The Scan Custom Resource Definition (CRD) lets you define how a specific scan should be configured. The secureCodeBox Operator will then use this specification to execute the scan.
scanType references the name of a ScanType Custom Resource.
parameters is a string array of command line flags which are passed to the scanner.
These usually contain scanner specific configurations and target specification.
env lets you pass in custom environment variables to the scan container.
This can be useful to pass in secret values like login credentials scanner require without having to define them in plain text.
Env has the same api as "env" property on Kubernetes Pods.
cascades let you start new scans based on the results of the current scan.
Furthermore, in the cascade config you can specify whether cascading scan should inherit the parent's labels (
inheritLabels) and annotations (
inheritAnnotations). If not specified, the options will be considered as
To use cascades you'll need to have the CombinedScan hook installed.
For an example on how they can be used see the Scanning Networks HowTo
Metadata is a standard field on Kubernetes resources. It contains multiple relevant fields, e.g. the name of the resource, its namespace and a
creationTimestamp of the resource. See more on the [Kubernetes Docs]https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) and the Kubernetes API Reference)
Defines the observed state of a Scan. This will be filled by Kubernetes. It contains (see: Go Type ScanStatus)
State: State of the scan (See: secureCodeBox | ScanControler)
FinishedAt: Time when scan, parsers and hooks for this scan are marked as 'Done'
ErrorDescription: Description of an Error (if there is one)
RawResultType: Determines which kind of ParseDefinition will be used to turn the raw results of the scanner into findings
RawResultFile: Filename of the result file of the scanner. e.g.
FindingDownloadLink: Link to download the finding json file from. Valid for 7 days
RawResultDownloadLink: RawResultDownloadLink link to download the raw result file from. Valid for 7 days
Findings: FindingStats (See Go Type FindingStats)
ReadAndWriteHookStatus: Status of the Read and Write Hooks
apiVersion: "execution.securecodebox.io/v1"kind: Scanstatus: # Set during runtime. Do not edit via values.yaml etc. metadata: name: "nmap-scanme.nmap.org"spec: scanType: "nmap" parameters: # Use nmap's service detection feature - "-sV" - scanme.nmap.org env: - name: TEST_ENV valueFrom: secretKeyRef: key: secret-name name: zap-customer-credentials - name: GREETING value: "Hello from the secureCodeBox :D" cascades: inheritLabels: false inheritAnnotations: true matchLabels: securecodebox.io/intensive: light matchExpression: key: "securecodebox.io/invasive" operator: In values: [non-invasive, invasive]