Closed rsenden closed 4 months ago
@rsenden will this enhancement takes consideration of uploading the results file to SSC after #3
?
@crance , I've just created #488 which I think is a closter match to what you're requesting.
@crance , I've just created #488 which I think is a closter match to what you're requesting.
@crance, this feature just enables fcli to install Debricked CLI, and has nothing to do with actually running Debricked scans or uploading Debricked results to SSC (for the latter, there's already the fcli ssc artifact import-debricked
command).
I'm now closing this issue as the fcli tool debricked-cli *
commands have been implemented in fcli v2.2.0. If you'd want to discuss any integration between Debricked and fcli, please comment on the issue #488 that @wtfacoconut created.
This will be somewhat different compared to other tool commands, as Debricked provides platform-specific binaries. So, we'd need to:
.tgz
filesFor
#1
, we'd need to useSystem.getProperty("os.name")
andSystem.getProperty("os.arch")
to determine the appropriate binary. We'd need to add functionality to the generic tool classes to allow thedefaultDownloadUrl
property in the yaml file to contain an{asset}
placeholder, i.e.defaultDownloadUrl: https://github.com/debricked/cli/releases/download/v{toolVersion}/{asset}
. TheAbstractToolInstallCommand
could then have agetAsset()
method that returnsnull
by default but overridden inToolDebrickedCLIInstallCommand
to return the appropriate asset name for the current platform/architecture, which is then passed toToolHelper
to determine the appropriate download URL.For
#2
, to avoid having to maintain a list of all download checksums for all Debricked CLI variants, we should probably reuse thechecksums.txt
file as published by Debricked. Instead of:We could add support for something like:
With this configuration, fcli would download the checksums.txt file, verify it's integrity, and then use the appropriate checksum to verify integrity of the actual
tgz
file being downloaded (based on the filename in the download URL).For
#3
, probably best to use Apachecommons-compress
, unless we can find a better/smaller library (commons-compress
supports many archive algorithms that we don't need)