From 31f126892d913bce37fc4a8636cddfc972ee6f3f Mon Sep 17 00:00:00 2001 From: sg Date: Thu, 22 Aug 2024 15:10:36 +0100 Subject: [PATCH 1/2] fix zaproxy image --- components/producers/zaproxy/task.yaml | 2 +- examples/pipelines/dast-project/kustomization.yaml | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/components/producers/zaproxy/task.yaml b/components/producers/zaproxy/task.yaml index de10a340d..e51f2aae8 100644 --- a/components/producers/zaproxy/task.yaml +++ b/components/producers/zaproxy/task.yaml @@ -29,7 +29,7 @@ spec: description: The workspace containing the source-code to scan. steps: - name: run-zap - image: docker.io/owasp/zap2docker-stable:2.12.0 + image: ghcr.io/zaproxy/zaproxy:stable script: | #! /bin/bash set -ex diff --git a/examples/pipelines/dast-project/kustomization.yaml b/examples/pipelines/dast-project/kustomization.yaml index 6036f9483..0334f0070 100644 --- a/examples/pipelines/dast-project/kustomization.yaml +++ b/examples/pipelines/dast-project/kustomization.yaml @@ -4,10 +4,9 @@ kind: Kustomization nameSuffix: -dast-project components: - pkg:helm/dracon-oss-components/base - - pkg:helm/dracon-oss-components/git-clone - - pkg:helm/dracon-oss-components/producers/zaproxy + - pkg:helm/dracon-oss-components/producer-zaproxy - pkg:helm/dracon-oss-components/producer-aggregator - pkg:helm/dracon-oss-components/enricher-deduplication - pkg:helm/dracon-oss-components/enricher-aggregator - pkg:helm/dracon-oss-components/consumer-mongodb - - pkg:helm/dracon-oss-components/consumer-elasticsearch \ No newline at end of file + - pkg:helm/dracon-oss-components/consumer-elasticsearch From 979558e3e635624e09a5a0d667c3b86efb7acb3d Mon Sep 17 00:00:00 2001 From: sg Date: Thu, 22 Aug 2024 15:20:14 +0100 Subject: [PATCH 2/2] add dependency check to the sca kustomization --- components/producers/dependency-check/task.yaml | 2 +- examples/pipelines/sca-project/kustomization.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/components/producers/dependency-check/task.yaml b/components/producers/dependency-check/task.yaml index da3ef4a19..b4d90061f 100644 --- a/components/producers/dependency-check/task.yaml +++ b/components/producers/dependency-check/task.yaml @@ -16,7 +16,7 @@ spec: description: The workspace containing the source-code to scan. steps: - name: run-dependency-check - image: docker.io/owasp/dependency-check:7.4.4 + image: owasp/dependency-check:10.0.3 command: [/usr/share/dependency-check/bin/dependency-check.sh] args: - -f diff --git a/examples/pipelines/sca-project/kustomization.yaml b/examples/pipelines/sca-project/kustomization.yaml index 51b4ceadf..fccdd41b0 100644 --- a/examples/pipelines/sca-project/kustomization.yaml +++ b/examples/pipelines/sca-project/kustomization.yaml @@ -5,6 +5,7 @@ nameSuffix: -sca-project components: - pkg:helm/dracon-oss-components/base - pkg:helm/dracon-oss-components/producer-docker-trivy + - pkg:helm/dracon-oss-components/producer-dependency-check - pkg:helm/dracon-oss-components/producer-aggregator - pkg:helm/dracon-oss-components/enricher-codeowners - pkg:helm/dracon-oss-components/enricher-aggregator