secureCodeBox · J12934 · Nov 15, 2021 · Nov 9, 2021 · Nov 9, 2021 · Nov 9, 2021
diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml
@@ -39,7 +39,7 @@ jobs:
       - name: Fetch scanner's version API
         uses: mikefarah/yq@v4.4.1
         with:
-          cmd: echo versionApi=$(yq e .versionApi scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV
+          cmd: echo versionApi=$(yq e .annotations.versionApi scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV
 
       - name: Fetch latest release scanner version
         run: echo release=$((curl -sL ${{env.versionApi}}  ) | jq -r ".tag_name") | tr -d "v" >> $GITHUB_ENV
@@ -60,13 +60,56 @@ jobs:
           echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
           echo prExists=$(gh pr list --state open --limit 100 | grep -F "$pullRequestTitle" -c) >> $GITHUB_ENV
 
-      - name: Upgrade Scanner
+      - name: Fetch new release changelog
+        if: ${{ env.release != env.local }}
+        run: echo releaseChangelog=$((curl -sL ${{env.versionApi}}  ) | jq -r ".body") >> $GITHUB_ENV
+
+      - name: Upgrade Scanner Helm Chart
         if: ${{ env.release != env.local && env.prExists == 0 }}
         uses: mikefarah/yq@v4.4.1
         with:
           # appVersion value in chart is replaced with release value. Empty lines are deleted in the process
           cmd: yq e --inplace '.appVersion = "v${{env.release}}"' ./scanners/${{ matrix.scanner }}/Chart.yaml
 
+      # Updating Helm Docs
+      - name: Download Helm Docs
+        run: |
+          mkdir helm-docs
+          cd helm-docs
+
+          curl --output helm-docs.tar.gz --location https://github.com/norwoodj/helm-docs/releases/download/v1.5.0/helm-docs_1.5.0_Linux_x86_64.tar.gz
+          # Checksum must be extracted from the checksum file every time helm-docs gets updated.
+          echo "a352e13a8438045b8ed138b821cb757c177acd999c1af77345152d7a64b0ddb7  helm-docs.tar.gz" | shasum --check
+
+          tar -xvf helm-docs.tar.gz
+          # Verify installation
+          ./helm-docs --version
+
+          sudo mv helm-docs /usr/local/bin/helm-docs
+
+      - name: Generate README
+        run: |
+          make readme
+      - name: Generate Demo-Apps Docs
+        run: make demo-apps-docs
+
+      - name: Generate Hooks Docs
+        run: make hook-docs
+
+      - name: Generate Scanner Docs
+        run: make scanner-docs
+
+      - name: Generate Operator Docs
+        run: make operator-docs
+
+      - name: Generate AutoDiscovery Docs
+        run: make auto-discovery-docs
+
+      - name: Remove Helm Docs Files
+        run: |
+          # Remove helm-docs download to ensure they don't get committed back
+          rm -rf helm-docs
+
       - name: Create Pull Request
         if: ${{ env.release != env.local && env.prExists == 0 }}
         uses: peter-evans/create-pull-request@v3
@@ -78,6 +121,9 @@ jobs:
           body: "This is an automated Pull Request by the SCB-Bot. It upgrades ${{ matrix.scanner }} from ${{env.local}} to ${{env.release}}"
           branch: "dependencies/upgrading-${{ matrix.scanner }}-to-${{env.release}}"
           labels: dependencies,scanner
-          commit-message: "Upgrading ${{ matrix.scanner }} from ${{env.local}} to ${{env.release}}"
+          commit-message: |
+            Upgrading ${{ matrix.scanner }} from ${{env.local}} to ${{env.release}}
+            ## Release changes :
+            ${{env.releaseChangelog}}
           signoff: true
-          base: main
+          base: main
diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml
@@ -10,7 +10,8 @@ type: application
 version: v3.1.0-alpha1
 appVersion: "v3.14.3"
 kubeVersion: ">=v1.11.0-0"
-versionApi: https://api.github.com/repos/OWASP/Amass/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/OWASP/Amass/releases/latest
 keywords:
   - security
   - amass

diff --git a/scanners/angularjs-csti-scanner/Chart.yaml b/scanners/angularjs-csti-scanner/Chart.yaml
@@ -12,7 +12,8 @@ version: v3.1.0-alpha1
 appVersion: "3.0.6"
 kubeVersion: ">=v1.11.0-0"
 
-versionApi : https://api.github.com/repos/tijme/angularjs-csti-scanner/releases/latest
+annotations:
+  versionApi : https://api.github.com/repos/tijme/angularjs-csti-scanner/releases/latest
 
 keywords:
   - security

diff --git a/scanners/cmseek/Chart.yaml b/scanners/cmseek/Chart.yaml
@@ -12,7 +12,8 @@ version: v3.1.0-alpha1
 appVersion: "1.1.3"
 kubeVersion: ">=v1.11.0-0"
 
-versionApi: https://api.github.com/repos/Tuhinshubhra/CMSeeK/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/Tuhinshubhra/CMSeeK/releases/latest
 
 keywords:
   - security

diff --git a/scanners/gitleaks/Chart.yaml b/scanners/gitleaks/Chart.yaml
@@ -12,7 +12,8 @@ version: v3.1.0-alpha1
 appVersion: "v7.6.1"
 kubeVersion: ">=v1.11.0-0"
 
-versionApi: https://api.github.com/repos/zricethezav/gitleaks/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/zricethezav/gitleaks/releases/latest
 
 keywords:
   - security

diff --git a/scanners/kube-hunter/Chart.yaml b/scanners/kube-hunter/Chart.yaml
@@ -10,7 +10,8 @@ type: application
 version: v3.1.0-alpha1
 appVersion: "0.6.3"
 kubeVersion: ">=v1.11.0-0"
-versionApi: https://api.github.com/repos/aquasecurity/kube-hunter/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/aquasecurity/kube-hunter/releases/latest
 keywords:
   - security
   - kube-hunter

diff --git a/scanners/kubeaudit/Chart.yaml b/scanners/kubeaudit/Chart.yaml
@@ -11,7 +11,8 @@ version: v3.1.0-alpha1
 appVersion: "v0.14.2"
 kubeVersion: ">=v1.11.0-0"
 
-versionApi: https://api.github.com/repos/Shopify/kubeaudit/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/Shopify/kubeaudit/releases/latest
 
 keywords:
   - security

diff --git a/scanners/ncrack/Chart.yaml b/scanners/ncrack/Chart.yaml
@@ -12,7 +12,8 @@ version: v3.1.0-alpha1
 appVersion: "0.7"
 kubeVersion: ">=v1.11.0-0"
 
-versionApi: https://api.github.com/repos/nmap/ncrack/releases/latest 
+annotations:
+  versionApi: https://api.github.com/repos/nmap/ncrack/releases/latest 
 
 keywords:
   - security

diff --git a/scanners/nuclei/Chart.yaml b/scanners/nuclei/Chart.yaml
@@ -12,7 +12,8 @@ version: v3.1.0-alpha1
 appVersion: "v2.5.2"
 kubeVersion: ">=v1.11.0-0"
 
-versionApi: https://api.github.com/repos/projectdiscovery/nuclei/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/projectdiscovery/nuclei/releases/latest
 
 keywords:
   - security

diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml
@@ -19,7 +19,8 @@ version: "v3.1.0-alpha1"
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "0.71.0"
-versionApi: https://api.github.com/repos/returntocorp/semgrep/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/returntocorp/semgrep/releases/latest
 kubeVersion: ">=v1.11.0-0"
 home: https://docs.securecodebox.io/docs/scanners/semgrep
 icon: https://docs.securecodebox.io/img/integrationIcons/semgrep.svg # TODO: Add this

diff --git a/scanners/ssh-scan/Chart.yaml b/scanners/ssh-scan/Chart.yaml
@@ -12,7 +12,8 @@ version: v3.1.0-alpha1
 appVersion: "0.0.44"
 kubeVersion: ">=v1.11.0-0"
 
-versionApi: https://api.github.com/repos/mozilla/ssh_scan/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/mozilla/ssh_scan/releases/latest
 
 keywords:
   - security

diff --git a/scanners/sslyze/Chart.yaml b/scanners/sslyze/Chart.yaml
@@ -10,7 +10,8 @@ type: application
 version: v3.1.0-alpha1
 appVersion: "v4.1.0"
 kubeVersion: ">=v1.11.0-0"
-versionApi: https://api.github.com/repos/nabla-c0d3/sslyze/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/nabla-c0d3/sslyze/releases/latest
 keywords:
   - security
   - ssl

diff --git a/scanners/trivy/Chart.yaml b/scanners/trivy/Chart.yaml
@@ -10,7 +10,8 @@ type: application
 version: v3.1.0-alpha1
 appVersion: "0.20.2"
 kubeVersion: ">=v1.11.0-0"
-versionApi: https://api.github.com/repos/aquasecurity/trivy/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/aquasecurity/trivy/releases/latest
 keywords:
   - security
   - trivy

diff --git a/scanners/whatweb/Chart.yaml b/scanners/whatweb/Chart.yaml
@@ -12,7 +12,8 @@ version: v3.1.0-alpha1
 appVersion: "v0.5.5"
 kubeVersion: ">=v1.11.0-0"
 
-versionApi: https://api.github.com/repos/urbanadventurer/WhatWeb/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/urbanadventurer/WhatWeb/releases/latest
 
 keywords:
   - security

diff --git a/scanners/wpscan/Chart.yaml b/scanners/wpscan/Chart.yaml
@@ -12,7 +12,8 @@ version: v3.1.0-alpha1
 appVersion: "v3.8.19"
 kubeVersion: ">=v1.11.0-0"
 
-versionApi: https://api.github.com/repos/wpscanteam/wpscan/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/wpscanteam/wpscan/releases/latest
 
 keywords:
   - security

diff --git a/scanners/zap-advanced/Chart.yaml b/scanners/zap-advanced/Chart.yaml
@@ -10,7 +10,8 @@ type: application
 version: v3.1.0-alpha1
 appVersion: "2.11.0"
 kubeVersion: ">=v1.11.0-0"
-versionApi: https://api.github.com/repos/zaproxy/zaproxy/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/zaproxy/zaproxy/releases/latest
 keywords:
   - security
   - ZAP

diff --git a/scanners/zap/Chart.yaml b/scanners/zap/Chart.yaml
@@ -10,7 +10,8 @@ type: application
 version: v3.1.0-alpha1
 appVersion: "2.11.0"
 kubeVersion: ">=v1.11.0-0"
-versionApi: https://api.github.com/repos/zaproxy/zaproxy/releases/latest
+annotations:
+  versionApi: https://api.github.com/repos/zaproxy/zaproxy/releases/latest
 keywords:
   - security
   - Zap