secureCodeBox · Weltraumschaf · Jun 27, 2024 · Jun 26, 2024 · Jun 26, 2024 · Jun 26, 2024
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -18,62 +18,22 @@ env:
 
   GO_VERSION: "1.19"
   PYTHON_VERSION: "3.9.16"
-  NVM_VERSION: "0.39.3" # Does not need to be updated as often as the Node.js version or the NPM version
   KIND_NODE_IMAGE: "kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31"
   KIND_BINARY_VERSION: "v0.20.0"
   KUBECTL_VERSION: "v1.27.4"
   HELM_VERSION: "v3.12.2"
   HELM_PLUGIN_UNITTEST: "0.4.1"
 
 jobs:
-  # ---- NVM Setup ----
-  # It is more efficient to do the installation process of nvm only once and upload it as an archive.
-  # This can later be imported and extracted quickly in the hooks/scanners testing containers.
-  # It also ensures that we pull from an external source to install nvm only once, instead of x number of hooks + y number of scanners
-  nvm-setup:
-    name: "Configuration"
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install nvm and Node.js
-        run: |
-          curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v${{ env.NVM_VERSION }}/install.sh | bash
-          export NVM_DIR="$HOME/.nvm"
-          [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
-          nvm install "$(cat .nvmrc)"
-
-      - name: Archive nvm and Node.js
-        run: |
-          tar czf nvm-node.tar.gz -C $HOME .nvm
-
-      - name: Upload nvm and Node.js
-        uses: actions/upload-artifact@v4
-        with:
-          name: nvm-node
-          path: ./nvm-node.tar.gz
-          retention-days: 1
-
   test-nodejs-scanner-test-helpers:
     name: "Unit Test | Node.js Scanner Test Helpers"
-    needs:
-      - nvm-setup
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
 
-      - name: Download nvm and Node.js
-        uses: actions/download-artifact@v4
+      - uses: actions/setup-node@v4
         with:
-          name: nvm-node
-          path: nvm-node
-
-      - name: Extract nvm and Node.js
-        run: |
-          tar xzf nvm-node/nvm-node.tar.gz -C $HOME
-          export NVM_DIR="$HOME/.nvm"
-          [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
-          nvm use
+          node-version-file: ".nvmrc"
 
       - name: Install dependencies
         working-directory: tests/integration
@@ -296,7 +256,6 @@ jobs:
     name: "Autodiscovery | Kubernetes | SecretExtractionInitContainer"
     runs-on: ubuntu-22.04
     needs:
-      - nvm-setup
       - k8s-setup
     steps:
       - name: Checkout
@@ -307,18 +266,9 @@ jobs:
         with:
           python-version: "${{ env.PYTHON_VERSION }}"
 
-      - name: Download nvm and Node.js
-        uses: actions/download-artifact@v4
+      - uses: actions/setup-node@v4
         with:
-          name: nvm-node
-          path: nvm-node
-
-      - name: Extract nvm and Node.js
-        run: |
-          tar xzf nvm-node/nvm-node.tar.gz -C $HOME
-          export NVM_DIR="$HOME/.nvm"
-          [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
-          nvm use
+          node-version-file: ".nvmrc"
 
       - name: Download Kind
         uses: actions/download-artifact@v4
@@ -458,7 +408,6 @@ jobs:
     needs:
       - sdk
       - operator
-      - nvm-setup
       - k8s-setup
     runs-on: ubuntu-22.04
     strategy:
@@ -494,18 +443,9 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Download nvm and Node.js
-        uses: actions/download-artifact@v4
+      - uses: actions/setup-node@v4
         with:
-          name: nvm-node
-          path: nvm-node
-
-      - name: Extract nvm and Node.js
-        run: |
-          tar xzf nvm-node/nvm-node.tar.gz -C $HOME
-          export NVM_DIR="$HOME/.nvm"
-          [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
-          nvm use
+          node-version-file: ".nvmrc"
 
       - name: Download Kind
         uses: actions/download-artifact@v4
@@ -645,7 +585,6 @@ jobs:
     name: Test |  Hook ${{ matrix.hook }}
     needs:
       - operator
-      - nvm-setup
       - k8s-setup
     runs-on: ubuntu-22.04
     strategy:
@@ -662,6 +601,11 @@ jobs:
           # - persistence-static-report (WIP)
     steps:
       - uses: actions/checkout@master
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+
       - name: "Start kind cluster"
         run: |
           kind version
@@ -797,19 +741,6 @@ jobs:
         working-directory: ./hooks/${{ matrix.hook }}
         run: make kind-import
 
-      - name: Download nvm and Node.js
-        uses: actions/download-artifact@v4
-        with:
-          name: nvm-node
-          path: ./nvm-node
-
-      - name: Extract nvm and Node.js
-        run: |
-          tar xzf nvm-node/nvm-node.tar.gz -C $HOME
-          export NVM_DIR="$HOME/.nvm"
-          [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
-          nvm use
-
       - name: "Install Test Dependencies"
         working-directory: ./hooks
         run: npm ci
@@ -881,7 +812,7 @@ jobs:
       - name: "Delete kind cluster"
         run: |
           kind delete cluster
-  
+
   sbctcl-tests:
     name: "Run sbctcl Tests"
     runs-on: ubuntu-22.04
@@ -897,4 +828,3 @@ jobs:
       - name: Run tests
         working-directory: scbctl
         run: go test -v ./...
-
diff --git a/.nvmrc b/.nvmrc
@@ -1 +1 @@
-18
+22
diff --git a/.templates/new-scanner/parser/Dockerfile b/.templates/new-scanner/parser/Dockerfile
@@ -12,7 +12,7 @@ COPY --chown=app:app ./parser.js ./parser.js
 # Additional packages
 # ARG namespace
 # ARG baseImageTag
-# FROM node:18-alpine as build
+# FROM node:22-alpine as build
 # RUN mkdir -p /home/app
 # WORKDIR /home/app
 # COPY package.json package-lock.json ./

diff --git a/documentation/docs/contributing/integrating-a-hook/dockerfile.md b/documentation/docs/contributing/integrating-a-hook/dockerfile.md
@@ -8,11 +8,11 @@ sidebar_position: 5
 ---
 
 The Dockerfile for a hook looks like the following.
-If you use the provided *hook-sdk*, you won't need to apply any changes to it.
+If you use the provided _hook-sdk_, you won't need to apply any changes to it.
 
 ```Dockerfile
 ARG baseImageTag
-FROM node:12-alpine as build
+FROM node:22-alpine as build
 RUN mkdir -p /home/app
 WORKDIR /home/app
 COPY package.json package-lock.json ./

diff --git a/documentation/docs/contributing/integrating-a-hook/hook.md b/documentation/docs/contributing/integrating-a-hook/hook.md
@@ -162,8 +162,6 @@ Notice that the `handle()` function has to be exported to use in the _hook-sdk_
 :::
 
 ```js
-const axios = require("axios");
-
 async function handle({
   getFindings,
   scan,
@@ -173,7 +171,11 @@ async function handle({
 
   console.log(`Sending ${findings.length} findings to ${webhookUrl}`);
 
-  await axios.post(webhookUrl, { scan, findings });
+  await fetch(webhookUrl, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ scan, findings })
+  });;
 }
 module.exports.handle = handle;
 ```

diff --git a/documentation/docs/contributing/integrating-a-scanner/parser-dir.md b/documentation/docs/contributing/integrating-a-scanner/parser-dir.md
@@ -16,7 +16,7 @@ For our JavaScript Parser SDK the Dockerfile should look like this:
 
 ```dockerfile
 ARG baseImageTag
-FROM node:14-alpine as build
+FROM node:22-alpine as build
 RUN mkdir -p /home/app
 WORKDIR /home/app
 COPY package.json package-lock.json ./

diff --git a/hook-sdk/nodejs/Dockerfile b/hook-sdk/nodejs/Dockerfile
@@ -2,12 +2,12 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-FROM node:18-alpine as build
+FROM node:22-alpine as build
 WORKDIR /home/app
 COPY package.json package-lock.json ./
 RUN npm ci --production
 
-FROM node:18-alpine
+FROM node:22-alpine
 ARG NODE_ENV
 RUN addgroup --system --gid 1001 app && adduser app --system --uid 1001 --ingroup app
 WORKDIR /home/app/hook-wrapper/

diff --git a/hooks/cascading-scans/hook/Dockerfile b/hooks/cascading-scans/hook/Dockerfile
@@ -4,13 +4,13 @@
 
 ARG namespace
 ARG baseImageTag
-FROM node:18-alpine as install
+FROM node:22-alpine as install
 RUN mkdir -p /home/app
 WORKDIR /home/app
 COPY package.json package-lock.json ./
 RUN npm ci --production
 
-FROM node:18-alpine as build
+FROM node:22-alpine as build
 RUN mkdir -p /home/app
 WORKDIR /home/app
 COPY package.json package-lock.json ./