jonny
/
covscanrest
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
18 Branches
0 Tags
786 KiB
 
 
 
 
 
Tree: 463ec22b2d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '463ec22b2d'
${ noResults }
covscanrest/README.md

3.6 KiB
Raw Blame History

See https://docs.google.com/document/d/15yod6K_ZbNkJ_ern7gwpxjBkdJIlHXORfYZ3CGQhnEM/edit?usp=sharing for a full version with images

Introduction

Currently we rely on CPaaS to submit requests to PSSaaS which then invokes the PSSC scanning container. The idea behind the ScanChain api is to act as an interaction point for services to be able to directly access our scan tooling.

Our api will be written in Quarkus for ease of use and deployment to OpenShift, we will also use Tekton to assist with CI/CD.

How to build

To run the Quarkus build in dev mode simply run: ./mvnw compile quarkus:dev All end points should be avaliable on localhost:8080/{endpoint}. The endpoints are listed in the endpoints section

Need to add the maven parameters for PSGQLauth

Deploying to OpenShift (https://quarkus.io/guides/deploying-to-openshift)

Part of the advantage of working with quarkus is the ease of which we can deploy it to OpenShift. We have the OpenShift extension already installed via the pom,

All that should be required to build and deploy OpenShift is to login to OpenShift via the usual method (oc login (creds) for example). Before running a build command:

You can then expose the routes (oc expose {route}), then your application should be accessible on the OpenShift cluster. This is verifiable either by using the console to request which services are running (oc get svc) or by using the web console which should display the service graphically.

Design diagram

API endpoint diagram with all endpoints DB links, connections to further services (PNC API etc)

API endpoints

/{scanId} - GET request for retrieving scans

This is a simple request for retrieving scans that are stored in our postgresql database. The assigned scanId will return the whole scan payload in JSON format.

/ - POST request takes a JSON payload to start scans (Maybe isnt relevant/shouldnt be included in the future)

Creating scans via passing fully formed JSON payloads. The standard JSON format should contain: product-id event-id is-managed-service component-list See appendix 1 for a provided example

/scanRequest - Post request for starting scans

There are several different types of build that should be retrieved from the backend source. Different inputs are required based off the build source.

The required fields for BREW builds are: buildSystemType brewId brewNVR - matches brewId pncId artifactType fileName builtFromSource

The required fields for git builds are: buildSystemType repository reference commitId

The required fields for PNC builds are: buildSystemType buildId

This information should allow us to have all the requirements for retrieving and then starting a scan when requested from the required sources.

/startScan - PUT request to start off the relevant scan

Only requires the scanId and should start off the relevant scan, should return a success only on finished or failure if there's no further response after timeout.

/removeScan - DELETE request to remove a scan build from DB

Only requires the scanId should remove the relevant scan from our DB. Should return a success or failure.

Expanded work to do

Jenkins

Haven't looked into the correct way for the API to interact with Jenkins needs more investigation.

Jira tickets still to do:

https://issues.redhat.com/browse/PSSECMGT-1548 https://issues.redhat.com/browse/PSSECMGT-1549 https://issues.redhat.com/browse/PSSECMGT-1550 https://issues.redhat.com/browse/PSSECMGT-1551 https://issues.redhat.com/browse/PSSECMGT-1552 https://issues.redhat.com/browse/PSSECMGT-1553 https://issues.redhat.com/browse/PSSECMGT-1554

Appendix

Appendix 1