Skip to content

Commit d7f3295

Browse files
vishal-avvishal-av
authored
[CDS-112589] Custom Ingest Step (#11516)
* [CDS-112589] Custom Ingest Step
1 parent d65e066 commit d7f3295

File tree

2 files changed

+306
-0
lines changed

2 files changed

+306
-0
lines changed

docs/continuous-delivery/x-platform-cd-features/cd-steps/containerized-steps/sto-ingest-step.md

Lines changed: 116 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,116 @@
1+
---
2+
title: Custom Ingest Step
3+
description: Custom Ingest step enables you to ingest results from any third-party scanner
4+
sidebar_position: 7
5+
---
6+
7+
import IngestStep from '/docs/security-testing-orchestration/custom-scanning/custom-ingest-reference.md';
8+
9+
<IngestStep name="custom-ingest" />
10+
11+
## Sample Pipeline
12+
13+
Here is a sample pipeline for a custom ingest step:
14+
15+
<details>
16+
<summary>Sample YAML</summary>
17+
18+
```yaml
19+
pipeline:
20+
name: abc
21+
identifier: abc
22+
projectIdentifier: your_project_identifier
23+
orgIdentifier: your_org_identifier
24+
tags: {}
25+
stages:
26+
- stage:
27+
name: s1
28+
identifier: s1
29+
description: ""
30+
type: Deployment
31+
spec:
32+
deploymentType: Kubernetes
33+
service:
34+
serviceRef: your_service_identifier
35+
environment:
36+
environmentRef: your_environment_identifier
37+
deployToAll: false
38+
infrastructureDefinitions:
39+
- identifier: your_infrastructure_identifier
40+
execution:
41+
steps:
42+
- stepGroup:
43+
name: sg1
44+
identifier: sg1
45+
steps:
46+
- step:
47+
type: Run
48+
name: Run_1
49+
identifier: Run_1
50+
spec:
51+
connectorRef: a
52+
image: alpine
53+
shell: Sh
54+
command: |-
55+
cat <<EOF >> example.json
56+
{
57+
"meta":{
58+
"key":[
59+
"issueName",
60+
"fileName"
61+
],
62+
"subproduct":"MyCustomScanner"
63+
},
64+
"issues":[
65+
{
66+
"subproduct":"MyCustomScanTool",
67+
"issueName":"Cross Site Scripting",
68+
"issueDescription":"Lorem ipsum...",
69+
"fileName":"homepage-jobs.php",
70+
"remediationSteps":"Fix me fast.",
71+
"risk":"high",
72+
"severity":8,
73+
"status":"open",
74+
"referenceIdentifiers":[
75+
{
76+
"type":"cwe",
77+
"id":"79"
78+
}
79+
]
80+
}
81+
]
82+
}
83+
EOF
84+
ls
85+
cat example.json
86+
- step:
87+
type: CustomIngest
88+
name: CustomIngest_1
89+
identifier: CustomIngest_1
90+
spec:
91+
mode: ingestion
92+
config: default
93+
target:
94+
type: repository
95+
detection: manual
96+
name: external-scanner-test
97+
variant: main
98+
advanced:
99+
log:
100+
level: info
101+
ingestion:
102+
file: example.json
103+
stepGroupInfra:
104+
type: KubernetesDirect
105+
spec:
106+
connectorRef: your_k8s_connector
107+
rollbackSteps: []
108+
tags: {}
109+
failureStrategies:
110+
- onFailure:
111+
errors:
112+
- AllErrors
113+
action:
114+
type: StageRollback
115+
```
116+
</details>

docs/continuous-delivery/x-platform-cd-features/cd-steps/containerized-steps/wiz-artifact-scan.md

Lines changed: 190 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,190 @@
1+
---
2+
title: Artifact scans with Wiz
3+
description: Artifact scans with Wiz with Orchestration and Ingestion modes.
4+
sidebar_position: 8
5+
---
6+
7+
import IngestStep from '/docs/security-testing-orchestration/sto-techref-category/wiz/artifact-scans-with-wiz.md';
8+
9+
<IngestStep name="wiz-artifact-scan" />
10+
11+
## Sample Pipeline
12+
13+
Here is a sample pipeline for artifact scans with Wiz Orchestration mode:
14+
15+
<details>
16+
<summary>Sample YAML</summary>
17+
18+
```yaml
19+
pipeline:
20+
name: cd-wiz-orchestration
21+
identifier: cdwizorchestration
22+
projectIdentifier: your_project_identifier
23+
orgIdentifier: your_org_identifier
24+
tags: {}
25+
stages:
26+
- stage:
27+
name: s1
28+
identifier: s1
29+
description: ""
30+
type: Deployment
31+
spec:
32+
deploymentType: Kubernetes
33+
service:
34+
serviceRef: your_service_identifier
35+
environment:
36+
environmentRef: your_environment_identifier
37+
deployToAll: false
38+
infrastructureDefinitions:
39+
- identifier: your_infrastructure_identifier
40+
execution:
41+
steps:
42+
- stepGroup:
43+
name: sg
44+
identifier: sg
45+
steps:
46+
- step:
47+
type: Wiz
48+
name: Wiz_1
49+
identifier: Wiz_1
50+
spec:
51+
mode: orchestration
52+
config: default
53+
target:
54+
type: container
55+
detection: manual
56+
name: test
57+
variant: test
58+
advanced:
59+
log:
60+
level: info
61+
privileged: true
62+
image:
63+
type: docker_v2
64+
tag: 14-alpine
65+
name: library/node
66+
domain: docker.io
67+
auth:
68+
access_token: your_access_token
69+
access_id: your_access_id
70+
stepGroupInfra:
71+
type: KubernetesDirect
72+
spec:
73+
connectorRef: your_k8s_connector
74+
rollbackSteps: []
75+
tags: {}
76+
failureStrategies:
77+
- onFailure:
78+
errors:
79+
- AllErrors
80+
action:
81+
type: StageRollback
82+
83+
```
84+
</details>
85+
86+
Here is a sample pipeline for artifact scans with Wiz Ingestion mode:
87+
88+
<details>
89+
<summary>Sample YAML</summary>
90+
91+
```yaml
92+
pipeline:
93+
name: wiz-ingestion1
94+
identifier: wizingestion1
95+
projectIdentifier: your_project_identifier
96+
orgIdentifier: default
97+
tags: {}
98+
stages:
99+
- stage:
100+
name: s1
101+
identifier: s1
102+
description: ""
103+
type: Deployment
104+
spec:
105+
deploymentType: Kubernetes
106+
service:
107+
serviceRef: your_service_identifier
108+
environment:
109+
environmentRef: your_environment_identifier
110+
deployToAll: false
111+
infrastructureDefinitions:
112+
- identifier: your_infrastructure_identifier
113+
execution:
114+
steps:
115+
- stepGroup:
116+
name: sg1
117+
identifier: sg1
118+
steps:
119+
- step:
120+
type: Run
121+
name: Run_1
122+
identifier: Run_1
123+
spec:
124+
connectorRef: a
125+
image: alpine
126+
shell: Sh
127+
command: |-
128+
cat <<EOF >> example.json
129+
{
130+
"meta":{
131+
"key":[
132+
"issueName",
133+
"fileName"
134+
],
135+
"subproduct":"MyCustomScanner"
136+
},
137+
"issues":[
138+
{
139+
"subproduct":"MyCustomScanTool",
140+
"issueName":"Cross Site Scripting",
141+
"issueDescription":"Lorem ipsum...",
142+
"fileName":"homepage-jobs.php",
143+
"remediationSteps":"Fix me fast.",
144+
"risk":"high",
145+
"severity":8,
146+
"status":"open",
147+
"referenceIdentifiers":[
148+
{
149+
"type":"cwe",
150+
"id":"79"
151+
}
152+
]
153+
}
154+
]
155+
}
156+
EOF
157+
ls
158+
cat example.json
159+
- step:
160+
type: Wiz
161+
name: Wiz_1
162+
identifier: Wiz_1
163+
spec:
164+
mode: ingestion
165+
config: default
166+
target:
167+
type: repository
168+
detection: manual
169+
name: external-scanner-test
170+
variant: main
171+
advanced:
172+
log:
173+
level: info
174+
privileged: true
175+
ingestion:
176+
file: example.json
177+
stepGroupInfra:
178+
type: KubernetesDirect
179+
spec:
180+
connectorRef: your_k8s_connector
181+
rollbackSteps: []
182+
tags: {}
183+
failureStrategies:
184+
- onFailure:
185+
errors:
186+
- AllErrors
187+
action:
188+
type: StageRollback
189+
```
190+
</details>

0 commit comments

Comments
 (0)