Skip to content

Commit

Permalink
chore: DOC-1325 security bulletin component (#3639) (#4813)
Browse files Browse the repository at this point in the history
* chore: security bulletin

* chore: fix gitignore

* docs: DOC-1356

* docs: add cve cards

* docs: progress on component

* docs: progress

* docs: working prototype

* docs: protype

* docs: default sort order

* chore: WIP

* chore: placeholder

* chore: fixed route duplicates

* chore: fixed path

* chore: adde routing

* chore: improve log output

* chore: cleaned up global variable

* chore: fixed plugin name

* chore: fix date to pull data using west coast

* chore: update plugin

* chore: save

* chore: added logic for generating markdown files

* docs: add more fields to the markdown template

* chore: refactored plugin to node script

* chore: added types

* chore: prettier ignore

* save

* docs: fixes

* chore: fix table

* chore: added sorting for versions

* chore: wip

* docs: fix CVE redirects

* chore: updated to use new API

* chore: updated sorting

* docs: add affected versions

* docs: add revision history

* docs: add tests for revision history

* docs: change column names and array formatting

* chore: updated logic to handle multple product instances

* chore: add package name

* chore: support for multiple versions without breaking table

* chore: update comment

* chore: fix jank page behavior issue

* chore: CSS cleanup

* chore: updated table to sort by version

* chore: updated CSS to not display table for small displays

* chore: updated view

* tests: fixed tests

* chore: sort revision history by date

* chore: update

* chore: add sorting to Third Party Vulnerability

* chore: progress

* chore: fix revision logic and simplified logic to improve readability

* chore: memory optimization

* chore: more improvements

* chore: ci

* chore: fix logger

* chore: udate

* chore: fixed semver sorting in affected tables

* chore: removed newlines from revision

* docs: added virtual list with fixed header

* docs: added missing columns

* chore: fixed broken URL

* chore: add ability to link tab

* docs: added explenation of status

* chore: updated state to status

* ci: set logic for skipping security bulletins

* chore: add logic for no CVE

* docs: updated README

* chore: save

* ci: test change

* ci: bump eslint

* chore: fix eslint

* chore: ignore eslint

* chore: fix jitter

---------

Co-authored-by: Lenny Chen <lenny.chen@spectrocloud.com>
  • Loading branch information
karl-cardenas-coding and lennessyy authored Nov 27, 2024
1 parent f044c99 commit 9437c68
Show file tree
Hide file tree
Showing 70 changed files with 1,672 additions and 1,706 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/api_format.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ env:
ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}

jobs:
backport:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/dependabot.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ env:
ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}

jobs:
dependabot_build:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/nightly-docker-build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ env:
ALGOLIA_INDEX_NAME: "madeup-index"
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}

jobs:
build:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/post_release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ env:
ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}

jobs:

Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/pull_request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ env:
ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}

jobs:
run-ci:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/release-branch-pr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ env:
GITHUB_BRANCH: ${{ github.ref_name }}
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}


concurrency:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/release-preview.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ env:
ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}


concurrency:
Expand Down
6 changes: 5 additions & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,14 @@ on:
schedule:
- cron: '0 20 * * 1-5' # At 12:00 PM PST (8 PM UTC), Monday through Friday
- cron: '0 5 * * 2-6' # At 9:00 PM PST (5 AM UTC next day), Monday through Friday
- cron: '0 20 * * 6' # At 12:00 PM PST (8 PM UTC next day), Saturday - Due to Security Buletin Publication
- cron: '0 20 * * 0' # At 12:00 PM PST (8 PM UTC next day), Sunday - Due to Security Buletin Publication
workflow_dispatch:
inputs:
useGitHubHostedLargeRunner:
description: 'Use the GitHub-hosted large runner. Allowed values are true or false. Caution - this results in additional charges to the organization.'
required: false
default: false
default: 'false'

env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -27,6 +29,8 @@ env:
ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}


concurrency:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/screenshot_capture.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ env:
ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}


jobs:
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/versions_robot.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,10 @@ env:
ALGOLIA_SEARCH_KEY: ${{ secrets.ALGOLIA_SEARCH_KEY }}
ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
GITHUB_BRANCH: ${{ github.ref_name }}
GITHUB_BRANCH: ${{ github.ref_name }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}

jobs:
run-ci:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/visual-comparison.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ env:
ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
HTML_REPORT_URL_PATH: reports/${{ github.head_ref }}/${{ github.run_id }}/${{ github.run_attempt }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}


concurrency:
Expand Down
5 changes: 5 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,10 @@ docs/api-content/api-docs/v1/sidebar.*
docs/api-content/api-docs/edge-v1/*.mdx
docs/api-content/api-docs/edge-v1/sidebar.*

# Security Bulletins (Autogenerated)

docs/docs-content/security-bulletins/reports/*.md

# Versions Content
versions.json
versioned_docs/
Expand Down Expand Up @@ -72,6 +76,7 @@ _partials/index.ts

# Ignore statoc/img/packs
static/img/packs
static/data/security-bulletins/*


.vale-config/
Expand Down
1 change: 1 addition & 0 deletions .prettierignore
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ docs/api-content/**/*.json
tsconfig.json
src/components/IconMapper/dynamicFontAwesomeImports.*
docs/docs-content/security-bulletins/cve-reports.md
docs/docs-content/security-bulletins/reports/*.md

# Ignore partials
_partials/
7 changes: 6 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ initialize: ## Initialize the repository dependencies
npx husky-init
vale sync

clean: ## Clean common artifacts
clean: clean-security ## Clean common artifacts
npm run clear && npm run clean-api-docs
rm -rfv build

Expand All @@ -56,6 +56,10 @@ clean-packs: ## Clean supplemental packs and pack images
rm -rf .docusaurus/packs-integrations/api_pack_response.json
rm -rf .docusaurus/packs-integrations/api_repositories_response.json

clean-security: ## Clean security bulletins
rm -rf .docusaurus/security-bulletins/default/*.json
rm -rfv docs/docs-content/security-bulletins/reports/*.md

clean-api: ## Clean API docs
@echo "cleaning api docs"
npm run clean-api-docs
Expand All @@ -80,6 +84,7 @@ init: ## Initialize npm dependencies

start: ## Start a local development server
make generate-partials
npm run cves
npm run start

start-cached-packs: ## Start a local development server with cached packs retry.
Expand Down
22 changes: 22 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -775,6 +775,28 @@ Below is an example of how to use the component when the URLs are different:
/> page to learn more about system administrator roles.
```
## Security Bulletins
The security bulletins are auto-generated upon server start or the build process. The bulletins are generated by
querying an internal Spectro Cloud API. The bulletins are displayed in the security bulletins page
`https://docs.spectrocloud.com/security-bulletins/reports/`.
The logic for generated the security bulletins is located in the [cves folder](./utils/cves/index.js). The script is
invoked before a build or a local development server start. The script will fetch the security bulletins and store the
data in the `.docusaurus/security-bulletins/default/` folder. The data is stored in the `data.json` file.
The script will also generate each markdown file for each security bulletin. The markdown files are stored in the
`/security-bulletins/reports/` folder.
### Disable Security Bulletins
To disable the security bulletins, you can set the environment variable `DISABLE_SECURITY_INTEGRATIONS` to `true`. This
will stop the pre-build script from fetching the security bulletins.
```shell
export DISABLE_SECURITY_INTEGRATIONS=true
```
## Packs Component
The packs component is a custom component that displays all packs available in Palette SaaS by querying the Palette API
Expand Down
4 changes: 0 additions & 4 deletions babel.config.js

This file was deleted.

8 changes: 3 additions & 5 deletions docs/docs-content/release-notes/release-notes.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ are interested in upgrading to this patch release, please reach out to our suppo
local Harbor registry enabled to be stuck in the **Provisioning** state.

- Resolved several CVEs in the previous release. For a complete list of current CVEs, refer to
[CVE Report](../security-bulletins/reports/reports.md).
[CVE Report](../security-bulletins/reports/reports.mdx).

- Fixed an issue that caused clusters to experience problems in communicating with Palette through gPRC using domain
names and port 443, resulting in clusters appearing in an **Unhealthy** state.
Expand Down Expand Up @@ -76,10 +76,8 @@ the following sections for a complete list of features, improvements, and known

### Security Notices

- Kubernetes version 1.27.9 is deprecated due to a security vulnerability. We recommend upgrading to a newer version of
Kubernetes, such as 1.27.11, to avoid issues.

- Review the [Security Bulletins](../security-bulletins/security-bulletins.md) page for the latest security advisories.
<!-- prettier-ignore -->
- Review the <VersionedLink text="Security Bulletins" url="/security-bulletins/reports/" /> page for the latest security advisories.

### Palette

Expand Down
35 changes: 0 additions & 35 deletions docs/docs-content/security-bulletins/reports/cve-2015-8855.md

This file was deleted.

51 changes: 0 additions & 51 deletions docs/docs-content/security-bulletins/reports/cve-2020-1971.md

This file was deleted.

41 changes: 0 additions & 41 deletions docs/docs-content/security-bulletins/reports/cve-2021-3449.md

This file was deleted.

Loading

0 comments on commit 9437c68

Please sign in to comment.