From be548703b6e8d225fe1f6cd5772b34948693bb2a Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Sat, 20 Nov 2021 16:30:40 -0600 Subject: [PATCH 01/15] Update Readme.md --- Readme.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/Readme.md b/Readme.md index 2ba06bfe..3616a2cd 100644 --- a/Readme.md +++ b/Readme.md @@ -25,6 +25,32 @@ You want to send GVM/OpenVAS results to Elasticsearch, try our [GVM Logstash pro If you would like something added to the documentation please create a issue [GVM-Docker Gitbook Repo](https://github.com/Secure-Compliance-Solutions-LLC/gitbook/issues) +## Quick Start + +- Now all `-data` images are full pre-initialized (with available data from the build time) + +> Pre Initialized (-data) images, have a web ui password: `adminpassword` and should be changed after the deployment. Also the Postgres got a default password: `none` + +### Github Registry + +``` +docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master-data-full +docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master-data +docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master-full +docker pull ghcr.io/secure-compliance-solutions-llc/gvm-docker:debian-master +``` + + +### Docker Hub + +``` +docker pull securecompliance/gvm:debian-master-data-full +docker pull securecompliance/gvm:debian-master-data +docker pull securecompliance/gvm:debian-master-full +docker pull securecompliance/gvm:debian-master +``` + + ## Architecture The key points to take away from the diagram below, is the way our setup establishes connection with the remote sensor, and the available ports on the GMV-Docker container. You can still use any add on tools you've used in the past with OpenVAS on 9390. One of the latest/best upgrades allows you connect directly to postgres using your favorite database tool. From 2f15c31c2dbd30c08df3adfe989e461e6a504231 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Sat, 20 Nov 2021 16:54:25 -0600 Subject: [PATCH 02/15] Update docker-publish-debian.yml --- .github/workflows/docker-publish-debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish-debian.yml b/.github/workflows/docker-publish-debian.yml index 1f2ccf46..9f2751b1 100644 --- a/.github/workflows/docker-publish-debian.yml +++ b/.github/workflows/docker-publish-debian.yml @@ -4,7 +4,7 @@ on: push: branches: [master] pull_request: - branches: [master, dev] + branches: [master] create: tags: From 4992baf617bf1413334e6ae9e812f9f8699ac759 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Sat, 20 Nov 2021 17:17:39 -0600 Subject: [PATCH 03/15] Update docker-publish.yml --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 5cbdc3dc..5905c386 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -4,7 +4,7 @@ on: push: branches: [master] pull_request: - branches: [master, dev] + branches: [master] create: tags: From 4ebf30cffec5eb09ba538e2df8b4e2af2dc3bda0 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Sun, 21 Nov 2021 19:38:58 -0600 Subject: [PATCH 04/15] =?UTF-8?q?Docker=20image=20will=20not=20be=20built?= =?UTF-8?q?=20if=20a=20release=20is=20just=20=E2=80=9Cdrafted=E2=80=9D.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Filtering with [published, edited] the Docker image will not be built if a release is just “drafted”. --- .github/workflows/docker-publish-debian.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker-publish-debian.yml b/.github/workflows/docker-publish-debian.yml index 9f2751b1..b573d613 100644 --- a/.github/workflows/docker-publish-debian.yml +++ b/.github/workflows/docker-publish-debian.yml @@ -7,6 +7,8 @@ on: branches: [master] create: tags: + release: + types: [published, edited] concurrency: ci-debian-${{ github.ref }} From 4e778f8b526fba2b1cb7aa683d92f17e99ec907f Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Sun, 21 Nov 2021 19:48:22 -0600 Subject: [PATCH 05/15] I added a conditional I added a conditional to skip this job if the event which triggered the Action was not a release --- .github/workflows/docker-publish-debian.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker-publish-debian.yml b/.github/workflows/docker-publish-debian.yml index b573d613..af989142 100644 --- a/.github/workflows/docker-publish-debian.yml +++ b/.github/workflows/docker-publish-debian.yml @@ -104,6 +104,8 @@ jobs: build_test_anchore: name: Build and Test - Anchore + # ...but only when a `release` is `published` (combined with `on`) + if: github.event_name == 'release' runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 From b51fe2c582015fd92c5dd4ed145e31783dbd1f9f Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Sun, 21 Nov 2021 19:55:13 -0600 Subject: [PATCH 06/15] Create release-drafter.yml --- .github/release-drafter.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .github/release-drafter.yml diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 00000000..f613ef99 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,36 @@ +name-template: 'v$RESOLVED_VERSION' +tag-template: 'v$RESOLVED_VERSION' +template: | + # What's Changed + $CHANGES +categories: + - title: 'Breaking' + label: 'type: breaking' + - title: 'New' + label: 'type: feature' + - title: 'Bug Fixes' + label: 'type: bug' + - title: 'Maintenance' + label: 'type: maintenance' + - title: 'Documentation' + label: 'type: docs' + - title: 'Dependency Updates' + label: 'type: dependencies' + +version-resolver: + major: + labels: + - 'type: breaking' + minor: + labels: + - 'type: feature' + patch: + labels: + - 'type: bug' + - 'type: maintenance' + - 'type: docs' + - 'type: dependencies' + - 'type: security' + +exclude-labels: + - 'skip-changelog' From 62c486ebd1b83ef453773bfbb51eccd645547040 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Sun, 21 Nov 2021 19:56:46 -0600 Subject: [PATCH 07/15] Update release-drafter.yml --- .github/release-drafter.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index f613ef99..a27e4bc6 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -12,8 +12,6 @@ categories: label: 'type: bug' - title: 'Maintenance' label: 'type: maintenance' - - title: 'Documentation' - label: 'type: docs' - title: 'Dependency Updates' label: 'type: dependencies' @@ -28,7 +26,6 @@ version-resolver: labels: - 'type: bug' - 'type: maintenance' - - 'type: docs' - 'type: dependencies' - 'type: security' From 176034eead963852be4a8cdb1dbce72139103113 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Sun, 21 Nov 2021 20:01:33 -0600 Subject: [PATCH 08/15] Create check-for-gvm-updates.yml --- .github/workflows/check-for-gvm-updates.yml | 76 +++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 .github/workflows/check-for-gvm-updates.yml diff --git a/.github/workflows/check-for-gvm-updates.yml b/.github/workflows/check-for-gvm-updates.yml new file mode 100644 index 00000000..2fd2d78f --- /dev/null +++ b/.github/workflows/check-for-gvm-updates.yml @@ -0,0 +1,76 @@ +name: Check for Release Updates + +on: + workflow_dispatch: + schedule: + # * is a special character in YAML so you have to quote this string + - cron: "30 22 * * *" + +concurrency: ci-${{ github.ref }} + +permissions: + contents: read + issues: write + packages: write + +jobs: + check_updates: + name: Check GVM Updates + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + submodules: recursive + + - name: Check for updates + run: | + mkdir -p ./.checkupdates + + - uses: actions/cache@v2 + with: + path: .checkupdates + key: ${{ runner.os }}-gvm-version-check-v2-${{ github.run_id }} + restore-keys: | + ${{ runner.os }}-gvm-version-check-v2- + + - name: Get Latest Versions + run: | + if [ ! -e ./.checkupdates/latest_version ]; then + touch ./.checkupdates/latest_version + fi + if [ ! -e ./.checkupdates/latest_version.sum ]; then + touch ./.checkupdates/latest_version.sum + fi + chmod +x ./get_releases.sh + echo 'NEWRELEASES<> $GITHUB_ENV + ./get_releases.sh >> $GITHUB_ENV + echo 'EOF' >> $GITHUB_ENV + + - name: Check for updates - Step 1 + id: updates + continue-on-error: true + run: | + echo "${NEWRELEASES}" > ./.checkupdates/latest_version + sha1sum -c ./.checkupdates/latest_version.sum + + - name: Check for updates - Step 2 + id: updates_available + if: ${{ steps.updates.outcome == 'failure' }} + run: | + sha1sum ./.checkupdates/latest_version > ./.checkupdates/latest_version.sum + echo "::set-output name=UPDATES_AVAILABLE::true" + + - name: Create Issue + uses: JasonEtco/create-an-issue@v2 + if: ${{ steps.updates.outcome == 'failure' && steps.updates_available.outputs.UPDATES_AVAILABLE == 'true' }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + update_existing: true + filename: .github/new_releases.md + + - name: Cache permissions + if: always() + run: sudo chown -R $USER:$GROUP .checkupdates From 44526ed52c51fdf5e6b1d1d92fd9aa5155ff46eb Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Sun, 21 Nov 2021 20:03:31 -0600 Subject: [PATCH 09/15] Create new_releases.md --- .github/new_releases.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/new_releases.md diff --git a/.github/new_releases.md b/.github/new_releases.md new file mode 100644 index 00000000..574956be --- /dev/null +++ b/.github/new_releases.md @@ -0,0 +1,12 @@ +--- +title: New Releases +assignees: 'Dexus, pixelsquared, austinsonger' +--- + +Hi, + +there are new releases of the following projects: + +``` +{{ env.NEWRELEASES }} +``` From 31c609aef7e663c20618674669d77670d94f13f8 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Sun, 21 Nov 2021 20:16:29 -0600 Subject: [PATCH 10/15] Update changelog automatically Update changelog automatically --- .github/workflows/docker-publish-debian.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/docker-publish-debian.yml b/.github/workflows/docker-publish-debian.yml index af989142..975f7975 100644 --- a/.github/workflows/docker-publish-debian.yml +++ b/.github/workflows/docker-publish-debian.yml @@ -379,3 +379,8 @@ jobs: build-args: | SETUP=1 OPT_PDF=1 + + - name: Update changelog + uses: thomaseizinger/keep-a-changelog-new-release@1.1.0 + with: + version: ${{ github.event.inputs.version }} From ec45746fc32ac263cac70c9c1a852fcf762caa40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20Fr=C3=B6hle?= Date: Mon, 22 Nov 2021 11:55:33 +0100 Subject: [PATCH 11/15] Remove APK Download for Alpine builds --- .github/workflows/docker-publish-debian.yml | 60 --------------------- 1 file changed, 60 deletions(-) diff --git a/.github/workflows/docker-publish-debian.yml b/.github/workflows/docker-publish-debian.yml index 975f7975..c3fd991e 100644 --- a/.github/workflows/docker-publish-debian.yml +++ b/.github/workflows/docker-publish-debian.yml @@ -40,26 +40,6 @@ jobs: id: vars run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA} - - name: Download artifact - uses: dawidd6/action-download-artifact@v2 - with: - # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed - # Required, if artifact is from a different repo - github_token: ${{secrets.GITHUB_TOKEN}} - # Required, workflow file name or ID - workflow: build-apk.yml - # Optional, will use the branch - branch: master - # Optional, uploaded artifact name, - # will download all artifacts if not specified - # and extract them in respective subdirectories - # https://github.com/actions/download-artifact#download-all-artifacts - name: apk-builds - # Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input) - path: ${{ github.workspace }}/apk-build/ - # Optional, defaults to current repo - repo: Secure-Compliance-Solutions-LLC/GVM-APK-build - - name: Build the Docker image run: docker build . --file Dockerfile.debian --build-arg OPT_PDF=1 --tag ${{ env.IMAGE_REPOSITORY_GHCR }}:${{ github.sha }} @@ -119,26 +99,6 @@ jobs: id: vars run: echo ::set-output name=docker_tag::$(echo ${GITHUB_REF} | cut -d'/' -f3)-${GITHUB_SHA} - - name: Download artifact - uses: dawidd6/action-download-artifact@v2 - with: - # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed - # Required, if artifact is from a different repo - github_token: ${{secrets.GITHUB_TOKEN}} - # Required, workflow file name or ID - workflow: build-apk.yml - # Optional, will use the branch - branch: master - # Optional, uploaded artifact name, - # will download all artifacts if not specified - # and extract them in respective subdirectories - # https://github.com/actions/download-artifact#download-all-artifacts - name: apk-builds - # Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input) - path: ${{ github.workspace }}/apk-build/ - # Optional, defaults to current repo - repo: Secure-Compliance-Solutions-LLC/GVM-APK-build - - name: Build the Docker image run: docker build . --file Dockerfile.debian --build-arg OPT_PDF=1 --tag ${{ env.IMAGE_REPOSITORY_GHCR }}:${{ github.sha }} @@ -222,26 +182,6 @@ jobs: fi echo -n "${IMAGE_NAME_GHCR}" - - name: Download artifact - uses: dawidd6/action-download-artifact@v2 - with: - # Optional, GitHub token, a Personal Access Token with `public_repo` scope if needed - # Required, if artifact is from a different repo - github_token: ${{secrets.GITHUB_TOKEN}} - # Required, workflow file name or ID - workflow: build-apk.yml - # Optional, will use the branch - branch: master - # Optional, uploaded artifact name, - # will download all artifacts if not specified - # and extract them in respective subdirectories - # https://github.com/actions/download-artifact#download-all-artifacts - name: apk-builds - # Optional, directory where to extract artifact. Defaults to the artifact name (see `name` input) - path: ${{ github.workspace }}/apk-build/ - # Optional, defaults to current repo - repo: Secure-Compliance-Solutions-LLC/GVM-APK-build - # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata From 0bbdc112201bf49682cd7c51b69f165e84d25229 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Mon, 22 Nov 2021 14:44:58 -0600 Subject: [PATCH 12/15] Update Readme.md --- Readme.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Readme.md b/Readme.md index 3616a2cd..4f0f5746 100644 --- a/Readme.md +++ b/Readme.md @@ -50,6 +50,16 @@ docker pull securecompliance/gvm:debian-master-full docker pull securecompliance/gvm:debian-master ``` +## Hardware Requirements + +| Hosts | CPU Cores | Memory | Disk Space | +| :----------------- | :------------ | :-------- | :--------- | +| 512 active IPs | 4@2GHz cores | 8 GB RAM | 30 GB | +| 2,500 active IPs | 6@2GHz cores | 12 GB RAM | 60 GB | +| 10,000 active IPs | 8@3GHz cores | 16 GB RAM | 250 GB | +| 25,000 active IPs | 16@3GHz cores | 32 GB RAM | 1 TB | +| 100,000 active IPs | 32@3GHz cores | 64 GB RAM | 2 TB | + ## Architecture From da047874f8081c17554b076032fe840f8733aab8 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Mon, 22 Nov 2021 16:39:20 -0600 Subject: [PATCH 13/15] Update Readme.md --- Readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Readme.md b/Readme.md index 4f0f5746..97b20fd5 100644 --- a/Readme.md +++ b/Readme.md @@ -50,7 +50,7 @@ docker pull securecompliance/gvm:debian-master-full docker pull securecompliance/gvm:debian-master ``` -## Hardware Requirements +## Estimated Hardware Requirements | Hosts | CPU Cores | Memory | Disk Space | | :----------------- | :------------ | :-------- | :--------- | From 19cf13dbdee37de7dec6ef3d3d421a7d3d0a852d Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Fri, 26 Nov 2021 22:22:30 -0600 Subject: [PATCH 14/15] Delete check-for-gvm-updates.yml --- .github/workflows/check-for-gvm-updates.yml | 76 --------------------- 1 file changed, 76 deletions(-) delete mode 100644 .github/workflows/check-for-gvm-updates.yml diff --git a/.github/workflows/check-for-gvm-updates.yml b/.github/workflows/check-for-gvm-updates.yml deleted file mode 100644 index 2fd2d78f..00000000 --- a/.github/workflows/check-for-gvm-updates.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: Check for Release Updates - -on: - workflow_dispatch: - schedule: - # * is a special character in YAML so you have to quote this string - - cron: "30 22 * * *" - -concurrency: ci-${{ github.ref }} - -permissions: - contents: read - issues: write - packages: write - -jobs: - check_updates: - name: Check GVM Updates - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - submodules: recursive - - - name: Check for updates - run: | - mkdir -p ./.checkupdates - - - uses: actions/cache@v2 - with: - path: .checkupdates - key: ${{ runner.os }}-gvm-version-check-v2-${{ github.run_id }} - restore-keys: | - ${{ runner.os }}-gvm-version-check-v2- - - - name: Get Latest Versions - run: | - if [ ! -e ./.checkupdates/latest_version ]; then - touch ./.checkupdates/latest_version - fi - if [ ! -e ./.checkupdates/latest_version.sum ]; then - touch ./.checkupdates/latest_version.sum - fi - chmod +x ./get_releases.sh - echo 'NEWRELEASES<> $GITHUB_ENV - ./get_releases.sh >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV - - - name: Check for updates - Step 1 - id: updates - continue-on-error: true - run: | - echo "${NEWRELEASES}" > ./.checkupdates/latest_version - sha1sum -c ./.checkupdates/latest_version.sum - - - name: Check for updates - Step 2 - id: updates_available - if: ${{ steps.updates.outcome == 'failure' }} - run: | - sha1sum ./.checkupdates/latest_version > ./.checkupdates/latest_version.sum - echo "::set-output name=UPDATES_AVAILABLE::true" - - - name: Create Issue - uses: JasonEtco/create-an-issue@v2 - if: ${{ steps.updates.outcome == 'failure' && steps.updates_available.outputs.UPDATES_AVAILABLE == 'true' }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - update_existing: true - filename: .github/new_releases.md - - - name: Cache permissions - if: always() - run: sudo chown -R $USER:$GROUP .checkupdates From 56c565e3dd30f70766b6e6930a291ac2b96f0e19 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Fri, 26 Nov 2021 22:22:51 -0600 Subject: [PATCH 15/15] Delete new_releases.md --- .github/new_releases.md | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 .github/new_releases.md diff --git a/.github/new_releases.md b/.github/new_releases.md deleted file mode 100644 index 574956be..00000000 --- a/.github/new_releases.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: New Releases -assignees: 'Dexus, pixelsquared, austinsonger' ---- - -Hi, - -there are new releases of the following projects: - -``` -{{ env.NEWRELEASES }} -```