From c2bbf00abe0f57b30a578966edb59a6b7f14c620 Mon Sep 17 00:00:00 2001 From: andream16 Date: Mon, 4 Nov 2024 14:09:06 +0000 Subject: [PATCH 1/3] Disabling MongoDB integration until https://github.com/bitnami/containers/issues/53407 doesn't require workarounds on M1-M3 chips. --- deploy/smithy/chart/values.yaml | 7 ++- deploy/smithy/values/dev.yaml | 5 +- .../templates/customresourcedefinitions.yaml | 48 +++++++++---------- 3 files changed, 33 insertions(+), 27 deletions(-) diff --git a/deploy/smithy/chart/values.yaml b/deploy/smithy/chart/values.yaml index 95a75adf2..44924a781 100644 --- a/deploy/smithy/chart/values.yaml +++ b/deploy/smithy/chart/values.yaml @@ -19,8 +19,11 @@ kibana: tlsEnabled: false mongodb: - # if set, a MongoDB instance will be deployed - enabled: true + # if set, a MongoDB instance will be deployed. + # Disabled as there's currently an issue with M1-M3 processors and workarounds are necessary + # https://github.com/bitnami/containers/issues/53407 + # It's better to stop leveraging MongoDB locally until the issue is resolved. + enabled: false # auth: # enabled: true # usernames: ["consumer-mongodb"] diff --git a/deploy/smithy/values/dev.yaml b/deploy/smithy/values/dev.yaml index 4da0c0873..c80be94ef 100644 --- a/deploy/smithy/values/dev.yaml +++ b/deploy/smithy/values/dev.yaml @@ -13,7 +13,10 @@ kibana: tlsEnabled: false mongodb: - enabled: true + # Disabled as there's currently an issue with M1-M3 processors and workarounds are necessary + # https://github.com/bitnami/containers/issues/53407 + # It's better to stop leveraging MongoDB locally until the issue is resolved. + enabled: false auth: enabled: true usernames: ["consumer-mongodb"] diff --git a/deploy/tektoncd/pipeline/templates/customresourcedefinitions.yaml b/deploy/tektoncd/pipeline/templates/customresourcedefinitions.yaml index b1043e49e..62b61a3b7 100644 --- a/deploy/tektoncd/pipeline/templates/customresourcedefinitions.yaml +++ b/deploy/tektoncd/pipeline/templates/customresourcedefinitions.yaml @@ -11,25 +11,37 @@ metadata: helm.sh/chart: '{{ include "tekton.chart" . }}' pipeline.tekton.dev/release: v0.44.0 version: v0.44.0 - name: verificationpolicies.tekton.dev + name: clustertasks.tekton.dev spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + conversionReviewVersions: + - v1beta1 group: tekton.dev names: categories: - tekton - tekton-pipelines - kind: VerificationPolicy - plural: verificationpolicies - singular: verificationpolicy - scope: Namespaced + kind: ClusterTask + plural: clustertasks + singular: clustertask + preserveUnknownFields: false + scope: Cluster versions: - - name: v1alpha1 + - name: v1beta1 schema: openAPIV3Schema: type: object x-kubernetes-preserve-unknown-fields: true served: true storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -43,37 +55,25 @@ metadata: helm.sh/chart: '{{ include "tekton.chart" . }}' pipeline.tekton.dev/release: v0.44.0 version: v0.44.0 - name: clustertasks.tekton.dev + name: verificationpolicies.tekton.dev spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - conversionReviewVersions: - - v1beta1 group: tekton.dev names: categories: - tekton - tekton-pipelines - kind: ClusterTask - plural: clustertasks - singular: clustertask - preserveUnknownFields: false - scope: Cluster + kind: VerificationPolicy + plural: verificationpolicies + singular: verificationpolicy + scope: Namespaced versions: - - name: v1beta1 + - name: v1alpha1 schema: openAPIV3Schema: type: object x-kubernetes-preserve-unknown-fields: true served: true storage: true - subresources: - status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition From fccfbc4ec534d557574d1a7d20787de665e3b090 Mon Sep 17 00:00:00 2001 From: andream16 Date: Mon, 4 Nov 2024 14:09:43 +0000 Subject: [PATCH 2/3] Removing mongodb consumers from example pipelines; replacing elasticsearch consumer with json consumer in sample example pipeline. --- examples/pipelines/dast-project/kustomization.yaml | 1 - examples/pipelines/golang-project/kustomization.yaml | 3 +-- examples/pipelines/iac-project/kustomization.yaml | 1 - examples/pipelines/java-project/kustomization.yaml | 1 - examples/pipelines/misc-project/kustomization.yaml | 1 - examples/pipelines/nancy-purl-project/kustomization.yaml | 1 - examples/pipelines/python-project/kustomization.yaml | 1 - examples/pipelines/rails-project/kustomization.yaml | 1 - examples/pipelines/sca-project/kustomization.yaml | 1 - examples/pipelines/typescript-project/kustomization.yaml | 1 - examples/pipelines/yarn-audit-purl-project/kustomization.yaml | 1 - 11 files changed, 1 insertion(+), 12 deletions(-) diff --git a/examples/pipelines/dast-project/kustomization.yaml b/examples/pipelines/dast-project/kustomization.yaml index dfdd4ec7f..9a13b2c0f 100644 --- a/examples/pipelines/dast-project/kustomization.yaml +++ b/examples/pipelines/dast-project/kustomization.yaml @@ -8,5 +8,4 @@ components: - pkg:helm/smithy-security-oss-components/producer-aggregator - pkg:helm/smithy-security-oss-components/enricher-deduplication - pkg:helm/smithy-security-oss-components/enricher-aggregator - - pkg:helm/smithy-security-oss-components/consumer-mongodb - pkg:helm/smithy-security-oss-components/consumer-elasticsearch diff --git a/examples/pipelines/golang-project/kustomization.yaml b/examples/pipelines/golang-project/kustomization.yaml index af6a5f111..266bbd3ee 100644 --- a/examples/pipelines/golang-project/kustomization.yaml +++ b/examples/pipelines/golang-project/kustomization.yaml @@ -10,5 +10,4 @@ components: - pkg:helm/smithy-security-oss-components/producer-aggregator - pkg:helm/smithy-security-oss-components/enricher-codeowners - pkg:helm/smithy-security-oss-components/enricher-aggregator - - pkg:helm/smithy-security-oss-components/consumer-mongodb - - pkg:helm/smithy-security-oss-components/consumer-elasticsearch + - pkg:helm/smithy-security-oss-components/consumer-stdout-json diff --git a/examples/pipelines/iac-project/kustomization.yaml b/examples/pipelines/iac-project/kustomization.yaml index 72b3c2cf6..96838e02e 100644 --- a/examples/pipelines/iac-project/kustomization.yaml +++ b/examples/pipelines/iac-project/kustomization.yaml @@ -11,5 +11,4 @@ components: - pkg:helm/smithy-security-oss-components/producer-aggregator - pkg:helm/smithy-security-oss-components/enricher-deduplication - pkg:helm/smithy-security-oss-components/enricher-aggregator - - pkg:helm/smithy-security-oss-components/consumer-mongodb - pkg:helm/smithy-security-oss-components/consumer-elasticsearch diff --git a/examples/pipelines/java-project/kustomization.yaml b/examples/pipelines/java-project/kustomization.yaml index f627d5a39..4aac6b64e 100644 --- a/examples/pipelines/java-project/kustomization.yaml +++ b/examples/pipelines/java-project/kustomization.yaml @@ -10,5 +10,4 @@ components: - pkg:helm/smithy-security-oss-components/producer-aggregator - pkg:helm/smithy-security-oss-components/enricher-deduplication - pkg:helm/smithy-security-oss-components/enricher-aggregator - - pkg:helm/smithy-security-oss-components/consumer-mongodb - pkg:helm/smithy-security-oss-components/consumer-elasticsearch diff --git a/examples/pipelines/misc-project/kustomization.yaml b/examples/pipelines/misc-project/kustomization.yaml index 355c21767..c4a9dbff5 100644 --- a/examples/pipelines/misc-project/kustomization.yaml +++ b/examples/pipelines/misc-project/kustomization.yaml @@ -9,5 +9,4 @@ components: - pkg:helm/smithy-security-oss-components/producer-aggregator - pkg:helm/smithy-security-oss-components/enricher-deduplication - pkg:helm/smithy-security-oss-components/enricher-aggregator - - pkg:helm/smithy-security-oss-components/consumer-mongodb - pkg:helm/smithy-security-oss-components/consumer-elasticsearch diff --git a/examples/pipelines/nancy-purl-project/kustomization.yaml b/examples/pipelines/nancy-purl-project/kustomization.yaml index 9436b7ac7..f5688d2d9 100644 --- a/examples/pipelines/nancy-purl-project/kustomization.yaml +++ b/examples/pipelines/nancy-purl-project/kustomization.yaml @@ -9,4 +9,3 @@ components: - pkg:helm/smithy-security-oss-components/producer-aggregator - pkg:helm/smithy-security-oss-components/enricher-deduplication - pkg:helm/smithy-security-oss-components/enricher-aggregator - - pkg:helm/smithy-security-oss-components/consumer-mongodb diff --git a/examples/pipelines/python-project/kustomization.yaml b/examples/pipelines/python-project/kustomization.yaml index f632b5e23..108ea443e 100644 --- a/examples/pipelines/python-project/kustomization.yaml +++ b/examples/pipelines/python-project/kustomization.yaml @@ -10,5 +10,4 @@ components: - pkg:helm/smithy-security-oss-components/producer-aggregator - pkg:helm/smithy-security-oss-components/enricher-codeowners - pkg:helm/smithy-security-oss-components/enricher-aggregator - - pkg:helm/smithy-security-oss-components/consumer-mongodb - pkg:helm/smithy-security-oss-components/consumer-elasticsearch diff --git a/examples/pipelines/rails-project/kustomization.yaml b/examples/pipelines/rails-project/kustomization.yaml index b069a75a1..ba977c0c6 100644 --- a/examples/pipelines/rails-project/kustomization.yaml +++ b/examples/pipelines/rails-project/kustomization.yaml @@ -9,5 +9,4 @@ components: - pkg:helm/smithy-security-oss-components/producer-aggregator - pkg:helm/smithy-security-oss-components/enricher-codeowners - pkg:helm/smithy-security-oss-components/enricher-aggregator - - pkg:helm/smithy-security-oss-components/consumer-mongodb - pkg:helm/smithy-security-oss-components/consumer-elasticsearch diff --git a/examples/pipelines/sca-project/kustomization.yaml b/examples/pipelines/sca-project/kustomization.yaml index 178dce511..bf4f2d6e0 100644 --- a/examples/pipelines/sca-project/kustomization.yaml +++ b/examples/pipelines/sca-project/kustomization.yaml @@ -9,5 +9,4 @@ components: - pkg:helm/smithy-security-oss-components/producer-aggregator - pkg:helm/smithy-security-oss-components/enricher-codeowners - pkg:helm/smithy-security-oss-components/enricher-aggregator - - pkg:helm/smithy-security-oss-components/consumer-mongodb - pkg:helm/smithy-security-oss-components/consumer-elasticsearch diff --git a/examples/pipelines/typescript-project/kustomization.yaml b/examples/pipelines/typescript-project/kustomization.yaml index 269943c18..1fcb58efc 100644 --- a/examples/pipelines/typescript-project/kustomization.yaml +++ b/examples/pipelines/typescript-project/kustomization.yaml @@ -10,5 +10,4 @@ components: - pkg:helm/smithy-security-oss-components/producer-aggregator - pkg:helm/smithy-security-oss-components/enricher-codeowners - pkg:helm/smithy-security-oss-components/enricher-aggregator - - pkg:helm/smithy-security-oss-components/consumer-mongodb - pkg:helm/smithy-security-oss-components/consumer-elasticsearch diff --git a/examples/pipelines/yarn-audit-purl-project/kustomization.yaml b/examples/pipelines/yarn-audit-purl-project/kustomization.yaml index 8a3a28d79..d56af735c 100644 --- a/examples/pipelines/yarn-audit-purl-project/kustomization.yaml +++ b/examples/pipelines/yarn-audit-purl-project/kustomization.yaml @@ -9,4 +9,3 @@ components: - pkg:helm/smithy-security-oss-components/producer-aggregator - pkg:helm/smithy-security-oss-components/enricher-deduplication - pkg:helm/smithy-security-oss-components/enricher-aggregator - - pkg:helm/smithy-security-oss-components/consumer-mongodb From a49429a395d754567644f94903cb3bdccbf1c120 Mon Sep 17 00:00:00 2001 From: andream16 Date: Mon, 4 Nov 2024 14:10:10 +0000 Subject: [PATCH 3/3] Removing MongoDB mentions from getting started. --- docs/getting-started.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/docs/getting-started.md b/docs/getting-started.md index 522b1d03f..37df69c2e 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -35,8 +35,7 @@ pipeline which will: * Scan the repository with [gosec](https://github.com/securego/gosec) and [nancy](https://github.com/sonatype-nexus-community/nancy) * Enrich the findings with CODEOWNERS annotation -* Report the enriched results on [MongoDB](https://github.com/mongodb/mongo) - and [ElasticSearch](https://github.com/elastic/elasticsearch) +* Log the enriched results ### Set up Smithy and its dependencies @@ -48,10 +47,8 @@ This command will: TBD - if not KIND * deploy Smithy dependencies and Custom Resource Definitions (CRDs). Most of these dependencies are required by the example pipelines: - * MongoDB * Elasticsearch * Kibana - * MongoDB * Postgres All the dependencies are built using smithy's current [latest release](https://github.com/smithy-security/smithy/tags). @@ -106,8 +103,7 @@ And of its tasks by executing: kubectl get taskruns -w -n smithy NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME smithy-golang-project-7hqmc-base True Succeeded 27m 26m -smithy-golang-project-7hqmc-consumer-elasticsearch True Succeeded 23m 23m -smithy-golang-project-7hqmc-consumer-mongodb True Succeeded 23m 17m +smithy-golang-project-7hqmc-consumer-stdout-json-pod True Succeeded 23m 23m smithy-golang-project-7hqmc-enricher-aggregator True Succeeded 24m 23m smithy-golang-project-7hqmc-enricher-codeowners True Succeeded 24m 24m smithy-golang-project-7hqmc-git-clone True Succeeded 27m 25m @@ -123,8 +119,7 @@ kubectl get pods -w -n smithy NAME READY STATUS RESTARTS AGE smithy-es-default-0 1/1 Running 0 24m smithy-golang-project-7hqmc-base-pod 0/1 Completed 0 22m -smithy-golang-project-7hqmc-consumer-elasticsearch-pod 0/1 Running 0 19m -smithy-golang-project-7hqmc-consumer-mongodb-pod 0/1 Running 0 19m +smithy-golang-project-7hqmc-consumer-stdout-json-pod 0/1 Completed 0 19m smithy-golang-project-7hqmc-enricher-aggregator-pod 0/2 Completed 0 19m smithy-golang-project-7hqmc-enricher-codeowners-pod 0/2 Completed 0 19m smithy-golang-project-7hqmc-git-clone-pod 0/2 Completed 0 22m @@ -135,7 +130,11 @@ smithy-kb-5df6fcb8c7-tsbg6 1/1 Running 0 smithy-postgresql-0 1/1 Running 0 25m ``` -You can then check the enriched results stored in MongoDB and Elasticsearch. +You can then check the enriched results on the logs of the json consumer: + +```shell +kubectl logs smithy-golang-project-7hqmc-consumer-stdout-json-pod -n smithy +``` ### Debugging