Merged
Conversation
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
The old version of the integration test framework did not have support for the new initContainer syntax introduced in ADR-0009. This commit adds this support, which is necessary for the semgrep integration tests Signed-off-by: Max Maass <max.maass@iteratec.com>
These tests require network access to download test files, as I do not know of a good way to provision the test files for them. Alternatives are appreciated. Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
We do not want to save the matched lines into the s3 bucket without encryption, as the lines may include sensitive information. Signed-off-by: Max Maass <max.maass@iteratec.com>
The semgrep scanner will not ship with default cascadingRules, so we provide documentation on how to write your own instead. Signed-off-by: Max Maass <max.maass@iteratec.com>
We do not want to retrieve files from the Internet for the integration tests, so the test now uses a local file in the repo. Signed-off-by: Max Maass <max.maass@iteratec.com>
DefectDojo supports semgrep, so this commit adds support for the semgrep results to the DD hook. It works fine on individual scans, but I still want to do some more testing before merging this. Signed-off-by: Max Maass <max.maass@iteratec.com>
rfelber
requested changes
Oct 20, 2021
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Member
Author
|
The PR is ready for review now. There are still some issues with the DefectDojo importer, but these appear to be unrelated to my changes, so it will be tracked in a separate issue: #746 |
J12934
reviewed
Oct 21, 2021
Member
|
The generate helm docs GitHub Action seems to be broken because not all docs files are generated here 🤔 |
Signed-off-by: Max Maass <max.maass@iteratec.com>
Member
Author
|
Seems to be broken indeed |
Member
Author
|
What is currently missing in the semgrep scanner is a way to explicitly state in the results which repository was scanned. The semgrep result JSON do not contain this information (let alone the exact Git commit ID). If there is a good way to include this somehow, give me a pointer how and I'd be happy to implement it. |
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: Max Maass <max.maass@iteratec.com>
Signed-off-by: GitHub Actions <securecodebox@iteratec.com>
rfelber
previously approved these changes
Oct 22, 2021
Member
There was a problem hiding this comment.
Love this thing 😍 Thx alot @malexmave !
Signed-off-by: Max Maass <max.maass@iteratec.com>
rfelber
approved these changes
Oct 24, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds semgrep as a new scanner to the secureCodeBox. Closes #595. Creating this as a draft PR while I do one last sanity check and to see what the CI thinks about it, but should generally be ready.
Since I accidentally committed to the wrong branch, this PR also includes a change to the integration test system to add support for initContainers, as this was used by some integrations tests (which I have since commented out because they used external Git repositories for testing).
It does not contain default cascading scan rules, but gives an example for one in the documentation.
Checklist
npm testruns for the whole project.