Feature/helm documentation

.github/workflows/helm-docs.yaml

@@ -0,0 +1,32 @@
+name: "Update Helm Docs"
+
+on:
+  push:
+
+jobs:
+  helm-docs:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ github.head_ref }}
+
+      - name: Download Helm Docs
+        run: |
+          mkdir helm-docs
+          cd helm-docs
+
+          curl --output helm-docs.tar.gz --location https://github.com/norwoodj/helm-docs/releases/download/v0.15.0/helm-docs_0.15.0_Linux_x86_64.tar.gz
+          tar -xvf helm-docs.tar.gz
+          # Verify install
+          ./helm-docs --version
+
+      - name: Generate Helm Docs
+        run: |
+          ./helm-docs/helm-docs
+          # Remove helm-docs download to ensure they dont get commited back
+          rm -rf helm-docs
+      - uses: stefanzweifel/[email protected]
+        with:
+          commit_message: Updating Helm Docs

demo-apps/bodgeit/README.md

@@ -0,0 +1,42 @@
+# bodgeit
+
+![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.4.0](https://img.shields.io/badge/AppVersion-v1.4.0-informational?style=flat-square)
+
+The BodgeIt Store is a vulnerable web app which is aimed at people who are new to pen testing
+
+**Homepage:** <https://github.com/psiinon/bodgeit>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| iteratec GmbH | [email protected] |  |
+
+## Source Code
+
+* <https://github.com/secureCodeBox/helm>
+* <https://github.com/psiinon/bodgeit>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"psiinon/bodgeit"` |  |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths | list | `[]` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `8080` |  |
+| service.type | string | `"ClusterIP"` |  |
+| tolerations | list | `[]` |  |

demo-apps/dummy-ssh/README.md

@@ -0,0 +1,36 @@
+# dummy-ssh
+
+![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square)
+
+SSH Server for scan testing.
+
+**Homepage:** <https://wordpress.org>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| iteratec GmbH | [email protected] |  |
+
+## Source Code
+
+* <https://github.com/secureCodeBox/secureCodeBox/tree/master/demo/dummy-ssh>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"securecodebox/dummy-ssh"` |  |
+| imagePullSecrets | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `22` |  |
+| service.type | string | `"ClusterIP"` |  |
+| tolerations | list | `[]` |  |

demo-apps/http-webhook/README.md

@@ -0,0 +1,39 @@
+# http-webhook
+
+![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)
+
+A Dummy webserver to echo HTTP requests in log
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| autoscaling.enabled | bool | `false` |  |
+| autoscaling.maxReplicas | int | `100` |  |
+| autoscaling.minReplicas | int | `1` |  |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.registry | string | `"docker.io"` |  |
+| image.repository | string | `"mendhak/http-https-echo"` |  |
+| image.tag | string | `"latest"` |  |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths | list | `[]` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `80` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tolerations | list | `[]` |  |

demo-apps/juice-shop/README.md

@@ -0,0 +1,42 @@
+# juice-shop
+
+![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v12.0.2](https://img.shields.io/badge/AppVersion-v12.0.2-informational?style=flat-square)
+
+OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
+
+**Homepage:** <https://owasp.org/www-project-juice-shop/>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| iteratec GmbH | [email protected] |  |
+
+## Source Code
+
+* <https://github.com/secureCodeBox/helm>
+* <https://github.com/bkimminich/juice-shop>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"bkimminich/juice-shop"` |  |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths | list | `[]` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `3000` |  |
+| service.type | string | `"ClusterIP"` |  |
+| tolerations | list | `[]` |  |

demo-apps/old-wordpress/README.md

@@ -0,0 +1,37 @@
+# old-wordpress
+
+![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0](https://img.shields.io/badge/AppVersion-4.0-informational?style=flat-square)
+
+Insecure & Outdated Wordpress Instance: Never expose it to the internet!
+
+**Homepage:** <https://wordpress.org>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| iteratec GmbH | [email protected] |  |
+
+## Source Code
+
+* <https://github.com/secureCodeBox/helm>
+* <https://github.com/secureCodeBox/secureCodeBox/tree/master/demo/old-wordpress>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"securecodebox/old-wordpress"` |  |
+| imagePullSecrets | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `80` |  |
+| service.type | string | `"ClusterIP"` |  |
+| tolerations | list | `[]` |  |

demo-apps/swagger-petstore/README.md

@@ -0,0 +1,43 @@
+# swagger-petstore
+
+![Version: latest](https://img.shields.io/badge/Version-latest-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.3](https://img.shields.io/badge/AppVersion-1.0.3-informational?style=flat-square)
+
+This is the sample petstore application
+
+**Homepage:** <https://github.com/swagger-api/swagger-petstore>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| iteratec GmbH | [email protected] |  |
+
+## Source Code
+
+* <https://github.com/secureCodeBox/helm>
+* <https://github.com/swagger-api/swagger-petstore>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"swaggerapi/petstore"` |  |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths | list | `[]` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `80` |  |
+| service.type | string | `"ClusterIP"` |  |
+| swaggerHostOverride | string | `"http://swagger-petstore.demo-apps.svc"` |  |
+| tolerations | list | `[]` |  |

hooks/declarative-subsequent-scans/Chart.yaml

@@ -6,5 +6,6 @@ type: application
 
 # version - gets automatically set to the secureCodeBox release version when the helm charts gets published
 version: latest
+kubeVersion: ">=v1.11.0"
 
 dependencies: []

hooks/declarative-subsequent-scans/README.md

@@ -11,7 +11,7 @@ usecase: "Cascading Scans based declarative Rules."
 
 ## Deployment
 
-Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans. 
+Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans.
 
 ```bash
 helm upgrade --install dssh ./hooks/declarative-subsequent-scans/
@@ -25,7 +25,7 @@ dssh   ReadOnly   docker.io/scbexperimental/hook-declarative-subsequent-scans:la
 ```
 
 ## CascadingScan Rules
-The CascadingRules are included directly in each helm chart of the individual scanners. 
+The CascadingRules are included directly in each helm chart of the individual scanners.
 
 ```bash
 # Check your CascadingRules
@@ -113,4 +113,11 @@ pop3s-tls-scan   sslyze         non-invasive   light
 smtps-tls-scan   sslyze         non-invasive   light
 ssh-scan         ssh-scan       non-invasive   light
 zap-http         zap-baseline   non-invasive   medium
-```
+```
+
+## Chart Configuration
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| image.repository | string | `"docker.io/scbexperimental/hook-declarative-subsequent-scans"` | Hook image repository |
+| image.tag | string | `nil` |  |