Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make ModSecurity CRS repositories easier to manage #2184

Closed
soufianebenali opened this issue Oct 17, 2019 · 2 comments
Closed

Make ModSecurity CRS repositories easier to manage #2184

soufianebenali opened this issue Oct 17, 2019 · 2 comments

Comments

@soufianebenali
Copy link

As discussed by @csanders-git and @bittner on Slack, and related to #1346 and #1420, we're proposing to simplify the repository structure and branching model of all repositories related to ModSecurity CRS.

  1. SpiderLabs/owasp-modsecurity-crs
  2. CRS-support/modsecurity-docker
  3. CRS-support/modsecurity-crs-docker

In a nutshell, we propose to:

  • flatten the branches in the first 2 repos above into a single branch,
  • placing the content of the branches in folders in that main branch, and
  • move the maintenance of the owasp/modsecurity-crs Docker image to a dedicated repository.

We also think it's worth to align the naming/wording with other popular free software projects and common best practices.

1. Refactor owasp-modsecurity-crs

Planned tasks:

  • Create a new folder tests in the root folder
  • Move util/regression-tests/ -> tests/regression/, and util/integration/ -> tests/integration
  • Rename folder documentation/ to docs/
  • Create folder examples/ and move crs-setup.conf.example -> examples/crs-setup.conf
  • Inside the rules/ folder create a folder for every version of rules, e.g. rules/v3.1/, rules/v3.2/, rules/v3.3/
  • Switch from branch-based versioning to folder-based versioning, on a single main branch (e.g. master)

2. Refactor modsecurity-docker

Planned tasks:

  • Switch from branch-based versioning to folder-based versioning, on a single main branch (e.g. master)
  • Clean up Dockerfile implementations for all supported combinations of ModSecurity and Apache/Nginx versions (inherit from existing, stable images as much as makes sense)
  • Automate building images for all supported combinations of ModSecurity and Apache/Nginx versions

3. Refactor modsecurity-crs-docker

Planned tasks:

  • Move the Docker setup from owasp-modsecurity-crs to the new modsecurity-crs-docker repository
  • Automate building images for all supported CRS versions on the various flavors of the modsecurity-docker images

Final comments

In essence, this is a flattening of the branching model, moving from a version-based branching to a trunk-based branching where the various versions (and technology combinations) are in subdirectories of the repository. The resulting repository structure should make it easier to overview and manage the code base.

A simple example of how this could look like may be appuio/container-oc. Please take a look at the structure and how we try to make updates easy by fully scripting the adaptions across all supported versions.

Please, let us know your thoughts! When we agree on this approach we would attempt doing the refactoring in a very short time frame, so the disruption is minimal and we can avoid any kind of "transition phase".
@airween
Copy link
Member

airween commented Oct 17, 2019

Maybe this issue should be sent to SpiderLabs/owasp-modsecurity-crs rather than here?

@soufianebenali
Copy link
Author

Moved the issue to SpiderLabs/owasp-modsecurity-crs#1600.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@airween @soufianebenali