The ScanType Custom Resource Definition (CRD) is used to define to the secureCodeBox how a specific scanner can be executed in Kubernetes. The main part of the ScanType is the JobTemplate, which contains a Kubernetes Job definition which will be used to construct the scans Job.
extractResults field contains an object (fields of the object listed below) which describes what types of results this scanType produced and from where these should be extracted.
type field indicates the type of the file.
Usually a combination of the scanner name and file type. E.g.
The type is used to determine which parser would be used to handle this result file.
location field describes from where the result file can be extracted.
Absolute path on the containers file system.
Must be located in
/home/securecodebox/ so that the result is reachable by the secureCodeBox Lurcher sidecar which performs the actual extraction of the result.
Template of the kubernetes job to create when running the scan.
apiVersion: "execution.securecodebox.io/v1"kind: ScanTypemetadata: name: "zap-baseline"spec: extractResults: type: zap-json location: "/home/securecodebox/zap-results.json" jobTemplate: spec: ttlSecondsAfterFinished: 10 template: spec: restartPolicy: Never containers: - name: zap-baseline image: owasp/zap2docker-stable:2.9.0 command: - "zap-baseline.py" # Force Zap to always return a zero exit code. k8s would otherwise try to restart zap. - "-I" - "-J" # ZAP Baseline Script doesn't allow absolute paths... # Hacky workaround: specify a relative path to the `/zap/wrk` base dir. - "../../home/securecodebox/zap-results.json"