Skip to content

Fix Missed Instructions Still Using the old Helm Registry #2543

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Weltraumschaf merged 1 commit into from
Jun 27, 2024
Merged

Fix Missed Instructions Still Using the old Helm Registry #2543

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion auto-discovery/cloud-aws/.helm-docs.gotmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ To directly deploy the auto-discovery-cloud-aws chart with the options for AWS c

```bash
# Install HelmChart (use -n to configure another namespace)
helm upgrade --install {{ template "chart.name" . }} secureCodeBox/{{ template "chart.name" . }} --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}"
helm upgrade --install {{ template "chart.name" . }} oci://ghcr.io/securecodebox/helm/{{ template "chart.name" . }} --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}"
```
{{- end }}

Expand Down
2 changes: 1 addition & 1 deletion auto-discovery/cloud-aws/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ To directly deploy the auto-discovery-cloud-aws chart with the options for AWS c

```bash
# Install HelmChart (use -n to configure another namespace)
helm upgrade --install auto-discovery-cloud-aws secureCodeBox/auto-discovery-cloud-aws --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}"
helm upgrade --install auto-discovery-cloud-aws oci://ghcr.io/securecodebox/helm/auto-discovery-cloud-aws --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}"
```

## Requirements
Expand Down
2 changes: 1 addition & 1 deletion auto-discovery/cloud-aws/docs/README.ArtifactHub.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ To directly deploy the auto-discovery-cloud-aws chart with the options for AWS c

```bash
# Install HelmChart (use -n to configure another namespace)
helm upgrade --install auto-discovery-cloud-aws secureCodeBox/auto-discovery-cloud-aws --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}"
helm upgrade --install auto-discovery-cloud-aws oci://ghcr.io/securecodebox/helm/auto-discovery-cloud-aws --set="config.aws.queueUrl=${SQS_QUEUE_URL}" --set="config.aws.region=${AWS_REGION}"
```

## Requirements
Expand Down
2 changes: 1 addition & 1 deletion bin/install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ function createNamespaceAndInstallOperator() {

print "Installing the operator in the '$SCB_SYSTEM_NAMESPACE' namespace"

if [[ $(helm -n "$SCB_SYSTEM_NAMESPACE" upgrade --install securecodebox-operator secureCodeBox/operator) ]]; then
if [[ $(helm -n "$SCB_SYSTEM_NAMESPACE" upgrade --install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator) ]]; then
print "$COLOR_OK" "Successfully installed the operator in namespace '$SCB_SYSTEM_NAMESPACE'!"
else
print "$COLOR_ERROR" "Operator installation failed in namespace '$SCB_SYSTEM_NAMESPACE', cancelling installation!" && exit 1
Expand Down
2 changes: 1 addition & 1 deletion documentation/blog/2022-01-18-log4shell.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ For hosts sitting in internal networks, we used nmap ([with the secureCodeBox `n

After enumerating the targets, we triggered the actual Nuclei scans using another cascading rule.

Most scanner helm charts in the secureCodeBox come with cascading rules by default. E.g. the [rule used to trigger the nmap port scans on amass findings](https://github.com/secureCodeBox/secureCodeBox/blob/main/scanners/nmap/cascading-rules/hostscan.yaml) is included by default in the nmap helm chart GitHub. With the nuclei cascading rule we wanted to have more control over the configuration of the automatically created cascaded scans so we disabled the cascading rules included by default in the helm chart (`helm install nuclei secureCodeBox/nuclei --set="cascadingRules.enabled=false"`) and created our own, incorporating our custom nuclei configuration described above. The rule then looked like the following (reusing the ConfigMap created in the example above):
Most scanner helm charts in the secureCodeBox come with cascading rules by default. E.g. the [rule used to trigger the nmap port scans on amass findings](https://github.com/secureCodeBox/secureCodeBox/blob/main/scanners/nmap/cascading-rules/hostscan.yaml) is included by default in the nmap helm chart GitHub. With the nuclei cascading rule we wanted to have more control over the configuration of the automatically created cascaded scans so we disabled the cascading rules included by default in the helm chart (`helm install nuclei oci://ghcr.io/securecodebox/helm/nuclei --set="cascadingRules.enabled=false"`) and created our own, incorporating our custom nuclei configuration described above. The rule then looked like the following (reusing the ConfigMap created in the example above):

```yaml
apiVersion: "cascading.securecodebox.io/v1"
Expand Down
2 changes: 1 addition & 1 deletion documentation/docs/11-telemetry.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ The data is submitted every 24 hours. When the Operator starts, the first data-p
The collection of telemetry data can be completely disabled by setting the `telemetryEnabled` to `false`, e.g:

```bash
helm install securecodebox-operator secureCodeBox/operator --set="telemetryEnabled=false"
helm install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator --set="telemetryEnabled=false"
```

## Telemetry Code
Expand Down
2 changes: 1 addition & 1 deletion documentation/docs/architecture/09_architecture_decisions/adr_0012.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ sidebar_label: "ADR-0012"

## Context

Currently all custom resources for the secureCodeBox are isolated into the namespace they are installed from. If you start a scan of type nmap in namespace `demo-one` you'll have to have the `ScanType` (and the corresponding `ParseDefinition`) nmap installed in `demo-one`. This is usually not a big issue as installing a `ScanType` is pretty easy (`helm install nmap secureCodeBox/nmap --namespace demo-one`).
Currently all custom resources for the secureCodeBox are isolated into the namespace they are installed from. If you start a scan of type nmap in namespace `demo-one` you'll have to have the `ScanType` (and the corresponding `ParseDefinition`) nmap installed in `demo-one`. This is usually not a big issue as installing a `ScanType` is pretty easy (`helm install nmap oci://ghcr.io/securecodebox/helm/nmap --namespace demo-one`).

If you then want to start other scans for other targets you might want to create another namespace `demo-two`. To run scans in `demo-two` you'll also have to install nmap in that namespace.

Expand Down
2 changes: 1 addition & 1 deletion documentation/docs/auto-discovery/installation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ sidebar_position: 1
The secureCodeBox (SCB) AutoDiscovery is packaged as a helm chart. As the AutoDiscovery works by creating (Scheduled)Scan custom resources for the discovered resources it requires the operator to be installed first.

```bash
helm install --namespace securecodebox-system auto-discovery-kubernetes secureCodeBox/auto-discovery-kubernetes
helm install --namespace securecodebox-system auto-discovery-kubernetes oci://ghcr.io/securecodebox/helm/auto-discovery-kubernetes
```

## Configuration
Expand Down
2 changes: 1 addition & 1 deletion documentation/docs/contributing/local-deployment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ securecodebox$ helm repo add secureCodeBox https://charts.securecodebox.io
[...]
securecodebox$ kubectl create namespace securecodebox-system
namespace/securecodebox-system created
securecodebox$ helm --namespace securecodebox-system upgrade --install securecodebox-operator secureCodeBox/operator
securecodebox$ helm --namespace securecodebox-system upgrade --install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator
Release "securecodebox-operator" does not exist. Installing it now.
NAME: securecodebox-operator
LAST DEPLOYED: Fri Jan 26 14:34:50 2024
Expand Down
2 changes: 1 addition & 1 deletion documentation/docs/getting-started/first-scans.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Before we can start scans, we need to install their `ScanTypes`, these tell the
In this guide, we'll use the [Nmap Port & Network Scanner](https://nmap.org), as it is fast and relatively easy to use. We can install the Nmap ScanType via Helm (Make sure to add the helm repo first. See [Installation](/docs/getting-started/installation)):

```bash
helm install nmap secureCodeBox/nmap
helm install nmap oci://ghcr.io/securecodebox/helm/nmap
```

To verify or to see which ScanTypes are installed in your current Namespace you can run:
Expand Down
14 changes: 8 additions & 6 deletions documentation/docs/getting-started/troubleshooting.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,18 +17,20 @@ to create an issue in our [GitHub Repository](https://github.com/secureCodeBox/s

### *helm upgrade --install* does not work

* Check if you have added the secureCodeBox repository:
```bash
helm repo add secureCodeBox https://charts.securecodebox.io
```
* Check your spelling: Helm repo is case-sensitive and no backslash at the end of a resource
In most cases this is related to the helm repository missing. secureCodeBox used a classic helm in the default install instructions until 4.6.0.
Since 4.6.0 it's recommended to install our helm charts using the helm charts from the Open Container Initiative (OCI) images.

E.g.

```bash
# OUTDATE
helm upgrade --install nmap secureCodeBox/nmap
# WRONG!
helm upgrade --install nmap securecodebox/nmap
# ALSO WRONG!
helm upgrade --install nmap secureCodeBox/nmap/
# CORRECT
helm upgrade --install nmap secureCodeBox/nmap
helm upgrade --install nmap oci://ghcr.io/securecodebox/helm/nmap
```

## Running scans
Expand Down
2 changes: 1 addition & 1 deletion documentation/docs/getting-started/uninstallation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ path: "docs/getting-started/uninstallation"

If you want to uninstall every scanner and every hook you can simply delete the namespace in which they were installed (if you did not install any resources you still need in the same namespace).

If you want to uninstall specific scanners or hooks you can delete them via `helm`. For example if you installed nmap using `helm install nmap secureCodeBox/nmap` you can delete nmap like this:
If you want to uninstall specific scanners or hooks you can delete them via `helm`. For example if you installed nmap using `helm install nmap oci://ghcr.io/securecodebox/helm/nmap` you can delete nmap like this:

```bash
helm delete nmap
Expand Down
4 changes: 2 additions & 2 deletions documentation/docs/how-tos/hooks.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ By default, all _hooks_ have a priority of `0`.
If we set `ufh2` hook's priority to `1`, we'll observe that it will execute before `ufh1`.

```bash
helm upgrade --install ufh2 secureCodeBox/update-field-hook --set hook.priority="1" --set attribute.name="category" --set attribute.value="second-hook"
helm upgrade --install ufh2 oci://ghcr.io/securecodebox/helm/update-field-hook --set hook.priority="1" --set attribute.name="category" --set attribute.value="second-hook"
```

```bash
Expand Down Expand Up @@ -210,7 +210,7 @@ The following labels are available by default:
You can also deploy _secureCodeBox_ _hooks_ with your own labels like so:

```bash
helm upgrade --install ufh2 secureCodeBox/update-field-hook --set hook.labels.securecodebox="rocks" --set attribute.name="category" --set attribute.value="second-hook"
helm upgrade --install ufh2 oci://ghcr.io/securecodebox/helm/update-field-hook --set hook.labels.securecodebox="rocks" --set attribute.name="category" --set attribute.value="second-hook"
```

This will add your custom label to the _secureCodeBox_ hook so that you can select is with `hookSelector`.
Expand Down
9 changes: 4 additions & 5 deletions documentation/docs/how-tos/persistence-storage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -277,16 +277,15 @@ At first, we create a cluster and the *secureCodeBox* namespace and operator:
```bash
minikube start

kubectl create namespace securecodebox-system
helm --namespace securecodebox-system upgrade --install securecodebox-operator secureCodeBox/operator
helm --namespace securecodebox-system --create-namespace upgrade --install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator
```

Next, we simply install an exemplary scanner and the *persistence-elastic* hook. Note that Kibana is enabled by default.
```bash
# Scanner and ElasticSearch should be in the same namespace
kubectl create namespace elastic
helm --namespace elastic upgrade --install nmap secureCodeBox/nmap
helm --namespace elastic upgrade --install persistence-elastic secureCodeBox/persistence-elastic
helm --namespace elastic upgrade --install nmap oci://ghcr.io/securecodebox/helm/nmap
helm --namespace elastic upgrade --install persistence-elastic oci://ghcr.io/securecodebox/helm/persistence-elastic
```

That's it! Let us run an example scan (same as above for DefectDojo):
Expand Down Expand Up @@ -361,7 +360,7 @@ Connecting the SCB to a persistence provider, especially DefectDojo, can sometim

```shell
# $YOURLOCALIP should look something like http://192.168.2.242:8080
helm upgrade --install persistence-defectdojo secureCodeBox/persistence-defectdojo \
helm upgrade --install persistence-defectdojo oci://ghcr.io/securecodebox/helm/persistence-defectdojo \
--set="defectdojo.url=$YOURLOCALIP"
```

Expand Down
2 changes: 1 addition & 1 deletion operator/.helm-docs.gotmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ helm repo add secureCodeBox https://charts.securecodebox.io
# Create a new namespace for the secureCodeBox Operator
kubectl create namespace securecodebox-system
# Install the Operator & CRDs
helm install securecodebox-operator secureCodeBox/operator
helm install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator
```
{{- end }}

Expand Down
2 changes: 1 addition & 1 deletion operator/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ helm repo add secureCodeBox https://charts.securecodebox.io
# Create a new namespace for the secureCodeBox Operator
kubectl create namespace securecodebox-system
# Install the Operator & CRDs
helm install securecodebox-operator secureCodeBox/operator
helm install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator
```

## Values
Expand Down
2 changes: 1 addition & 1 deletion operator/docs/README.ArtifactHub.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ helm repo add secureCodeBox https://charts.securecodebox.io
# Create a new namespace for the secureCodeBox Operator
kubectl create namespace securecodebox-system
# Install the Operator & CRDs
helm install securecodebox-operator secureCodeBox/operator
helm install securecodebox-operator oci://ghcr.io/securecodebox/helm/operator
```

## Values
Expand Down
2 changes: 1 addition & 1 deletion scanners/nikto/examples/demo-juice-shop/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,5 @@ In this example we execute an kubeaudit scan against the intentional vulnerable

Before executing the scan, make sure to setup juice-shop
```bash
helm upgrade --install juice-shop secureCodeBox/juice-shop --wait
helm upgrade --install juice-shop oci://ghcr.io/securecodebox/helm/juice-shop --wait
```