Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Dast test configuration file #7

Merged
merged 1 commit into from
Sep 16, 2024
Merged

Add Dast test configuration file #7

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions tests/dast/rapidastConfig.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# This is a configuration template file to perform scans using user-defined container images or scripts
#
# Author: Red Hat Product Security

config:
# WARNING: `configVersion` indicates the schema version of the config file.
# This value tells RapiDAST what schema should be used to read this configuration.
# Therefore you should only change it if you update the configuration to a newer schema
# It is intended to keep backward compatibility (newer RapiDAST running an older config)
configVersion: 5

# `application` contains data related to the application, not to the scans.
application:
shortName: "oobttest"

# `general` is a section that will be applied to all scanners.
general:
container:
# This configures what technology is to be used for RapiDAST to run each scanner.
# Currently supported: `podman` and `none`
# none: Default. RapiDAST runs each scanner in the same host or inside the RapiDAST image container
# podman: RapiDAST orchestrates each scanner on its own using podman
# When undefined, relies on rapidast-defaults.yaml, or `none` if nothing is set
type: "none"

# `scanners' is a section that configures scanning options
scanners:
generic_oobt:
# toolDir: scanners/generic/tools
inline: "python3 oobtkube.py -d 120 -p 12345 -i 10.74.16.40 -f /test/cr_rd.yaml"
generic_trivy:
# results:
# An absolute path to file or directory where results are stored on the host.
# if it is "*stdout" or unspecified, the command's standard output will be selected
# When container.type is 'podman', this needs to be used along with the container.volumes configuration below
# If the result needs to be sent to DefectDojo, this must be a SARIF format file
#results: "/test/results/oobttest"

# Example: scan a k8s cluster for misconfiguration issue
# - kubeconfig file for the cluster is required
# - See https://aquasecurity.github.io/trivy/v0.49/docs/target/kubernetes/ for more information on 'trivy k8s' scan
# - scanners/generic/tools/convert_trivy_k8s_to_sarif.py converts the Trivy json result to the SARIF format
# 'inline' is used when container.type is not 'podman'
# 'toolDir' specifies the default directory where inline scripts are located
#toolDir: scanners/generic/tools
inline: "trivy k8s --kubeconfig=/test/kubeconfig -n openshift-run-once-duration-override-operator pod --severity=HIGH,CRITICAL --scanners=misconfig --report all --format json"

container:
parameters:
# Optional: list of expected return codes, anything else will be considered as an error. by default: [0]
validReturns: [ 0 ]