Merge branch 'main' into join-slack

.github/PULL_REQUEST_TEMPLATE.md

@@ -17,7 +17,7 @@ change, which may lead to your PR taking much longer to review, or result in it
 
 ## Checklist
 
-- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md)
+- [ ] I have read the [contributing guidelines](https://github.com/openclarity/vmclarity/blob/main/CONTRIBUTING.md)
 - [ ] Existing issues have been referenced (where applicable)
 - [ ] I have verified this change is not present in other open pull requests
 - [ ] Functionality is documented

.golangci.yml

@@ -1,5 +1,5 @@
 run:
-  timeout: 15m
+  timeout: 20m
 
 linters-settings:
   golint:
@@ -35,8 +35,6 @@ linters-settings:
 linters:
   enable-all: true
   disable:
-    - dupword
-    - wastedassign
     - musttag
     - revive
     - maligned

CONTRIBUTING.md

@@ -7,7 +7,7 @@ addressing your issue, assessing changes, and helping you finalize your pull req
 we endeavor to review incoming issues and pull requests within 10 days, and will close any lingering issues or pull
 requests after 60 days of inactivity.
 
-Please note that all of your interactions in the project are subject to our [Code of Conduct](/CODE_OF_CONDUCT.md). This
+Please note that all of your interactions in the project are subject to our [Code of Conduct](CODE_OF_CONDUCT.md). This
 includes creation of issues or pull requests, commenting on issues or pull requests, and extends to all interactions in
 any real-time space e.g., Slack, Discord, etc.
 
@@ -27,7 +27,7 @@ any real-time space e.g., Slack, Discord, etc.
 
 ## Troubleshooting and Debugging
 
-Please see the troubleshooting and debugging guide [here](/docs/troubleshooting.md).
+Please see the troubleshooting and debugging guide [here](docs/troubleshooting.md).
 
 ## Reporting Issues
 
@@ -38,7 +38,7 @@ When creating a new issue, please be sure to include a **title and clear descrip
 possible, and, if possible, a test case.
 
 **If you discover a security bug, please do not report it through GitHub. Instead, please see security procedures in
-[SECURITY.md](/SECURITY.md).**
+[SECURITY.md](SECURITY.md).**
 
 ## Development
 
@@ -98,7 +98,7 @@ api` to regenerate the model, client and server code.
 ### Testing End to End
 
 For details on how to test VMClarity end to end please see the End to End
-testing guide [here](/docs/test_e2e.md).
+testing guide [here](docs/test_e2e.md).
 
 ## Sending Pull Requests
 

Dockerfile.ui

@@ -7,6 +7,6 @@ COPY ui .
 RUN npm i
 RUN npm run build
 
-FROM nginx:1.25.1
+FROM nginx:1.25.2
 
 COPY --from=site-build ["/app/ui-build/build", "/usr/share/nginx/html"]

README.md

@@ -82,7 +82,7 @@ For a detailed installation guide, please see [AWS](installation/aws/README.md).
     ```
 
 2. Access VMClarity UI in the browser: http://localhost:8080/
-3. Access the [API](/api/openapi.yaml) via http://localhost:8080/api
+3. Access the [API](api/openapi.yaml) via http://localhost:8080/api
 
 For a detailed UI tour, please see [tour](TOUR.md).
 
@@ -129,13 +129,13 @@ VMClarity project roadmap is available [here](https://github.com/orgs/openclarit
 # Contributing
 
 If you are ready to jump in and test, add code, or help with documentation,
-please follow the instructions on our [contributing guide](/CONTRIBUTING.md)
+please follow the instructions on our [contributing guide](CONTRIBUTING.md)
 for details on how to open issues, setup VMClarity for development and test.
 
 # Code of Conduct
 
-You can view our code of conduct [here](/CODE_OF_CONDUCT.md).
+You can view our code of conduct [here](CODE_OF_CONDUCT.md).
 
 # License
 
-[Apache License, Version 2.0](/LICENSE)
+[Apache License, Version 2.0](LICENSE)

docs/command_line.md

@@ -10,12 +10,12 @@ If we want to report results to the VMClarity backend, we need to create asset a
 ## Reporting results to VMClarity backend:
 
 ```
-ASSET_ID=$(./cli/bin/vmclarity-cli asset-create --file assets/dir-asset.json --server http://localhost:8888/api) --jsonpath {.id}
-ASSET_SCAN_ID=$(./cli/bin/vmclarity-cli asset-scan-create --asset-id $ASSET_ID --server http://localhost:8888/api) --jsonpath {.id}
-./cli/bin/vmclarity-cli scan --config ~/testConf.yaml --server http://localhost:8888/api --asset-scan-id $ASSET_SCAN_ID
+ASSET_ID=$(./cli/bin/vmclarity-cli asset-create --file assets/dir-asset.json --server http://localhost:8080/api) --jsonpath {.id}
+ASSET_SCAN_ID=$(./cli/bin/vmclarity-cli asset-scan-create --asset-id $ASSET_ID --server http://localhost:8080/api) --jsonpath {.id}
+./cli/bin/vmclarity-cli scan --config ~/testConf.yaml --server http://localhost:8080/api --asset-scan-id $ASSET_SCAN_ID
 ```
 
 Using one-liner:
 ```
-./cli/bin/vmclarity-cli asset-create --file docs/assets/dir-asset.json --server http://localhost:8888/api --update-if-exists --jsonpath {.id} | xargs -I{} ./cli/bin/vmclarity-cli asset-scan-create --asset-id {} --server http://localhost:8888/api --jsonpath {.id} | xargs -I{} ./cli/bin/vmclarity-cli scan --config ~/testConf.yaml --server http://localhost:8888/api --asset-scan-id {}
+./cli/bin/vmclarity-cli asset-create --file docs/assets/dir-asset.json --server http://localhost:8080/api --update-if-exists --jsonpath {.id} | xargs -I{} ./cli/bin/vmclarity-cli asset-scan-create --asset-id {} --server http://localhost:8080/api --jsonpath {.id} | xargs -I{} ./cli/bin/vmclarity-cli scan --config ~/testConf.yaml --server http://localhost:8080/api --asset-scan-id {}
 ```

docs/scanConfig.json

@@ -1,19 +1,23 @@
 {
-        "name": "test",
-        "scanFamiliesConfig": {
-           "sbom": {
-             "enabled": true
-           },
-           "vulnerabilities": {
-             "enabled": true
-           },
-           "exploits": {
-             "enabled": true
-           }
+  "name": "test",
+  "scanTemplate": {
+    "scope": "contains(assetInfo.tags, '{\"key\":\"scanconfig\",\"value\":\"test\"}')",
+    "assetScanTemplate": {
+      "scanFamiliesConfig": {
+        "sbom": {
+          "enabled": true
         },
-        "scheduled": {
-           "cronLine": "0 */4 * * *",
-           "operationTime": "2023-01-20T15:46:18+00:00"
+        "vulnerabilities": {
+          "enabled": true
         },
-        "scope": ""
+        "exploits": {
+          "enabled": true
+        }
+      }
+    }
+  },
+  "scheduled": {
+    "cronLine": "0 */4 * * *",
+    "operationTime": "2023-01-20T15:46:18+00:00"
+  }
 }

docs/test_e2e.md

@@ -39,7 +39,7 @@ DOCKER_REGISTRY=<your docker registry> make push-docker
 
 ## Performing an end to end test
 
-1. Copy the example [scanConfig.json](/docs/scanConfig.json) into the ubuntu user's home directory
+1. Copy the example [scanConfig.json](scanConfig.json) into the ubuntu user's home directory
 
    ```
    scp scanConfig.json ubuntu@<ip address>:~/scanConfig.json
@@ -91,7 +91,7 @@ DOCKER_REGISTRY=<your docker registry> make push-docker
 3. While ssh'd into the VMClarity server run
 
    ```
-   curl -X POST http://localhost:8888/api/scanConfigs -H 'Content-Type: application/json' -d @scanConfig.json
+   curl -X POST http://localhost:8080/api/scanConfigs -H 'Content-Type: application/json' -d @scanConfig.json
    ```
 
 4. Check VMClarity logs to ensure that everything is performing as expected
@@ -105,7 +105,7 @@ DOCKER_REGISTRY=<your docker registry> make push-docker
    * Get scans:
 
      ```
-     curl -X GET http://localhost:8888/api/scans
+     curl -X GET http://localhost:8080/api/scans
      ```
 
      After the operationTime in the scan config created above there should be a new
@@ -121,5 +121,5 @@ DOCKER_REGISTRY=<your docker registry> make push-docker
    * Get asset scans:
 
      ```
-     curl -X GET http://localhost:8888/api/assetScans
+     curl -X GET http://localhost:8080/api/assetScans
      ```

docs/testplans/abort-scan.md

@@ -8,38 +8,42 @@ Create Scan Configuration file
 cat <<EOF > scanconfig.json
 {
   "name": "test",
-  "scanFamiliesConfig": {
-     "sbom": {
-       "enabled": true
-     },
-     "vulnerabilities": {
-       "enabled": true
-     },
-     "exploits": {
-       "enabled": true
-     }
+  "scanTemplate": {
+    "scope": "contains(assetInfo.tags, '{\"key\":\"scanconfig\",\"value\":\"test\"}')",
+    "assetScanTemplate": {
+      "scanFamiliesConfig": {
+        "sbom": {
+          "enabled": true
+        },
+        "vulnerabilities": {
+          "enabled": true
+        },
+        "exploits": {
+          "enabled": true
+        }
+      }
+    }
   },
   "scheduled": {
     "cronLine": "0 */4 * * *",
     "operationTime": "2023-01-20T15:46:18+00:00"
-  },
-  "scope": "contains(assetInfo.tags, '{\"key\":\"ScanConfig\",\"value\":\"test\"}')"
+  }
 }
 EOF
 ```
 
 Apply Scan Configuration to API
 
 ```shell
-curl -sSf -X POST 'http://localhost:8888/api/scanConfigs' -H 'Content-Type: application/json' \
+curl -sSf -X POST 'http://localhost:8080/api/scanConfigs' -H 'Content-Type: application/json' \
   -d @scanconfig.json \
 | jq -r -e '.id' > scanconfig.id
 ```
 
 Get Scan Configuration object from API
 
 ```shell
-curl -sSf -X GET 'http://localhost:8888/api/scanConfigs/'"$(cat scanconfig.id)"'' \
+curl -sSf -X GET 'http://localhost:8080/api/scanConfigs/'"$(cat scanconfig.id)"'' \
 | jq -r -e '.' > scanconfig.api.json
 ```
 
@@ -48,9 +52,9 @@ curl -sSf -X GET 'http://localhost:8888/api/scanConfigs/'"$(cat scanconfig.id)"'
 Start Scan using Scan Config
 
 ```shell
-jq -r -e '{maxParallelScanners, name, scanFamiliesConfig, scheduled, scope} | .scheduled.operationTime = (now|todate)' \
+jq -r -e '{maxParallelScanners, name, scanTemplate, scheduled} | .scheduled.operationTime = (now|todate)' \
   scanconfig.api.json \
-| curl -sSf -X PUT -H 'Content-Type: application/json' 'http://localhost:8888/api/scanConfigs/'"$(cat scanconfig.id)"'' \
+| curl -sSf -X PUT -H 'Content-Type: application/json' 'http://localhost:8080/api/scanConfigs/'"$(cat scanconfig.id)"'' \
   -d @-
 ```
 
@@ -59,7 +63,7 @@ jq -r -e '{maxParallelScanners, name, scanFamiliesConfig, scheduled, scope} | .s
 Get ongoing Scan from API using ScanConfig id
 
 ```shell
-curl -sSf -G 'http://localhost:8888/api/scans' \
+curl -sSf -G 'http://localhost:8080/api/scans' \
   --data-urlencode "\$filter=scanConfig/id eq '$(cat scanconfig.id)' and state ne 'Done' and state ne 'Failed'" \
 | jq -r -e '.items | first' > scan.api.json
 ```
@@ -77,7 +81,7 @@ EOF
 ```shell
 jq -r -e '.id' scan.api.json > scan.id \
 && curl -sSf -X PATCH -H 'Content-Type: application/json' \
-  "http://localhost:8888/api/scans/$(cat scan.id)" \
+  "http://localhost:8080/api/scans/$(cat scan.id)" \
   -d @scan-aborted.json \
 | jq -r -e '.' > scan-aborted.api.json
 ```