GithubHelp home page GithubHelp logo

securecodebox / documentation Goto Github PK

View Code? Open in Web Editor NEW
9.0 6.0 11.0 36.76 MB

This repo contains the complete SCB project documentation.

Home Page: https://docs.secureCodeBox.io

securecodebox docusaurus documentation hacktoberfest

documentation's Introduction

OWASP secureCodeBox

secureCodeBox Logo secureCodeBox Logo

License Apache-2.0 GitHub release (latest SemVer) OWASP Lab Project Artifact HUB Mastodon Follower Build Known Vulnerabilities

secureCodeBox is a kubernetes based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of security-testing tools out of the box.

Overview

For additional documentation aspects please have a look at our documentation website:

Purpose of this Project

The typical way to ensure application security is to hire a security specialist (aka penetration tester) at some point in your project to check the application for security bugs and vulnerabilities. Usually, this check is done at a later stage of the project and has two major drawbacks:

  1. Nowadays, a lot of projects do continuous delivery, which means the developers deploy new versions multiple times each day. The penetration tester is only able to check a single snapshot, but some further commits could introduce new security issues. To ensure ongoing application security, the penetration tester should also continuously test the application. Unfortunately, such an approach is rarely financially feasible.
  2. Due to a typically time boxed analysis, the penetration tester has to focus on trivial security issues (low-hanging fruit) and therefore will probably not address the serious, non-obvious ones.

With the secureCodeBox we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.

The purpose of secureCodeBox is not to replace the penetration testers or make them obsolete. We strongly recommend to run extensive tests by experienced penetration testers on all your applications.

Important note: The secureCodeBox is no simple one-button-click-solution! You must have a deep understanding of security and how to configure the scanners. Furthermore, an understanding of the scan results and how to interpret them is also necessary.

There is a German article about Security DevOps – Angreifern (immer) einen Schritt voraus in the software engineering journal OBJEKTSpektrum.

Quickstart

You can find resources to help you get started on our documentation website including instruction on how to install the secureCodeBox and guides to help you run your first scans with it.

Architecture Overview

secureCodeBox Architecture

Upgrading

For the steps required for upgrading your secureCodeBox installation, see Upgrading.

License

Code of secureCodeBox is licensed under the Apache License 2.0.

Community

You are welcome, please join us on... πŸ‘‹

secureCodeBox is an official OWASP project.

Contributing

Contributions are welcome and extremely helpful πŸ™Œ Please have a look at Contributing

Thanks to Our Awesome Contributors

Awesome Contributors

Sponsors

iteratec Logo

SDA SE Logo Timo Pagel IT Consulting Logo Secura Logo Signal Iduna Logo

Author Information

Sponsored and maintained by iteratec GmbH - secureCodeBox.io

documentation's People

Contributors

dependabot[bot] avatar dpatanin avatar fbelz avatar fphoer avatar fuhrmeistery avatar ilyesbdlala avatar j12934 avatar johannawalker avatar johanneszahn avatar malexmave avatar ramisouai avatar rebeccan avatar rseedorff avatar sebief avatar stijn-fe avatar sw-fox avatar the-simmon avatar twwd avatar weltraumschaf avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

endpositive stijn-fe sanmai-nl jhanavi08 likeaweb sebief hanoos corrupt sw-fox snoopy-cat o1oo11oo

documentation's Issues

Swap the H1 and H2 for better SEO

We should swap the H1 and H2 because the H1 is more important for the crawler. The H1 should contain "Automated Security Testing" and not the H2.

This was an advise from our marketing specialist.

Check docs for all scanners for correctness: Gitleaks

Part of the effort to sanity-check all documentation.

Scanner Sanity-Check:

  • Sanity Check if the existing documentation is understandable and useful for you as a (first time) user
  • Ensure the general chart/scanner description is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.chartAboutSection" -}}
  • Ensure the baseline scanner configuration is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.scannerConfigurationSection" -}}
  • Ensure there is at minimum one scan example with the following files:
    • Example Scan File: ./scanner/NAME/examples/EXAMPLE-NAME/scan.yaml
    • Example Scan Result File: ./scanner/NAME/examples/EXAMPLE-NAME/findings.yaml
  • Ensure the docs files are generated correct and are up to date (sometimes the automated helm-docs update via SCB-Bot failed to update the docs correctly)
    • ./scanner/NAME/readme.md
    • ./scanner/NAME/docs/README.ArtifactHub.md
    • ./scanner/NAME/docs/README.DockerHub-Parser.md
    • Optional, only if a dedicated scanner image is defined:./scanner/NAME/docs/README.DockerHub-Scanner.md

Additional Context:

Write a Documentation Style Guide

As a developer I want a style guide so that I know how to format the Markdown in documentation.

Acceptance criteria:

  • There is a section about this topic under the contribution section.
  • There is defined what markup we use for which entity in text.

Check docs for all scanners for correctness: AngularJS CSTI Scanner

Part of the effort to sanity-check all documentation.

Scanner Sanity-Check:

  • Sanity Check if the existing documentation is understandable and useful for you as a (first time) user
  • Ensure the general chart/scanner description is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.chartAboutSection" -}}
  • Ensure the baseline scanner configuration is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.scannerConfigurationSection" -}}
  • Ensure there is at minimum one scan example with the following files:
    • Example Scan File: ./scanner/NAME/examples/EXAMPLE-NAME/scan.yaml
    • Example Scan Result File: ./scanner/NAME/examples/EXAMPLE-NAME/findings.yaml
  • Ensure the docs files are generated correct and are up to date (sometimes the automated helm-docs update via SCB-Bot failed to update the docs correctly)
    • ./scanner/NAME/readme.md
    • ./scanner/NAME/docs/README.ArtifactHub.md
    • ./scanner/NAME/docs/README.DockerHub-Parser.md
    • Optional, only if a dedicated scanner image is defined:./scanner/NAME/docs/README.DockerHub-Scanner.md

Additional Context:

Check docs for all scanners for correctness: nuclei

Part of the effort to sanity-check all documentation.

Scanner Sanity-Check:

  • Sanity Check if the existing documentation is understandable and useful for you as a (first time) user
  • Ensure the general chart/scanner description is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.chartAboutSection" -}}
  • Ensure the baseline scanner configuration is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.scannerConfigurationSection" -}}
  • Ensure there is at minimum one scan example with the following files:
    • Example Scan File: ./scanner/NAME/examples/EXAMPLE-NAME/scan.yaml
    • Example Scan Result File: ./scanner/NAME/examples/EXAMPLE-NAME/findings.yaml
  • Ensure the docs files are generated correct and are up to date (sometimes the automated helm-docs update via SCB-Bot failed to update the docs correctly)
    • ./scanner/NAME/readme.md
    • ./scanner/NAME/docs/README.ArtifactHub.md
    • ./scanner/NAME/docs/README.DockerHub-Parser.md
    • Optional, only if a dedicated scanner image is defined:./scanner/NAME/docs/README.DockerHub-Scanner.md

Additional Context:

πŸ“š Document a security threat modell for the secureCodeBox Project

As a secureCodeBox user i want to know more about the security aspects of the secureCodeBox itself. Therfore i would like to find a documented threat modell of the project which lists all known threats and countermeasures.

Topics which could be interesting therefore:

  • security aspects of the underlying SCB architecture
  • data flow and data processing within the SCB Operator and all components (storage, scanner, hooks)
  • kubernetes security aspects like network security policies , pod security policies, security Context, ressource limits and namespace quota and their impact to the secureCodeBox
  • authentication and authorization of used service accounts and their impact in multi tenancy clusters
  • CICD security of the SCB Project (SDLC)

To give you an impression how such and threat modell can be documented here a good example from the OAUTH2 spec: https://tools.ietf.org/html/rfc6819

πŸ“š Add a dedicated β€œTesting” section and explain the project test strategy

As contributer i would like to to know how the test strategy of the project is implemented, how to use and extend it.

Acceptance Criteria

** further informations**

Reference to common patterns and best practice strategies like: https://martinfowler.com/articles/practical-test-pyramid.html

** topics to cover**

  • Unit Tests for core components like the operator (Go tests)
  • Unit Tests for secureCodeBox modules like sdk, hooks, scanner... (jest an pytest)
  • Integration Tests
  • Introduction and Guideline to the Test Concept (reference to fowler) - What do we use (unit, integration), what is important (speed) #259

Add OWASP Section to securecodebox.io

Add OWASP Logo and short description (see bewlow) to "About us" Section:

image

Content:
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Check docs for all scanners for correctness: Kubehunter

Part of the effort to sanity-check all documentation.

Scanner Sanity-Check:

  • Sanity Check if the existing documentation is understandable and useful for you as a (first time) user
  • Ensure the general chart/scanner description is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.chartAboutSection" -}}
  • Ensure the baseline scanner configuration is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.scannerConfigurationSection" -}}
  • Ensure there is at minimum one scan example with the following files:
    • Example Scan File: ./scanner/NAME/examples/EXAMPLE-NAME/scan.yaml
    • Example Scan Result File: ./scanner/NAME/examples/EXAMPLE-NAME/findings.yaml
  • Ensure the docs files are generated correct and are up to date (sometimes the automated helm-docs update via SCB-Bot failed to update the docs correctly)
    • ./scanner/NAME/readme.md
    • ./scanner/NAME/docs/README.ArtifactHub.md
    • ./scanner/NAME/docs/README.DockerHub-Parser.md
    • Optional, only if a dedicated scanner image is defined:./scanner/NAME/docs/README.DockerHub-Scanner.md

Additional Context:

Check docs for all scanners for correctness: ncrack

Part of the effort to sanity-check all documentation.

Scanner Sanity-Check:

  • Sanity Check if the existing documentation is understandable and useful for you as a (first time) user
  • Ensure the general chart/scanner description is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.chartAboutSection" -}}
  • Ensure the baseline scanner configuration is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.scannerConfigurationSection" -}}
  • Ensure there is at minimum one scan example with the following files:
    • Example Scan File: ./scanner/NAME/examples/EXAMPLE-NAME/scan.yaml
    • Example Scan Result File: ./scanner/NAME/examples/EXAMPLE-NAME/findings.yaml
  • Ensure the docs files are generated correct and are up to date (sometimes the automated helm-docs update via SCB-Bot failed to update the docs correctly)
    • ./scanner/NAME/readme.md
    • ./scanner/NAME/docs/README.ArtifactHub.md
    • ./scanner/NAME/docs/README.DockerHub-Parser.md
    • Optional, only if a dedicated scanner image is defined:./scanner/NAME/docs/README.DockerHub-Scanner.md

Additional Context:

Keeping docs complete and up-to-date

The documentation is in some place very out of date or incomplete. To give a few examples:

  • Incomplete:
  • Out-of-date #126 :

What are the guidelines concerning keeping the documentation up-to-date? How is decided what topics may be published as incomplete? How are newly implemented features required to update the docs too?

This issue is in no way a shame and blame post, but I'd just like to get some more insight into how this process is currently maintained.

Maybe it would be a good idea to make issues for the currently incorrect documentation so that contributors can pick them up more easily.

:books: Write a blog post about how the core development team works

To engage more community interaction, we want to start by writing a blog post about how our core development team works internally.
It should include:

  • Our general approach (Sprints, Agile)
  • Our tools and ways of communication
  • Our retro/review/planning session
  • Call for community engagement

πŸ’» Consider moving from Netlify back to GitHub Pages

In our last Retrospective we raised this issue. Some Background:

  • Netlify is great because it supports multi branch builds
  • Downside of Netlify: We have to pay lot of money to give more than one person access to the logfiles. That hinders fats development.
  • With GitHub OTOH we already have a legal agreement we need for GDPR.

Check docs for all scanners for correctness: Kubeaudit

Part of the effort to sanity-check all documentation.

Scanner Sanity-Check:

  • Sanity Check if the existing documentation is understandable and useful for you as a (first time) user
  • Ensure the general chart/scanner description is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.chartAboutSection" -}}
  • Ensure the baseline scanner configuration is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.scannerConfigurationSection" -}}
  • Ensure there is at minimum one scan example with the following files:
    • Example Scan File: ./scanner/NAME/examples/EXAMPLE-NAME/scan.yaml
    • Example Scan Result File: ./scanner/NAME/examples/EXAMPLE-NAME/findings.yaml
  • Ensure the docs files are generated correct and are up to date (sometimes the automated helm-docs update via SCB-Bot failed to update the docs correctly)
    • ./scanner/NAME/readme.md
    • ./scanner/NAME/docs/README.ArtifactHub.md
    • ./scanner/NAME/docs/README.DockerHub-Parser.md
    • Optional, only if a dedicated scanner image is defined:./scanner/NAME/docs/README.DockerHub-Scanner.md

Additional Context:

Broken Edit Links for Pages copied from the secureCodeBox repository

When you visit a page on the web site that is copied from the secureCodeBox/secureCodeBox repository and click "Edit this page" one gets a "Page not found" Error. An example can be any scanner

We should add a variable to the config with the url of the secureCodeBox/secureCodeBox repository and use it on all pages that are copied over so people can edit them.

Alerting of Failed Builds

At the moment there is no alerting when the documentation builds failed. Just this week we hadn't updated doc because some links were broken and the master buildfailed.

IMHO the build pipeline should send a notification.

Documentation Build Fails Due to Broken Links 

12:03:41 PM: [en] Creating an optimized production build...
12:03:41 PM: [Local Search] [INFO]: The documentation is not versioned (/opt/build/repo/versions.json does not exist).
12:03:42 PM: [info] [webpackbar] Compiling Client
12:03:42 PM: [info] [webpackbar] Compiling Server
12:04:47 PM: [success] [webpackbar] Client: Compiled successfully in 1.07m
12:04:58 PM: [success] [webpackbar] Server: Compiled successfully in 1.26m
12:05:11 PM: [Local Search] [INFO]: Gathering documents
12:05:11 PM: [Local Search] [INFO]: Parsing documents
12:05:22 PM: [Local Search] [INFO]: Building index
12:05:23 PM: [Local Search] [INFO]: Writing index to disk
12:05:23 PM: [Local Search] [INFO]: Index written to disk, success!
12:05:23 PM: Unable to build website for locale "en".
12:05:23 PM: Error: Docusaurus found broken links!
12:05:23 PM:
12:05:23 PM: Please check the pages of your site in the list below, and make sure you don't reference any path that does not exist.
Note: it's possible to ignore broken links with the 'onBrokenLinks' Docusaurus configuration, and let the build pass.
12:05:23 PM: Exhaustive list of all broken links found:
12:05:23 PM:
12:05:23 PM: - On source page path = /docs/architecture/adr/adr_0009:
12:05:23 PM:  -> linking to (https://docs.securecodebox.io/docs/scanners/gitleaks) (resolved as: /docs/architecture/adr/(https://docs.securecodebox.io/docs/scanners/gitleaks))
12:05:23 PM:  -> linking to (https://github.com/returntocorp/semgrep) (resolved as: /docs/architecture/adr/(https://github.com/returntocorp/semgrep))
12:05:23 PM:  -> linking to (https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) (resolved as: /docs/architecture/adr/(https://kubernetes.io/docs/concepts/workloads/pods/init-containers/))
12:05:23 PM:  -> linking to (https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-initialization/#create-a-pod-that-has-an-init-container) (resolved as: /docs/architecture/adr/(https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-initialization/)
12:05:23 PM:
12:05:23 PM:  at Object.reportMessage (/opt/build/repo/node_modules/@docusaurus/utils/lib/index.js:357:19)
12:05:23 PM:  at Object.handleBrokenLinks (/opt/build/repo/node_modules/@docusaurus/core/lib/server/brokenLinks.js:142:17)
12:05:23 PM:  at async buildLocale (/opt/build/repo/node_modules/@docusaurus/core/lib/commands/build.js:160:5)
12:05:23 PM:  at async tryToBuildLocale (/opt/build/repo/node_modules/@docusaurus/core/lib/commands/build.js:32:20)
12:05:23 PM:  at async Object.mapAsyncSequencial (/opt/build/repo/node_modules/@docusaurus/utils/lib/index.js:312:24)
12:05:23 PM:  at async build (/opt/build/repo/node_modules/@docusaurus/core/lib/commands/build.js:68:25)
12:05:24 PM: npm ERR! code ELIFECYCLE
12:05:24 PM: npm ERR! errno 1
12:05:24 PM: npm ERR! [email protected] build: `docusaurus build`
12:05:24 PM: npm ERR! Exit status 1
12:05:24 PM: npm ERR!
12:05:24 PM: npm ERR! Failed at the [email protected] build script.
12:05:24 PM: npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
12:05:24 PM: npm ERR! A complete log of this run can be found in:
12:05:24 PM: npm ERR! /opt/buildhome/.npm/_logs/2021-10-18T10_05_24_086Z-debug.log
12:05:24 PM: 
12:05:24 PM: ────────────────────────────────────────────────────────────────
12:05:24 PM:  "build.command" failed 
12:05:24 PM: ────────────────────────────────────────────────────────────────
12:05:24 PM: 
12:05:24 PM: Error message
12:05:24 PM: Command failed with exit code 1: npm install; npm run build;
12:05:24 PM: 
12:05:24 PM: Error location
12:05:24 PM: In Build command from Netlify app:
12:05:24 PM: npm install; npm run build;

Check docs for all scanners for correctness: SSH

Part of the effort to sanity-check all documentation.

Scanner Sanity-Check:

  • Sanity Check if the existing documentation is understandable and useful for you as a (first time) user
  • Ensure the general chart/scanner description is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.chartAboutSection" -}}
  • Ensure the baseline scanner configuration is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.scannerConfigurationSection" -}}
  • Ensure there is at minimum one scan example with the following files:
    • Example Scan File: ./scanner/NAME/examples/EXAMPLE-NAME/scan.yaml
    • Example Scan Result File: ./scanner/NAME/examples/EXAMPLE-NAME/findings.yaml
  • Ensure the docs files are generated correct and are up to date (sometimes the automated helm-docs update via SCB-Bot failed to update the docs correctly)
    • ./scanner/NAME/readme.md
    • ./scanner/NAME/docs/README.ArtifactHub.md
    • ./scanner/NAME/docs/README.DockerHub-Parser.md
    • Optional, only if a dedicated scanner image is defined:./scanner/NAME/docs/README.DockerHub-Scanner.md

Additional Context:

Check docs for all scanners for correctness: screenshooter

Part of the effort to sanity-check all documentation.

Scanner Sanity-Check:

  • Sanity Check if the existing documentation is understandable and useful for you as a (first time) user
  • Ensure the general chart/scanner description is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.chartAboutSection" -}}
  • Ensure the baseline scanner configuration is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.scannerConfigurationSection" -}}
  • Ensure there is at minimum one scan example with the following files:
    • Example Scan File: ./scanner/NAME/examples/EXAMPLE-NAME/scan.yaml
    • Example Scan Result File: ./scanner/NAME/examples/EXAMPLE-NAME/findings.yaml
  • Ensure the docs files are generated correct and are up to date (sometimes the automated helm-docs update via SCB-Bot failed to update the docs correctly)
    • ./scanner/NAME/readme.md
    • ./scanner/NAME/docs/README.ArtifactHub.md
    • ./scanner/NAME/docs/README.DockerHub-Parser.md
    • Optional, only if a dedicated scanner image is defined:./scanner/NAME/docs/README.DockerHub-Scanner.md

Additional Context:

Autogenerate the Sidebar

At the moment we have a static sidebar and there we add the scanner and hooks documentation via build script. But this concept is not sufficient any more for the use case to add the ADRs and other docs from the main repository.

πŸ“£ Write Blog Post why version 2

To introduce users to the changes made to the secureCodeBox in version 2, a blog post should be written to introduce and explain the motivation behind the changes.

Check docs for all scanners for correctness: Nikto

Part of the effort to sanity-check all documentation.

Scanner Sanity-Check:

  • Sanity Check if the existing documentation is understandable and useful for you as a (first time) user
  • Ensure the general chart/scanner description is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.chartAboutSection" -}}
  • Ensure the baseline scanner configuration is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.scannerConfigurationSection" -}}
  • Ensure there is at minimum one scan example with the following files:
    • Example Scan File: ./scanner/NAME/examples/EXAMPLE-NAME/scan.yaml
    • Example Scan Result File: ./scanner/NAME/examples/EXAMPLE-NAME/findings.yaml
  • Ensure the docs files are generated correct and are up to date (sometimes the automated helm-docs update via SCB-Bot failed to update the docs correctly)
    • ./scanner/NAME/readme.md
    • ./scanner/NAME/docs/README.ArtifactHub.md
    • ./scanner/NAME/docs/README.DockerHub-Parser.md
    • Optional, only if a dedicated scanner image is defined:./scanner/NAME/docs/README.DockerHub-Scanner.md

Additional Context:

Check docs for all scanners for correctness: SSLyze

Part of the effort to sanity-check all documentation.

Scanner Sanity-Check:

  • Sanity Check if the existing documentation is understandable and useful for you as a (first time) user
  • Ensure the general chart/scanner description is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.chartAboutSection" -}}
  • Ensure the baseline scanner configuration is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.scannerConfigurationSection" -}}
  • Ensure there is at minimum one scan example with the following files:
    • Example Scan File: ./scanner/NAME/examples/EXAMPLE-NAME/scan.yaml
    • Example Scan Result File: ./scanner/NAME/examples/EXAMPLE-NAME/findings.yaml
  • Ensure the docs files are generated correct and are up to date (sometimes the automated helm-docs update via SCB-Bot failed to update the docs correctly)
    • ./scanner/NAME/readme.md
    • ./scanner/NAME/docs/README.ArtifactHub.md
    • ./scanner/NAME/docs/README.DockerHub-Parser.md
    • Optional, only if a dedicated scanner image is defined:./scanner/NAME/docs/README.DockerHub-Scanner.md

Additional Context:

Check docs for all scanners for correctness: nmap

Part of the effort to sanity-check all documentation.

Scanner Sanity-Check:

  • Sanity Check if the existing documentation is understandable and useful for you as a (first time) user
  • Ensure the general chart/scanner description is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.chartAboutSection" -}}
  • Ensure the baseline scanner configuration is up to date and consistent to other scanners
    • ./scanner/NAME/.helm-docs.gotmpl -> {{- define "extra.scannerConfigurationSection" -}}
  • Ensure there is at minimum one scan example with the following files:
    • Example Scan File: ./scanner/NAME/examples/EXAMPLE-NAME/scan.yaml
    • Example Scan Result File: ./scanner/NAME/examples/EXAMPLE-NAME/findings.yaml
  • Ensure the docs files are generated correct and are up to date (sometimes the automated helm-docs update via SCB-Bot failed to update the docs correctly)
    • ./scanner/NAME/readme.md
    • ./scanner/NAME/docs/README.ArtifactHub.md
    • ./scanner/NAME/docs/README.DockerHub-Parser.md
    • Optional, only if a dedicated scanner image is defined:./scanner/NAME/docs/README.DockerHub-Scanner.md

Additional Context:

Add a Getting started User Guide

As a new user i would like to find a β€œgetting started” guide within the documentation which introduces me to the general SCBv2 Concepts and explains

  • how to install the SCBv2
  • start a simple security scan

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.