secureCodeBox icon indicating copy to clipboard operation
secureCodeBox copied to clipboard

Published 20 hours ago verified publisher icon secureCodeBox

secureCodeBox CLI (scbctl)

Open fuhrmeistery opened this issue 4 years ago • 4 comments

Is your feature request related to a problem? Please describe.

As user / developer of the secureCodeBox I would like to interact with the secureCodeBox via an unified CLI to fulfill tasks such as installing, start, update and delete scanners / hooks, generate stubs for new scanners / hooks

Describe the solution you'd like

There is a CLI tool to:

  • [ ] create & observe scans e.g. scbctl scan amass enum -d example.com to directly create a Scan with a scanType amass and the parameters: ["enum", "-d", "example.com"]. Ideally the cli would also have a paramters to automatically "follow" the scans progress to view the logs of scanner & parser and show a summary of the results.
  • [ ] directly trigger new executions of ScheduledScans e.g. scbctl trigger --namespace internal-scans daily-network-scan to directly trigger a new Scan for the daily-network-scan Scheduled Scan
  • [ ] interact with cascading rules

Additional context

A simple implementation could be possible using Cobra

For a previous prototype version of the secureCodeBox there used to be a command line with the ability to start and observe scans, a example scan run can be seen in this video 😛:

https://user-images.githubusercontent.com/13718901/226719918-56d80229-8367-4377-ab1d-9b6761197c69.mp4

fuhrmeistery avatar Nov 02 '20 13:11 fuhrmeistery

I dont think the cli should handle the install steps. These are already pretty straight forward using helm, creating a custom cli for it seems like a big overhead.

The creating / starting scans seems like a more important usecase to me, as the starting of scans can currently be quite cumbersome, as it requires a scan manifest in the localfiles system. Having a "simple cli" with a "scan" command e.g. scbctl scan nmap scanme.nmap.org would be pretty cool.

J12934 avatar Nov 02 '20 14:11 J12934

We have a convenience script for installation though.

Weltraumschaf avatar Nov 03 '20 12:11 Weltraumschaf

Hello everyone, my name is Thibaut Batale! I'm a final year computer science undergraduate, I'm interested in this project "adding a secureCodeBox CLI" and currently drafting a proposal for it. Just wanted to confirm my thoughts, the main priority commands to build during this term are the create and observe scanners commands. Followed by update and delete scanners commands ...

Freedisch avatar Mar 07 '24 09:03 Freedisch

Hi @Freedisch awesome :)

The prioritise are as described in the issue description.

  • create & observe scans e.g. scbctl scan amass enum -d example.com to directly create a Scan with a scanType amass and the parameters: ["enum", "-d", "example.com"]. Ideally the cli would also have a paramters to automatically "follow" the scans progress to view the logs of scanner & parser and show a summary of the results.
  • directly trigger new executions of ScheduledScans e.g. scbctl trigger --namespace internal-scans daily-network-scan to directly trigger a new Scan for the daily-network-scan Scheduled Scan
  • interact with cascading rules

Deletion of scans i don't think should be handled by a custom cli as they are already possible to do with a single kubectl delete scan command. Updating scans isn't really that well supported in the SCB either as scans are a one time thing and aren't reexecuted when the definition for them are changed.

J12934 avatar Mar 07 '24 10:03 J12934