Week 4
(June 21, 2024 - June 27, 2024)
Meeting 1
(June 26, 2024)
Attendees
- Rajul Jha
- Kaushlendra
- Shaheem Azmal
- Avinal Kumar
- Katharina
Discussions
- Talked about how the differential scans need to work in detail, like:
- Should they be triggered on
release
only? As it makes sense to scan between two different versions when a new release it being published. - Or should the user be able to scan between two different versions via any sort of trigger, like on
push
orcommit
as well?
- Should they be triggered on
- Talked about the current implementation of custom keyword functionality, and how it can be extrapolated similarly for different scanners also.
- We talked about fleshing out the design and implementation details first, then work on improving speed.
Work Done
-
Completed custom keyword functionality. (#PR2769) The details are as follows:
-
User can now setup a GH Action or Gitlab CI pipeline and pass environment variables to scan for custom keywords however they want. This gives them immense control over what they wan't to scan.
-
Added some validity checks for the
keyword.conf
file as during testing, I found out that the scanner breaks if an invalid file is passed to it. -
Set up a test docker image (rjknightmare/fo-ci-test:latest) for testing. Here are the test results for the same:
- GH Actions:
- Gitlab CI:
-
-
Set up qemu emulator for the Github Actions environment to provide multiple architecture support, which also reduced the time for action execution significantly.
-
Studied about how we can implement differential (between two different versions) scans and explored these use cases:
- Use Case I: On
release
- Use Case II: On
push
,commit
or any other event trigger.
- Use Case I: On
Planning for next week
- Study further on above use cases and work out a plan for the same.
- Explore the GH Actions and Gitlab API's and use the best endpoints for our use cases.
- Then start working on implementation of differential scans.