/.templates/new-scanner/templates/new-scanner-parse-definition.yaml b/.templates/new-scanner/templates/new-scanner-parse-definition.yaml
@@ -8,13 +8,10 @@ metadata:
   name: "new-scanner-json"
 spec:
   image: "{{ .Values.parser.image.repository }}:{{ .Values.parser.image.tag | default .Chart.Version }}"
-  imagePullPolicy: {{ .Values.parser.image.pullPolicy }}
-  ttlSecondsAfterFinished: {{ .Values.parser.ttlSecondsAfterFinished }}
-  env: 
-    {{- toYaml .Values.parser.env | nindent 4 }}
+  imagePullPolicy: {{.Values.parser.image.pullPolicy}}
+  ttlSecondsAfterFinished: {{.Values.parser.ttlSecondsAfterFinished}}
+  env: {{- toYaml .Values.parser.env | nindent 4}}
   scopeLimiterAliases:
-    {{- toYaml .Values.parser.scopeLimiterAliases | nindent 4 }}
-  affinity:
-    {{- toYaml .Values.parser.affinity | nindent 4 }}
-  tolerations: 
-    {{- toYaml .Values.parser.tolerations | nindent 4 }}
+    {{- toYaml .Values.parser.scopeLimiterAliases | nindent 4}}
+  affinity: {{- toYaml .Values.parser.affinity | nindent 4}}
+  tolerations: {{- toYaml .Values.parser.tolerations | nindent 4}}
diff --git a/auto-discovery/kubernetes/config/crd/kustomization.yaml b/auto-discovery/kubernetes/config/crd/kustomization.yaml
@@ -6,7 +6,7 @@
 # since it depends on service name and namespace that are out of this kustomize package.
 # It should be run by config/default
 resources:
-- bases/config.securecodebox.io_autodiscoveryconfigs.yaml
+  - bases/config.securecodebox.io_autodiscoveryconfigs.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -22,4 +22,4 @@ patchesStrategicMerge:
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.
 configurations:
-- kustomizeconfig.yaml
+  - kustomizeconfig.yaml
diff --git a/auto-discovery/kubernetes/config/crd/kustomizeconfig.yaml b/auto-discovery/kubernetes/config/crd/kustomizeconfig.yaml
@@ -4,20 +4,20 @@
 
 # This file is for teaching kustomize how to substitute name and namespace reference in CRD
 nameReference:
-- kind: Service
-  version: v1
-  fieldSpecs:
-  - kind: CustomResourceDefinition
+  - kind: Service
     version: v1
-    group: apiextensions.k8s.io
-    path: spec/conversion/webhook/clientConfig/service/name
+    fieldSpecs:
+      - kind: CustomResourceDefinition
+        version: v1
+        group: apiextensions.k8s.io
+        path: spec/conversion/webhook/clientConfig/service/name
 
 namespace:
-- kind: CustomResourceDefinition
-  version: v1
-  group: apiextensions.k8s.io
-  path: spec/conversion/webhook/clientConfig/service/namespace
-  create: false
+  - kind: CustomResourceDefinition
+    version: v1
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhook/clientConfig/service/namespace
+    create: false
 
 varReference:
-- path: metadata/annotations
+  - path: metadata/annotations
diff --git a/auto-discovery/kubernetes/config/default/kustomization.yaml b/auto-discovery/kubernetes/config/default/kustomization.yaml
@@ -17,9 +17,9 @@ namePrefix: auto-discovery-
 #  someName: someValue
 
 bases:
-- ../crd
-- ../rbac
-- ../manager
+  - ../crd
+  - ../rbac
+  - ../manager
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook
@@ -29,14 +29,14 @@ bases:
 #- ../prometheus
 
 patchesStrategicMerge:
-# Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
-# endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
+  # Protect the /metrics endpoint by putting it behind auth.
+  # If you want your controller-manager to expose the /metrics
+  # endpoint w/o any authn/z, please comment the following line.
+  - manager_auth_proxy_patch.yaml
 
-# Mount the controller config file for loading manager configurations
-# through a ComponentConfig type
-- manager_config_patch.yaml
+  # Mount the controller config file for loading manager configurations
+  # through a ComponentConfig type
+  - manager_config_patch.yaml
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml

diff --git a/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml b/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml
@@ -13,13 +13,13 @@ spec:
   template:
     spec:
       containers:
-      - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
-        args:
-        - "--secure-listen-address=0.0.0.0:8443"
-        - "--upstream=http://127.0.0.1:8080/"
-        - "--logtostderr=true"
-        - "--v=10"
-        ports:
-        - containerPort: 8443
-          name: https
+        - name: kube-rbac-proxy
+          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
+          args:
+            - "--secure-listen-address=0.0.0.0:8443"
+            - "--upstream=http://127.0.0.1:8080/"
+            - "--logtostderr=true"
+            - "--v=10"
+          ports:
+            - containerPort: 8443
+              name: https
diff --git a/auto-discovery/kubernetes/config/default/manager_config_patch.yaml b/auto-discovery/kubernetes/config/default/manager_config_patch.yaml
@@ -11,14 +11,14 @@ spec:
   template:
     spec:
       containers:
-      - name: manager
-        args:
-        - "--config=controller_manager_config.yaml"
-        volumeMounts:
-        - name: manager-config
-          mountPath: /controller_manager_config.yaml
-          subPath: controller_manager_config.yaml
+        - name: manager
+          args:
+            - "--config=controller_manager_config.yaml"
+          volumeMounts:
+            - name: manager-config
+              mountPath: /controller_manager_config.yaml
+              subPath: controller_manager_config.yaml
       volumes:
-      - name: manager-config
-        configMap:
-          name: manager-config
+        - name: manager-config
+          configMap:
+            name: manager-config
diff --git a/auto-discovery/kubernetes/config/manager/kustomization.yaml b/auto-discovery/kubernetes/config/manager/kustomization.yaml
@@ -3,12 +3,12 @@
 # SPDX-License-Identifier: Apache-2.0
 
 resources:
-- manager.yaml
+  - manager.yaml
 
 generatorOptions:
   disableNameSuffixHash: true
 
 configMapGenerator:
-- name: manager-config
-  files:
-  - controller_manager_config.yaml
+  - name: manager-config
+    files:
+      - controller_manager_config.yaml
diff --git a/auto-discovery/kubernetes/config/manager/manager.yaml b/auto-discovery/kubernetes/config/manager/manager.yaml
@@ -29,30 +29,30 @@ spec:
       securityContext:
         runAsNonRoot: true
       containers:
-      - command:
-        - /manager
-        image: controller:latest
-        name: manager
-        securityContext:
-          allowPrivilegeEscalation: false
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8081
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        resources:
-          limits:
-            cpu: 100m
-            memory: 30Mi
-          requests:
-            cpu: 100m
-            memory: 20Mi
+        - command:
+            - /manager
+          image: controller:latest
+          name: manager
+          securityContext:
+            allowPrivilegeEscalation: false
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          resources:
+            limits:
+              cpu: 100m
+              memory: 30Mi
+            requests:
+              cpu: 100m
+              memory: 20Mi
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
diff --git a/auto-discovery/kubernetes/config/prometheus/kustomization.yaml b/auto-discovery/kubernetes/config/prometheus/kustomization.yaml
@@ -3,4 +3,4 @@
 # SPDX-License-Identifier: Apache-2.0
 
 resources:
-- monitor.yaml
+  - monitor.yaml
diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml
@@ -7,7 +7,7 @@ kind: ClusterRole
 metadata:
   name: metrics-reader
 rules:
-- nonResourceURLs:
-  - "/metrics"
-  verbs:
-  - get
+  - nonResourceURLs:
+      - "/metrics"
+    verbs:
+      - get