From 10d225942283557b46740df773e7fa2d7074e2cb Mon Sep 17 00:00:00 2001
From: Rogerio Bastos <2397391+rogeriobastos@users.noreply.github.com>
Date: Fri, 2 Jul 2021 10:56:42 -0300
Subject: [PATCH] Updating README.md
---
README.md | 145 +++++++++++++++++++++++-------------------------------
1 file changed, 62 insertions(+), 83 deletions(-)
diff --git a/README.md b/README.md
index 3bb1d0ef..061fe838 100644
--- a/README.md
+++ b/README.md
@@ -1,112 +1,91 @@
-
-
- 
- 
-
-
-
+**WARNING**: this is a fork repository, feel free to use it and contribute here but I recommend to try the [official repository](https://github.com/globocom/huskyCI) first.
## Introduction
-huskyCI is an open source tool that orchestrates security tests and centralizes all results into a database for further analysis and metrics. It can perform static security analysis in Python ([Bandit][Bandit] and [Safety][Safety]), Ruby ([Brakeman][Brakeman]), JavaScript ([Npm Audit][NpmAudit] and [Yarn Audit][YarnAudit]), Golang ([Gosec][Gosec]), Java ([SpotBugs][SpotBugs] plus [Find Sec Bugs][FindSec]), and HCL ([TFSec][TFSec]). It can also audit repositories for secrets like AWS Secret Keys, Private SSH Keys, and many others using [GitLeaks][Gitleaks].
+Please look at the official [documentation page](https://huskyci.opensource.globo.com/docs/quickstart/overview).
+
+## Getting Started
+
+Follow this steps to setting up huskyCI using Docker Compose.
-## How does it work?
+1. Clone this repository
-Developers can set up a new stage into their CI pipelines to check for vulnerabilities:
+```
+git clone https://github.com/rogeriobastos/huskyCI.git
+cd huskyCI/
+echo "export HUSKYCI_PATH='${PWD}'" > .env
+echo "export HUSKYCI_SCRIPTS='${PWD}/deployments/scripts'" >> .env
+source .env
+```
-
+1. Create certificates
-If security issues are found in the code, the severity, the confidence, the file, the line, and many more useful information can be shown, as exemplified:
+This certificates are used to protect the communication between huskyCI and docker daemon.
```
-[HUSKYCI][*] poc-python-bandit -> https://github.com/globocom/huskyCI.git
-[HUSKYCI][*] huskyCI analysis started! yDS9tb9mdt4QnnyvOBp3eVAXE1nWpTRQ
-
-[HUSKYCI][!] Title: Use of exec detected.
-[HUSKYCI][!] Language: Python
-[HUSKYCI][!] Tool: Bandit
-[HUSKYCI][!] Severity: MEDIUM
-[HUSKYCI][!] Confidence: HIGH
-[HUSKYCI][!] Details: Use of exec detected.
-[HUSKYCI][!] File: ./main.py
-[HUSKYCI][!] Line: 7
-[HUSKYCI][!] Code:
-6
-7 exec(command)
-8
-
-[HUSKYCI][!] Title: Possible hardcoded password: 'password123!'
-[HUSKYCI][!] Language: Python
-[HUSKYCI][!] Tool: Bandit
-[HUSKYCI][!] Severity: LOW
-[HUSKYCI][!] Confidence: MEDIUM
-[HUSKYCI][!] Details: Possible hardcoded password: 'password123!'
-[HUSKYCI][!] File: ./main.py
-[HUSKYCI][!] Line: 1
-[HUSKYCI][!] Code:
-1 secret = 'password123!'
-2
-3 password = 'thisisnotapassword' #nohusky
-4
-
-[HUSKYCI][SUMMARY] Python -> huskyci/bandit:1.6.2
-[HUSKYCI][SUMMARY] High: 0
-[HUSKYCI][SUMMARY] Medium: 1
-[HUSKYCI][SUMMARY] Low: 1
-[HUSKYCI][SUMMARY] NoSecHusky: 1
-
-[HUSKYCI][SUMMARY] Total
-[HUSKYCI][SUMMARY] High: 0
-[HUSKYCI][SUMMARY] Medium: 1
-[HUSKYCI][SUMMARY] Low: 1
-[HUSKYCI][SUMMARY] NoSecHusky: 1
-
-[HUSKYCI][*] The following securityTests were executed and no blocking vulnerabilities were found:
-[HUSKYCI][*] [huskyci/gitleaks:2.1.0]
-[HUSKYCI][*] Some HIGH/MEDIUM issues were found in these securityTests:
-[HUSKYCI][*] [huskyci/bandit:1.6.2]
-ERROR: Job failed: exit code 190
+echo "export HUSKYCI_CERT_PATH='${HUSKYCI_PATH}/certs'" >> $HUSKYCI_PATH/.env
+echo "export HUSKYCI_CERT_PASSPHRASE='mypassword'" >> $HUSKYCI_PATH/.env
+echo "export HUSKYCI_DOCKERAPI_HOST='address.to.dockerapi.host'" >> $HUSKYCI_PATH/.env
+echo "export HUSKYCI_DOCKERAPI_ADDR='1.2.3.4'" >> $HUSKYCI_PATH/.env
+echo "export HUSKYCI_HOST='address.to.huskyci.host'" >> $HUSKYCI_PATH/.env
+source $HUSKYCI_PATH/.env
+make create-certs
```
-## Getting Started
+1. Configure the docker daemon
-You can try huskyCI by setting up a local environment using Docker Compose following [this guide](https://huskyci.opensource.globo.com/docs/development/set-up-environment).
+HuskyCI requires a docker daemon listening on a TCP port to start the security test containers. You can use the local docker daemon or a remote one (in a VM for example). For security reasons we also configure docker to only allows connections from clients authenticated by a certificate signed by that CA generated above. For more details about this configuration look at docker documentation [here](https://docs.docker.com/engine/install/linux-postinstall/#configure-where-the-docker-daemon-listens-for-connections) and [here](https://docs.docker.com/engine/security/protect-access/#use-tls-https-to-protect-the-docker-daemon-socket).
-## Documentation
+Use the command `systemctl edit docker.service` to open an override file for docker.service in a text editor.
-All guides and the full documentation can be found in the [official documentation page](https://huskyci.opensource.globo.com/docs/quickstart/overview).
+Add the following lines.
-## Contributing
+```
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/path/to/certs/docker/ca.pem --tlscert=/path/to/certs/docker/server-cert.pem --tlskey=/path/to/certs/docker/server-key.pem -H fd:// -H tcp://0.0.0.0:2376
+```
-Read our [contributing guide](https://github.com/globocom/huskyCI/blob/master/CONTRIBUTING.md) to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to huskyCI.
+Reload systemd and restart docker.
-## Communication
+```
+systemctl daemon-reload
+systemctl restart docker.service
+```
-We have a few channels for contact, feel free to reach out to us at:
+1. Configure MongoDB
-- [GitHub Issues](https://github.com/globocom/huskyCI/issues)
-- [Gitter](https://gitter.im/globocom/huskyCI)
-- [Twitter](https://twitter.com/huskyCI)
+Set up MongoDB init file.
-## Contributors
+```
+echo "export HUSKYCI_DATABASE_DB_NAME='huskyCIDB'" >> $HUSKYCI_PATH/.env
+echo "export HUSKYCI_DATABASE_DB_USERNAME='huskyCIUser'" >> $HUSKYCI_PATH/.env
+echo "export HUSKYCI_DATABASE_DB_PASSWORD='huskyCIPassword'" >> $HUSKYCI_PATH/.env
+source $HUSKYCI_PATH/.env
+make prepare-local-mongodb
+```
+
+1. Configure HuskyCI
+
+```
+echo "export HUSKYCI_API_DEFAULT_USERNAME='huskyCIUser'" >> $HUSKYCI_PATH/.env
+echo "export HUSKYCI_API_DEFAULT_PASSWORD='huskyCIPassword'" >> $HUSKYCI_PATH/.env
+echo "export HUSKYCI_API_ALLOW_ORIGIN_CORS='\"*\"'" >> $HUSKYCI_PATH/.env
+source $HUSKYCI_PATH/.env
+```
-This project exists thanks to all the [contributors]((https://github.com/globocom/huskyCI/graphs/contributors)). You rock! ❤️🚀
+1. Build and run HuskyCI and MongoDB containers
+
+Docker compose will start up mongodb and huskyCI and you can reach uskyCI API at `http://localhost:8888/`.
+
+```
+make compose-up
+```
## License
huskyCI is licensed under the [BSD 3-Clause "New" or "Revised" License](https://github.com/globocom/huskyCI/blob/master/LICENSE.md).
-
-[Bandit]: https://github.com/PyCQA/bandit
-[Safety]: https://github.com/pyupio/safety
-[Brakeman]: https://github.com/presidentbeef/brakeman
-[Gosec]: https://github.com/securego/gosec
-[NpmAudit]: https://docs.npmjs.com/cli/audit
-[YarnAudit]: https://yarnpkg.com/lang/en/docs/cli/audit/
-[Gitleaks]: https://github.com/zricethezav/gitleaks
-[SpotBugs]: https://spotbugs.github.io
-[FindSec]: https://find-sec-bugs.github.io
-[TFSec]: https://github.com/liamg/tfsec