Versions Compared

Old Version 11

changes.mady.by.user Ken Yi

Saved on

compared with

New Version 12

changes.mady.by.user Ken Yi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

"We have several docs on implementing Sonar jobs for various languages from our global-jjb templates, such as this one for maven sonar jobs: https://docs.releng.linuxfoundation.org/projects/global-jjb/en/latest/jjb/lf-maven-jobs.html#lf-infra-maven-sonarcloud

We could link to those, but I could probably put together something a little simpler that would allow for faster implementation. Also, all of our Sonar jobs are currently built using a maven template, so even those that we've implemented for Python and C require a pom.xml in the repo. We are currently working on a language-agnostic version that will use a standard sonar-project.properties file, and it should be implemented soon (I know that the code is mostly finished, so it may even be ready to go in the next few days, if it doesn't run into any hurdles in review). I'm not sure what the timeline requirements are for implementing this, but all the non-Java projects will probably want to wait until that is ready before implementing scans (if possible)."

...

Below are the list of tasks for the integration. 

Installation

Install Vuls containers (https://vuls.io/docs/en/install-with-docker.html). Vuls containers can be found at: https://hub.docker.com/u/vuls/

  • Install go-cve-dictionary, run "docker pull vuls/go-cve-dictionary"
  • Install goval-dictionary, run "docker pull vuls/goval-dictionary"
  • Install gost, run "docker pull vuls/gost"
  • Install vuls, run "docker pull vuls/vuls"

Set up and run

...

Detailed instruction can be found at https://vuls.io/docs/en/tutorial-docker.html

...

  • Prepare log dir

$ cd /path/to/working/dir

$ mkdir go-cve-dictionary-log goval-dictionary-log gost-log

  • Fetch NVD

$ for i in `seq 2002 $(date +"%Y")`; do \ docker run --rm -it \ -v $PWD:/vuls \ -v $PWD/go-cve-dictionary-log:/var/log/vuls \ vuls/go-cve-dictionary fetchnvd -years $i; \ done

  • Fetch OVAL

$ docker run --rm -it \ -v $PWD:/vuls \ -v $PWD/goval-dictionary-log:/var/log/vuls \ vuls/goval-dictionary fetch-redhat 5 6 7

  • Fetch gost

$ docker run --rm -i \ -v $PWD:/vuls \ -v $PWD/goval-log:/var/log/gost \ vuls/gost fetch redhat

  • Config the SUT, configuration will be stored in config.toml
    • SSH key generation & distribution: As Vuls connects to target server through SSH, and Vuls has to use SSH key-based authentication. There needs to be a way to generate SSH key pair, save the private key for Vuls container and dispatch the public key to target server. We probably don’t want to store the private key with the container image if the container image is public accessible.

[servers]

[servers.c74]

host = "54.249.93.16"

port = "22"

user = "vuls-user"

keyPath = "/root/.ssh/id_rsa" # path to ssh private key in docker

...