Skip to main content

ScanType

The ScanType Custom Resource Definition (CRD) is used to define to the secureCodeBox how a specific scanner can be executed in Kubernetes. The main part of the ScanType is the JobTemplate, which contains a Kubernetes Job definition that will be used to construct the scans Job.

Specification (Spec)

ExtractResults (Required)

The extractResults field contains an object (fields of the object listed below) which describes what types of results this scanType produced and from where these should be extracted.

ExtractResults.Type (Required)

The type field indicates the type of the file. Usually a combination of the scanner name and file type. E.g. nmap-xml

The type is used to determine which parser would be used to handle this result file.

ExtractResults.Location (Required)

The location field describes from where the result file can be extracted. The absolute path on the containers file system.

Must be located in /home/securecodebox/ so that the result is reachable by the secureCodeBox Lurker sidecar which performs the actual extraction of the result. E.g. /home/securecodebox/nmap-results.xml

JobTemplate (Required)

Template of the Kubernetes job to create when running the scan.

For info about the JobTemplate generic parameters, see here: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#job-v1-batch When specified, as with the ttlSecondsAfterFinished parameter, the values from values.yaml will be used in the JobTemplate.

Example

apiVersion: "execution.securecodebox.io/v1"
kind: ScanType
metadata:
name: "typo3scan"
spec:
extractResults:
type: typo3scan-json
location: "/home/securecodebox/typo3scan.json"
jobTemplate:
spec:
{{- if .Values.scanner.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ .Values.scanner.ttlSecondsAfterFinished }}
{{- end }}
backoffLimit: {{ .Values.scanner.backoffLimit }}
template:
spec:
restartPolicy: Never
containers:
- name: typo3scan
image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.AppVersion }}"
command:
- "python3"
- "/home/typo3scan/typo3scan.py"
# Remove any user-interation
- "--no-interaction"
# Output in json format
- "--json"
resources:
{{- toYaml .Values.scanner.resources | nindent 16 }}
securityContext:
{{- toYaml .Values.scanner.securityContext | nindent 16 }}
env:
{{- toYaml .Values.scanner.env | nindent 16 }}
volumeMounts:
{{- toYaml .Values.scanner.extraVolumeMounts | nindent 16 }}
{{- if .Values.scanner.extraContainers }}
{{- toYaml .Values.scanner.extraContainers | nindent 12 }}
{{- end }}
volumes:
{{- toYaml .Values.scanner.extraVolumes | nindent 12 }}