search

mercedes-benz / sechub

SecHub provides a central API to test software with different security tools.
https://mercedes-benz.github.io/sechub/
MIT License
263 stars 63 forks source link

SecHub client must be able to provide variables #63

Closed de-jcup closed 4 years ago

de-jcup commented 4 years ago

At #21 we implemented server part for web login configuration and also netsparker integration.

But we must provide template mechanism at SecHub client to prevent credentials inisde configuration scripts!

So we must provide variables / templatinging by client. Best way would be to use standard go templating and use environment variables.

For implementation see https://golang.org/pkg/text/template/

de-jcup commented 4 years ago

Here just an example code snippet to explain usage:

{
    "apiVersion" : "{{ .SHTEST_VERSION }}" ,

    "codeScan": {
        "fileSystem": {
            "folders": ["{{ .SHTEST_FOLDERS1 }}"]
        }
    }
}

Usage: just set environment entries SHTEST_VERSION and SHTEST_FOLDERS1 to dedicated values...

So this is something very useful for build servers.