Initial commit for mercedes-benz#2328

zigfridus · Feb 27, 2024 · 66b5197 · 66b5197
1 parent 6e69908
commit 66b5197
Show file tree

Hide file tree

Showing 11 changed files with 2,071 additions and 0 deletions.
diff --git a/sechub-pds-solutions/phan/01-start-single-docker-compose.sh b/sechub-pds-solutions/phan/01-start-single-docker-compose.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: MIT
+
+cd $(dirname "$0")
+source "../../sechub-solutions-shared/scripts/9999-env-file-helper.sh"
+
+ENVIRONMENT_FILES_FOLDER="../shared/environment"
+ENVIRONMENT_FILE=".env-single"
+
+# Only variables from .env can be used in the Docker-Compose file
+# all other variables are only available in the container
+setup_environment_file ".env" "env" "$ENVIRONMENT_FILES_FOLDER/env-base-image"
+setup_environment_file "$ENVIRONMENT_FILE" "$ENVIRONMENT_FILES_FOLDER/env-base"
+
+# Use Docker BuildKit
+export BUILDKIT_PROGRESS=plain
+export DOCKER_BUILDKIT=1
+
+echo "Starting single container."
+docker compose --file docker-compose_pds_phan.yaml up --build --remove-orphans
diff --git a/sechub-pds-solutions/phan/README.adoc b/sechub-pds-solutions/phan/README.adoc
@@ -0,0 +1,83 @@
+// SPDX-License-Identifier: MIT
+
+:toc:
+:numbered:
+
+= Phan + PDS
+
+Phan is a static analyzer for PHP that prefers to minimize false-positives. Phan attempts to prove incorrectness rather than correctness.
+In addition, the combination of Phan and PDS allows both to run in a Kubernetes cluster or on virtual machines.
+
+This folder contains the scripts necessary to run Phan Wrapper + PDS locally within a container. It also contains scripts to create the PDS + Phan container and push it to your container registry, as well as a helm chart to install and run Phan Wrapper + PDS in a Kubernetes cluster.
+
+== Current limitations
+
+- only docker images uploaded as `.tar` files can be scanned
+
+== Run Locally
+
+This is the easiest way to get started.
+
+=== Requirements
+
+Docker and Docker-Compose need to be installed:
+
+. https://docs.docker.com/engine/install/[Install Docker]
+
+. Linux: https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user[Use Docker as non Root user]
+
+. https://docs.docker.com/compose/install/[Install Docker-Compose]
+
+=== Single Instance
+
+Start a single instance by using the Bash wrapper script which does setup everything automatically for you.
+
+==== Scan script
+
+The folder contains a start script which does the manual steps for you:
+
+----
+./01-start-single-docker-compose.sh
+----
+
+==== Together with SecHub
+
+The container will be started and attached to the `sechub` network.
+
+WARNING: Make sure the SecHub container is running and executor for Phan is set up.
+
+. Start container:
++
+----
+./05-start-single-sechub-network-docker-compose.sh
+----
++
+You can now scan with the SecHub client downloaded from the SecHub release page on GitHub.
+Example sechub.json, the phan wrapper takes docker images saved as tar archives +
+You can save docker images with the command "save" to a tar file. +
++
+----
+docker save <image_name:tag> -o <some_filename.tar>
+----
++
+[source,json]
+----
+{
+  "apiVersion": "1.0",
+  "licenseScan": {
+    "use": [
+      "test-sources"
+    ]
+  },
+  "data": {
+    "binaries": [
+      {
+        "name": "test-sources",
+        "fileSystem" : {
+        "folders" : [ "my-docker-archive.tar" ]
+      }
+      }
+    ]
+  }
+}
+----
diff --git a/sechub-pds-solutions/phan/composer.json b/sechub-pds-solutions/phan/composer.json
@@ -0,0 +1,5 @@
+{
+    "require": {
+        "phan/phan": "^5.4"
+    }
+}