diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8b4d859 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SQ-* diff --git a/sast-job/Dockerfile b/sast-job/Dockerfile new file mode 100644 index 0000000..359681d --- /dev/null +++ b/sast-job/Dockerfile @@ -0,0 +1,12 @@ +# syntax = docker/dockerfile:1.6 + +FROM python:3.8-slim + +ENV PYTHONDONTWRITEBYTECODE 1 +WORKDIR /app + +RUN apt-get update -y && apt-get install --no-install-recommends -y curl python3-pip nodejs npm && pip3 install requests bs4 lxml + +COPY sq-job.py . + +CMD ["python3", "sq-job.py"] diff --git a/sast-job/Makefile b/sast-job/Makefile new file mode 100644 index 0000000..33214bc --- /dev/null +++ b/sast-job/Makefile @@ -0,0 +1,9 @@ +REPO=accuknox +IMGNAME=sastjob +IMGTAG=latest +IMG=${REPO}/${IMGNAME}:${IMGTAG} +build: + docker buildx build -t ${IMG} . + +push: + docker push ${IMG} diff --git a/sast-job/README.md b/sast-job/README.md new file mode 100644 index 0000000..d271d51 --- /dev/null +++ b/sast-job/README.md @@ -0,0 +1,15 @@ +# + +``` +docker run --rm -it -e SQ_URL=http://35.188.10.229:9000 -e SQ_AUTH_TOKEN= -e SQ_PROJECTS="^nimbus$" -e REPORT_PATH=/app/data/ -v $PWD:/app/data/ accuknox/sastjob:latest +``` + +Configuration +| Var | Sample Value | Description | +|----------------|---------------------------|------------------------------------| +| SQ_URL* | http://35.188.10.229:9000 | SonarQube server URL | +| SQ_AUTH_TOKEN* | squ_token | SonarQube user authn token | +| SQ_PROJECTS | "^nimbus$" | Scan the given projects/components | +| REPORT_PATH | /app/data/ | Path to keep the report json files | + +> * are mandatory configuration options diff --git a/sast-job/sq-job.py b/sast-job/sq-job.py index 224c739..3c5d5d7 100644 --- a/sast-job/sq-job.py +++ b/sast-job/sq-job.py @@ -24,7 +24,7 @@ def prereq(): Install NodeJS which is needed to run SonarQube. """ try: - return "" + return "" # Everything installed using Dockerfile subprocess.run( "curl -sL https://s3.amazonaws.com/scripts.accuknox.com/nodesource_setup.sh -o /tmp/nodesource_setup.sh", shell=True, @@ -199,7 +199,8 @@ def _get_results(key, auth_token=None, sonar_url=None, branch=None): results += "]}" # Write results to file - issues_file = os.path.join(f"{SCANNED_FILE_DIR}", "SQ-{}.json".format(time.time())) + issues_file = os.path.join(f"{SCANNED_FILE_DIR}", "SQ-{}.json".format(key)) + #issues_file = os.path.join(f"{SCANNED_FILE_DIR}", "SQ-{}.json".format(time.time())) with open(issues_file, "w") as f: f.write(results) @@ -638,6 +639,7 @@ def get_all_results_main_branch( sq_url = os.environ.get("SQ_URL", "") sq_auth_token = os.environ.get('SQ_AUTH_TOKEN', "") sq_projects = os.environ.get('SQ_PROJECTS', ".*") + SCANNED_FILE_DIR = os.environ.get('REPORT_PATH', "./") if sq_url == "" or sq_auth_token == "": log.error("SQ_URL or SQ_AUTH_TOKEN env var not specified")