Skip to main content

Week 4

(June 21, 2024 - June 27, 2024)

Meeting 1

(June 26, 2024)

Attendees

Discussions

  • Talked about how the differential scans need to work in detail, like:
    • Should they be triggered on release only? As it makes sense to scan between two different versions when a new release it being published.
    • Or should the user be able to scan between two different versions via any sort of trigger, like on push or commit as well?
  • Talked about the current implementation of custom keyword functionality, and how it can be extrapolated similarly for different scanners also.
  • We talked about fleshing out the design and implementation details first, then work on improving speed.

Work Done

  • Completed custom keyword functionality. (#PR2769) The details are as follows:

    • User can now setup a GH Action or Gitlab CI pipeline and pass environment variables to scan for custom keywords however they want. This gives them immense control over what they wan't to scan.

    • Added some validity checks for the keyword.conf file as during testing, I found out that the scanner breaks if an invalid file is passed to it.

    • Set up a test docker image (rjknightmare/fo-ci-test:latest) for testing. Here are the test results for the same:

      • GH Actions:

      Screenshot

      • Gitlab CI:

      Screenshot

  • Set up qemu emulator for the Github Actions environment to provide multiple architecture support, which also reduced the time for action execution significantly.

    Screenshot

  • Studied about how we can implement differential (between two different versions) scans and explored these use cases:

    • Use Case I: On release
    • Use Case II: On push, commit or any other event trigger.

Planning for next week

  • Study further on above use cases and work out a plan for the same.
  • Explore the GH Actions and Gitlab API's and use the best endpoints for our use cases.
  • Then start working on implementation of differential scans.