ScanType
The ScanType Custom Resource Definition (CRD) is used to define to the secureCodeBox how a specific scanner can be executed in Kubernetes. The main part of the ScanType is the JobTemplate, which contains a Kubernetes Job definition that will be used to construct the scans Job.
Specification (Spec)​
ExtractResults (Required)​
The extractResults
field contains an object (fields of the object listed below) which describes what types of results this scanType produced and from where these should be extracted.
ExtractResults.Type (Required)​
The type
field indicates the type of the file.
Usually a combination of the scanner name and file type. E.g. nmap-xml
The type is used to determine which parser would be used to handle this result file.
ExtractResults.Location (Required)​
The location
field describes from where the result file can be extracted.
The absolute path on the containers file system.
Must be located in /home/securecodebox/
so that the result is reachable by the secureCodeBox Lurker sidecar which performs the actual extraction of the result.
E.g. /home/securecodebox/nmap-results.xml
JobTemplate (Required)​
Template of the Kubernetes job to create when running the scan.
For info about the JobTemplate generic parameters, see here: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#job-v1-batch
When specified, as with the ttlSecondsAfterFinished
parameter, the values from values.yaml
will be used in the JobTemplate.
Example​
apiVersion: "execution.securecodebox.io/v1"
kind: ScanType
metadata:
name: "typo3scan"
spec:
extractResults:
type: typo3scan-json
location: "/home/securecodebox/typo3scan.json"
jobTemplate:
spec:
{{- if .Values.scanner.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ .Values.scanner.ttlSecondsAfterFinished }}
{{- end }}
backoffLimit: {{ .Values.scanner.backoffLimit }}
template:
spec:
restartPolicy: Never
containers:
- name: typo3scan
image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.AppVersion }}"
command:
- "python3"
- "/home/typo3scan/typo3scan.py"
# Remove any user-interation
- "--no-interaction"
# Output in json format
- "--json"
resources:
{{- toYaml .Values.scanner.resources | nindent 16 }}
securityContext:
{{- toYaml .Values.scanner.securityContext | nindent 16 }}
env:
{{- toYaml .Values.scanner.env | nindent 16 }}
volumeMounts:
{{- toYaml .Values.scanner.extraVolumeMounts | nindent 16 }}
{{- if .Values.scanner.extraContainers }}
{{- toYaml .Values.scanner.extraContainers | nindent 12 }}
{{- end }}
volumes:
{{- toYaml .Values.scanner.extraVolumes | nindent 12 }}