Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CICD Tool Discovery Plugin to Backend #344

Merged
merged 10 commits into from
Nov 7, 2024
Merged

Add CICD Tool Discovery Plugin to Backend #344

merged 10 commits into from
Nov 7, 2024

Conversation

g-marconet
Copy link
Contributor

@g-marconet g-marconet commented Nov 5, 2024
edited
Loading

Adds a CICD Tool Discovery plugin to the backend

Description

  • Makes a best effort to identify CICD tools based on config file conventions.
  • Currently supports:
    • AWS CodeBuild
    • BitRise
    • CircleCI
    • Electron Forge
    • Github Actions
    • Gitlab CI
    • Jenkins
    • Teamcity
    • Travis CI

Motivation and Context

  • Knowledge of CICD tool used by a given repository can inform security decisions

How Has This Been Tested?

  • Working in dev environment

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation change

Checklist

  • My code follows conforms to the coding standards.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@g-marconet g-marconet marked this pull request as ready for review November 5, 2024 22:30
@g-marconet g-marconet requested a review from a team as a code owner November 5, 2024 22:30
ZoogieZork
ZoogieZork previously approved these changes Nov 6, 2024
View reviewed changes
davakos
davakos reviewed Nov 6, 2024
View reviewed changes
backend/engine/plugins/cicd_tools/main.py

def get_details(results: list[DetectorResult]) -> dict[str, dict[str, CICDToolsDetails]]:
return {
"cicd_tools": {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this is the JSON output I proposed for this plugin, but this was just a swag - please review just to ensure that it complies with output from similar APIs in the system... for example, scan_options.plugins in a scan object is just just an array of the internal plugin ids (no display name), and we maintain an internal mapping in backend & UI to the display names. Would this be a better and more consistent approach?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think a scan_options.plugins type mapping would make sense in this context, but I also don't have a good grasp of what you are envisioning there. At a minimum, it would have the added complexity of causing us to have to edit things in two places when we want to add additional CICD tools or modify the current ones.

The current pattern is similar to the one in the repo healthcheck plugins, where there's an ID for the particular finding and then the plugins also provide a plaintext display_name analogue that eventually gets displayed in the UI. It keeps everything localized in the plugin, so changing things is more intuitive, IMO.

@g-marconet g-marconet added this pull request to the merge queue Nov 7, 2024
@g-marconet g-marconet removed this pull request from the merge queue due to a manual request Nov 7, 2024
@g-marconet g-marconet added this pull request to the merge queue Nov 7, 2024
@davakos davakos removed this pull request from the merge queue due to the queue being cleared Nov 7, 2024
@g-marconet g-marconet added this pull request to the merge queue Nov 7, 2024
@davakos davakos removed this pull request from the merge queue due to the queue being cleared Nov 7, 2024
@g-marconet g-marconet merged commit 4af394b into main Nov 7, 2024
5 checks passed
@g-marconet g-marconet deleted the g-marconet/cicd-discovery branch November 7, 2024 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davakos davakos davakos approved these changes

@ZoogieZork ZoogieZork ZoogieZork left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@g-marconet @ZoogieZork @davakos