Publish Docker Images in regular Docker group

.github/workflows/ci.yaml

@@ -68,7 +68,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/operator
+          repository: securecodebox/operator
           tag_with_ref: true
           tag_with_sha: true
           path: ./operator/
@@ -90,7 +90,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/lurcher
+          repository: securecodebox/lurcher
           tag_with_ref: true
           tag_with_sha: true
           path: ./lurcher/
@@ -105,7 +105,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-sdk-nodejs
+          repository: securecodebox/parser-sdk-nodejs
           path: ./parser-sdk/nodejs/
           tag_with_ref: true
           tag_with_sha: true
@@ -116,7 +116,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-amass
+          repository: securecodebox/parser-amass
           path: ./scanners/amass/parser/
           tag_with_ref: true
           tag_with_sha: true
@@ -126,7 +126,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-kube-hunter
+          repository: securecodebox/parser-kube-hunter
           path: ./scanners/kube-hunter/parser/
           tag_with_ref: true
           tag_with_sha: true
@@ -136,7 +136,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-ncrack
+          repository: securecodebox/parser-ncrack
           path: ./scanners/ncrack/parser/
           tag_with_ref: true
           tag_with_sha: true
@@ -146,7 +146,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-nikto
+          repository: securecodebox/parser-nikto
           path: ./scanners/nikto/parser/
           tag_with_ref: true
           tag_with_sha: true
@@ -156,7 +156,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-nmap
+          repository: securecodebox/parser-nmap
           path: ./scanners/nmap/parser/
           tag_with_ref: true
           tag_with_sha: true
@@ -166,7 +166,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-ssh-scan
+          repository: securecodebox/parser-ssh-scan
           path: ./scanners/ssh_scan/parser/
           tag_with_ref: true
           tag_with_sha: true
@@ -176,7 +176,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-sslyze
+          repository: securecodebox/parser-sslyze
           path: ./scanners/sslyze/parser/
           tag_with_ref: true
           tag_with_sha: true
@@ -186,7 +186,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-test-scan
+          repository: securecodebox/parser-test-scan
           path: ./scanners/test-scan/parser/
           tag_with_ref: true
           tag_with_sha: true
@@ -196,7 +196,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-trivy
+          repository: securecodebox/parser-trivy
           path: ./scanners/trivy/parser/
           tag_with_ref: true
           tag_with_sha: true
@@ -206,7 +206,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-zap
+          repository: securecodebox/parser-zap
           path: ./scanners/zap/parser/
           tag_with_ref: true
           tag_with_sha: true
@@ -216,7 +216,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/parser-wpscan
+          repository: securecodebox/parser-wpscan
           path: ./scanners/wpscan/parser/
           tag_with_ref: true
           tag_with_sha: true
@@ -233,7 +233,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/hook-sdk-nodejs
+          repository: securecodebox/hook-sdk-nodejs
           path: ./hook-sdk/nodejs/
           tag_with_ref: true
           tags: "ci-local"
@@ -243,7 +243,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/persistence-elastic
+          repository: securecodebox/persistence-elastic
           path: ./hooks/persistence-elastic/
           tag_with_ref: true
           build_args: baseImageTag=ci-local
@@ -252,24 +252,25 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/persistence-elastic-dashboard-importer
+          repository: securecodebox/persistence-elastic-dashboard-importer
           path: ./hooks/persistence-elastic/dashboardImporter/
           tag_with_ref: true
       - uses: docker/build-push-action@v1
         name: "Build & Push GenericWebhook Hook Image"
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/generic-webhook
+          repository: securecodebox/generic-webhook
           path: ./hooks/generic-webhook/
           tag_with_ref: true
+          tag_with_sha: true
           build_args: baseImageTag=ci-local
       - uses: docker/build-push-action@v1
         name: "Build & Push ImperativeSubsequentScans Hook Image"
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/hook-imperative-subsequent-scans
+          repository: securecodebox/hook-imperative-subsequent-scans
           path: ./hooks/imperative-subsequent-scans/
           tag_with_ref: true
           build_args: baseImageTag=ci-local
@@ -278,7 +279,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/hook-declarative-subsequent-scans
+          repository: securecodebox/hook-declarative-subsequent-scans
           path: ./hooks/declarative-subsequent-scans/
           tag_with_ref: true
           tag_with_sha: true
@@ -288,7 +289,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/update-field
+          repository: securecodebox/update-field
           path: ./hooks/update-field/
           tag_with_ref: true
           tag_with_sha: true
@@ -304,7 +305,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/ncrack
+          repository: securecodebox/scanner-ncrack
           path: ./scanners/ncrack/scanner/
           # Note: not prefixed with a "v" as this seems to match ncrack versioning standards
           tags: "0.7,latest"
@@ -313,7 +314,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/nmap
+          repository: securecodebox/scanner-nmap
           path: ./scanners/nmap/scanner/
           # Note: not prefixed with a "v" as this seems to match nmap versioning standards
           tags: "7.80,7.80-2,latest"
@@ -322,7 +323,7 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/kube-hunter
+          repository: securecodebox/scanner-kube-hunter
           path: ./scanners/kube-hunter/scanner/
           # Note: not prefixed with a "v" as this matches the aquasec/kube-hunter tags
           tags: "0.3.0,latest"
@@ -331,10 +332,11 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: scbexperimental/test-scan
+          repository: securecodebox/scanner-test-scan
           path: ./scanners/test-scan/scanner/
           # Note: not prefixed with a "v" as this seems to match nmap versioning standards
-          tags: "latest"
+          tag_with_ref: true
+          tag_with_sha: true
   integrationTests:
     name: "Test / Integration / k8s ${{ matrix.k8sVersion }}"
     needs:
@@ -396,15 +398,21 @@ jobs:
             --set="image.tag=sha-$(git rev-parse --short HEAD)" \
             --set="attribute.name=severity" \
             --set="attribute.value=high"
-          helm -n integration-tests install test-scan ./scanners/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
+          helm -n integration-tests install test-scan ./scanners/test-scan/ \
+            --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \
+            --set="image.tag=sha-$(git rev-parse --short HEAD)"
           cd tests/integration/
           npx jest --ci --color read-write-hook
           helm -n integration-tests uninstall test-scan update-category update-severity
       - name: "Hooks (ReadOnly) Integration Tests"
         run: |
-          helm -n integration-tests install test-scan ./scanners/test-scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
+          helm -n integration-tests install test-scan ./scanners/test-scan/ \
+            --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \
+            --set="image.tag=sha-$(git rev-parse --short HEAD)"
           helm -n integration-tests install http-webhook ./demo-apps/http-webhook
-          helm -n integration-tests install ro-hook ./hooks/generic-webhook/ --set="webhookUrl=http://http-webhook/hallo-welt"
+          helm -n integration-tests install ro-hook ./hooks/generic-webhook/ \
+            --set="webhookUrl=http://http-webhook/hallo-welt" \
+            --set="image.tag=sha-$(git rev-parse --short HEAD)"
           cd tests/integration/
           npx jest --ci --color read-only-hook
           helm -n integration-tests uninstall test-scan http-webhook ro-hook
@@ -417,17 +425,23 @@ jobs:
           kubectl expose deployment nginx --port 80 --namespace demo-apps
       - name: "nmap Integration Tests"
         run: |
-          helm -n integration-tests install nmap ./scanners/nmap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
+          helm -n integration-tests install nmap ./scanners/nmap/ \
+            --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \
+            --set="image.tag=7.80"
           cd tests/integration/
           npx jest --ci --color nmap
       - name: "ncrack Integration Tests"
         run: |
-          helm -n integration-tests install ncrack ./scanners/ncrack/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
+          helm -n integration-tests install ncrack ./scanners/ncrack/ \
+            --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \
+            --set="image.tag=0.7"
           cd tests/integration/
           npx jest --ci --color ncrack
       - name: "kube-hunter Integration Tests"
         run: |
-          helm -n integration-tests install kube-hunter ./scanners/kube-hunter/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
+          helm -n integration-tests install kube-hunter ./scanners/kube-hunter/ \
+            --set="parserImage.tag=sha-$(git rev-parse --short HEAD)" \
+            --set="image.tag=0.3.0"
           cd tests/integration/
           npx jest --ci --color kube-hunter
       - name: "ssh-scan Integration Tests"

docs/user-guide/README.md

@@ -33,7 +33,7 @@ The result should contain a hook for declarative subsequent scans.
 
 ```bash
 NAME                                          TYPE       IMAGE
-combined-scans-declarative-subsequent-scans   ReadOnly   docker.io/scbexperimental/hook-declarative-subsequent-scans:latest
+combined-scans-declarative-subsequent-scans   ReadOnly   docker.io/securecodebox/hook-declarative-subsequent-scans:latest
 ```
 
 ### Verify CascadingRules

hooks/declarative-subsequent-scans/Dockerfile

@@ -13,7 +13,7 @@ RUN npm ci
 COPY hook.ts scan-helpers.ts kubernetes-label-selector.ts ./
 RUN npm run build
 
-FROM scbexperimental/hook-sdk-nodejs:${baseImageTag:-latest}
+FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest}
 WORKDIR /home/app/hook-wrapper/hook/
 COPY --from=install --chown=app:app /home/app/node_modules/ ./node_modules/
 COPY --from=build --chown=app:app /home/app/hook.js /home/app/scan-helpers.js /home/app/kubernetes-label-selector.js ./

hooks/declarative-subsequent-scans/README.md

@@ -21,7 +21,7 @@ helm upgrade --install dssh ./hooks/declarative-subsequent-scans/
 ```bash
 kubectl get ScanCompletionHooks
 NAME   TYPE       IMAGE
-dssh   ReadOnly   docker.io/scbexperimental/hook-declarative-subsequent-scans:latest
+dssh   ReadOnly   docker.io/securecodebox/hook-declarative-subsequent-scans:latest
 ```
 
 ## CascadingScan Rules
@@ -119,5 +119,5 @@ zap-http         zap-baseline   non-invasive   medium
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| image.repository | string | `"docker.io/scbexperimental/hook-declarative-subsequent-scans"` | Hook image repository |
+| image.repository | string | `"docker.io/securecodebox/hook-declarative-subsequent-scans"` | Hook image repository |
 | image.tag | string | `nil` |  |

hooks/declarative-subsequent-scans/README.md.gotmpl

@@ -21,7 +21,7 @@ helm upgrade --install dssh ./hooks/declarative-subsequent-scans/
 ```bash
 kubectl get ScanCompletionHooks
 NAME   TYPE       IMAGE
-dssh   ReadOnly   docker.io/scbexperimental/hook-declarative-subsequent-scans:latest
+dssh   ReadOnly   docker.io/securecodebox/hook-declarative-subsequent-scans:latest
 ```
 
 ## CascadingScan Rules

hooks/declarative-subsequent-scans/values.yaml

@@ -3,8 +3,9 @@
 # Declare variables to be passed into your templates.
 
 image:
+  # image.tag - defaults to the charts version
   # image.repository -- Hook image repository
-  repository: docker.io/scbexperimental/hook-declarative-subsequent-scans
+  repository: docker.io/securecodebox/hook-declarative-subsequent-scans
   # parserImage.tag -- Parser image tag
   # @default -- defaults to the charts version
   tag: null

hooks/generic-webhook/Dockerfile

@@ -5,7 +5,7 @@ WORKDIR /home/app
 COPY package.json package-lock.json ./
 RUN npm ci --production
 
-FROM scbexperimental/hook-sdk-nodejs:${baseImageTag:-latest}
+FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest}
 WORKDIR /home/app/hook-wrapper/hook/
 COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/
 COPY --chown=app:app ./hook.js ./hook.js

hooks/generic-webhook/README.md

@@ -22,6 +22,6 @@ helm upgrade --install gwh ./hooks/generic-webhook/ --set webhookUrl="http://exa
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| image.repository | string | `"docker.io/scbexperimental/generic-webhook"` | Hook image repository |
+| image.repository | string | `"docker.io/securecodebox/generic-webhook"` | Hook image repository |
 | image.tag | string | `nil` |  |
 | webhookUrl | string | `"http://example.com"` | The URL of your WebHook endpoint |

hooks/generic-webhook/values.yaml

@@ -6,8 +6,9 @@
 webhookUrl: "http://example.com"
 
 image:
+  # image.tag - defaults to the charts version
   # image.repository -- Hook image repository
-  repository: docker.io/scbexperimental/generic-webhook
+  repository: docker.io/securecodebox/generic-webhook
   # parserImage.tag -- Parser image tag
   # @default -- defaults to the charts version
   tag: null

hooks/imperative-subsequent-scans/Dockerfile

@@ -1,6 +1,6 @@
 # This image doesn't install the hooks dependencies, as it only has the @kubernetes/client-node dependencies which is already installed via the hook-sdk
 
 ARG baseImageTag
-FROM scbexperimental/hook-sdk-nodejs:${baseImageTag:-latest}
+FROM securecodebox/hook-sdk-nodejs:${baseImageTag:-latest}
 WORKDIR /home/app/hook-wrapper/hook/
 COPY --chown=app:app hook.js scan-helpers.js ./

hooks/imperative-subsequent-scans/README.md

@@ -26,5 +26,5 @@ helm upgrade --install issh ./hooks/imperative-subsequent-scans/
 | cascade.nmapSsh | bool | `false` | True if you want to cascade SSH scans for each SSH Port found by nmap, otherwise false. |
 | cascade.nmapSsl | bool | `false` | True if you want to cascade SSL scans for each HTTP Port found by nmap, otherwise false. |
 | cascade.nmapZapBaseline | bool | `false` | True if you want to cascade ZAP scans for each HTTP Port found by nmap, otherwise false. |
-| image.repository | string | `"docker.io/scbexperimental/hook-imperative-subsequent-scans"` | Hook image repository |
+| image.repository | string | `"docker.io/securecodebox/hook-imperative-subsequent-scans"` | Hook image repository |
 | image.tag | string | `nil` |  |

hooks/imperative-subsequent-scans/values.yaml

@@ -17,8 +17,9 @@ cascade:
   nmapZapBaseline: false
 
 image:
+  # image.tag - defaults to the charts version
   # image.repository -- Hook image repository
-  repository: docker.io/scbexperimental/hook-imperative-subsequent-scans
+  repository: docker.io/securecodebox/hook-imperative-subsequent-scans
   # parserImage.tag -- Parser image tag
   # @default -- defaults to the charts version
   tag: null