diff --git a/documentation/static/img/cascades.drawio.svg b/documentation/static/img/cascades.drawio.svg new file mode 100644 index 0000000000..c1c1f07dc8 --- /dev/null +++ b/documentation/static/img/cascades.drawio.svg @@ -0,0 +1,4 @@ + + + +
Subdomain Scan (amass)
*.example.com
Subdomain Scan (amass)...
Subdomain Finding
www.example.com
Subdomain Finding...
Subdomain Finding
mail.example.com
Subdomain Finding...
...
...
Portscan (nmap)
www.example.com
Portscan (nmap)...
Portscan (nmap)
www.example.com
Portscan (nmap)...
Open Port Finding
www.example.com:22
Open Port Finding...
Open Port Finding
www.example.com:443
Open Port Finding...
...
...
SSH Scan (ssh-audit)
www.example.com:22
SSH Scan (ssh-audit)...
Weak Credentials Scan (ncrack)
www.example.com:22
Weak Credentials Scan (ncrack)...
...
...
TLS Scan (sslyze)
www.example.com:443
TLS Scan (sslyze)...
Known Vulnerability Scan (nuclei)
www.example.com:443
Known Vulnerability Scan (nucle...
Text is not SVG - cannot display
\ No newline at end of file diff --git a/documentation/static/img/cascades.drawio.svg.license b/documentation/static/img/cascades.drawio.svg.license new file mode 100644 index 0000000000..c95bc37185 --- /dev/null +++ b/documentation/static/img/cascades.drawio.svg.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 diff --git a/hooks/cascading-scans/.helm-docs.gotmpl b/hooks/cascading-scans/.helm-docs.gotmpl index af668800c5..5bd18629ff 100644 --- a/hooks/cascading-scans/.helm-docs.gotmpl +++ b/hooks/cascading-scans/.helm-docs.gotmpl @@ -22,8 +22,15 @@ usecase: "Cascading Scans based declarative Rules." {{- define "extra.chartAboutSection" -}} ## What is "Cascading Scans" Hook about? -The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets. -The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. + +The Cascading Scans Hook can be used to start additional scans based on the results of other scans. +This allows you to create powerful setups to automatically discover targets, and then trigger more specialized scans for the type of target that was discovered. + +![Diagram of CascadingScans showing one amass scans for example.com finding two subdomains. These then trigger a port scan each. An identified ssh port then gets a SSH Scan and a Ncrack scan triggered. A https port gets a sslyze and a nuclei scan triggered.](https://www.securecodebox.io/static/img/cascades.drawio.svg) + +The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. +When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. +To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. This Hook is based on the ADR https://www.securecodebox.io/docs/architecture/architecture_decisions/adr_0003/ diff --git a/hooks/cascading-scans/README.md b/hooks/cascading-scans/README.md index 1ef5998707..734f64c1ab 100644 --- a/hooks/cascading-scans/README.md +++ b/hooks/cascading-scans/README.md @@ -33,8 +33,15 @@ Otherwise your changes will be reverted/overwritten automatically due to the bui

## What is "Cascading Scans" Hook about? -The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets. -The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. + +The Cascading Scans Hook can be used to start additional scans based on the results of other scans. +This allows you to create powerful setups to automatically discover targets, and then trigger more specialized scans for the type of target that was discovered. + +![Diagram of CascadingScans showing one amass scans for example.com finding two subdomains. These then trigger a port scan each. An identified ssh port then gets a SSH Scan and a Ncrack scan triggered. A https port gets a sslyze and a nuclei scan triggered.](https://www.securecodebox.io/static/img/cascades.drawio.svg) + +The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. +When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. +To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. This Hook is based on the ADR https://www.securecodebox.io/docs/architecture/architecture_decisions/adr_0003/ diff --git a/hooks/cascading-scans/docs/README.ArtifactHub.md b/hooks/cascading-scans/docs/README.ArtifactHub.md index 043a36aae5..87a3de3e9f 100644 --- a/hooks/cascading-scans/docs/README.ArtifactHub.md +++ b/hooks/cascading-scans/docs/README.ArtifactHub.md @@ -41,8 +41,15 @@ The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To You can find resources to help you get started on our [documentation website](https://www.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://www.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://www.securecodebox.io/docs/getting-started/first-scans) with it. ## What is "Cascading Scans" Hook about? -The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets. -The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. + +The Cascading Scans Hook can be used to start additional scans based on the results of other scans. +This allows you to create powerful setups to automatically discover targets, and then trigger more specialized scans for the type of target that was discovered. + +![Diagram of CascadingScans showing one amass scans for example.com finding two subdomains. These then trigger a port scan each. An identified ssh port then gets a SSH Scan and a Ncrack scan triggered. A https port gets a sslyze and a nuclei scan triggered.](https://www.securecodebox.io/static/img/cascades.drawio.svg) + +The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. +When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. +To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. This Hook is based on the ADR https://www.securecodebox.io/docs/architecture/architecture_decisions/adr_0003/ diff --git a/hooks/cascading-scans/docs/README.DockerHub-Hook.md b/hooks/cascading-scans/docs/README.DockerHub-Hook.md index 9c36456b6f..6e6560596e 100644 --- a/hooks/cascading-scans/docs/README.DockerHub-Hook.md +++ b/hooks/cascading-scans/docs/README.DockerHub-Hook.md @@ -52,8 +52,15 @@ docker pull securecodebox/hook-cascading-scans ``` ## What is "Cascading Scans" Hook about? -The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets. -The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. + +The Cascading Scans Hook can be used to start additional scans based on the results of other scans. +This allows you to create powerful setups to automatically discover targets, and then trigger more specialized scans for the type of target that was discovered. + +![Diagram of CascadingScans showing one amass scans for example.com finding two subdomains. These then trigger a port scan each. An identified ssh port then gets a SSH Scan and a Ncrack scan triggered. A https port gets a sslyze and a nuclei scan triggered.](https://www.securecodebox.io/static/img/cascades.drawio.svg) + +The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. +When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. +To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. This Hook is based on the ADR https://www.securecodebox.io/docs/architecture/architecture_decisions/adr_0003/