diff --git a/.github/workflows/build_images.yaml b/.github/workflows/build_images.yaml index 33cbfc45..7d9e0721 100644 --- a/.github/workflows/build_images.yaml +++ b/.github/workflows/build_images.yaml @@ -88,6 +88,7 @@ jobs: with: images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.Imagename }} tags: | + type=raw,value=latest,enable={{is_default_branch}} type=semver,pattern={{version}},prefix=v type=semver,pattern={{major}}.{{minor}},prefix=v type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }},prefix=v @@ -97,7 +98,7 @@ jobs: type=schedule type=raw,value=${{ github.sha }} type=sha,enable=true,format=short,prefix= - type=edge,branch=master + type=edge,branch=main # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action diff --git a/scanner/nvd/chart/nvd-scanner/templates/_helpers.tpl b/scanner/nvd/chart/nvd-scanner/templates/_helpers.tpl index cda7bd62..83b35b97 100644 --- a/scanner/nvd/chart/nvd-scanner/templates/_helpers.tpl +++ b/scanner/nvd/chart/nvd-scanner/templates/_helpers.tpl @@ -49,14 +49,3 @@ Selector labels app.kubernetes.io/name: {{ include "nvd-scanner.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "nvd-scanner.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "nvd-scanner.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/scanner/nvd/chart/nvd-scanner/templates/config/_scanner_config.yaml.tpl b/scanner/nvd/chart/nvd-scanner/templates/config/_scanner_config.yaml.tpl deleted file mode 100644 index 54049517..00000000 --- a/scanner/nvd/chart/nvd-scanner/templates/config/_scanner_config.yaml.tpl +++ /dev/null @@ -1,2 +0,0 @@ -config: - some_key: some_value \ No newline at end of file diff --git a/scanner/nvd/chart/nvd-scanner/templates/configmap.yaml b/scanner/nvd/chart/nvd-scanner/templates/configmap.yaml deleted file mode 100644 index 27f9d2f9..00000000 --- a/scanner/nvd/chart/nvd-scanner/templates/configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors -# SPDX-License-Identifier: Apache-2.0 - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-configmap -data: - config.yaml: | -{{ include (print .Template.BasePath "/config/_scanner_config.yaml.tpl") . | indent 4 }} diff --git a/scanner/nvd/chart/nvd-scanner/templates/cronjob.yaml b/scanner/nvd/chart/nvd-scanner/templates/cronjob.yaml index dbd2a00f..ebee3bc8 100644 --- a/scanner/nvd/chart/nvd-scanner/templates/cronjob.yaml +++ b/scanner/nvd/chart/nvd-scanner/templates/cronjob.yaml @@ -11,18 +11,10 @@ spec: spec: template: spec: - volumes: - - name: config-volume - configMap: - name: {{ .Release.Name }}-configmap containers: - name: {{ .Release.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: config-volume - mountPath: "{{ .Values.scanner.config_mount_path }}" - readOnly: true env: - name: HEUREKA_API_TOKEN valueFrom: @@ -31,8 +23,17 @@ spec: key: api_token - name: HEUREKA_URL value: {{ .Values.scanner.heureka_url }} - args: - - /bin/sh - - -c - - date; echo Hello from the Kubernetes cluster + - name: NVDSERVER_URL + value: {{ .Values.scanner.nvd.api_url }} + - name: NVD_API_KEY + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secret + key: nvd_api_key + - name: NVD_RESULTS_PER_PAGE + value: {{ .Values.scanner.nvd.results_per_page }} + - name: NVD_START_DATE + value: {{ .Values.scanner.nvd.start_date }} + - name: NVD_END_DATE + value: {{ .Values.scanner.nvd.end_date }} restartPolicy: OnFailure \ No newline at end of file diff --git a/scanner/nvd/chart/nvd-scanner/templates/secrets.yaml b/scanner/nvd/chart/nvd-scanner/templates/secrets.yaml index 683efe59..b7928ef3 100644 --- a/scanner/nvd/chart/nvd-scanner/templates/secrets.yaml +++ b/scanner/nvd/chart/nvd-scanner/templates/secrets.yaml @@ -7,4 +7,5 @@ metadata: name: {{ .Release.Name }}-secret type: Opaque data: - api_token: {{ .Values.scanner.api_token | b64enc }} \ No newline at end of file + api_token: {{ .Values.scanner.api_token | b64enc }} + nvd_api_key: {{ .Values.scanner.nvd_api_key | b64enc }} \ No newline at end of file diff --git a/scanner/nvd/chart/nvd-scanner/templates/serviceaccount.yaml b/scanner/nvd/chart/nvd-scanner/templates/serviceaccount.yaml deleted file mode 100644 index 03d449d9..00000000 --- a/scanner/nvd/chart/nvd-scanner/templates/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors -# SPDX-License-Identifier: Apache-2.0 - -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "nvd-scanner.serviceAccountName" . }} - labels: - {{- include "nvd-scanner.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/scanner/nvd/chart/nvd-scanner/values.yaml b/scanner/nvd/chart/nvd-scanner/values.yaml index e09e027e..71cb5c6c 100644 --- a/scanner/nvd/chart/nvd-scanner/values.yaml +++ b/scanner/nvd/chart/nvd-scanner/values.yaml @@ -8,22 +8,17 @@ scanner: api_token: "my_token" heureka_url: "api.heureka.greenhouse-qa.eu-nl-1.cloud.sap" - config_mount_path: "/etc/heureka/config/nvd-scanner" schedule: "0 * * * *" + nvd: + api_url: "" + api_key: "" + results_per_page: 2000 + # can be used to specify the range from which the NVD data should be fetched, by default is fetched from last day + start_date: "" + end_date: "" image: repository: ghcr.io/cloudoperators/heureka-scanner-nvd pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "main" - -serviceAccount: - # Specifies whether a service account should be created - create: false - # Automatically mount a ServiceAccount's API credentials? - automount: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" + tag: "latest" diff --git a/scanner/nvd/client/generated.go b/scanner/nvd/client/generated.go index 2d8591c8..a47077ab 100644 --- a/scanner/nvd/client/generated.go +++ b/scanner/nvd/client/generated.go @@ -187,13 +187,13 @@ type IssueRepositoryConnectionEdgesIssueRepositoryEdge struct { func (v *IssueRepositoryConnectionEdgesIssueRepositoryEdge) GetNode() *IssueRepository { return v.Node } type IssueRepositoryFilter struct { - ServiceName []string `json:"serviceName"` + ServiceCcrn []string `json:"serviceCcrn"` ServiceId []string `json:"serviceId"` Name []string `json:"name"` } -// GetServiceName returns IssueRepositoryFilter.ServiceName, and is useful for accessing the field via an interface. -func (v *IssueRepositoryFilter) GetServiceName() []string { return v.ServiceName } +// GetServiceCcrn returns IssueRepositoryFilter.ServiceCcrn, and is useful for accessing the field via an interface. +func (v *IssueRepositoryFilter) GetServiceCcrn() []string { return v.ServiceCcrn } // GetServiceId returns IssueRepositoryFilter.ServiceId, and is useful for accessing the field via an interface. func (v *IssueRepositoryFilter) GetServiceId() []string { return v.ServiceId } diff --git a/scanner/nvd/go.mod b/scanner/nvd/go.mod index 3c6aed1f..47fcb64d 100644 --- a/scanner/nvd/go.mod +++ b/scanner/nvd/go.mod @@ -1,6 +1,8 @@ module github.com/cloudoperators/heureka/scanner/nvd -go 1.22.4 +go 1.22.5 + +toolchain go1.22.6 require ( github.com/onsi/ginkgo/v2 v2.20.0 @@ -13,12 +15,14 @@ require ( github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect - github.com/vektah/gqlparser/v2 v2.5.15 // indirect + github.com/vektah/gqlparser/v2 v2.5.16 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/net v0.28.0 // indirect - golang.org/x/sys v0.23.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/text v0.18.0 // indirect golang.org/x/tools v0.24.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/scanner/nvd/go.sum b/scanner/nvd/go.sum index 776d575e..6b4a0c01 100644 --- a/scanner/nvd/go.sum +++ b/scanner/nvd/go.sum @@ -1,10 +1,18 @@ github.com/Khan/genqlient v0.7.0 h1:GZ1meyRnzcDTK48EjqB8t3bcfYvHArCUUvgOwpz1D4w= github.com/Khan/genqlient v0.7.0/go.mod h1:HNyy3wZvuYwmW3Y7mkoQLZsa/R5n5yIRajS1kPBvSFM= +github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= +github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= +github.com/alexflint/go-arg v1.4.2 h1:lDWZAXxpAnZUq4qwb86p/3rIJJ2Li81EoMbTMujhVa0= +github.com/alexflint/go-arg v1.4.2/go.mod h1:9iRbDxne7LcR/GSvEr7ma++GLpdIU1zrghf2y2768kM= +github.com/alexflint/go-scalar v1.0.0 h1:NGupf1XV/Xb04wXskDFzS0KWOLH632W/EO4fAFi+A70= +github.com/alexflint/go-scalar v1.0.0/go.mod h1:GpHzbCOZXEKMEcygYQ5n/aa4Aq84zbxjy3MxYW0gjYw= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= +github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= @@ -26,28 +34,35 @@ github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NF github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/vektah/gqlparser/v2 v2.5.15 h1:fYdnU8roQniJziV5TDiFPm/Ff7pE8xbVSOJqbsdl88A= -github.com/vektah/gqlparser/v2 v2.5.15/go.mod h1:WQQjFc+I1YIzoPvZBhUQX7waZgg3pMLi0r8KymvAE2w= +github.com/vektah/gqlparser/v2 v2.5.16 h1:1gcmLTvs3JLKXckwCwlUagVn/IlV2bwqle0vJ0vy5p8= +github.com/vektah/gqlparser/v2 v2.5.16/go.mod h1:1lz1OeCqgQbQepsGxPVywrjdBHW2T08PUS3pJqepRww= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= +golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=