Version: Current

Scan

The Scan Custom Resource Definition (CRD) lets you define how a specific scan should be configured. The secureCodeBox Operator will then use this specification the execute the scan.

Specification (Spec)

ScanType (Required)

The scanType references the name of a ScanType Custom Resource.

Parameters (Required)

parameters is a string array of command line flags which are passed to the scanner.

These usually contain scanner specific configurations and target specification.

Env (Optional)

env lets you pass in custom environnement variables to the scan container. This can be useful to pass in secret values like login credentials scanner require without having to define them in plain text.

Env has the same api as "env" property on Kubernetes Pods.

See:

Cascades (Optional)

cascades let you start new scans based on the results of the current scan.

The cascades config in the scans spec contains Kubernetes Label Selectors which allow you to select which allow you to select which CascadingRule are allowed to be used by the cascading logic.

To use cascades you'll need to have the CombinedScan hook installed.

For an example on how they can be used see the Scanning Networks HowTo

Example

apiVersion: "execution.securecodebox.io/v1"
kind: Scan
metadata:
name: "nmap-scanme.nmap.org"
spec:
scanType: "nmap"
parameters:
# Use nmap's service detection feature
- "-sV"
- scanme.nmap.org
env:
- name: TEST_ENV
valueFrom:
secretKeyRef:
key: secret-name
name: zap-customer-credentials
- name: GREETING
value: "Hello from the secureCodeBox :D"
cascades:
matchLabels:
securecodebox.io/intensive: light
matchExpression:
key: "securecodebox.io/invasive"
operator: In
values: [non-invasive, invasive]