Skip to content

Improve cascading scans docs #2837

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Weltraumschaf merged 2 commits into from
Jan 10, 2025
Merged

Improve cascading scans docs #2837

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
000a07c
Improve cascading scans docs by rewording and including a overview di…
J12934 Jan 10, 2025
63c5204
license
J12934 Jan 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions documentation/static/img/cascades.drawio.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
3 changes: 3 additions & 0 deletions documentation/static/img/cascades.drawio.svg.license
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
SPDX-FileCopyrightText: the secureCodeBox authors

SPDX-License-Identifier: Apache-2.0
11 changes: 9 additions & 2 deletions hooks/cascading-scans/.helm-docs.gotmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,15 @@ usecase: "Cascading Scans based declarative Rules."

{{- define "extra.chartAboutSection" -}}
## What is "Cascading Scans" Hook about?
The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets.
The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.

The Cascading Scans Hook can be used to start additional scans based on the results of other scans.
This allows you to create powerful setups to automatically discover targets, and then trigger more specialized scans for the type of target that was discovered.

![Diagram of CascadingScans showing one amass scans for example.com finding two subdomains. These then trigger a port scan each. An identified ssh port then gets a SSH Scan and a Ncrack scan triggered. A https port gets a sslyze and a nuclei scan triggered.](https://www.securecodebox.io/static/img/cascades.drawio.svg)

The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`.
When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan.
To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.

This Hook is based on the ADR https://www.securecodebox.io/docs/architecture/architecture_decisions/adr_0003/

Expand Down
11 changes: 9 additions & 2 deletions hooks/cascading-scans/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,15 @@ Otherwise your changes will be reverted/overwritten automatically due to the bui
</p>

## What is "Cascading Scans" Hook about?
The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets.
The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.

The Cascading Scans Hook can be used to start additional scans based on the results of other scans.
This allows you to create powerful setups to automatically discover targets, and then trigger more specialized scans for the type of target that was discovered.

![Diagram of CascadingScans showing one amass scans for example.com finding two subdomains. These then trigger a port scan each. An identified ssh port then gets a SSH Scan and a Ncrack scan triggered. A https port gets a sslyze and a nuclei scan triggered.](https://www.securecodebox.io/static/img/cascades.drawio.svg)

The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`.
When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan.
To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.

This Hook is based on the ADR https://www.securecodebox.io/docs/architecture/architecture_decisions/adr_0003/

Expand Down
11 changes: 9 additions & 2 deletions hooks/cascading-scans/docs/README.ArtifactHub.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,15 @@ The secureCodeBox project is running on [Kubernetes](https://kubernetes.io/). To
You can find resources to help you get started on our [documentation website](https://www.securecodebox.io) including instruction on how to [install the secureCodeBox project](https://www.securecodebox.io/docs/getting-started/installation) and guides to help you [run your first scans](https://www.securecodebox.io/docs/getting-started/first-scans) with it.

## What is "Cascading Scans" Hook about?
The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets.
The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.

The Cascading Scans Hook can be used to start additional scans based on the results of other scans.
This allows you to create powerful setups to automatically discover targets, and then trigger more specialized scans for the type of target that was discovered.

![Diagram of CascadingScans showing one amass scans for example.com finding two subdomains. These then trigger a port scan each. An identified ssh port then gets a SSH Scan and a Ncrack scan triggered. A https port gets a sslyze and a nuclei scan triggered.](https://www.securecodebox.io/static/img/cascades.drawio.svg)

The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`.
When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan.
To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.

This Hook is based on the ADR https://www.securecodebox.io/docs/architecture/architecture_decisions/adr_0003/

Expand Down
11 changes: 9 additions & 2 deletions hooks/cascading-scans/docs/README.DockerHub-Hook.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,15 @@ docker pull securecodebox/hook-cascading-scans
```

## What is "Cascading Scans" Hook about?
The Cascading Scans Hook can be used to orchestrate security scanners based on defined rule sets.
The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`. When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan. To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.

The Cascading Scans Hook can be used to start additional scans based on the results of other scans.
This allows you to create powerful setups to automatically discover targets, and then trigger more specialized scans for the type of target that was discovered.

![Diagram of CascadingScans showing one amass scans for example.com finding two subdomains. These then trigger a port scan each. An identified ssh port then gets a SSH Scan and a Ncrack scan triggered. A https port gets a sslyze and a nuclei scan triggered.](https://www.securecodebox.io/static/img/cascades.drawio.svg)

The so called `CascadingRules` consist of a `matches` section which contains one or multiple rules which are compared against `findings`.
When a `finding` matches a `rule` the `scanSpec` section will then be used to create a new scan.
To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding.

This Hook is based on the ADR https://www.securecodebox.io/docs/architecture/architecture_decisions/adr_0003/

Expand Down