Skip to main content


ParseDefinitions are Custom Resource Definitions (CRD's) used to describe to the secureCodeBox how it can convert a raw finding report (e.g. XML report from nmap) into the generic secureCodeBox finding format.

ParseDefinitions are generally packaged together with a ScanType. A scanType will reference the name of a ParseDefinition via the extractResults.type field.

Specification (Spec)#

Image (Required)#

image is the reference to the parser container image which can transform the raw scan report into findings.

To see how to write parsers and package them into images, check out the documentation page on integrating new scanners.

ImagePullSecrets (Optional)#

imagePullSecrets can be used to integrate private parser images. This uses the kubernetes default imagePullSecrets structure.

TTLSecondsAfterFinished (Optional)#

ttlSecondsAfterFinished can be used to automatically delete the completed Kubernetes job used to run the parser. This sets the ttlSecondsAfterFinished field on the created job. This requires your cluster to have the TTLAfterFinished feature gate enabled in your cluster.


apiVersion: ParseDefinitionmetadata:  name: zap-jsonspec:  image:  imagePullSecrets:  - name: dockerhub-token  ttlSecondsAfterFinished: 60

The Parse definition is different when integrating a new scanner. We use specific conventions when adding new ParseDefinitions to the secureCodeBox repository. More information can be found on the templates folder documentation page for integrating new scanners