feat: added instruction to download the dbs

Obmondo · Jan 17, 2025 · 09a33c3 · 09a33c3
1 parent 9ce10d9
commit 09a33c3
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 1 deletion.
diff --git a/argocd-helm-charts/vuls-dictionary/README.md b/argocd-helm-charts/vuls-dictionary/README.md
@@ -0,0 +1,14 @@
+# Vuls Dictionary
+
+##
+
+## Inspiration
+
+* We want to scan the linux host and vuls-dictionary, which has all the info about each CVE ID, using OVAL, NVD, JVN, Fortinet and MITRE dbs
+
+https://github.com/vulsio/go-cve-dictionary/tree/master
+https://github.com/vulsio/goval-dictionary
+
+## TODO
+
+* Build our own image to set to pre-instructions.
diff --git a/argocd-helm-charts/vuls-dictionary/templates/deployment.yaml b/argocd-helm-charts/vuls-dictionary/templates/deployment.yaml
@@ -29,11 +29,14 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
+        {{- if .Values.cve.enabled }}
         - name: {{ .Chart.Name }}-cve
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.cve.repository }}:{{ .Values.image.cve.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - server
           ports:
             - name: http
               containerPort: {{ .Values.service.port }}
@@ -48,6 +51,19 @@ spec:
           volumeMounts:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          lifecycle:
+            postStart:
+              exec:
+                command: [
+                  "sh", "-c",
+                  {{- $dictionaries := .Values.cve.fetchDB -}}
+                  {{- range $index, $dict := $dictionaries -}}
+                  {{- if $index }} && {{ end }}
+                  go-cve-dictionary fetch {{ $dict }}
+                  {{- end }}
+                ]
+        {{- end }}
+        {{- if .Values.oval.enabled }}
         - name: {{ .Chart.Name }}-oval
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
@@ -67,7 +83,14 @@ spec:
           volumeMounts:
             {{- toYaml . | nindent 12 }}
           {{- end }}
-
+          lifecycle:
+            postStart:
+              exec:
+                command: [
+                  "sh", "-c",
+                  "go-cve-dictionary fetch oval"
+                ]
+        {{- end }}
       {{- with .Values.volumes }}
       volumes:
         {{- toYaml . | nindent 8 }}

diff --git a/argocd-helm-charts/vuls-dictionary/values.yaml b/argocd-helm-charts/vuls-dictionary/values.yaml
@@ -108,3 +108,14 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+oval:
+  enabled: true
+
+cve:
+  enabled: true
+  fetchDB:
+    - nvd
+    - mitre
+    - jvn
+    - fortinet