Skip to content

Commit

Permalink
feat: add demo
Browse files Browse the repository at this point in the history
  • Loading branch information
albrodfer1 committed Dec 1, 2024
1 parent 0d7d877 commit ac7867b
Show file tree
Hide file tree
Showing 6 changed files with 81 additions and 4 deletions.
4 changes: 4 additions & 0 deletions components/producers/cloudpi/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# What's not automated

- image build
- task creation
3 changes: 3 additions & 0 deletions components/producers/cloudpi/logs.txt

Large diffs are not rendered by default.

1 change: 0 additions & 1 deletion components/producers/cloudpi/neo4j-client/main.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
from reachability import assessor
from trivy import run
import os


def main():
Expand Down
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
from neo4j import GraphDatabase

uri = "bolt://localhost:7687"
import os

# Create a Neo4j driver instance
uri = os.getenv("DATABASE_URI")
print(f"querying endpoint {uri}")
driver = GraphDatabase.driver(uri)

def get_snapshosts_exposed():
Expand Down
3 changes: 2 additions & 1 deletion components/producers/cloudpi/neo4j-client/trivy/run.py
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
import json
import subprocess
import os

def scan_ebs(snap_name):
try:
# Run Trivy scan command for the specified ebs
# trivy vm --scanners vuln ebs:snap-02f3d4e008898f8d0 --aws-region eu-west-1
result = subprocess.run(
['trivy', 'vm', '--scanners', 'vuln', '--format', 'json', f"ebs:{snap_name}"],
['trivy', 'vm', '--scanners', 'vuln', '--format', 'json', '--severity', os.GetEnv("SEVERITY"), f"ebs:{snap_name}"],
capture_output=True,
text=True,
check=True
Expand Down
69 changes: 69 additions & 0 deletions components/producers/cloudpi/task-demo.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
apiVersion: tekton.dev/v1
kind: Task
metadata:
annotations:
labels:
v1.dracon.ocurity.com/component: producer
v1.dracon.ocurity.com/test-type: sca
name: producer-cloudpi
namespace: dracon
spec:
params:
- description: aws access key id
name: AWS_ACCESS_KEY_ID
type: string
- description: aws secret access key
name: AWS_SECRET_ACCESS_KEY
type: string
- description: aws region
name: AWS_DEFAULT_REGION
type: string
- description: database uri
name: DATABASE_URI
default: "bolt://dracon.dracon.svc:7687"
- description: severity flag to identify vulnerabilities
name: SEVERITY
default: HIGH
steps:
- name: run-cartography
image: 'kind-registry:5000/components/producers/cloudpi:v0.13.0'
env:
- name: AWS_ACCESS_KEY_ID
value: $(params.AWS_ACCESS_KEY_ID)
- name: AWS_SECRET_ACCESS_KEY
value: $(params.AWS_SECRET_ACCESS_KEY)
- name: AWS_DEFAULT_REGION
value: $(params.AWS_DEFAULT_REGION)
- name: READ_PATH
value: $(workspaces.output.path)/.dracon/producers
- name: WRITE_PATH
value: "$(workspaces.output.path)/.dracon/producers"
command:
- cartography
args:
- --neo4j-uri
- bolt://dracon.dracon.svc:7687
- args:
- main.py
command:
- python
computeResources: {}
env:
- name: AWS_ACCESS_KEY_ID
value: $(params.AWS_ACCESS_KEY_ID)
- name: AWS_SECRET_ACCESS_KEY
value: $(params.AWS_SECRET_ACCESS_KEY)
- name: AWS_DEFAULT_REGION
value: $(params.AWS_DEFAULT_REGION)
- name: DATABASE_URI
value: $(params.DATABASE_URI)
- name: SEVERITY
value: $(params.SEVERITY)
image: kind-registry:5000/components/producers/neo4jclient:v0.13.8
name: run-trivy
volumeMounts:
- mountPath: /scratch
name: scratch
volumes:
- emptyDir: {}
name: scratch

0 comments on commit ac7867b

Please sign in to comment.