The Scan Custom Resource Definition (CRD) lets you define how a specific scan should be configured. The secureCodeBox Operator will then use this specification the execute the scan.
scanType references the name of a ScanType Custom Resource.
parameters is a string array of command line flags which are passed to the scanner.
These usually contain scanner specific configurations and target specification.
env lets you pass in custom environnement variables to the scan container.
This can be useful to pass in secret values like login credentials scanner require without having to define them in plain text.
Env has the same api as "env" property on Kubernetes Pods.
cascades let you start new scans based on the results of the current scan.
To use cascades you'll need to have the CombinedScan hook installed.
For an example on how they can be used see the Scanning Networks HowTo
apiVersion: "execution.securecodebox.io/v1"kind: Scanmetadata:name: "nmap-scanme.nmap.org"spec:scanType: "nmap"parameters:# Use nmap's service detection feature- "-sV"- scanme.nmap.orgenv:- name: TEST_ENVvalueFrom:secretKeyRef:key: secret-namename: zap-customer-credentials- name: GREETINGvalue: "Hello from the secureCodeBox :D"cascades:matchLabels:securecodebox.io/intensive: lightmatchExpression:key: "securecodebox.io/invasive"operator: Invalues: [non-invasive, invasive]