-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit f73828d
Showing
147 changed files
with
12,698 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
[run] | ||
omit = tests/*, app/alembic/*, **/exceptions.py | ||
|
||
[report] | ||
fail_under = 60 | ||
# Regexes for lines to exclude from consideration | ||
exclude_lines = | ||
# Have to re-enable the standard pragma | ||
pragma: no cover | ||
|
||
# Don't complain about missing debug-only code: | ||
def __repr__ | ||
if self\.debug | ||
|
||
# Don't complain if tests don't hit defensive assertion code: | ||
raise AssertionError | ||
raise NotImplementedError | ||
|
||
# Don't complain if non-runnable code isn't run: | ||
if 0: | ||
if __name__ == .__main__.: | ||
|
||
# Don't complain about abstract methods, they aren't run: | ||
@(abc\.)?abstractmethod | ||
|
||
ignore_errors = True |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
.idea | ||
.cache | ||
.coverage | ||
.dockerignore | ||
.git | ||
.gitattributes | ||
.gitignore | ||
.gitkeep | ||
.flake8 | ||
.isort.cfg | ||
.mypy_cache | ||
.pytest_cache | ||
.tox | ||
tox.ini | ||
mypy.ini | ||
tests | ||
distribution | ||
venv | ||
**/__pycache__ | ||
*.yml | ||
*.svg | ||
*.egg-info/ | ||
*.egg | ||
env/ | ||
pytest.ini | ||
README.rst | ||
README.md | ||
Dockerfile | ||
Zenvfile | ||
infrastructure | ||
data/ | ||
.env.override.example |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
UVICORN_RELOAD=1 | ||
|
||
CELERY_BROKER_URL=redis://redis:6379/0 | ||
CELERY_RESULT_BACKEND=redis://redis:6379/0 | ||
|
||
SECBOT_POSTGRES_DSN=postgresql+asyncpg://secbot:foobar@db:5432/secbot | ||
|
||
GITLAB_CONFIGS=[{"host":"https://git.env.local/","webhook_secret_token":"SecretStr","auth_token":"SecretStr","prefix":"GIT_LOCAL"}] | ||
|
||
DEFECTDOJO__URL=https://defectdojo.env.local | ||
DEFECTDOJO__TOKEN=defectdojo_token | ||
DEFECTDOJO__USER=defectdojo_username | ||
DEFECTDOJO__USER_ID=10 | ||
|
||
SLACK_TOKEN=token_here | ||
|
||
# Metrics settings | ||
SRE_METRIC_LABEL_TEAM=SECURITY | ||
SRE_METRIC_LABEL_SERVICE=security-bot | ||
TRACING_TAGS_HOST=security-bot.env.local | ||
TRACING_TAGS_CLUSTER=security-local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# The .env.override.example file streamlines environment-specific settings management during development. | ||
# | ||
# To use it: | ||
# 1. Rename the file to '.env.override' for recognition by the dev environment. | ||
# 2. Update environment variables with development-specific values in the file. | ||
# 3. Rebuild the Docker image and restart it, ensuring it reads from the updated .env.override. | ||
# | ||
# e.g. | ||
# DEBUG=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[flake8] | ||
max-line-length = 87 | ||
ignore = E203,W503,E501,W293 | ||
statistics = True | ||
exclude = | ||
.git, | ||
__pycache__, | ||
.cache/, | ||
.pytest_cache/, | ||
.mypy_cache/, | ||
.venv/, | ||
.run/, | ||
app/secbot/db/alembic | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
name: Publish Docker image | ||
|
||
on: | ||
release: | ||
types: [published] | ||
|
||
jobs: | ||
push_to_registries: | ||
name: Push Docker image | ||
runs-on: ubuntu-latest | ||
permissions: | ||
packages: write | ||
contents: read | ||
steps: | ||
- name: Check out the repo | ||
uses: actions/checkout@v3 | ||
|
||
- name: Log in to Docker Hub | ||
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a | ||
with: | ||
username: ${{ secrets.DOCKER_USERNAME }} | ||
password: ${{ secrets.DOCKER_PASSWORD }} | ||
|
||
- name: Log in to the Container registry | ||
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 | ||
with: | ||
images: | | ||
exness/security-bot | ||
ghcr.io/${{ github.repository }} | ||
- name: Build and push Docker images | ||
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 | ||
with: | ||
context: . | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,152 @@ | ||
# Byte-compiled / optimized / DLL files | ||
__pycache__/ | ||
*.py[cod] | ||
*$py.class | ||
|
||
# C extensions | ||
*.so | ||
|
||
# Distribution / packaging | ||
.Python | ||
build/ | ||
develop-eggs/ | ||
dist/ | ||
downloads/ | ||
eggs/ | ||
.eggs/ | ||
lib/ | ||
lib64/ | ||
parts/ | ||
sdist/ | ||
var/ | ||
wheels/ | ||
share/python-wheels/ | ||
*.egg-info/ | ||
.installed.cfg | ||
*.egg | ||
MANIFEST | ||
|
||
# PyInstaller | ||
# Usually these files are written by a python script from a template | ||
# before PyInstaller builds the exe, so as to inject date/other infos into it. | ||
*.manifest | ||
*.spec | ||
|
||
# Installer logs | ||
pip-log.txt | ||
pip-delete-this-directory.txt | ||
|
||
# Unit test / coverage reports | ||
htmlcov/ | ||
.tox/ | ||
.nox/ | ||
.coverage | ||
.coverage.* | ||
.cache | ||
nosetests.xml | ||
coverage.xml | ||
*.cover | ||
*.py,cover | ||
.hypothesis/ | ||
.pytest_cache/ | ||
cover/ | ||
|
||
# Translations | ||
*.mo | ||
*.pot | ||
|
||
# Django stuff: | ||
*.log | ||
local_settings.py | ||
db.sqlite3 | ||
db.sqlite3-journal | ||
|
||
# Flask stuff: | ||
instance/ | ||
.webassets-cache | ||
|
||
# Scrapy stuff: | ||
.scrapy | ||
|
||
# Sphinx documentation | ||
docs/_build/ | ||
|
||
# PyBuilder | ||
.pybuilder/ | ||
target/ | ||
|
||
# Jupyter Notebook | ||
.ipynb_checkpoints | ||
|
||
# IPython | ||
profile_default/ | ||
ipython_config.py | ||
|
||
# pyenv | ||
# For a library or package, you might want to ignore these files since the code is | ||
# intended to run in multiple environments; otherwise, check them in: | ||
# .python-version | ||
|
||
# pipenv | ||
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. | ||
# However, in case of collaboration, if having platform-specific dependencies or dependencies | ||
# having no cross-platform support, pipenv may install dependencies that don't work, or not | ||
# install all needed dependencies. | ||
#Pipfile.lock | ||
|
||
# poetry | ||
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. | ||
# This is especially recommended for binary packages to ensure reproducibility, and is more | ||
# commonly ignored for libraries. | ||
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control | ||
#poetry.lock | ||
|
||
# PEP 582; used by e.g. github.com/David-OConnor/pyflow | ||
__pypackages__/ | ||
|
||
# Celery stuff | ||
celerybeat-schedule | ||
celerybeat.pid | ||
|
||
# SageMath parsed files | ||
*.sage.py | ||
|
||
# Environments | ||
.env | ||
.venv | ||
env/ | ||
venv/ | ||
ENV/ | ||
env.bak/ | ||
venv.bak/ | ||
|
||
# Personal override env | ||
.env.override | ||
|
||
# Spyder project settings | ||
.spyderproject | ||
.spyproject | ||
|
||
# Rope project settings | ||
.ropeproject | ||
|
||
# mkdocs documentation | ||
/site | ||
|
||
# mypy | ||
.mypy_cache/ | ||
.dmypy.json | ||
dmypy.json | ||
|
||
# Pyre type checker | ||
.pyre/ | ||
|
||
# pytype static type analyzer | ||
.pytype/ | ||
|
||
# Cython debug symbols | ||
cython_debug/ | ||
|
||
# PyCharm | ||
.idea/ | ||
.DS_Store |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
version: 2 | ||
|
||
build: | ||
os: "ubuntu-20.04" | ||
tools: | ||
python: "3.9" | ||
jobs: | ||
post_create_environment: | ||
- pip install --upgrade pip | ||
- pip install poetry | ||
- poetry config virtualenvs.create false | ||
post_install: | ||
- poetry install --no-root | ||
|
||
formats: | ||
- epub | ||
|
||
sphinx: | ||
configuration: docs/conf.py | ||
fail_on_warning: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# Special thanks | ||
|
||
- [Exness](https://github.com/exness) | ||
- [Vulners](https://github.com/vulnerscom) | ||
|
||
# Contributors | ||
|
||
- [Valerio Rico](https://github.com/V-Rico) - MVP and maintenance | ||
- [Ivan Zhirov](https://github.com/izhirov) - further development and maintenance | ||
- [Maxim Sokolov](https://github.com/mcson-the-writer) - documentation |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
FROM python:3.9-slim | ||
|
||
ARG USER_NAME="exness" | ||
ARG USER_HOME="/${USER_NAME}" | ||
ARG APP_HOME="/opt" | ||
|
||
COPY poetry.lock pyproject.toml / | ||
|
||
### Add required binaries ### | ||
RUN apt-get update && \ | ||
apt-get install -y git curl && \ | ||
apt-get clean && \ | ||
rm -rf /var/cache/* | ||
|
||
RUN apt-get update && \ | ||
apt-get install -qy --no-install-recommends build-essential make && \ | ||
pip install --no-cache-dir --upgrade pip poetry>=1.0.0 && \ | ||
poetry config virtualenvs.create false && \ | ||
poetry install --no-interaction --no-dev && \ | ||
apt-get remove -qy --purge build-essential && \ | ||
apt-get autoremove --purge -qy && \ | ||
apt-get clean && \ | ||
rm -rf /var/cache/* /poetry.lock /pyproject.toml | ||
|
||
### Add worker tools ### | ||
|
||
# Install gitleaks | ||
COPY --from=zricethezav/gitleaks:v8.17.0 /usr/bin/gitleaks /usr/local/bin/gitleaks | ||
|
||
### Create service user ### | ||
RUN groupadd -g 10001 ${USER_NAME} && useradd -g 10001 -u 10001 -s "/usr/sbin/nologin" -md ${USER_HOME} ${USER_NAME} | ||
|
||
### Add application source code ### | ||
COPY docker-entrypoint.sh /usr/local/bin | ||
COPY --chown=10001:10001 app/ ${APP_HOME}/app | ||
|
||
ENV PYTHONPATH="${APP_HOME}" | ||
|
||
USER ${USER_NAME} | ||
EXPOSE 5000 5001 | ||
WORKDIR ${APP_HOME} | ||
ENTRYPOINT ["docker-entrypoint.sh"] | ||
CMD ["help"] |
Oops, something went wrong.