Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: uds security hub integration #662

Merged
merged 10 commits into from
Jun 6, 2024
Merged

feat: uds security hub integration #662

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
d987e4e
--wip-- [skip ci]
naveensrinivasan Jun 4, 2024
2c986f1
scan command - included scan command
naveensrinivasan Jun 5, 2024
c28c444
Updated README with scan command
naveensrinivasan Jun 5, 2024
93ecbb9
Updated README based on code comments.
naveensrinivasan Jun 5, 2024
97ee323
Fixed the library function which was incorrectly validating optional
naveensrinivasan Jun 5, 2024
b008ff2
Removed new lines
naveensrinivasan Jun 5, 2024
81785eb
Included e2e test for cmd
naveensrinivasan Jun 5, 2024
482d118
Included e2e
naveensrinivasan Jun 5, 2024
66d50c8
Reported the error not as log file
naveensrinivasan Jun 6, 2024
d70650e
Fixed the command line parsing
naveensrinivasan Jun 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
1. [Bundle Anatomy](docs/anatomy.md)
1. [Runner](docs/runner.md)
1. [Dev Mode](#dev-mode)
1. [Scan](#scan)

## Install
Recommended installation method is with Brew:
Expand Down Expand Up @@ -302,3 +303,35 @@ The `dev deploy` command performs the following operations
- Ignores any `kind: ZarfInitConfig` packages in the bundle
- Creates a bundle from the newly created Zarf packages
- Deploys the bundle in [YOLO](https://docs.zarf.dev/faq/#what-is-yolo-mode-and-why-would-i-use-it) mode, eliminating the need to do a `zarf init`

## Scan

> [!NOTE]
> Scan is an ALPHA feature.
> Trivy is a prerequisite for scanning container images and filesystem for vulnerabilities. You can find more information and installation instructions at [Trivy's official documentation](https://aquasecurity.github.io/trivy).


The `scan` command is used to scan a Zarf package for vulnerabilities and generate a report. This command is currently in ALPHA.
UncleGedd marked this conversation as resolved.
Show resolved Hide resolved

### Usage

To use the `scan` command, run:

```sh
uds scan --org <organization> --package-name <package-name> --tag <tag> [options]
```

### Required Parameters
- `--org` or `-o`: Organization name (default: `defenseunicorns`)
- `--package-name` or `-n`: Name of the package (e.g., `packages/uds/gitlab-runner`)
- `--tag` or `-g`: Tag name (e.g., `16.10.0-uds.0-upstream`)
- `--output-file` or `-f`: Output file for CSV results

### Optional Parameters
- `--docker-username` or `-u`: Docker username for registry access, accepts CSV values
- `--docker-password` or `-p`: Docker password for registry access, accepts CSV values

### Example Usage
```sh
uds scan -o defenseunicorns -n packages/uds/gitlab-runner -g 16.10.0-uds.0-upstream -u docker-username -p docker-password -f gitlab-runner.csv
```
38 changes: 23 additions & 15 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/defenseunicorns/uds-cli

go 1.22.0
go 1.22.1

toolchain go1.22.3

Expand All @@ -11,6 +11,7 @@ require (
github.com/defenseunicorns/pkg/exec v0.0.1
github.com/defenseunicorns/pkg/helpers/v2 v2.0.1
github.com/defenseunicorns/pkg/oci v0.0.2
github.com/defenseunicorns/uds-security-hub v0.0.6
github.com/defenseunicorns/zarf v0.34.0
github.com/fsnotify/fsnotify v1.7.0
github.com/goccy/go-yaml v1.11.3
Expand Down Expand Up @@ -165,7 +166,7 @@ require (
github.com/containerd/continuity v0.4.2 // indirect
github.com/containerd/fifo v1.1.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
github.com/containerd/ttrpc v1.2.2 // indirect
github.com/containerd/typeurl/v2 v2.1.1 // indirect
github.com/coreos/go-oidc/v3 v3.9.0 // indirect
Expand All @@ -177,17 +178,17 @@ require (
github.com/defenseunicorns/pkg/helpers v1.1.1 // indirect
github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da // indirect
github.com/derailed/k9s v0.31.7 // indirect
github.com/derailed/popeye v0.11.2 // indirect
github.com/derailed/popeye v0.11.3 // indirect
github.com/derailed/tcell/v2 v2.3.1-rc.3 // indirect
github.com/derailed/tview v0.8.3 // indirect
github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/distribution/reference v0.5.0 // indirect
github.com/docker/cli v26.0.0+incompatible // indirect
github.com/docker/cli v26.1.4+incompatible // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
github.com/docker/docker v24.0.9+incompatible // indirect
github.com/docker/docker-credential-helpers v0.8.0 // indirect
github.com/docker/docker v26.1.4+incompatible // indirect
github.com/docker/docker-credential-helpers v0.8.2 // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-metrics v0.0.1 // indirect
Expand Down Expand Up @@ -254,7 +255,7 @@ require (
github.com/google/certificate-transparency-go v1.1.7 // indirect
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/go-containerregistry v0.19.0 // indirect
github.com/google/go-containerregistry v0.19.1 // indirect
github.com/google/go-github/v55 v55.0.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
Expand Down Expand Up @@ -384,23 +385,23 @@ require (
github.com/pkg/errors v0.9.1 // indirect
github.com/pkg/profile v1.7.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/prometheus/client_golang v1.18.0 // indirect
github.com/prometheus/client_golang v1.19.1 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.45.0 // indirect
github.com/prometheus/common v0.48.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf // indirect
github.com/rakyll/hey v0.1.4 // indirect
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/rs/zerolog v1.31.0 // indirect
github.com/rs/zerolog v1.32.0 // indirect
github.com/rubenv/sql-migrate v1.5.2 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect
github.com/saferwall/pe v1.4.8 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/sahilm/fuzzy v0.1.1-0.20230530133925-c48e322e2a8f // indirect
github.com/sahilm/fuzzy v0.1.1 // indirect
github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
github.com/sassoftware/go-rpmutils v0.2.0 // indirect
github.com/sassoftware/relic v7.2.1+incompatible // indirect
Expand Down Expand Up @@ -472,12 +473,12 @@ require (
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
go.step.sm/crypto v0.42.1 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.26.0 // indirect
go.uber.org/zap v1.27.0 // indirect
go4.org v0.0.0-20200411211856-f5505b9728dd // indirect
golang.org/x/crypto v0.23.0 // indirect
golang.org/x/net v0.25.0 // indirect
golang.org/x/oauth2 v0.20.0 // indirect
golang.org/x/sys v0.20.0 // indirect
golang.org/x/oauth2 v0.21.0 // indirect
golang.org/x/sys v0.21.0 // indirect
golang.org/x/term v0.20.0 // indirect
golang.org/x/text v0.15.0 // indirect
golang.org/x/time v0.5.0 // indirect
Expand All @@ -497,7 +498,7 @@ require (
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
gorm.io/gorm v1.25.5 // indirect
gorm.io/gorm v1.25.10 // indirect
k8s.io/api v0.30.0 // indirect
k8s.io/apiextensions-apiserver v0.30.0 // indirect
k8s.io/apimachinery v0.30.0 // indirect
Expand Down Expand Up @@ -525,3 +526,10 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)

replace github.com/prometheus/common => github.com/prometheus/common v0.45.0

replace github.com/docker/docker => github.com/docker/docker v24.0.9+incompatible

// remove when Zarf updates k9s versions to v0.32.4
replace github.com/derailed/k9s => github.com/derailed/k9s v0.32.4
Loading
Loading