secureCodeBox · J12934 · Jan 28, 2021 · Oct 19, 2020 · Oct 23, 2020 · Nov 18, 2020
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -318,6 +318,16 @@ jobs:
           build_args: baseImageTag=ci-local
           tag_with_ref: true
           tag_with_sha: true
+      - uses: docker/build-push-action@v1
+        name: "Build & Push MS Teams Notification Hook Image"
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          repository: securecodebox/hook-teams-notification
+          path: ./hooks/teams-webhook/
+          build_args: baseImageTag=ci-local
+          tag_with_ref: true
+          tag_with_sha: true
       - uses: docker/build-push-action@v1
         name: "Build & Push GenericWebhook Hook Image"
         with:

diff --git a/hooks/finding-post-processing/hook.js b/hooks/finding-post-processing/hook.js
@@ -13,11 +13,11 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
  */
-const { isMatch, merge } = require("lodash")
+const { isMatch, merge } = require("lodash");
 async function handle({
   getFindings,
   updateFindings,
-  rules =JSON.parse(process.env["RULES"]),
+  rules = JSON.parse(process.env["RULES"]),
 }) {
   const findings = await getFindings();
   const res = applyRules(rules, findings);
@@ -32,18 +32,20 @@ module.exports.handle = handle;
  */
 function applyRules(rules, findings) {
   let hasChanged = false;
-  const newFindings = findings.map(finding => {
+  const newFindings = findings.map((finding) => {
     let newFinding = finding;
     for (const rule of rules) {
-      const isRuleMatching = rule.matches.anyOf.some(condition => isMatch(finding, condition));
+      const isRuleMatching = rule.matches.anyOf.some((condition) =>
+        isMatch(finding, condition)
+      );
       if (isRuleMatching) {
         hasChanged = true;
         newFinding = postProcessFinding(finding, rule);
       }
     }
     return newFinding;
   });
-  return { hasChanged, findings: newFindings }
+  return { hasChanged, findings: newFindings };
 }
 
 function postProcessFinding(finding, rule) {

diff --git a/hooks/teams-webhook/.dockerignore b/hooks/teams-webhook/.dockerignore
@@ -0,0 +1 @@
+node_modules/
diff --git a/hooks/teams-webhook/.gitignore b/hooks/teams-webhook/.gitignore
@@ -0,0 +1 @@
+node_modules
diff --git a/hooks/teams-webhook/.helmignore b/hooks/teams-webhook/.helmignore
@@ -0,0 +1,30 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# Node.js files
+node_modules/*
+package.json
+package-lock.json
+src/*
+config/*
+Dockerfile
+.dockerignore
diff --git a/hooks/teams-webhook/Chart.lock b/hooks/teams-webhook/Chart.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: "2020-05-26T16:56:03.119255+02:00"
diff --git a/hooks/teams-webhook/Chart.yaml b/hooks/teams-webhook/Chart.yaml
@@ -0,0 +1,25 @@
+# Copyright 2020 iteratec GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: teams-webhook
+description: Lets you send a findings result summary as webhook to MS Teams, after a scan is completed.
+
+type: application
+
+# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
+version: latest
+kubeVersion: ">=v1.11.0-0"
+
+dependencies: []
diff --git a/hooks/teams-webhook/Dockerfile b/hooks/teams-webhook/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright 2020 iteratec GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG baseImageTag
+FROM node:12-alpine as build
+RUN mkdir -p /home/app
+WORKDIR /home/app
+COPY package.json package-lock.json ./
+RUN npm ci --production
+
+FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest}
+WORKDIR /home/app/hook-wrapper/hook/
+COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/
+COPY --chown=app:app ./hook.js ./hook.js
+COPY --chown=app:app ./msteams-template.js ./msteams-template.js
diff --git a/hooks/teams-webhook/README.md b/hooks/teams-webhook/README.md
@@ -10,6 +10,11 @@ usecase: "Publishes Scan Summary to MS Teams."
 
 ## Deployment
 
-Installing the Teams WebHook hook will add a ReadOnly Hook to your namespace. 
+Installing the Teams WebHook hook will add a ReadOnly Hook to your namespace.
 
 > 🔧 The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized.
+
+```bash
+helm upgrade --install twh ./hooks/teams-webhook/ --set notification.url="http://example.com/my/webhook/target"
+```
+> ✍ This documentation is currently work-in-progress.
diff --git a/hooks/teams-webhook/README.md.gotmpl b/hooks/teams-webhook/README.md.gotmpl
@@ -0,0 +1,21 @@
+---
+title: "MS Teams WebHook"
+category: "hook"
+type: "integration"
+state: "roadmap"
+usecase: "Publishes Scan Summary to MS Teams."
+---
+
+<!-- end -->
+
+## Deployment
+
+Installing the Teams WebHook hook will add a ReadOnly Hook to your namespace. 
+
+> 🔧 The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized.
+
+
+```bash
+helm upgrade --install twh ./hooks/teams-webhook/ --set notification.url="http://example.com/my/webhook/target"
+```
+> ✍ This documentation is currently work-in-progress. 
diff --git a/hooks/teams-webhook/__mocks__/axios.js b/hooks/teams-webhook/__mocks__/axios.js
@@ -0,0 +1 @@
+module.exports.post = jest.fn();