Code Monkey home page Code Monkey logo

trivy-dojo-report-operator's Introduction

trivy-dojo-report-operator

The trivy-dojo-report-operator is a Kubernetes operator developed using Kopf and Python. This operator listens for vulnerability reports generated by the Trivy Operator and forwards them to Defect Dojo for further analysis and tracking.

Features

  • Monitor Kubernetes for new Trivy vulnerability reports.
  • Push vulnerability reports to a configured Defect Dojo instance.
  • Seamless integration with your existing Kubernetes cluster and security workflow.
  • Developed using the Pythonic Kopf framework for easy maintenance and extensibility.

Prerequisites

  • A running Kubernetes cluster (minikube, kind, or another environment)
  • Trivy Operator installed and configured in the cluster
  • An instance of Defect Dojo for storing vulnerability reports

Installation and usage

  • Clone this repository:
git clone https://github.com/telekom-mms/trivy-dojo-report-operator.git
cd trivy-dojo-report-operator

Manually

  • Configure Defect Dojo settings:

Update the environment variables in the secret manifest to match your Defect Dojo instance configuration:

stringData:
  url: "https://your.defectdojo.instance"
  apiKey: "your_defect_dojo_api_key"

Replace https://your.defectdojo.instance with the URL of your Defect Dojo instance, and your_defect_dojo_api_key with your API key.

Change the environment variables in the deployment manifest to your liking. The options closely match the options in the import-scan API-call found here.

  • Deploy the trivy-dojo-report-operator:
kubectl create ns mgmt
kubectl apply -f deploy/

With Helm

  • Configure Defect Dojo settings:

Update the variables in the values.yaml to match your Defect Dojo instance configuration:

defectDojoApiCredentials:
  apiKey: "your_defect_dojo_api_key"
  url: "https://your.defectdojo.instance"
  • Deploy the chart from the repository:
helm repo add trivy-dojo-report-operator https://telekom-mms.github.io/trivy-dojo-report-operator/
helm install chart-name trivy-dojo-report-operator/trivy-dojo-report-operator
  • Deploy the chart manually after cloning the git-repository:
helm install chart-name charts/

The operator is now running in your cluster and will monitor for Trivy vulnerability reports and push them to the configured Defect Dojo instance.

Running locally with Docker

You can also run the operator locally. This way you don't have to install anything in your cluster. Just provide the Defect Dojo URL and API-Key and optionally labels to the docker-run command. You also have to mount your kubeconfig into the container to access the cluster.

docker pull ghcr.io/telekom-mms/docker-trivy-dojo-operator

docker run -it -v /path/to/your/.kube/config:/root/.kube/config -e DEFECT_DOJO_API_KEY=$DEFECT_DOJO_API_KEY -e DEFECT_DOJO_URL=$DEFECT_DOJO_URL -e LABEL="trivy-operator.resource.name" -e LABEL_VALUE="master-live-server" ghcr.io/telekom-mms/docker-trivy-dojo-operator

Configuration

Variable Default Value Description
defectDojoActive "true" Override the active setting from the tool.
defectDojoAutoCreateContext "true" Specifies whether to automatically create Engagements, Products and Product_Types
defectDojoCloseOldFindings "false" Select if old findings no longer present in the report get closed as mitigated when importing. If service has been set, only the findings for this service will be closed.
defectDojoCloseOldFindingsProductScope "false" Select if close_old_findings applies to all findings of the same type in the product. By default, it is false meaning that only old findings of the same type in the engagement are in scope.
defectDojoDeduplicationOnEngagement "true" restrict deduplication for imported Findings to the newly created Engagement.
defectDojoEngagementName engagement The name of the engagement in DefectDojo.
defectDojoEvalEngagementName "false" Specifies whether the engagement name should be evaluated as a python function.
defectDojoEvalProductName "false" Specifies whether the product name should be evaluated as a python function.
defectDojoEvalProductTypeName "false" Specifies whether the product type name should be evaluated as a python function.
defectDojoEvalTestTitle "false" Specifies whether the test title should be evaluated as a python function.
defectDojoMinimumSeverity Info The minimum severity level for findings in DefectDojo.
defectDojoProductName product The name of the product in DefectDojo.
defectDojoProductTypeName Research and Development The type of the product in DefectDojo.
defectDojoPushToJira "false" Specifies whether findings should be pushed to Jira in DefectDojo.
defectDojoTestTitle Kubernetes The title of the test in DefectDojo.
defectDojoVerified "false" Specifies whether findings should be marked as verified in DefectDojo.
defectDojoDoNotReactivate "true" If true the importing/reimporting will ignore uploaded active findings and not reactivate previously closed findings, while still creating new findings if there are new ones

A note on eval

When setting one of the Eval*-settings to true, the corresponding name or title will be run as a python function!

For example, set defectDojoEvalEngagementName to true and defectDojoEngagementName to meta["creationTimestamp"], then the creationTimestamp of the vulnerability Report Resource in Kubernetes will be evaluated and used as the engagement name.

If you set defectDojoEngagementName to body["report"]["artifact"]["tag"], then the engagement will get the name of the specified image-tag.

Metrics

The operator provides a Prometheus metrics endpoint, where successful and failed requests are collected.

Uninstall

To remove the trivy-dojo-report-operator from your cluster, run the following command:

kubectl delete -f deploy/

Creating new Releases

  • Update the versions in:
charts/Chart.yaml
charts/values.yaml
deploy/deployment.yaml
  • Package the new chart version:
> rm -fr .cr-release-packages/
> cr package charts/
  • Upload the new chart and create a new github release with the chart
> cr upload --owner telekom-mms --git-repo trivy-dojo-report-operator --token $GITHUB_COM_TOKEN
  • Update the cahrt repository:
> git co gh-pages
> cr index --owner telekom-mms --git-repo trivy-dojo-report-operator -i index.yaml --token $GITHUB_COM_TOKEN
> git add index.yaml
> git commit -m "update chart index"
> git push origin gh-pages

License

GPLv3

trivy-dojo-report-operator's People

Contributors

rndmh3ro avatar renovate[bot] avatar szevez avatar schurzi avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.