Merge pull request #41 from saitejaopsmx/june-rel

June release Changes

charts/ssd/config/dgraph/schema.graphql

@@ -221,7 +221,7 @@ enum RiskStatus {
     mediumrisk
     highrisk
     apocalypserisk
-    inprogress
+    scanning
 }
 
 """
@@ -246,6 +246,8 @@ DeploymentStage is an enum denoting the stage of the deployment. .
 enum DeploymentStage {
     "deployment is discovered from the events"
     discovered
+    "scanning is under process"
+    scanning
     "deployment is known to have passed the deployment firewall and the deployment(ie the artifact) is live"
     current
     "deployment becomes a past deployment because another fresh deployment has happened"
@@ -525,6 +527,7 @@ type SourceCodeTool {
     diffCommits: String
     licenseName: String
     visibility: String
+    workflowName: String
     "parentRepo is populated in case the git repo is a fork"
     parentRepo: String
     buildTool: BuildTool!
@@ -565,6 +568,7 @@ type ArtifactScanData {
     artifactDetails: Artifact @hasInverse(field: scanData)
     lastScannedAt: DateTime
     createdAt: DateTime
+    vulnTrackingId: String
     components: [Component!]
     vulnCriticalCount: Int @search
     vulnHighCount: Int @search
@@ -583,6 +587,8 @@ type ArtifactScanData {
     sourceSemgrepHighSeverityScanUrl: String
     sourceSemgrepMediumSeverityScanUrl: String
     sourceSemgrepLowSeverityScanUrl: String
+    sourceSnykScanUrl: String
+    virusTotalUrlScan: String
     riskStatus: RiskStatus @search(by: [exact, regexp])
     artifactRunHistory: [RunHistory!] @hasInverse(field: artifactScan)
 }

charts/ssd/config/supplychain-api/ssd-integrations.yaml

@@ -103,6 +103,52 @@ integrationData:
             placeholderText: 'Example:Compliance Scan'
             data:
               - Compliance Scan
+      - integratorType: virustotal
+        displayName: VirusTotal
+        multiSupport: false
+        category: sourcetool
+        testConnectionFlag: false
+        configurationFields:
+          auth:
+            displayName: Auth Type
+            dataType: auth
+            required: true
+            secret: false
+            helpText: Authentiation Type
+            placeholderText: 'Example:knjnasjwokldjhse'
+            authType:
+              - apiKey
+      - integratorType: snyk
+        displayName: Snyk
+        multiSupport: false
+        category: sourcetool
+        testConnectionFlag: false
+        configurationFields:
+          snykorgid:
+            displayName: Snyk Org Id
+            dataType: input
+            required: false
+            secret: false
+            helpText: Snyk Org Id
+            placeholderText: 'Example:12234'
+          auth:
+            displayName: Auth Type
+            dataType: auth
+            required: true
+            secret: true
+            helpText: Authentiation Type
+            placeholderText: 'Example:knjnasjwokldjhse'
+            authType:
+              - apiKey
+          sassnykscan:
+            displayName: Sass scan
+            dataType: checkbox
+            required: true
+            secret: false
+            helpText: Enable/Disable
+            placeholderText: 'Example:Helm Scan'
+            data:
+              - Sass scan
       - integratorType: semgrep
         displayName: SemGrep
         multiSupport: false
@@ -228,15 +274,27 @@ integrationData:
             secret: false
             helpText: Repo Name
             placeholderText: 'Example:ecr'
-          auth:
-            displayName: Auth Type
-            dataType: auth
-            required: true
+          region:
+            displayName: Region
+            dataType: input
+            required: false
+            secret: false
+            helpText: Mandatory to update the Region if the repo is Private
+            placeholderText: 'Example:us-west-1/us-east-2'
+          awsAccessKey:
+            displayName: AWS AccessKey
+            dataType: input
+            required: false
             secret: true
-            helpText: Authentiation Type
-            placeholderText: 'Example:username/token'
-            authType:
-              - basic
+            helpText: Mandatory to update the Access Key if the repo is Private
+            placeholderText: 'Example:rxdtfcgvhbj'
+          awsSecretKey:
+            displayName: AWS SecretKey
+            dataType: input
+            required: false
+            secret: true
+            helpText: Mandatory to update the Secret Key if the repo is Private
+            placeholderText: 'Example:qwertyuisdxcv'
       - integratorType: quay
         displayName: Quay
         multiSupport: true
@@ -328,30 +386,6 @@ integrationData:
             placeholderText: 'Example:Vulnerability Scan'
             data:
               - Vulnerability Scan
-      - integratorType: snyk
-        displayName: Snyk
-        multiSupport: false
-        category: scanningtool
-        testConnectionFlag: true
-        configurationFields:
-          auth:
-            displayName: Auth Type
-            dataType: auth
-            required: false
-            secret: true
-            helpText: Authentiation Type
-            placeholderText: 'Example:knjnasjwokldjhse'
-            authType:
-              - apiKey
-          helmscan:
-            displayName: Helm Scan
-            dataType: checkbox
-            required: true
-            secret: false
-            helpText: Enable/Disable
-            placeholderText: 'Example:Helm Scan'
-            data:
-              - Helm Scan
   - stage: Others
     integrations:
       - integratorType: chatgpt

charts/ssd/config/toolchain/tool-chain.yaml

@@ -1,2 +1,3 @@
 httpListenPort: 8100
 graphQLAddr: http://dgraph-public:8080/graphql
+cloneRepoOnce: {{ .Values.toolchain.cloneRepoOnce }}

charts/ssd/rc-images-values.yaml

@@ -5,35 +5,35 @@ imageCredentials:
 
 ui:
   image:
-    tag: "41e724937-202405311624"
+    tag: "1d4c17b04-202407091500"
   serviceAnnotations:
     awsAnnotationsGo: HERE
 toolchain:
   image:
-    tag: v2.1.2
+    tag: "aed7b60-43"
   #securityContext:
   #  fsGroup: 1000
   #  runAsUser: 1000
   #  runAsGroup: 1000
 ssdgate:
   image:
     repository: ssd-gate
-    tag: "1250283-3"
+    tag: "1250283-31"
 ssdopa:
   image:
-    tag: v2.1.2
+    tag: "104b6bf-37"
 supplychainpreprocessor:
   image:
-    tag: "36277d3-5"
+    tag: "43adb6e-38"
   #securityContext:
   #  readOnlyRootFilesystem: false
   #  runAsNonRoot: true
 supplychainapi:
   image:
-    tag: "8751e97-1369"
+    tag: "04562b0-1552"
 tokenmachine:
   image:
-    tag: v1.0.1
+    tag: ":2024-04-00"
 rabbitmq:
   serviceAnnotations:
     awsAnnotationsGo: HERE

charts/ssd/values.yaml

@@ -124,7 +124,7 @@ customLabels: {}
 ssdgate:
   image:
     repository: ssdgate
-    tag: "2024-05-00"
+    tag: "2024-06-00"
   installDex: true
   createGateDexSecret: true
   #home_page: "/ui/index.html" # OPTIONAL default redirect page
@@ -206,7 +206,7 @@ toolchain:
   ## Image specific details
   image:
     repository: tool-chain
-    tag: "2024-05-00"
+    tag: "2024-06-01"
     pullPolicy: IfNotPresent
 
   annotations: {}
@@ -220,12 +220,15 @@ toolchain:
     size: 50Gi
     accessMode: ReadWriteOnce
 
+  ## During the scanning if the repo need to clone only once set to true
+  cloneRepoOnce: false
+
 ####################################################
 supplychainpreprocessor:
   ## Image specific details
   image:
     repository: supplychain-preprocessor
-    tag: "2024-05-00"
+    tag: "2024-06-02"
     pullPolicy: IfNotPresent
 
   annotations: {}
@@ -239,7 +242,7 @@ ssdopa:
   ## Image specific details
   image:
     repository: ssd-opa
-    tag: "2024-05-01"
+    tag: "2024-06-03"
     pullPolicy: IfNotPresent
 
   annotations: {}
@@ -251,7 +254,7 @@ supplychainapi:
   ## Image specific details
   image:
     repository: supplychain-api
-    tag: "2024-05-01"
+    tag: "2024-06-03"
     pullPolicy: IfNotPresent
 
   annotations: {}
@@ -301,7 +304,7 @@ ui:
   ## Image specific details
   image:
     repository: ssd-ui
-    tag: "2024-05-02"
+    tag: "2024-06-00"
     pullPolicy: IfNotPresent
 
   annotations: {}