From 90d40cd0f4f88417498257981bdefb72c9eef835 Mon Sep 17 00:00:00 2001 From: ashwiniag Date: Wed, 8 Jan 2025 19:38:22 +0530 Subject: [PATCH 1/4] updates readme --- Readme.md | 66 ++++++++++++++++++++++++++++++++++------ config/config.yaml | 75 ---------------------------------------------- 2 files changed, 57 insertions(+), 84 deletions(-) delete mode 100644 config/config.yaml diff --git a/Readme.md b/Readme.md index d4c1f72..3e35fa2 100644 --- a/Readme.md +++ b/Readme.md @@ -37,33 +37,81 @@ Find, analyze, and remediate vulnerabilities present in your container images. | Regisry | Status | |--------------|:-----------------:| -| Docker Hub | [In progress ⏳](https://github.com/shinobistack/gokakashi/issues/81) | -| Google Artifact Registry | [In progress ⏳](https://github.com/shinobistack/gokakashi/issues/82) | +| Docker Hub | ✅ [Enhancement in progress ⏳](https://github.com/shinobistack/gokakashi/issues/81) | +| Google Artifact Registry | ✅ [Enhancement in progress ⏳](https://github.com/shinobistack/gokakashi/issues/82) | | GitHub Container Registry | [In progress ⏳](https://github.com/shinobistack/gokakashi/issues/83) | | Amazon Elastic Container Registry | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/84) | | Azure Container Registry | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/85) | #### Image Scanners -| Scanner | Status | -|---------|:------:| -| Trivy | [In progress ⏳](https://github.com/shinobistack/gokakashi/issues/86) | -| Snyk | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/87) | -| Clair | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/88) | +| Scanner | Status | +|---------|:----------------------------------------------------------------------------------:| +| Trivy | ✅ [Enhancement in progress ⏳](https://github.com/shinobistack/gokakashi/issues/86) | +| Snyk | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/87) | +| Clair | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/88) | +#### Notification Systems + +| Platform | Status | +|----------|:-----------------------------------------------------------------------------:| +| Linear | ✅ Complete | +| Jira | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/105) | +| Slack | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/106) | + +#### Database Integration +Integrated with PostgreSQL using the modern, type-safe [ent ORM](https://entgo.io/). + +| Database | Status | +|--------------|:-----------------------------------------------------------------------------:| +| PostgresSQL | ✅ Complete | +| Other DBs | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/107) | +Currently integrated with PostgreSQL using the modern, type-safe [ent ORM](https://entgo.io/). +Future support for databases like MySQL, MariaDB, CockroachDB, SQLite, and more is planned. +With ent ORM, goKakashi is designed to be database-agnostic, allowing seamless integration with existing infrastructure, +regardless of the database technology is used. + ## Install 🛠️ +Using Docker Compose +Here’s how you can set up gokakashi using Docker Compose for both the server and PostgreSQL database. +Add your configuration file, e.g., [`./config/latest_config.yaml`](config/latest_config.yaml) + + +```sh +docker-compose up --build -d +./gokakashi agent start --server=http://localhost:8000 --token=letsdoit --workspace=/tmp + +``` +Or +### DB +```sh +docker network create gokakashi-network + +docker run -d --rm --name postgresdb --network gokakashi-network -p 5432:5432 \ + -e POSTGRES_PASSWORD=secret \ + -e POSTGRES_USER=postgres \ + -e POSTGRES_DB=postgres \ + postgres:latest + +``` ### Server ```sh -docker run -d ghcr.io/shinobistack/gokakashi server +docker run -d --rm --name gokakashi-server --network gokakashi-network -p 8000:8000 \ + -v $(pwd)/lts.yaml:/app/lts.yaml \ + gokakashi server --config=lts.yaml + ``` ### Agent ```sh -docker run --rm -it ghcr.io/shinobistack/gokakashi agent +docker run -it --rm --name gokakashi-agent --network gokakashi-network \ + -v /tmp:/tmp \ + gokakashi agent start --server=http://gokakashi-server:8000 --token=letsdoit --workspace=/tmp + ``` ## Transparency & Feedback ✨ diff --git a/config/config.yaml b/config/config.yaml deleted file mode 100644 index 1613e69..0000000 --- a/config/config.yaml +++ /dev/null @@ -1,75 +0,0 @@ -scan_targets: - - registry: dockerhub # - auth: - username: ${DOCKER_USERNAME} - password: ${DOCKER_PASSWORD} - images: - - name: - tags: - - v2.08.0 - - v2.36.3 - scan_policy: - severity: - - CRITICAL - - HIGH - notify: - Linear: - api_key: ${LINEAR_API_KEY} - project_id: UUID - team_id: UUID - issue_title: "Vulnerability Report" - issue_priority: 2 # INT - issue_assignee_id: UUID of Assignee - issue_state_id: UUID of Backlog, Triage, In Progress, etc. - issue_due_date: 2024-12-01 # YYYY-MM-DD - - name: - tags: - - v2.36.4 - - v2.11.8 - scan_policy: - severity: - - CRITICAL - notify: - Linear: - api_key: ${LINEAR_API_KEY} - project_id: UUID - team_id: UUID - issue_title: "Vulnerability Report" - issue_priority: 2 # INT - issue_assignee_id: UUID of Assignee - issue_state_id: UUID of Backlog, Triage, In Progress, etc. - issue_due_date: 2024-12-01 # YYYY-MM-DD - scanner: - - tool: Trivy - - registry: gcr - auth: - type: serviceAccount - json_key_path: "/path_to_.json" - images: - - name: gcr.io/ashwiniag/name - tags: - - v2.36.0 - scan_policy: - severity: - - CRITICAL - - HIGH - notify: - Linear: - api_key: xxxx - project_id: 24c2aac3-638a-4824-8371-26f250fbaed1 - team_id: e9f2cd02-7113-4ec3-bb08-ea7a151f542a - issue_title: TEST2 - issue_priority: 2 - issue_assignee_id: d74e16a8-b9e4-4fcf-a2d5-da01787f1678 # UUID of Assignee, here its ashwini@hasura.io - issue_state_id: 822cf3fe-a0bd-4401-9423-310c4f27d71f # UUID of Backlog, Triage, In progres etc - issue_due_date: 2024-12-01 #YYYY-MM-DD - cron_schedule: "*/1 * * * *" - scanner: - - tool: Trivy -website: - hostname: localhost - files_path: /app/website # absolute - public: - port: 8080 - private: - port: 9090 From 7a108e091bf47b0cf9db4889f511ba1639384b56 Mon Sep 17 00:00:00 2001 From: ashwiniag Date: Thu, 9 Jan 2025 10:26:52 +0530 Subject: [PATCH 2/4] config file --- config/latest_config.yaml | 75 +++++++++++++++++++++++++++++++++++++++ config/readme.md | 1 - 2 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 config/latest_config.yaml delete mode 100644 config/readme.md diff --git a/config/latest_config.yaml b/config/latest_config.yaml new file mode 100644 index 0000000..150c4f6 --- /dev/null +++ b/config/latest_config.yaml @@ -0,0 +1,75 @@ +integrations: + - name: lts-org-docker-hub + type: docker-hub + config: + username: ${DOCKER_USERNAME} + password: ${DOCKER_PASSWORD} + + - name: team-project-artifact-registry + type: google-cloud-artifact-registry + config: + auth_type: serviceAccount + json_key_path: ee-service-account.json + + - name: acme-linear + type: linear + config: + api_key: ${LINEAR_API_KEY} + project_id: ${LINEAR_PROJECT_UUID} + team_id: ${LINEAR_TEAM_UUID} + issue_title: ${OPTIONAL} + issue_priority: 2 + issue_assignee_id: ${LINEAR_ASSIGNER_UUID} + issue_state_id: ${LINEAR_STATE_UUID_LIKE_BACKLOG-UUID_TRIAGE-UUID_ETC} + issue_due_date: ${LINEAR_ISSUE_DUE_DATE} + +# API server configuration +site: + api_token: letsdoit + host: 0.0.0.0 + port: 8000 + +database: + host: postgresdb + port: 5432 + user: postgres + password: secret + name: postgres + +policies: + - name: public-service-lts-scans + image: + registry: lts-org-docker-hub + name: ${REGISTERY_NAME} + tags: + - v2.36.0 + - v2.34.0 + - v2.30.0 + - v2.33.0 + - v2.35.2 + trigger: + type: cron + schedule: "0 */8 * * *" + labels: + lts_version: v2.36 + scanner: trivy + notify: + - to: acme-linear + when: | + report.Results.exists(r, r.Vulnerabilities.exists(v, v.Severity == 'CRITICAL')) + - name: cps-scans + image: + registry: CP-project-artifact-registry + name: gcr.io/hasura-ee/lux-api + tags: + - 2.2.10 + trigger: + type: cron + schedule: "0 */8 * * *" + labels: + lts_version: v2.36 + scanner: trivy + notify: + - to: acme-linear + when: | + report.Results.exists(r, r.Vulnerabilities.exists(v, v.Severity == 'HIGH' || v.Severity == 'CRITICAL')) diff --git a/config/readme.md b/config/readme.md deleted file mode 100644 index 2f4b048..0000000 --- a/config/readme.md +++ /dev/null @@ -1 +0,0 @@ -All the config files can be here From a41f80936e59e2c9af4af6e91991558a12b72afa Mon Sep 17 00:00:00 2001 From: Vishnu Bharathi Date: Thu, 9 Jan 2025 16:58:14 +0530 Subject: [PATCH 3/4] Update Readme.md --- Readme.md | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/Readme.md b/Readme.md index 3e35fa2..3528356 100644 --- a/Readme.md +++ b/Readme.md @@ -52,7 +52,7 @@ Find, analyze, and remediate vulnerabilities present in your container images. | Clair | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/88) | -#### Notification Systems +### Alerting & Notifications | Platform | Status | |----------|:-----------------------------------------------------------------------------:| @@ -60,19 +60,10 @@ Find, analyze, and remediate vulnerabilities present in your container images. | Jira | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/105) | | Slack | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/106) | -#### Database Integration -Integrated with PostgreSQL using the modern, type-safe [ent ORM](https://entgo.io/). - -| Database | Status | -|--------------|:-----------------------------------------------------------------------------:| -| PostgresSQL | ✅ Complete | -| Other DBs | [Open for contribution](https://github.com/shinobistack/gokakashi/issues/107) | -Currently integrated with PostgreSQL using the modern, type-safe [ent ORM](https://entgo.io/). -Future support for databases like MySQL, MariaDB, CockroachDB, SQLite, and more is planned. -With ent ORM, goKakashi is designed to be database-agnostic, allowing seamless integration with existing infrastructure, -regardless of the database technology is used. ## Install 🛠️ + + Using Docker Compose Here’s how you can set up gokakashi using Docker Compose for both the server and PostgreSQL database. From e5d71dad04f4e3ee7d2437cd7fb9586eee158bbb Mon Sep 17 00:00:00 2001 From: Vishnu Bharathi Date: Thu, 9 Jan 2025 17:03:53 +0530 Subject: [PATCH 4/4] Update Readme.md --- Readme.md | 45 +++++++++------------------------------------ 1 file changed, 9 insertions(+), 36 deletions(-) diff --git a/Readme.md b/Readme.md index 3528356..cd461d9 100644 --- a/Readme.md +++ b/Readme.md @@ -63,47 +63,20 @@ Find, analyze, and remediate vulnerabilities present in your container images. ## Install 🛠️ - -Using Docker Compose - -Here’s how you can set up gokakashi using Docker Compose for both the server and PostgreSQL database. -Add your configuration file, e.g., [`./config/latest_config.yaml`](config/latest_config.yaml) - +### Docker Compose ```sh -docker-compose up --build -d -./gokakashi agent start --server=http://localhost:8000 --token=letsdoit --workspace=/tmp +wget https://raw.githubusercontent.com/shinobistack/gokakashi/refs/heads/main/docker-compose.yml +docker compose up -f +# brings up +# - a postgres DB +# - gokakashi server +# - gokakshi agent ``` -Or -### DB -```sh -docker network create gokakashi-network -docker run -d --rm --name postgresdb --network gokakashi-network -p 5432:5432 \ - -e POSTGRES_PASSWORD=secret \ - -e POSTGRES_USER=postgres \ - -e POSTGRES_DB=postgres \ - postgres:latest - -``` -### Server - -```sh -docker run -d --rm --name gokakashi-server --network gokakashi-network -p 8000:8000 \ - -v $(pwd)/lts.yaml:/app/lts.yaml \ - gokakashi server --config=lts.yaml - -``` - -### Agent - -```sh -docker run -it --rm --name gokakashi-agent --network gokakashi-network \ - -v /tmp:/tmp \ - gokakashi agent start --server=http://gokakashi-server:8000 --token=letsdoit --workspace=/tmp - -``` +Here’s how you can set up gokakashi using Docker Compose for both the server and PostgreSQL database. +Add your configuration file, e.g., [`./config/latest_config.yaml`](config/latest_config.yaml) ## Transparency & Feedback ✨ We’re excited to share gokakashi early with the community to gather feedback and improve quickly.