secureCodeBox · J12934 · Jun 4, 2019 · Mar 15, 2019 · Apr 1, 2019 · Apr 1, 2019
diff --git a/.github/ISSUE_TEMPLATE/new_security_scanner.md b/.github/ISSUE_TEMPLATE/new_security_scanner.md
@@ -0,0 +1,35 @@
+---
+name: 'New Security Scanner request'
+about: 'Suggest an idea for a new security scanner to integrate in this project.'
+labels: 'security scanner'
+---
+## New Scanner implementation request
+
+**Is your feature request related to a problem? Please describe.**
+- _A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]_
+
+**Describe the solution you'd like**
+- _A clear and concise description of what you want to happen._
+
+**Describe alternatives you've considered**
+- _A clear and concise description of any alternative solutions or features you've considered._
+
+**Additional context**
+- _Add any other context or screenshots about the feature request here._
+
+## Steps to implement a new scanner
+> Hint: A general guide how to implement a new scanner is documented [here]( https://github.com/secureCodeBox/secureCodeBox/blob/master/docs/developer-guide/README.md#developing-own-processes)
+
+### Must have
+- [ ] Create a [new public secureCodeBox repository](https://github.com/organizations/secureCodeBox/repositories/new) for the scanner implementation
+- [ ] Implement a new scanner microservice an reuse some of the existing stuff, if possible
+- [ ] Check if there is a [healthcheck](https://github.com/secureCodeBox/secureCodeBox/blob/master/docs/developer-guide/README.md#healthchecks-for-scanner-microservices) for the microservice implemented
+- [ ] Implement a [new basic security process](https://github.com/secureCodeBox/secureCodeBox/blob/master/docs/developer-guide/README.md#developing-a-process-model) for the scanner
+- [ ] Update the [docker-compose](https://github.com/secureCodeBox/secureCodeBox/blob/master/docker-compose.yml) files and integrate your new scanner there
+- [ ] Update the [user guide](https://github.com/secureCodeBox/secureCodeBox/tree/master/docs/user-guide) and [developer guide](https://github.com/secureCodeBox/secureCodeBox/tree/master/docs/developer-guide)
+- [ ] Implement a integration test for the scanner [here](https://github.com/secureCodeBox/secureCodeBox/tree/master/test)
+
+### Should have
+- [ ] Update the [CLI examples](https://github.com/secureCodeBox/secureCodeBox/tree/master/cli)
+- [ ] Update the [Jenkins Pipeline](https://github.com/secureCodeBox/integration-pipeline-jenkins-examples) examples
+- [ ] Update the [OpenShift Container Setup](https://github.com/secureCodeBox/ansible-role-securecodebox-openshift)
diff --git a/docs/developer-guide/README.md b/docs/developer-guide/README.md
@@ -78,8 +78,8 @@ curl -X POST 'http://<your-docker-host>:8080/box/jobs/<job-id>/result' -H 'Conte
 </details>
 
 
-To edit these models, Camunda provides a free modelling tool for the BPMN models which you can [download here](camunda_modeler).
-Feel free to get inspiration from the [prepackaged processes here](prepackaged_processes). 
+To edit these models, Camunda provides a free modelling tool for the BPMN models which you can [download here](https://camunda.com/products/modeler/).
+Feel free to get inspiration from the [prepackaged processes here](https://github.com/secureCodeBox/engine/tree/master/scb-scanprocesses). 
 
 <details>
 <summary>Just copy a process model from the prepackaged?</summary>
@@ -239,6 +239,3 @@ Note:
     },
 }
 ```
-
-[prepackaged_processes]: https://github.com/secureCodeBox/engine/tree/master/scb-scanprocesses
-[camunda_modeler]: https://camunda.com/download/modeler/
diff --git a/docs/user-guide/persistence/README.md b/docs/user-guide/persistence/README.md
@@ -62,27 +62,30 @@ Alternatively the corresponding environment variables, e.g. `SECURECODEBOX_PERSI
 #### Runetime Security Test Config
 
 The DefectDjojo Persistence Provider requries some additional configuration for every securityTest.
-This configuration is to set additional information e.g. for which product should engagment and findings be created?
-
-| Meta Field            |  Description                                                                                         | Example Value | Mandatory |
-| --------------------- | ---------------------------------------------------------------------------------------------------- | ------------- | --------- |
-| `DEFECT_DOJO_USER`    | Username of the DefectDojo user responsible for the scan. Defaults to username of the technical user | john_doe      | no        |
-| `SCB_BRANCH`          | Tag or branch of the product the engagement tested                                                   | develop       | no        |
-| `SCB_BUILD_ID`        | Build ID of the product the engagement tested                                                        | 1.0           | no        |
-| `SCB_COMMIT_HASH`     | Commit hash from repo                                                                                | 9a03412       | no        |
-| `SCB_TRACKER`         | Link to epic or ticket system with changes to version                                                | http://your-ticket-system.com  | no        |
-| `SCB_REPO`            | Repository                                                                                           | http://your-remote-repository.com  | no        |
-| `SCB_BUILD_SERVER`    | Build server responsible for CI/CD test                                                              | http://your-build-server.com | no        |
-| `SCB_SCM_SERVER`      | Source code server for CI/CD test                                                                    | http://your-scm-server.com | no     |
-| `SCB_ENGAGEMENT_TITLE`| Title for the engagement. Defaults to name of the supported scanner or "Generic Findings Import"     | Engagement No.1337 | no      |
-
-An example security test with these values set would look like this.
+This configuration has only one **mandatory** parameter, which is the **context** of the security scan. This has to be the same as the product name inside DefectDojo related to the scan. Once the scan is finished a new engagment for the product and all findings are getting imported.
+
+Other than the context, there are also a number of optional params, which are used to populate other fields of the DefectDojo engagment.
+These can be set by passing them in the `metaData` param of the securityTest.
+
+| Meta Field             |  Description                                                                                         | Example Value                     | Mandatory |
+| ---------------------- | ---------------------------------------------------------------------------------------------------- | --------------------------------- | --------- |
+| `DEFECT_DOJO_USER`     | Username of the DefectDojo user responsible for the scan. Defaults to username of the technical user | john_doe                          | no        |
+| `SCB_BRANCH`           | Tag or branch of the product the engagement tested                                                   | develop                           | no        |
+| `SCB_BUILD_ID`         | Build ID of the product the engagement tested                                                        | 1.0                               | no        |
+| `SCB_COMMIT_HASH`      | Commit hash from repo                                                                                | 9a03412                           | no        |
+| `SCB_TRACKER`          | Link to epic or ticket system with changes to version                                                | http://your-ticket-system.com     | no        |
+| `SCB_REPO`             | Repository                                                                                           | http://your-remote-repository.com | no        |
+| `SCB_BUILD_SERVER`     | Build server responsible for CI/CD test                                                              | http://your-build-server.com      | no        |
+| `SCB_SCM_SERVER`       | Source code server for CI/CD test                                                                    | http://your-scm-server.com        | no        |
+| `SCB_ENGAGEMENT_TITLE` | Title for the engagement. Defaults to name of the supported scanner or "Generic Findings Import"     | Engagement No.1337                | no        |
+
+An example security test with these values set would look like this:
 
 ```json
 [
   {
     "name": "nmap",
-    "context": "feature-team-1/product-1",
+    "context": "product-1",
     "target": {
       "name": "Test Server",
       "location": "10.11.11.11",
@@ -91,15 +94,15 @@ An example security test with these values set would look like this.
       }
     },
     "metaData": {
-        "DEFECT_DOJO_USER": "john_doe",
-        "SCB_BRANCH": "develop",
-        "SCB_BUILD_ID": "1.0",
-        "SCB_COMMIT_HASH": "9a03412",
-        "SCB_TRACKER": "http://your-ticket-system.com",
-        "SCB_REPO": "http://your-remote-repository.com",
-        "SCB_BUILD_SERVER": "http://your-build-server.com",
-        "SCB_SCM_SERVER": "http://your-scm-server.com",
-        "SCB_ENGAGEMENT_TITLE": "Engagement No.1337"
+      "DEFECT_DOJO_USER": "john_doe",
+      "SCB_BRANCH": "develop",
+      "SCB_BUILD_ID": "1.0",
+      "SCB_COMMIT_HASH": "9a03412",
+      "SCB_TRACKER": "http://your-ticket-system.com",
+      "SCB_REPO": "http://your-remote-repository.com",
+      "SCB_BUILD_SERVER": "http://your-build-server.com",
+      "SCB_SCM_SERVER": "http://your-scm-server.com",
+      "SCB_ENGAGEMENT_TITLE": "Engagement No.1337"
     }
   }
 ]

diff --git a/test/package-lock.json b/test/package-lock.json
diff --git a/test/package.json b/test/package.json
@@ -9,7 +9,7 @@
   },
   "license": "Apache2",
   "devDependencies": {
-    "axios": "^0.18.0",
+    "axios": "^0.18.1",
     "jest": "^24.0.0"
   },
   "jest": {