search

secureCodeBox / secureCodeBox

secureCodeBox (SCB) - continuous secure delivery out of the box
https://www.secureCodeBox.io
Other
784 stars 151 forks source link

[Consistency/Scanners] SCB scanners use different versioning system #716

Open SebieF opened 3 years ago

SebieF commented 3 years ago

Working on the consistency of all scanner files, it was noticed that our own scanners (SCB scanners), that is test-scan, git-repo-scanner and zap-advanced, use a different versioning scheme which is linked to the scb releases. This leads to an inconsistent and potentially confusing use of Chart.Version vs. Chart.AppVersion in the scan-type.yaml file:

Git-Repo-Scanner (SCB) - Chart.Version (linked to SCB release):

 - name: git-repo-scanner
       image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.Version }}"

Nmap (Extern) - Chart.AppVersion (linked to current nmap release):

  - name: nmap
        image: "{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.AppVersion }}"

Although this is a minor issue, it should probably kept in mind when new internally maintained scanners are added to the SCB.

Also affects scanner.image.tag in values.yaml.

The following scanners are affected:

Weltraumschaf commented 1 year ago

This is intended bc we use our own SCB version for our own implemented scanners (.Chart.Version). For 3rd party scanners we use their versions (.Chart.AppVersion).

We will not change this, but should document it properly.