hawkeye-scanner - npm Package Compare versions

Comparing version 0.4.4 to 0.4.5

package.json

		{
		"name": "hawkeye-scanner",
		"description": "A container that runs some scans on your app",
		"version": "0.4.4",
		"version": "0.4.5",
		"homepage": "https://github.com/Stono/hawkeye",
		@@ -6,0 +6,0 @@ "author": {

README.md

		@@ -18,2 +18,3 @@ # hawkeye
		__Note:__ Entropy is disabled by default because it can return a lot of results, which are mostly misses, to run it please use the `-m entropy` switch.

		__Note:__ We only look inside the contents of files up to 20kb, I plan to add configuration options in the future to allow you to change this.
		@@ -33,4 +34,4 @@
		```
		COPY . /app
		VOLUME /app
		COPY . /app
		```
		@@ -53,2 +54,48 @@

		### As part of your GoCD pipeline
		If you're using [ci-in-a-box](https://github.com/Stono/ci-in-a-box) or something similar, you can add a pipeline step to run these scans automatically. This is the template that I use:

		```
		<pipeline name="security-scan">
		<stage name="Hawkeye" cleanWorkingDir="true">
		<jobs>
		<job name="scan">
		<tasks>
		<exec command="docker">
		<arg>pull</arg>
		<arg>stono/hawkeye</arg>
		<runif status="passed" />
		</exec>
		<exec command="bash">
		<arg>-c</arg>
		<arg>docker pull eu.gcr.io/your-project-name/#{DOCKER_IMAGE}:latest</arg>
		<runif status="passed" />
		</exec>
		<exec command="bash">
		<arg>-c</arg>
		<arg>docker rm -f #{DOCKER_IMAGE}_latest \|\| true</arg>
		<runif status="passed" />
		</exec>
		<exec command="bash">
		<arg>-c</arg>
		<arg>docker run --entrypoint=/bin/true --name=#{DOCKER_IMAGE}_latest eu.gcr.io/your-project-name/#{DOCKER_IMAGE}:latest</arg>
		<runif status="passed" />
		</exec>
		<exec command="bash">
		<arg>-c</arg>
		<arg>docker run --rm --volumes-from #{DOCKER_IMAGE}_latest stono/hawkeye scan --target /app</arg>
		<runif status="passed" />
		</exec>
		<exec command="bash">
		<arg>-c</arg>
		<arg>docker rm -f #{DOCKER_IMAGE}_latest</arg>
		<runif status="any" />
		</exec>
		</tasks>
		</job>
		</jobs>
		</stage>
		</pipeline>
		```

		## Default file lists
		@@ -71,8 +118,11 @@ Hawkeye will attempt to detect a .git folder in your target, if it is there it will only scan git tracked files. If there is no .git in the target directory, then all files will be scanned.
		-h, --help output usage information
		-a, --all Scan all files, regardless if a git repo is found
		-f, --fail-on <low, medium, high, critical> Set the level at which hawkeye returns non-zero status codes (defaults to low)
		-t, --target </path/to/project> The location to scan, usually the project root
		-m, --module <module name> Run specific module. Can be specified multiple times
		-j, --json </path/to/summary,json> Write JSON output to file. Can be specified multiple times

		```

		From a pipeline perspective, the `--fail-on` command is useful, you might now wish for `low` items to break your build, so you could use `--fail-on medium`.

		You can specify the `json` and `module` parameters multiple times, for example `hawkeye scan -m files -m contents -j /tmp/file1.json -j /tmp/file2.json` would run the modules `files` and `contents` and write two output files
		@@ -79,0 +129,0 @@

bin/hawkeye-scan

Sorry, the diff of this file is not supported yet

hawkeye-scanner - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics