From 71c58b5646527af5c2521c45b7af5b879470831c Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 12:53:25 +0200 Subject: [PATCH 01/16] Add license headers to files in root directory Signed-off-by: Heiko Kiesel --- .mega-linter.yml | 4 ++++ .prettierrc.yaml | 4 ++++ .python-version | 6 +++++- .yamllint.yaml | 4 ++++ UPGRADING.md | 6 ++++++ release.md | 6 ++++++ 6 files changed, 29 insertions(+), 1 deletion(-) diff --git a/.mega-linter.yml b/.mega-linter.yml index 87c7d9aa7..929a17df9 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + # Configuration file for MegaLinter # See all available variables at https://megalinter.github.io/configuration/ and in linters documentation diff --git a/.prettierrc.yaml b/.prettierrc.yaml index a95cb52bb..0f01d6104 100644 --- a/.prettierrc.yaml +++ b/.prettierrc.yaml @@ -1 +1,5 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + bracketSpacing: false \ No newline at end of file diff --git a/.python-version b/.python-version index 0a590336d..c84ebdb5d 100644 --- a/.python-version +++ b/.python-version @@ -1 +1,5 @@ -3.9.10 +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +3.9.10 \ No newline at end of file diff --git a/.yamllint.yaml b/.yamllint.yaml index aa5355472..4f6b3b4c4 100644 --- a/.yamllint.yaml +++ b/.yamllint.yaml @@ -1,2 +1,6 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + rules: document-start: disable diff --git a/UPGRADING.md b/UPGRADING.md index 06c1f0007..6abda8ed5 100644 --- a/UPGRADING.md +++ b/UPGRADING.md @@ -1,3 +1,9 @@ + + # Upgrading ## From 2.X to 3.X diff --git a/release.md b/release.md index 8b7993d3b..ae390bb30 100644 --- a/release.md +++ b/release.md @@ -1,3 +1,9 @@ + + # A list of steps to ensure after a new secureCodeBox release - Ensure and update all charts with a new release chart version x.x.x-alpha1 From 6a30594d2d8367e87cf8b9d8000d6e431d3db0cc Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 12:54:04 +0200 Subject: [PATCH 02/16] Add licenses to bin folder Signed-off-by: Heiko Kiesel --- bin/npm-check-updates.sh | 4 ++++ bin/npm-ci-all.sh | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/bin/npm-check-updates.sh b/bin/npm-check-updates.sh index ef024aaca..8a05a781a 100755 --- a/bin/npm-check-updates.sh +++ b/bin/npm-check-updates.sh @@ -1,5 +1,9 @@ #!/bin/bash + +# SPDX-FileCopyrightText: the secureCodeBox authors # +# SPDX-License-Identifier: Apache-2.0 + # Applies all MINOR updates to all `package.json` files using `ncu -u -t minor` # in the repository and updates # the `package-lock.json` using `npm i` diff --git a/bin/npm-ci-all.sh b/bin/npm-ci-all.sh index 05ff2e5f8..09948500f 100755 --- a/bin/npm-ci-all.sh +++ b/bin/npm-ci-all.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + set -euo pipefail if [ -z "${PROJECT_DIR:-}" ]; then From 1e30d7e052c5bce1c497a4834542f24f06c0ce20 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 12:54:21 +0200 Subject: [PATCH 03/16] Add licenses to documentation Signed-off-by: Heiko Kiesel --- documentation/tsconfig.json | 2 +- documentation/tsconfig.json.license | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 documentation/tsconfig.json.license diff --git a/documentation/tsconfig.json b/documentation/tsconfig.json index 05dddd5f1..ae374e744 100644 --- a/documentation/tsconfig.json +++ b/documentation/tsconfig.json @@ -1,4 +1,4 @@ { "extends": "@tsconfig/docusaurus/tsconfig.json", "include": ["src/"] - } \ No newline at end of file +} \ No newline at end of file diff --git a/documentation/tsconfig.json.license b/documentation/tsconfig.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/documentation/tsconfig.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file From 803267184670dd2552c6f20b84264d503b9b64c9 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 12:54:47 +0200 Subject: [PATCH 04/16] Add licenses to demo-targets Signed-off-by: Heiko Kiesel --- demo-targets/dummy-ssh/container/Dockerfile | 2 +- demo-targets/old-joomla/.helmignore | 4 ++++ demo-targets/old-joomla/templates/NOTES.txt | 5 +++++ demo-targets/old-joomla/templates/service.yaml | 4 ++++ demo-targets/old-joomla/templates/tests/test-connection.yaml | 3 +++ demo-targets/old-typo3/.helmignore | 4 ++++ demo-targets/old-typo3/docs/.gitkeep | 1 - demo-targets/old-typo3/templates/NOTES.txt | 5 +++++ demo-targets/old-typo3/templates/service.yaml | 4 ++++ demo-targets/old-typo3/templates/tests/test-connection.yaml | 4 ++++ demo-targets/old-wordpress/container/.ht.sqlite.license | 3 +++ demo-targets/unsafe-https/container/index.html | 5 +++++ demo-targets/unsafe-https/container/nginx.conf | 4 ++++ demo-targets/unsafe-https/container/site.crt.license | 3 +++ demo-targets/unsafe-https/container/site.key.license | 3 +++ 15 files changed, 52 insertions(+), 2 deletions(-) delete mode 100644 demo-targets/old-typo3/docs/.gitkeep create mode 100644 demo-targets/old-wordpress/container/.ht.sqlite.license create mode 100644 demo-targets/unsafe-https/container/site.crt.license create mode 100644 demo-targets/unsafe-https/container/site.key.license diff --git a/demo-targets/dummy-ssh/container/Dockerfile b/demo-targets/dummy-ssh/container/Dockerfile index d90162784..9539d5f0b 100644 --- a/demo-targets/dummy-ssh/container/Dockerfile +++ b/demo-targets/dummy-ssh/container/Dockerfile @@ -1,4 +1,4 @@ -# From https://docs.docker.com/engine/examples/running_ssh_service/ +# From https://gdevillele.github.io/engine/examples/running_ssh_service/ # This file is authored by Docker Inc. and is not covered by the Apache2 Licence by the secureCodeBox project. FROM ubuntu:16.04 diff --git a/demo-targets/old-joomla/.helmignore b/demo-targets/old-joomla/.helmignore index 0e8a0eb36..8094c351c 100644 --- a/demo-targets/old-joomla/.helmignore +++ b/demo-targets/old-joomla/.helmignore @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. diff --git a/demo-targets/old-joomla/templates/NOTES.txt b/demo-targets/old-joomla/templates/NOTES.txt index bd7d7b433..325756ff8 100644 --- a/demo-targets/old-joomla/templates/NOTES.txt +++ b/demo-targets/old-joomla/templates/NOTES.txt @@ -1,3 +1,8 @@ +{{- /* +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 +*/}} 1. Get the application URL by running these commands: {{- if .Values.ingress.enabled }} {{- range $host := .Values.ingress.hosts }} diff --git a/demo-targets/old-joomla/templates/service.yaml b/demo-targets/old-joomla/templates/service.yaml index 5a6d7e731..f13cb18af 100644 --- a/demo-targets/old-joomla/templates/service.yaml +++ b/demo-targets/old-joomla/templates/service.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: v1 kind: Service metadata: diff --git a/demo-targets/old-joomla/templates/tests/test-connection.yaml b/demo-targets/old-joomla/templates/tests/test-connection.yaml index b8adcddf5..bdc1fccba 100644 --- a/demo-targets/old-joomla/templates/tests/test-connection.yaml +++ b/demo-targets/old-joomla/templates/tests/test-connection.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 apiVersion: v1 kind: Pod metadata: diff --git a/demo-targets/old-typo3/.helmignore b/demo-targets/old-typo3/.helmignore index 0e8a0eb36..8094c351c 100644 --- a/demo-targets/old-typo3/.helmignore +++ b/demo-targets/old-typo3/.helmignore @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. diff --git a/demo-targets/old-typo3/docs/.gitkeep b/demo-targets/old-typo3/docs/.gitkeep deleted file mode 100644 index 2dc80fc4b..000000000 --- a/demo-targets/old-typo3/docs/.gitkeep +++ /dev/null @@ -1 +0,0 @@ -# This file is added to allow creation of README files. If that is done delete it. \ No newline at end of file diff --git a/demo-targets/old-typo3/templates/NOTES.txt b/demo-targets/old-typo3/templates/NOTES.txt index c9ec86d2e..c5c1dd985 100644 --- a/demo-targets/old-typo3/templates/NOTES.txt +++ b/demo-targets/old-typo3/templates/NOTES.txt @@ -1,3 +1,8 @@ +{{- /* +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 +*/}} 1. Get the application URL by running these commands: {{- if .Values.ingress.enabled }} {{- range $host := .Values.ingress.hosts }} diff --git a/demo-targets/old-typo3/templates/service.yaml b/demo-targets/old-typo3/templates/service.yaml index da41b8023..690381ab4 100644 --- a/demo-targets/old-typo3/templates/service.yaml +++ b/demo-targets/old-typo3/templates/service.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: v1 kind: Service metadata: diff --git a/demo-targets/old-typo3/templates/tests/test-connection.yaml b/demo-targets/old-typo3/templates/tests/test-connection.yaml index fe122203f..cf6503d12 100644 --- a/demo-targets/old-typo3/templates/tests/test-connection.yaml +++ b/demo-targets/old-typo3/templates/tests/test-connection.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: v1 kind: Pod metadata: diff --git a/demo-targets/old-wordpress/container/.ht.sqlite.license b/demo-targets/old-wordpress/container/.ht.sqlite.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/demo-targets/old-wordpress/container/.ht.sqlite.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/demo-targets/unsafe-https/container/index.html b/demo-targets/unsafe-https/container/index.html index ba4082c0a..b29d395e4 100644 --- a/demo-targets/unsafe-https/container/index.html +++ b/demo-targets/unsafe-https/container/index.html @@ -1,3 +1,8 @@ + secureCodeBox Demo diff --git a/demo-targets/unsafe-https/container/nginx.conf b/demo-targets/unsafe-https/container/nginx.conf index 1b58da5d5..b9caa5ff5 100644 --- a/demo-targets/unsafe-https/container/nginx.conf +++ b/demo-targets/unsafe-https/container/nginx.conf @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + events { worker_connections 4096; ## Default: 1024 } diff --git a/demo-targets/unsafe-https/container/site.crt.license b/demo-targets/unsafe-https/container/site.crt.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/demo-targets/unsafe-https/container/site.crt.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/demo-targets/unsafe-https/container/site.key.license b/demo-targets/unsafe-https/container/site.key.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/demo-targets/unsafe-https/container/site.key.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file From 247c3de0edf06e8899be58d433caa36c40cc8783 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 12:55:29 +0200 Subject: [PATCH 05/16] Add licenses to hooks and sdks Signed-off-by: Heiko Kiesel --- hook-sdk/nodejs/Makefile | 4 ++++ hooks/cascading-scans/hook/scope-limiter.ts | 4 ++++ hooks/notification/hook/__testfiles__/trello.json.license | 3 +++ hooks/persistence-azure-monitor/hook/Dockerfile | 4 ++++ .../hook/__snapshots__/hook.test.js.snap | 3 +++ parser-sdk/nodejs/Makefile | 4 ++++ 6 files changed, 22 insertions(+) create mode 100644 hooks/notification/hook/__testfiles__/trello.json.license diff --git a/hook-sdk/nodejs/Makefile b/hook-sdk/nodejs/Makefile index 76456e857..b8f588dca 100644 --- a/hook-sdk/nodejs/Makefile +++ b/hook-sdk/nodejs/Makefile @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + sdk = hook-sdk include_guard = set include ../../sdk.mk diff --git a/hooks/cascading-scans/hook/scope-limiter.ts b/hooks/cascading-scans/hook/scope-limiter.ts index d9c3fbe48..db7bceb52 100644 --- a/hooks/cascading-scans/hook/scope-limiter.ts +++ b/hooks/cascading-scans/hook/scope-limiter.ts @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + import {Finding, ScopeLimiter, ScopeLimiterAliases} from "./scan-helpers"; import {V1ObjectMeta} from "@kubernetes/client-node/dist/gen/model/v1ObjectMeta"; import * as Mustache from "mustache"; diff --git a/hooks/notification/hook/__testfiles__/trello.json.license b/hooks/notification/hook/__testfiles__/trello.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/hooks/notification/hook/__testfiles__/trello.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/hooks/persistence-azure-monitor/hook/Dockerfile b/hooks/persistence-azure-monitor/hook/Dockerfile index c01a4eb6b..c93629e54 100644 --- a/hooks/persistence-azure-monitor/hook/Dockerfile +++ b/hooks/persistence-azure-monitor/hook/Dockerfile @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + ARG baseImageTag ARG namespace FROM node:18-alpine as build diff --git a/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap b/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap index c7a8885b9..406f9bc46 100644 --- a/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap +++ b/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`should batch multiple findings in a single call 1`] = ` diff --git a/parser-sdk/nodejs/Makefile b/parser-sdk/nodejs/Makefile index 9167d0b54..8a0ad2317 100644 --- a/parser-sdk/nodejs/Makefile +++ b/parser-sdk/nodejs/Makefile @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + sdk = parser-sdk include_guard = set include ../../sdk.mk From 62070b77afd944b3277379ee75b3bf794fbcad83 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 12:58:41 +0200 Subject: [PATCH 06/16] Add licenses to operator Signed-off-by: Heiko Kiesel --- operator/charts/minio-11.9.4.tgz.license | 3 +++ .../crd/bases/cascading.securecodebox.io_cascadingrules.yaml | 4 ++++ .../execution.securecodebox.io_clusterparsedefinitions.yaml | 4 ++++ ...execution.securecodebox.io_clusterscancompletionhooks.yaml | 4 ++++ .../bases/execution.securecodebox.io_clusterscantypes.yaml | 4 ++++ .../bases/execution.securecodebox.io_parsedefinitions.yaml | 4 ++++ .../bases/execution.securecodebox.io_scancompletionhooks.yaml | 4 ++++ .../config/crd/bases/execution.securecodebox.io_scans.yaml | 4 ++++ .../crd/bases/execution.securecodebox.io_scantypes.yaml | 4 ++++ .../crd/bases/execution.securecodebox.io_scheduledscans.yaml | 4 ++++ operator/config/rbac/role.yaml | 4 ++++ operator/utils/retrigger_scheduled_scan.go | 4 ++++ operator/utils/url_expiration_duration.go | 4 ++++ 13 files changed, 51 insertions(+) create mode 100644 operator/charts/minio-11.9.4.tgz.license diff --git a/operator/charts/minio-11.9.4.tgz.license b/operator/charts/minio-11.9.4.tgz.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/operator/charts/minio-11.9.4.tgz.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/operator/config/crd/bases/cascading.securecodebox.io_cascadingrules.yaml b/operator/config/crd/bases/cascading.securecodebox.io_cascadingrules.yaml index 8f08c10c5..801ff99a5 100644 --- a/operator/config/crd/bases/cascading.securecodebox.io_cascadingrules.yaml +++ b/operator/config/crd/bases/cascading.securecodebox.io_cascadingrules.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/operator/config/crd/bases/execution.securecodebox.io_clusterparsedefinitions.yaml b/operator/config/crd/bases/execution.securecodebox.io_clusterparsedefinitions.yaml index c5cb71899..3fce98f03 100644 --- a/operator/config/crd/bases/execution.securecodebox.io_clusterparsedefinitions.yaml +++ b/operator/config/crd/bases/execution.securecodebox.io_clusterparsedefinitions.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/operator/config/crd/bases/execution.securecodebox.io_clusterscancompletionhooks.yaml b/operator/config/crd/bases/execution.securecodebox.io_clusterscancompletionhooks.yaml index 57f15df05..0d04b415c 100644 --- a/operator/config/crd/bases/execution.securecodebox.io_clusterscancompletionhooks.yaml +++ b/operator/config/crd/bases/execution.securecodebox.io_clusterscancompletionhooks.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/operator/config/crd/bases/execution.securecodebox.io_clusterscantypes.yaml b/operator/config/crd/bases/execution.securecodebox.io_clusterscantypes.yaml index 36f7687bd..3aa8ce3ca 100644 --- a/operator/config/crd/bases/execution.securecodebox.io_clusterscantypes.yaml +++ b/operator/config/crd/bases/execution.securecodebox.io_clusterscantypes.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml b/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml index 5463c1e16..498e60165 100644 --- a/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml +++ b/operator/config/crd/bases/execution.securecodebox.io_parsedefinitions.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/operator/config/crd/bases/execution.securecodebox.io_scancompletionhooks.yaml b/operator/config/crd/bases/execution.securecodebox.io_scancompletionhooks.yaml index 10dc5ae36..24c866ed2 100644 --- a/operator/config/crd/bases/execution.securecodebox.io_scancompletionhooks.yaml +++ b/operator/config/crd/bases/execution.securecodebox.io_scancompletionhooks.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/operator/config/crd/bases/execution.securecodebox.io_scans.yaml b/operator/config/crd/bases/execution.securecodebox.io_scans.yaml index 77b6ab51f..e86992766 100644 --- a/operator/config/crd/bases/execution.securecodebox.io_scans.yaml +++ b/operator/config/crd/bases/execution.securecodebox.io_scans.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/operator/config/crd/bases/execution.securecodebox.io_scantypes.yaml b/operator/config/crd/bases/execution.securecodebox.io_scantypes.yaml index a5a295aca..4672dc3be 100644 --- a/operator/config/crd/bases/execution.securecodebox.io_scantypes.yaml +++ b/operator/config/crd/bases/execution.securecodebox.io_scantypes.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml b/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml index bc12fbce8..8b923734d 100644 --- a/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml +++ b/operator/config/crd/bases/execution.securecodebox.io_scheduledscans.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml index fecc10e53..c434d1f42 100644 --- a/operator/config/rbac/role.yaml +++ b/operator/config/rbac/role.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/operator/utils/retrigger_scheduled_scan.go b/operator/utils/retrigger_scheduled_scan.go index 069934f5e..d2e89d0bd 100644 --- a/operator/utils/retrigger_scheduled_scan.go +++ b/operator/utils/retrigger_scheduled_scan.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + package utils import ( diff --git a/operator/utils/url_expiration_duration.go b/operator/utils/url_expiration_duration.go index ddb963a1c..57b2ad45b 100644 --- a/operator/utils/url_expiration_duration.go +++ b/operator/utils/url_expiration_duration.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + package utils import ( From 662219c10d25da4aff5962f82a22dac09d56091c Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 13:11:03 +0200 Subject: [PATCH 07/16] Add missing licenses in several files Signed-off-by: Heiko Kiesel --- .cspell.json.license | 3 +++ .github/dependabot.yml | 4 ++++ .github/label-commenter-config.yml | 4 ++++ .github/workflows/label-commenter.yml | 4 ++++ .github/workflows/mega-linter.yml | 4 ++++ .github/workflows/scb-bot.yaml | 4 ++++ .../new-scanner/integration-tests/jest.config.json.license | 3 +++ .../new-scanner/parser/__testFiles__/empty.json.license | 3 +++ .../parser/__testFiles__/example.com.json.license | 3 +++ .../old-typo3/container/typo3conf/LocalConfiguration.php | 5 +++++ .../old-typo3/container/typo3conf/PackageStates.php | 5 +++++ .../container/typo3conf/cms-016d0ef9.sqlite.license | 3 +++ demo-targets/old-wordpress/container/wp-config.php | 5 +++++ operator/.vscode/launch.json.license | 3 +++ operator/.vscode/tasks.json.license | 3 +++ .../execution.securecodebox.io_clusterparsedefinitions.yaml | 4 ++++ .../crds/execution.securecodebox.io_parsedefinitions.yaml | 4 ++++ parser-sdk/nodejs/README.md | 6 ++++++ parser-sdk/nodejs/findings-schema.json.license | 3 +++ parser-sdk/nodejs/parser-utils.js | 4 ++++ 20 files changed, 77 insertions(+) create mode 100644 .cspell.json.license create mode 100644 .templates/new-scanner/integration-tests/jest.config.json.license create mode 100644 .templates/new-scanner/parser/__testFiles__/empty.json.license create mode 100644 .templates/new-scanner/parser/__testFiles__/example.com.json.license create mode 100644 demo-targets/old-typo3/container/typo3conf/cms-016d0ef9.sqlite.license create mode 100644 operator/.vscode/launch.json.license create mode 100644 operator/.vscode/tasks.json.license create mode 100644 parser-sdk/nodejs/findings-schema.json.license diff --git a/.cspell.json.license b/.cspell.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/.cspell.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b316c8340..0285b2bc3 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + # To get started with Dependabot version updates, you'll need to specify which # package ecosystems to update and where the package manifests are located. # Please see the documentation for all configuration options: diff --git a/.github/label-commenter-config.yml b/.github/label-commenter-config.yml index b97804de3..34e9e954f 100644 --- a/.github/label-commenter-config.yml +++ b/.github/label-commenter-config.yml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + labels: - name: breaking labeled: diff --git a/.github/workflows/label-commenter.yml b/.github/workflows/label-commenter.yml index 2bca93f2c..ef1615984 100644 --- a/.github/workflows/label-commenter.yml +++ b/.github/workflows/label-commenter.yml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + name: Label Commenter on: diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 9912adaba..b7d2cc586 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- # The CI runs on ubuntu-22.04; More info about the installed software is found here: # https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml index 6eb1ca020..41204f18c 100644 --- a/.github/workflows/scb-bot.yaml +++ b/.github/workflows/scb-bot.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + # This is a Github Action workflow that runs daily at 9:15 AM UTC Time. # It checks if any of the scanners listed in the matrix section are outdated. # If a scanner is outdated, it checks if a pull request to upgrade that scanner already exists. diff --git a/.templates/new-scanner/integration-tests/jest.config.json.license b/.templates/new-scanner/integration-tests/jest.config.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/.templates/new-scanner/integration-tests/jest.config.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/.templates/new-scanner/parser/__testFiles__/empty.json.license b/.templates/new-scanner/parser/__testFiles__/empty.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/.templates/new-scanner/parser/__testFiles__/empty.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/.templates/new-scanner/parser/__testFiles__/example.com.json.license b/.templates/new-scanner/parser/__testFiles__/example.com.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/.templates/new-scanner/parser/__testFiles__/example.com.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php b/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php index 1e287e0a6..0ca31c06f 100644 --- a/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php +++ b/demo-targets/old-typo3/container/typo3conf/LocalConfiguration.php @@ -1,4 +1,9 @@ [ 'debug' => false, diff --git a/demo-targets/old-typo3/container/typo3conf/PackageStates.php b/demo-targets/old-typo3/container/typo3conf/PackageStates.php index b7174d9a0..87e8d70e8 100644 --- a/demo-targets/old-typo3/container/typo3conf/PackageStates.php +++ b/demo-targets/old-typo3/container/typo3conf/PackageStates.php @@ -1,4 +1,9 @@ + # Parser SDK The Parser SDK provides Parser functionalities that are used by all Scanners like starting the corresponding Parser, enriching the Scan Status in Kubernetes with Parser Results and adding additional attributes to the "Findings.json". diff --git a/parser-sdk/nodejs/findings-schema.json.license b/parser-sdk/nodejs/findings-schema.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/parser-sdk/nodejs/findings-schema.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/parser-sdk/nodejs/parser-utils.js b/parser-sdk/nodejs/parser-utils.js index 43fb157d3..68486cccf 100644 --- a/parser-sdk/nodejs/parser-utils.js +++ b/parser-sdk/nodejs/parser-utils.js @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + const fs = require("fs"); const Ajv = require("ajv-draft-04"); const ajv = new Ajv(); From e08f6e76872884ecae0b179ce09f607b45f14f65 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 13:11:53 +0200 Subject: [PATCH 08/16] Add all Markdown files in .github to Apache-2.0 copyright Signed-off-by: Heiko Kiesel --- .reuse/dep5 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.reuse/dep5 b/.reuse/dep5 index 371162b16..eb1b2c89a 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -2,3 +2,7 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: secureCodeBox Upstream-Contact: Robert Seedorff Source: https://github.com/secureCodeBox/secureCodeBox + +Files: .github/*.md +Copyright: the secureCodeBox authors +License: Apache-2.0 From 48e97478a151752a534ee6332849b0a2bd34f9ec Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 13:21:22 +0200 Subject: [PATCH 09/16] Add license to auto-discovery Signed-off-by: Heiko Kiesel --- auto-discovery/kubernetes/.helmignore | 4 ++++ auto-discovery/kubernetes/.vscode/launch.json.license | 3 +++ auto-discovery/kubernetes/.vscode/tasks.json.license | 3 +++ auto-discovery/kubernetes/config/rbac/role.yaml | 4 ++++ auto-discovery/kubernetes/controllers/restart_scan.go | 4 ++++ auto-discovery/kubernetes/controllers/suite_test_util.go | 4 ++++ auto-discovery/kubernetes/pkg/util/checkScanConfig.go | 4 ++++ auto-discovery/kubernetes/pkg/util/gotemplate.go | 4 ++++ auto-discovery/kubernetes/pkg/util/util_suite_test.go | 4 ++++ .../kubernetes/pull-secret-extractor/.dockerignore | 4 ++++ auto-discovery/kubernetes/pull-secret-extractor/Dockerfile | 4 ++++ auto-discovery/kubernetes/pull-secret-extractor/Makefile | 1 - .../kubernetes/pull-secret-extractor/docker_image.py | 4 ++++ .../integration-test/package-lock.json.license | 3 +++ .../integration-test/package.json.license | 3 +++ .../integration-test/pull-secret-extraction.test.js | 4 ++++ .../pull-secret-extractor/integration-test/test-pod.sh | 4 ++++ auto-discovery/kubernetes/pull-secret-extractor/readme.md | 6 ++++++ .../pull-secret-extractor/requirements.txt.license | 3 +++ .../kubernetes/pull-secret-extractor/secret_extraction.py | 4 ++++ .../kubernetes/pull-secret-extractor/test_docker_image.py | 4 ++++ .../pull-secret-extractor/test_secret_extraction.py | 4 ++++ .../test_secrets/secret_1/.dockerconfigjson.license | 3 +++ .../test_secrets/secret_1/not_a_docker_config_json.license | 3 +++ .../test_secrets/secret_2/.dockerconfigjson.license | 3 +++ 25 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 auto-discovery/kubernetes/.vscode/launch.json.license create mode 100644 auto-discovery/kubernetes/.vscode/tasks.json.license create mode 100644 auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license create mode 100644 auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license create mode 100644 auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license create mode 100644 auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license create mode 100644 auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license create mode 100644 auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license diff --git a/auto-discovery/kubernetes/.helmignore b/auto-discovery/kubernetes/.helmignore index 099a1ad68..9c40f99bc 100644 --- a/auto-discovery/kubernetes/.helmignore +++ b/auto-discovery/kubernetes/.helmignore @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + bin/ config/ controller/ diff --git a/auto-discovery/kubernetes/.vscode/launch.json.license b/auto-discovery/kubernetes/.vscode/launch.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/auto-discovery/kubernetes/.vscode/launch.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/.vscode/tasks.json.license b/auto-discovery/kubernetes/.vscode/tasks.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/auto-discovery/kubernetes/.vscode/tasks.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/config/rbac/role.yaml b/auto-discovery/kubernetes/config/rbac/role.yaml index 06b4bd32f..2e43d9f89 100644 --- a/auto-discovery/kubernetes/config/rbac/role.yaml +++ b/auto-discovery/kubernetes/config/rbac/role.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/auto-discovery/kubernetes/controllers/restart_scan.go b/auto-discovery/kubernetes/controllers/restart_scan.go index 0eb9b0761..e2cd9533d 100644 --- a/auto-discovery/kubernetes/controllers/restart_scan.go +++ b/auto-discovery/kubernetes/controllers/restart_scan.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2021 iteratec GmbH +// +// SPDX-License-Identifier: Apache-2.0 + package controllers import ( diff --git a/auto-discovery/kubernetes/controllers/suite_test_util.go b/auto-discovery/kubernetes/controllers/suite_test_util.go index f38848fab..345e4bfef 100644 --- a/auto-discovery/kubernetes/controllers/suite_test_util.go +++ b/auto-discovery/kubernetes/controllers/suite_test_util.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2021 iteratec GmbH +// +// SPDX-License-Identifier: Apache-2.0 + package controllers import ( diff --git a/auto-discovery/kubernetes/pkg/util/checkScanConfig.go b/auto-discovery/kubernetes/pkg/util/checkScanConfig.go index 9e0d6c643..bc5d7522d 100644 --- a/auto-discovery/kubernetes/pkg/util/checkScanConfig.go +++ b/auto-discovery/kubernetes/pkg/util/checkScanConfig.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2021 iteratec GmbH +// +// SPDX-License-Identifier: Apache-2.0 + package util import ( diff --git a/auto-discovery/kubernetes/pkg/util/gotemplate.go b/auto-discovery/kubernetes/pkg/util/gotemplate.go index 1070cdb3e..141bda249 100644 --- a/auto-discovery/kubernetes/pkg/util/gotemplate.go +++ b/auto-discovery/kubernetes/pkg/util/gotemplate.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2021 iteratec GmbH +// +// SPDX-License-Identifier: Apache-2.0 + package util import ( diff --git a/auto-discovery/kubernetes/pkg/util/util_suite_test.go b/auto-discovery/kubernetes/pkg/util/util_suite_test.go index 9a34451a4..d18764499 100644 --- a/auto-discovery/kubernetes/pkg/util/util_suite_test.go +++ b/auto-discovery/kubernetes/pkg/util/util_suite_test.go @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2021 iteratec GmbH +// +// SPDX-License-Identifier: Apache-2.0 + package util_test import ( diff --git a/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore b/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore index 1c9d29431..ef00adfb8 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore +++ b/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore @@ -1,2 +1,6 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + integration-test/* venv/* \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile b/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile index e2e60f8ef..3b5992c20 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile +++ b/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + FROM python:3.11-alpine COPY requirements.txt . diff --git a/auto-discovery/kubernetes/pull-secret-extractor/Makefile b/auto-discovery/kubernetes/pull-secret-extractor/Makefile index f19fc89f9..bce3246e9 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/Makefile +++ b/auto-discovery/kubernetes/pull-secret-extractor/Makefile @@ -1,4 +1,3 @@ - # SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py b/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py index fd51559c2..45780fb3f 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py +++ b/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + legacyDefaultDomain = "index.docker.io" defaultDomain = "docker.io" officialRepoName = "library" diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license new file mode 100644 index 000000000..7446c9b19 --- /dev/null +++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2021 iteratec GmbH + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license new file mode 100644 index 000000000..7446c9b19 --- /dev/null +++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2021 iteratec GmbH + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js index 2bcdca4c9..20502744c 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js +++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2021 iteratec GmbH +// +// SPDX-License-Identifier: Apache-2.0 + const k8s = require("@kubernetes/client-node"); const kc = new k8s.KubeConfig(); diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh index f240e246e..0d67da3f7 100755 --- a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh +++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh @@ -1,5 +1,9 @@ #!/bin/sh +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + cat < + ## Usage The auto-discovery-secret-extraction container should be used as an initContainer to enable Trivy (or other container scan tools) to scan images from private docker registries. The container expects the imageID for which it should find the corresponding secret and the name of the temporary secret as commandline arguments. The initContainer will then read secrets mounted as a volume under `/secrets` and check which secret belongs to the domain of the provided imageID. After the correct secret is identified it will create a temporary secret which will contain the credentials of the private registry of the provided imageID. The temporary secret will have an `ownerReference` to the pod in which this container is running in. This means that the temporary secret will be automatically removed when the scan of the pod is finished. diff --git a/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license b/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license new file mode 100644 index 000000000..7446c9b19 --- /dev/null +++ b/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2021 iteratec GmbH + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py b/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py index 1e9fa4ad8..dd5b04c0b 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py +++ b/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + import glob import json import sys diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py b/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py index 38c5cd945..48f1d03a8 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py +++ b/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + from unittest import TestCase from docker_image import get_domain_from_docker_image diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py b/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py index 52cd45330..a4a2b6fdf 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py +++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + import sys import unittest diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license new file mode 100644 index 000000000..7446c9b19 --- /dev/null +++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2021 iteratec GmbH + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license new file mode 100644 index 000000000..7446c9b19 --- /dev/null +++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2021 iteratec GmbH + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license new file mode 100644 index 000000000..7446c9b19 --- /dev/null +++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2021 iteratec GmbH + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file From 48fd631fa8990f7d44ec0ebcc14b1db95a538a30 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 13:52:18 +0200 Subject: [PATCH 10/16] Add licenses to several files Signed-off-by: Heiko Kiesel --- hooks/persistence-defectdojo/hook/.sdkmanrc | 4 ++++ .../mapping/SecureCodeBoxFindingsToDefectDojoMapper.java | 4 ++++ .../persistence/models/DefectDojoImportFinding.java | 4 ++++ .../service/scanresult/GenericParserScanResultService.java | 4 ++++ .../persistence/service/scanresult/ScanResultService.java | 4 ++++ .../service/scanresult/SpecificParserScanResultService.java | 4 ++++ .../mapping/SecureCodeBoxFindingsToDefectDojoMapperTest.java | 4 ++++ .../io/securecodebox/persistence/service/ScanServiceTest.java | 4 ++++ .../src/test/resources/kubehunter-dd-findings.json.license | 3 +++ .../src/test/resources/kubehunter-scb-findings.json.license | 3 +++ .../hook/src/test/resources/nikto-raw-result.json.license | 3 +++ .../charts/elasticsearch-7.17.3.tgz.license | 3 +++ hooks/persistence-elastic/charts/kibana-7.17.3.tgz.license | 3 +++ 13 files changed, 47 insertions(+) create mode 100644 hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-dd-findings.json.license create mode 100644 hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-scb-findings.json.license create mode 100644 hooks/persistence-defectdojo/hook/src/test/resources/nikto-raw-result.json.license create mode 100644 hooks/persistence-elastic/charts/elasticsearch-7.17.3.tgz.license create mode 100644 hooks/persistence-elastic/charts/kibana-7.17.3.tgz.license diff --git a/hooks/persistence-defectdojo/hook/.sdkmanrc b/hooks/persistence-defectdojo/hook/.sdkmanrc index 0262a2610..b29149a2d 100644 --- a/hooks/persistence-defectdojo/hook/.sdkmanrc +++ b/hooks/persistence-defectdojo/hook/.sdkmanrc @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + # Enable auto-env through the sdkman_auto_env config # Add key=value pairs of SDKs to use below java=11.0.11.hs-adpt diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapper.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapper.java index 6a3405ecf..1c63342b3 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapper.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapper.java @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + package io.securecodebox.persistence.mapping; import com.fasterxml.jackson.core.JsonProcessingException; diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/models/DefectDojoImportFinding.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/models/DefectDojoImportFinding.java index 5fe9c21ee..ac618bfe8 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/models/DefectDojoImportFinding.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/models/DefectDojoImportFinding.java @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + package io.securecodebox.persistence.models; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/GenericParserScanResultService.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/GenericParserScanResultService.java index 02bc94954..4ae56b7b1 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/GenericParserScanResultService.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/GenericParserScanResultService.java @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + package io.securecodebox.persistence.service.scanresult; import com.fasterxml.jackson.databind.DeserializationFeature; diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/ScanResultService.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/ScanResultService.java index 15ff4a26b..8853b8c65 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/ScanResultService.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/ScanResultService.java @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + package io.securecodebox.persistence.service.scanresult; import io.securecodebox.persistence.config.PersistenceProviderConfig; diff --git a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/SpecificParserScanResultService.java b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/SpecificParserScanResultService.java index eec4b8587..40ff89a56 100644 --- a/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/SpecificParserScanResultService.java +++ b/hooks/persistence-defectdojo/hook/src/main/java/io/securecodebox/persistence/service/scanresult/SpecificParserScanResultService.java @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + package io.securecodebox.persistence.service.scanresult; import io.securecodebox.persistence.config.PersistenceProviderConfig; diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapperTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapperTest.java index 51b24d9a8..82638b61f 100644 --- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapperTest.java +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/mapping/SecureCodeBoxFindingsToDefectDojoMapperTest.java @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + package io.securecodebox.persistence.mapping; import com.fasterxml.jackson.core.JsonProcessingException; diff --git a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/service/ScanServiceTest.java b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/service/ScanServiceTest.java index 305396f8f..5a1a23e51 100644 --- a/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/service/ScanServiceTest.java +++ b/hooks/persistence-defectdojo/hook/src/test/java/io/securecodebox/persistence/service/ScanServiceTest.java @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + package io.securecodebox.persistence.service; import com.fasterxml.jackson.databind.ObjectMapper; diff --git a/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-dd-findings.json.license b/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-dd-findings.json.license new file mode 100644 index 000000000..c95bc3718 --- /dev/null +++ b/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-dd-findings.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 diff --git a/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-scb-findings.json.license b/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-scb-findings.json.license new file mode 100644 index 000000000..c95bc3718 --- /dev/null +++ b/hooks/persistence-defectdojo/hook/src/test/resources/kubehunter-scb-findings.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 diff --git a/hooks/persistence-defectdojo/hook/src/test/resources/nikto-raw-result.json.license b/hooks/persistence-defectdojo/hook/src/test/resources/nikto-raw-result.json.license new file mode 100644 index 000000000..c95bc3718 --- /dev/null +++ b/hooks/persistence-defectdojo/hook/src/test/resources/nikto-raw-result.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 diff --git a/hooks/persistence-elastic/charts/elasticsearch-7.17.3.tgz.license b/hooks/persistence-elastic/charts/elasticsearch-7.17.3.tgz.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/hooks/persistence-elastic/charts/elasticsearch-7.17.3.tgz.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/hooks/persistence-elastic/charts/kibana-7.17.3.tgz.license b/hooks/persistence-elastic/charts/kibana-7.17.3.tgz.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/hooks/persistence-elastic/charts/kibana-7.17.3.tgz.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file From 2a6faecb856e6d544b19e0883585b1a58295e0a3 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 14:24:51 +0200 Subject: [PATCH 11/16] Add license to files in scanners directory Signed-off-by: Heiko Kiesel --- scanners/amass/parser/package-lock.json.license | 3 +++ scanners/amass/parser/package.json.license | 3 +++ scanners/cmseek/.gitignore | 4 ++++ scanners/cmseek/parser/__snapshots__/parser.test.js.snap | 4 ++++ .../__testFiles__/joomla_with_core_vulns.json.license | 3 +++ .../__testFiles__/joomla_without_core_vulns.json.license | 3 +++ .../cmseek/parser/__testFiles__/not_joomla.json.license | 3 +++ scanners/doggo/examples/example.com/findings.yaml | 3 +++ scanners/doggo/integration-tests/jest.config.json.license | 3 +++ scanners/doggo/parser/__snapshots__/parser.test.js.snap | 4 ++++ scanners/doggo/parser/__testFiles__/empty.json.license | 3 +++ .../doggo/parser/__testFiles__/example.com.json.license | 3 +++ .../wordlist.txt.license | 3 +++ .../wordlist-config-map-post/wordlistPasswords.txt.license | 3 +++ .../wordlist-config-map-post/wordlistUsernames.txt.license | 3 +++ .../ffuf/examples/wordlist-config-map/wordlist.txt.license | 3 +++ scanners/ffuf/integration-tests/jest.config.json.license | 3 +++ scanners/ffuf/parser/__testFiles__/empty.json.license | 3 +++ .../ffuf-results-multiple-fuzz-keywords.json.license | 3 +++ .../parser/__testFiles__/ffuf-results-postdata.json.license | 3 +++ .../ffuf/parser/__testFiles__/ffuf-results.json.license | 3 +++ .../ffuf/parser/__testFiles__/zeroFindings.json.license | 3 +++ .../kubeaudit/examples/juice-shop/findings.json.license | 3 +++ scanners/nmap/examples/basic-example/nmap-results.xml | 6 ++++++ .../nmap/parser/__testFiles__/local-network-verbose.xml | 6 ++++++ scanners/nmap/parser/__testFiles__/scanme.nmap.org-ipv6.xml | 6 ++++++ scanners/nuclei/.gitignore | 4 ++++ scanners/nuclei/examples/bodgeit/findings.yaml | 4 ++++ .../nuclei/examples/bodgeit/nuclei-results.jsonl.license | 3 +++ scanners/nuclei/examples/example.com/findings.yaml | 4 ++++ .../nuclei/examples/example.com/raw-results.jsonl.license | 3 +++ scanners/nuclei/examples/secureCodeBox.io/findings.yaml | 4 ++++ .../examples/secureCodeBox.io/raw-results.jsonl.license | 3 +++ .../parser/__testFiles__/secureCodeBox-test.jsonl.license | 3 +++ scanners/semgrep/Chart.yaml | 4 ++++ scanners/semgrep/Makefile | 4 ++++ .../semgrep/examples/vulnerable-flask-app/findings.yaml | 4 ++++ scanners/semgrep/examples/vulnerable-flask-app/scan.yaml | 4 ++++ .../vulnerable-flask-app/semgrep-findings.json.license | 3 +++ scanners/semgrep/integration-tests/testfile.py | 4 ++++ .../parser/__testFiles__/minimal-metadata.json.license | 3 +++ .../__testFiles__/python-injection-multiresult.json.license | 3 +++ .../parser/__testFiles__/python-injection.json.license | 3 +++ scanners/semgrep/parser/parser.test.js | 4 ++++ scanners/ssh-audit/examples/dummy-ssh/findings.yaml | 4 ++++ scanners/ssh-audit/examples/dummy-ssh/scan.yaml | 4 ++++ .../examples/dummy-ssh/ssh-audit-results.json.license | 3 +++ scanners/ssh-audit/examples/port-example/findings.yaml | 4 ++++ .../examples/port-example/ssh-audit-result.json.license | 3 +++ .../ssh-audit/parser/__testFiles__/dummy-ssh.json.license | 3 +++ .../ssh-audit/parser/__testFiles__/example.json.license | 3 +++ .../ssh-audit/parser/__testFiles__/portExample.json.license | 3 +++ .../parser/__testFiles__/test-empty-report.json.license | 3 +++ scanners/ssh-scan/examples/demo-app-ssh/README.md | 1 + .../ssh-scan/examples/demo-app-ssh/findings.json.license | 3 +++ scanners/ssh-scan/examples/localhost/findings.json.license | 3 +++ .../__testFiles__/no-certificate_deployments.json.license | 3 +++ .../parser/__testFiles__/unavailable-host.json.license | 3 +++ .../juice-shop-v12.10.2-no-results.json.license | 3 +++ scanners/typo3scan/parser/__snapshots__/parser.test.js.snap | 3 +++ .../typo3scan/parser/__testFiles__/localhost.json.license | 3 +++ .../__testFiles__/localhost_vuln_extensions.json.license | 3 +++ scanners/whatweb/examples/example.com/findings.yaml | 4 ++++ .../whatweb/parser/__testFiles__/example.com.json.license | 3 +++ .../parser/__testFiles__/no-address.com.json.license | 3 +++ .../parser/__testFiles__/securecodebox.io.json.license | 3 +++ .../whatweb/parser/__testFiles__/two-domains.json.license | 3 +++ .../wpscan/examples/old-wordpress/findings.json.license | 3 +++ ...on-detected.license => no-version-detected.json.license} | 0 scanners/zap-advanced/scanner/README.md | 6 ++++++ scanners/zap-advanced/scanner/scripts/README.md | 6 ++++++ .../scanner/scripts/session/juiceshop-session-management.js | 4 ++++ scanners/zap/parser/__testFiles__/bodgeit.xml | 6 ++++++ 73 files changed, 250 insertions(+) create mode 100644 scanners/amass/parser/package-lock.json.license create mode 100644 scanners/amass/parser/package.json.license create mode 100644 scanners/cmseek/parser/__testFiles__/joomla_with_core_vulns.json.license create mode 100644 scanners/cmseek/parser/__testFiles__/joomla_without_core_vulns.json.license create mode 100644 scanners/cmseek/parser/__testFiles__/not_joomla.json.license create mode 100644 scanners/doggo/integration-tests/jest.config.json.license create mode 100644 scanners/doggo/parser/__testFiles__/empty.json.license create mode 100644 scanners/doggo/parser/__testFiles__/example.com.json.license create mode 100644 scanners/ffuf/examples/wordlist-config-map-multiple-fuzz-keywords/wordlist.txt.license create mode 100644 scanners/ffuf/examples/wordlist-config-map-post/wordlistPasswords.txt.license create mode 100644 scanners/ffuf/examples/wordlist-config-map-post/wordlistUsernames.txt.license create mode 100644 scanners/ffuf/examples/wordlist-config-map/wordlist.txt.license create mode 100644 scanners/ffuf/integration-tests/jest.config.json.license create mode 100644 scanners/ffuf/parser/__testFiles__/empty.json.license create mode 100644 scanners/ffuf/parser/__testFiles__/ffuf-results-multiple-fuzz-keywords.json.license create mode 100644 scanners/ffuf/parser/__testFiles__/ffuf-results-postdata.json.license create mode 100644 scanners/ffuf/parser/__testFiles__/ffuf-results.json.license create mode 100644 scanners/ffuf/parser/__testFiles__/zeroFindings.json.license create mode 100644 scanners/kubeaudit/examples/juice-shop/findings.json.license create mode 100644 scanners/nuclei/examples/bodgeit/nuclei-results.jsonl.license create mode 100644 scanners/nuclei/examples/example.com/raw-results.jsonl.license create mode 100644 scanners/nuclei/examples/secureCodeBox.io/raw-results.jsonl.license create mode 100644 scanners/nuclei/parser/__testFiles__/secureCodeBox-test.jsonl.license create mode 100644 scanners/semgrep/examples/vulnerable-flask-app/semgrep-findings.json.license create mode 100644 scanners/semgrep/parser/__testFiles__/minimal-metadata.json.license create mode 100644 scanners/semgrep/parser/__testFiles__/python-injection-multiresult.json.license create mode 100644 scanners/semgrep/parser/__testFiles__/python-injection.json.license create mode 100644 scanners/ssh-audit/examples/dummy-ssh/ssh-audit-results.json.license create mode 100644 scanners/ssh-audit/examples/port-example/ssh-audit-result.json.license create mode 100644 scanners/ssh-audit/parser/__testFiles__/dummy-ssh.json.license create mode 100644 scanners/ssh-audit/parser/__testFiles__/example.json.license create mode 100644 scanners/ssh-audit/parser/__testFiles__/portExample.json.license create mode 100644 scanners/ssh-audit/parser/__testFiles__/test-empty-report.json.license create mode 100644 scanners/ssh-scan/examples/demo-app-ssh/findings.json.license create mode 100644 scanners/ssh-scan/examples/localhost/findings.json.license create mode 100644 scanners/sslyze/parser/__testFiles__/no-certificate_deployments.json.license create mode 100644 scanners/sslyze/parser/__testFiles__/unavailable-host.json.license create mode 100644 scanners/trivy/parser/__testFiles__/juice-shop-v12.10.2-no-results.json.license create mode 100644 scanners/typo3scan/parser/__testFiles__/localhost.json.license create mode 100644 scanners/typo3scan/parser/__testFiles__/localhost_vuln_extensions.json.license create mode 100644 scanners/whatweb/parser/__testFiles__/example.com.json.license create mode 100644 scanners/whatweb/parser/__testFiles__/no-address.com.json.license create mode 100644 scanners/whatweb/parser/__testFiles__/securecodebox.io.json.license create mode 100644 scanners/whatweb/parser/__testFiles__/two-domains.json.license create mode 100644 scanners/wpscan/examples/old-wordpress/findings.json.license rename scanners/wpscan/parser/__testFiles__/{no-version-detected.license => no-version-detected.json.license} (100%) diff --git a/scanners/amass/parser/package-lock.json.license b/scanners/amass/parser/package-lock.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/amass/parser/package-lock.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/amass/parser/package.json.license b/scanners/amass/parser/package.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/amass/parser/package.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/cmseek/.gitignore b/scanners/cmseek/.gitignore index d874ad67c..a5be59dc8 100644 --- a/scanners/cmseek/.gitignore +++ b/scanners/cmseek/.gitignore @@ -1 +1,5 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + *.tar diff --git a/scanners/cmseek/parser/__snapshots__/parser.test.js.snap b/scanners/cmseek/parser/__snapshots__/parser.test.js.snap index 61f924ef2..0a3308f66 100644 --- a/scanners/cmseek/parser/__snapshots__/parser.test.js.snap +++ b/scanners/cmseek/parser/__snapshots__/parser.test.js.snap @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`parser parses result of Joomla scan with core vulnerabilities successfully 1`] = ` diff --git a/scanners/cmseek/parser/__testFiles__/joomla_with_core_vulns.json.license b/scanners/cmseek/parser/__testFiles__/joomla_with_core_vulns.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/cmseek/parser/__testFiles__/joomla_with_core_vulns.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/cmseek/parser/__testFiles__/joomla_without_core_vulns.json.license b/scanners/cmseek/parser/__testFiles__/joomla_without_core_vulns.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/cmseek/parser/__testFiles__/joomla_without_core_vulns.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/cmseek/parser/__testFiles__/not_joomla.json.license b/scanners/cmseek/parser/__testFiles__/not_joomla.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/cmseek/parser/__testFiles__/not_joomla.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/doggo/examples/example.com/findings.yaml b/scanners/doggo/examples/example.com/findings.yaml index bb3889baa..b76bd0ad5 100644 --- a/scanners/doggo/examples/example.com/findings.yaml +++ b/scanners/doggo/examples/example.com/findings.yaml @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 [ { "name": "DNS Zone: example.com. | Type: A", diff --git a/scanners/doggo/integration-tests/jest.config.json.license b/scanners/doggo/integration-tests/jest.config.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/doggo/integration-tests/jest.config.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/doggo/parser/__snapshots__/parser.test.js.snap b/scanners/doggo/parser/__snapshots__/parser.test.js.snap index e8e78094e..374fd3fe1 100644 --- a/scanners/doggo/parser/__snapshots__/parser.test.js.snap +++ b/scanners/doggo/parser/__snapshots__/parser.test.js.snap @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`should properly parse doggo json file 1`] = ` diff --git a/scanners/doggo/parser/__testFiles__/empty.json.license b/scanners/doggo/parser/__testFiles__/empty.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/doggo/parser/__testFiles__/empty.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/doggo/parser/__testFiles__/example.com.json.license b/scanners/doggo/parser/__testFiles__/example.com.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/doggo/parser/__testFiles__/example.com.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ffuf/examples/wordlist-config-map-multiple-fuzz-keywords/wordlist.txt.license b/scanners/ffuf/examples/wordlist-config-map-multiple-fuzz-keywords/wordlist.txt.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ffuf/examples/wordlist-config-map-multiple-fuzz-keywords/wordlist.txt.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ffuf/examples/wordlist-config-map-post/wordlistPasswords.txt.license b/scanners/ffuf/examples/wordlist-config-map-post/wordlistPasswords.txt.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ffuf/examples/wordlist-config-map-post/wordlistPasswords.txt.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ffuf/examples/wordlist-config-map-post/wordlistUsernames.txt.license b/scanners/ffuf/examples/wordlist-config-map-post/wordlistUsernames.txt.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ffuf/examples/wordlist-config-map-post/wordlistUsernames.txt.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ffuf/examples/wordlist-config-map/wordlist.txt.license b/scanners/ffuf/examples/wordlist-config-map/wordlist.txt.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ffuf/examples/wordlist-config-map/wordlist.txt.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ffuf/integration-tests/jest.config.json.license b/scanners/ffuf/integration-tests/jest.config.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ffuf/integration-tests/jest.config.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ffuf/parser/__testFiles__/empty.json.license b/scanners/ffuf/parser/__testFiles__/empty.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ffuf/parser/__testFiles__/empty.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ffuf/parser/__testFiles__/ffuf-results-multiple-fuzz-keywords.json.license b/scanners/ffuf/parser/__testFiles__/ffuf-results-multiple-fuzz-keywords.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ffuf/parser/__testFiles__/ffuf-results-multiple-fuzz-keywords.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ffuf/parser/__testFiles__/ffuf-results-postdata.json.license b/scanners/ffuf/parser/__testFiles__/ffuf-results-postdata.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ffuf/parser/__testFiles__/ffuf-results-postdata.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ffuf/parser/__testFiles__/ffuf-results.json.license b/scanners/ffuf/parser/__testFiles__/ffuf-results.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ffuf/parser/__testFiles__/ffuf-results.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ffuf/parser/__testFiles__/zeroFindings.json.license b/scanners/ffuf/parser/__testFiles__/zeroFindings.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ffuf/parser/__testFiles__/zeroFindings.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/kubeaudit/examples/juice-shop/findings.json.license b/scanners/kubeaudit/examples/juice-shop/findings.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/kubeaudit/examples/juice-shop/findings.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/nmap/examples/basic-example/nmap-results.xml b/scanners/nmap/examples/basic-example/nmap-results.xml index 7e7bbf1d3..b2a9acd2d 100644 --- a/scanners/nmap/examples/basic-example/nmap-results.xml +++ b/scanners/nmap/examples/basic-example/nmap-results.xml @@ -1,3 +1,9 @@ + + diff --git a/scanners/nmap/parser/__testFiles__/local-network-verbose.xml b/scanners/nmap/parser/__testFiles__/local-network-verbose.xml index 8a8a09f23..267fd2cce 100644 --- a/scanners/nmap/parser/__testFiles__/local-network-verbose.xml +++ b/scanners/nmap/parser/__testFiles__/local-network-verbose.xml @@ -1,3 +1,9 @@ + + diff --git a/scanners/nmap/parser/__testFiles__/scanme.nmap.org-ipv6.xml b/scanners/nmap/parser/__testFiles__/scanme.nmap.org-ipv6.xml index 2bdb22df8..4170c26ab 100644 --- a/scanners/nmap/parser/__testFiles__/scanme.nmap.org-ipv6.xml +++ b/scanners/nmap/parser/__testFiles__/scanme.nmap.org-ipv6.xml @@ -1,3 +1,9 @@ + + diff --git a/scanners/nuclei/.gitignore b/scanners/nuclei/.gitignore index d874ad67c..a5be59dc8 100644 --- a/scanners/nuclei/.gitignore +++ b/scanners/nuclei/.gitignore @@ -1 +1,5 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + *.tar diff --git a/scanners/nuclei/examples/bodgeit/findings.yaml b/scanners/nuclei/examples/bodgeit/findings.yaml index 126b22096..b3dd319d1 100644 --- a/scanners/nuclei/examples/bodgeit/findings.yaml +++ b/scanners/nuclei/examples/bodgeit/findings.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + [ { "name": "Tomcat exposed docs", diff --git a/scanners/nuclei/examples/bodgeit/nuclei-results.jsonl.license b/scanners/nuclei/examples/bodgeit/nuclei-results.jsonl.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/nuclei/examples/bodgeit/nuclei-results.jsonl.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/nuclei/examples/example.com/findings.yaml b/scanners/nuclei/examples/example.com/findings.yaml index 3127db57d..2832b97ee 100644 --- a/scanners/nuclei/examples/example.com/findings.yaml +++ b/scanners/nuclei/examples/example.com/findings.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + [ { "name": "HTTP Missing Security Headers", diff --git a/scanners/nuclei/examples/example.com/raw-results.jsonl.license b/scanners/nuclei/examples/example.com/raw-results.jsonl.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/nuclei/examples/example.com/raw-results.jsonl.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/nuclei/examples/secureCodeBox.io/findings.yaml b/scanners/nuclei/examples/secureCodeBox.io/findings.yaml index 22a51c911..24cb3c8da 100644 --- a/scanners/nuclei/examples/secureCodeBox.io/findings.yaml +++ b/scanners/nuclei/examples/secureCodeBox.io/findings.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + [ { "name": "DOM EventListener detection", diff --git a/scanners/nuclei/examples/secureCodeBox.io/raw-results.jsonl.license b/scanners/nuclei/examples/secureCodeBox.io/raw-results.jsonl.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/nuclei/examples/secureCodeBox.io/raw-results.jsonl.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/nuclei/parser/__testFiles__/secureCodeBox-test.jsonl.license b/scanners/nuclei/parser/__testFiles__/secureCodeBox-test.jsonl.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/nuclei/parser/__testFiles__/secureCodeBox-test.jsonl.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/semgrep/Chart.yaml b/scanners/semgrep/Chart.yaml index 1e62d0310..d05ebac98 100644 --- a/scanners/semgrep/Chart.yaml +++ b/scanners/semgrep/Chart.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: v2 name: semgrep description: A Helm chart for the semgrep semantic code analyzer that integrates with the secureCodeBox diff --git a/scanners/semgrep/Makefile b/scanners/semgrep/Makefile index e0641e4bd..3ddf7a279 100644 --- a/scanners/semgrep/Makefile +++ b/scanners/semgrep/Makefile @@ -1,5 +1,9 @@ #!/usr/bin/make -f +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + include_guard = set # Always include this line (checked in the makefile framework) scanner = semgrep diff --git a/scanners/semgrep/examples/vulnerable-flask-app/findings.yaml b/scanners/semgrep/examples/vulnerable-flask-app/findings.yaml index dad6f575d..27b624ac6 100644 --- a/scanners/semgrep/examples/vulnerable-flask-app/findings.yaml +++ b/scanners/semgrep/examples/vulnerable-flask-app/findings.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + [ { "name": "javascript.lang.correctness.useless-eqeq.eqeq-is-bad", diff --git a/scanners/semgrep/examples/vulnerable-flask-app/scan.yaml b/scanners/semgrep/examples/vulnerable-flask-app/scan.yaml index 5bf9941e3..78649e985 100644 --- a/scanners/semgrep/examples/vulnerable-flask-app/scan.yaml +++ b/scanners/semgrep/examples/vulnerable-flask-app/scan.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: "execution.securecodebox.io/v1" kind: Scan metadata: diff --git a/scanners/semgrep/examples/vulnerable-flask-app/semgrep-findings.json.license b/scanners/semgrep/examples/vulnerable-flask-app/semgrep-findings.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/semgrep/examples/vulnerable-flask-app/semgrep-findings.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/semgrep/integration-tests/testfile.py b/scanners/semgrep/integration-tests/testfile.py index 47f66fe0a..f3eb7d7af 100644 --- a/scanners/semgrep/integration-tests/testfile.py +++ b/scanners/semgrep/integration-tests/testfile.py @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + # Source: Example code for the semgrep rule "python.django.security.injection.command.command-injection-os-system.command-injection-os-system" import os diff --git a/scanners/semgrep/parser/__testFiles__/minimal-metadata.json.license b/scanners/semgrep/parser/__testFiles__/minimal-metadata.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/semgrep/parser/__testFiles__/minimal-metadata.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/semgrep/parser/__testFiles__/python-injection-multiresult.json.license b/scanners/semgrep/parser/__testFiles__/python-injection-multiresult.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/semgrep/parser/__testFiles__/python-injection-multiresult.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/semgrep/parser/__testFiles__/python-injection.json.license b/scanners/semgrep/parser/__testFiles__/python-injection.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/semgrep/parser/__testFiles__/python-injection.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/semgrep/parser/parser.test.js b/scanners/semgrep/parser/parser.test.js index 031fc5659..a1923415e 100644 --- a/scanners/semgrep/parser/parser.test.js +++ b/scanners/semgrep/parser/parser.test.js @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + const fs = require("fs"); const util = require("util"); const { diff --git a/scanners/ssh-audit/examples/dummy-ssh/findings.yaml b/scanners/ssh-audit/examples/dummy-ssh/findings.yaml index 152de1515..381004518 100644 --- a/scanners/ssh-audit/examples/dummy-ssh/findings.yaml +++ b/scanners/ssh-audit/examples/dummy-ssh/findings.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + [ { "name": "SSH Service", diff --git a/scanners/ssh-audit/examples/dummy-ssh/scan.yaml b/scanners/ssh-audit/examples/dummy-ssh/scan.yaml index 9017da80b..14c3cc14c 100644 --- a/scanners/ssh-audit/examples/dummy-ssh/scan.yaml +++ b/scanners/ssh-audit/examples/dummy-ssh/scan.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + apiVersion: "execution.securecodebox.io/v1" kind: Scan metadata: diff --git a/scanners/ssh-audit/examples/dummy-ssh/ssh-audit-results.json.license b/scanners/ssh-audit/examples/dummy-ssh/ssh-audit-results.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ssh-audit/examples/dummy-ssh/ssh-audit-results.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ssh-audit/examples/port-example/findings.yaml b/scanners/ssh-audit/examples/port-example/findings.yaml index 02197f3df..004cbbb0d 100644 --- a/scanners/ssh-audit/examples/port-example/findings.yaml +++ b/scanners/ssh-audit/examples/port-example/findings.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + [ { "name": "SSH Service", diff --git a/scanners/ssh-audit/examples/port-example/ssh-audit-result.json.license b/scanners/ssh-audit/examples/port-example/ssh-audit-result.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ssh-audit/examples/port-example/ssh-audit-result.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ssh-audit/parser/__testFiles__/dummy-ssh.json.license b/scanners/ssh-audit/parser/__testFiles__/dummy-ssh.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ssh-audit/parser/__testFiles__/dummy-ssh.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ssh-audit/parser/__testFiles__/example.json.license b/scanners/ssh-audit/parser/__testFiles__/example.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ssh-audit/parser/__testFiles__/example.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ssh-audit/parser/__testFiles__/portExample.json.license b/scanners/ssh-audit/parser/__testFiles__/portExample.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ssh-audit/parser/__testFiles__/portExample.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ssh-audit/parser/__testFiles__/test-empty-report.json.license b/scanners/ssh-audit/parser/__testFiles__/test-empty-report.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ssh-audit/parser/__testFiles__/test-empty-report.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ssh-scan/examples/demo-app-ssh/README.md b/scanners/ssh-scan/examples/demo-app-ssh/README.md index 86777685f..94681e22b 100644 --- a/scanners/ssh-scan/examples/demo-app-ssh/README.md +++ b/scanners/ssh-scan/examples/demo-app-ssh/README.md @@ -1,5 +1,6 @@ diff --git a/scanners/ssh-scan/examples/demo-app-ssh/findings.json.license b/scanners/ssh-scan/examples/demo-app-ssh/findings.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ssh-scan/examples/demo-app-ssh/findings.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/ssh-scan/examples/localhost/findings.json.license b/scanners/ssh-scan/examples/localhost/findings.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/ssh-scan/examples/localhost/findings.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/sslyze/parser/__testFiles__/no-certificate_deployments.json.license b/scanners/sslyze/parser/__testFiles__/no-certificate_deployments.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/sslyze/parser/__testFiles__/no-certificate_deployments.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/sslyze/parser/__testFiles__/unavailable-host.json.license b/scanners/sslyze/parser/__testFiles__/unavailable-host.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/sslyze/parser/__testFiles__/unavailable-host.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/trivy/parser/__testFiles__/juice-shop-v12.10.2-no-results.json.license b/scanners/trivy/parser/__testFiles__/juice-shop-v12.10.2-no-results.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/trivy/parser/__testFiles__/juice-shop-v12.10.2-no-results.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap b/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap index 9954ef3b6..9fe0d8883 100644 --- a/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap +++ b/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap @@ -1,3 +1,6 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`parser parses large json result with vulnerable extensions successfully 1`] = ` diff --git a/scanners/typo3scan/parser/__testFiles__/localhost.json.license b/scanners/typo3scan/parser/__testFiles__/localhost.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/typo3scan/parser/__testFiles__/localhost.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/typo3scan/parser/__testFiles__/localhost_vuln_extensions.json.license b/scanners/typo3scan/parser/__testFiles__/localhost_vuln_extensions.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/typo3scan/parser/__testFiles__/localhost_vuln_extensions.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/whatweb/examples/example.com/findings.yaml b/scanners/whatweb/examples/example.com/findings.yaml index 48dcf1667..12d2db2db 100644 --- a/scanners/whatweb/examples/example.com/findings.yaml +++ b/scanners/whatweb/examples/example.com/findings.yaml @@ -1,3 +1,7 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + [ { "name": "http://old-typo3.default.svc/", diff --git a/scanners/whatweb/parser/__testFiles__/example.com.json.license b/scanners/whatweb/parser/__testFiles__/example.com.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/whatweb/parser/__testFiles__/example.com.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/whatweb/parser/__testFiles__/no-address.com.json.license b/scanners/whatweb/parser/__testFiles__/no-address.com.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/whatweb/parser/__testFiles__/no-address.com.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/whatweb/parser/__testFiles__/securecodebox.io.json.license b/scanners/whatweb/parser/__testFiles__/securecodebox.io.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/whatweb/parser/__testFiles__/securecodebox.io.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/whatweb/parser/__testFiles__/two-domains.json.license b/scanners/whatweb/parser/__testFiles__/two-domains.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/whatweb/parser/__testFiles__/two-domains.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/wpscan/examples/old-wordpress/findings.json.license b/scanners/wpscan/examples/old-wordpress/findings.json.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/wpscan/examples/old-wordpress/findings.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/wpscan/parser/__testFiles__/no-version-detected.license b/scanners/wpscan/parser/__testFiles__/no-version-detected.json.license similarity index 100% rename from scanners/wpscan/parser/__testFiles__/no-version-detected.license rename to scanners/wpscan/parser/__testFiles__/no-version-detected.json.license diff --git a/scanners/zap-advanced/scanner/README.md b/scanners/zap-advanced/scanner/README.md index 05bbf5e4a..db569899a 100644 --- a/scanners/zap-advanced/scanner/README.md +++ b/scanners/zap-advanced/scanner/README.md @@ -1,3 +1,9 @@ + + # ZAP Scanner This directory contains a secureCodeBox specific python implementation of an ZAP Client. diff --git a/scanners/zap-advanced/scanner/scripts/README.md b/scanners/zap-advanced/scanner/scripts/README.md index 0d2105c95..32f9cc7e0 100644 --- a/scanners/zap-advanced/scanner/scripts/README.md +++ b/scanners/zap-advanced/scanner/scripts/README.md @@ -1,3 +1,9 @@ + + # ZAP Scripts This folder contains ZAP scripts. The scripts must be in subdirectories named after the diff --git a/scanners/zap-advanced/scanner/scripts/session/juiceshop-session-management.js b/scanners/zap-advanced/scanner/scripts/session/juiceshop-session-management.js index 22f2ab5ef..a63763a50 100644 --- a/scanners/zap-advanced/scanner/scripts/session/juiceshop-session-management.js +++ b/scanners/zap-advanced/scanner/scripts/session/juiceshop-session-management.js @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 + /* * Session Management script for OWASP Juice Shop: https://raw.githubusercontent.com/zaproxy/community-scripts/master/session/Juice%20Shop%20Session%20Management.js * diff --git a/scanners/zap/parser/__testFiles__/bodgeit.xml b/scanners/zap/parser/__testFiles__/bodgeit.xml index 9b63a3a90..3c340cfff 100644 --- a/scanners/zap/parser/__testFiles__/bodgeit.xml +++ b/scanners/zap/parser/__testFiles__/bodgeit.xml @@ -1,3 +1,9 @@ + + From b019d241c68848d99138aa5b751e8d6d3eb48cd4 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 14:30:23 +0200 Subject: [PATCH 12/16] Fix failing jest test Signed-off-by: Heiko Kiesel --- .../hook/__snapshots__/hook.test.js.snap | 3 --- .../hook/__snapshots__/hook.test.js.snap.license | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap.license diff --git a/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap b/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap index 406f9bc46..c7a8885b9 100644 --- a/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap +++ b/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap @@ -1,6 +1,3 @@ -// SPDX-FileCopyrightText: the secureCodeBox authors -// -// SPDX-License-Identifier: Apache-2.0 // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`should batch multiple findings in a single call 1`] = ` diff --git a/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap.license b/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/hooks/persistence-azure-monitor/hook/__snapshots__/hook.test.js.snap.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file From f8edcf9147eeb91b26c06fcc38e726d156ada42d Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 14:39:02 +0200 Subject: [PATCH 13/16] Replace outdated license headers Signed-off-by: Heiko Kiesel --- .../kubernetes/controllers/container_scan_controller.go | 2 +- .../controllers/container_scan_controller_test.go | 2 +- auto-discovery/kubernetes/controllers/restart_scan.go | 2 +- auto-discovery/kubernetes/controllers/suite_test_util.go | 2 +- auto-discovery/kubernetes/pkg/util/checkScanConfig.go | 2 +- auto-discovery/kubernetes/pkg/util/gotemplate.go | 2 +- auto-discovery/kubernetes/pkg/util/util_suite_test.go | 2 +- .../kubernetes/pull-secret-extractor/.dockerignore | 6 +++--- auto-discovery/kubernetes/pull-secret-extractor/Dockerfile | 2 +- .../kubernetes/pull-secret-extractor/docker_image.py | 2 +- .../integration-test/package-lock.json.license | 2 +- .../integration-test/package.json.license | 2 +- .../integration-test/pull-secret-extraction.test.js | 2 +- .../pull-secret-extractor/integration-test/test-pod.sh | 2 +- auto-discovery/kubernetes/pull-secret-extractor/readme.md | 2 +- .../pull-secret-extractor/requirements.txt.license | 2 +- .../kubernetes/pull-secret-extractor/secret_extraction.py | 2 +- .../kubernetes/pull-secret-extractor/test_docker_image.py | 2 +- .../pull-secret-extractor/test_secret_extraction.py | 2 +- .../test_secrets/secret_1/.dockerconfigjson.license | 2 +- .../test_secrets/secret_1/not_a_docker_config_json.license | 2 +- .../test_secrets/secret_2/.dockerconfigjson.license | 2 +- documentation/blog/2022-01-18-log4shell.md | 2 +- hooks/persistence-azure-monitor/.helm-docs.gotmpl | 2 +- hooks/persistence-azure-monitor/.helmignore | 2 +- hooks/persistence-azure-monitor/Chart.yaml | 2 +- hooks/persistence-azure-monitor/Makefile | 2 +- hooks/persistence-azure-monitor/hook/hook.js | 2 +- hooks/persistence-azure-monitor/hook/hook.test.js | 2 +- .../hook/package-lock.json.license | 2 +- hooks/persistence-azure-monitor/hook/package.json.license | 2 +- hooks/persistence-azure-monitor/templates/NOTES.txt | 2 +- hooks/persistence-azure-monitor/templates/_helpers.tpl | 2 +- .../templates/persistence-provider.yaml | 2 +- hooks/persistence-azure-monitor/values.yaml | 2 +- scanners/doggo/scanner/wrapper.sh | 2 +- scanners/gitleaks/examples/provide-own-rules/scan.yaml | 2 +- scanners/gitleaks/examples/secureCodeBox/scan.yaml | 2 +- .../parser/__testFiles__/unresolvable-host.json.license | 2 +- scanners/sslyze/scanner/Dockerfile | 2 +- scanners/sslyze/scanner/wrapper.sh | 2 +- scanners/wpscan/scanner/Dockerfile | 2 +- scanners/wpscan/scanner/wrapper.sh | 2 +- 43 files changed, 45 insertions(+), 45 deletions(-) diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller.go b/auto-discovery/kubernetes/controllers/container_scan_controller.go index 39e051795..df56400c2 100644 --- a/auto-discovery/kubernetes/controllers/container_scan_controller.go +++ b/auto-discovery/kubernetes/controllers/container_scan_controller.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2021 iteratec GmbH +// SPDX-FileCopyrightText: the secureCodeBox authors // // SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/controllers/container_scan_controller_test.go b/auto-discovery/kubernetes/controllers/container_scan_controller_test.go index 4d6b71b65..22cfa7009 100644 --- a/auto-discovery/kubernetes/controllers/container_scan_controller_test.go +++ b/auto-discovery/kubernetes/controllers/container_scan_controller_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2021 iteratec GmbH +// SPDX-FileCopyrightText: the secureCodeBox authors // // SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/controllers/restart_scan.go b/auto-discovery/kubernetes/controllers/restart_scan.go index e2cd9533d..6ad3847a1 100644 --- a/auto-discovery/kubernetes/controllers/restart_scan.go +++ b/auto-discovery/kubernetes/controllers/restart_scan.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2021 iteratec GmbH +// SPDX-FileCopyrightText: the secureCodeBox authors // // SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/controllers/suite_test_util.go b/auto-discovery/kubernetes/controllers/suite_test_util.go index 345e4bfef..1587dc5e3 100644 --- a/auto-discovery/kubernetes/controllers/suite_test_util.go +++ b/auto-discovery/kubernetes/controllers/suite_test_util.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2021 iteratec GmbH +// SPDX-FileCopyrightText: the secureCodeBox authors // // SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pkg/util/checkScanConfig.go b/auto-discovery/kubernetes/pkg/util/checkScanConfig.go index bc5d7522d..1706a416b 100644 --- a/auto-discovery/kubernetes/pkg/util/checkScanConfig.go +++ b/auto-discovery/kubernetes/pkg/util/checkScanConfig.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2021 iteratec GmbH +// SPDX-FileCopyrightText: the secureCodeBox authors // // SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pkg/util/gotemplate.go b/auto-discovery/kubernetes/pkg/util/gotemplate.go index 141bda249..db3782635 100644 --- a/auto-discovery/kubernetes/pkg/util/gotemplate.go +++ b/auto-discovery/kubernetes/pkg/util/gotemplate.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2021 iteratec GmbH +// SPDX-FileCopyrightText: the secureCodeBox authors // // SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pkg/util/util_suite_test.go b/auto-discovery/kubernetes/pkg/util/util_suite_test.go index d18764499..29beb01b1 100644 --- a/auto-discovery/kubernetes/pkg/util/util_suite_test.go +++ b/auto-discovery/kubernetes/pkg/util/util_suite_test.go @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2021 iteratec GmbH +// SPDX-FileCopyrightText: the secureCodeBox authors // // SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore b/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore index ef00adfb8..ee0eeed1b 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore +++ b/auto-discovery/kubernetes/pull-secret-extractor/.dockerignore @@ -1,6 +1,6 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH -# -# SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: the secureCodeBox authors +// +// SPDX-License-Identifier: Apache-2.0 integration-test/* venv/* \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile b/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile index 3b5992c20..54efd3e02 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile +++ b/auto-discovery/kubernetes/pull-secret-extractor/Dockerfile @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py b/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py index 45780fb3f..d8a8039ff 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py +++ b/auto-discovery/kubernetes/pull-secret-extractor/docker_image.py @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license index 7446c9b19..3034c0d74 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license +++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package-lock.json.license @@ -1,3 +1,3 @@ -SPDX-FileCopyrightText: 2021 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license index 7446c9b19..3034c0d74 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license +++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/package.json.license @@ -1,3 +1,3 @@ -SPDX-FileCopyrightText: 2021 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js index 20502744c..2ce6990b2 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js +++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/pull-secret-extraction.test.js @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2021 iteratec GmbH +// SPDX-FileCopyrightText: the secureCodeBox authors // // SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh index 0d67da3f7..f72670cbb 100755 --- a/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh +++ b/auto-discovery/kubernetes/pull-secret-extractor/integration-test/test-pod.sh @@ -1,6 +1,6 @@ #!/bin/sh -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pull-secret-extractor/readme.md b/auto-discovery/kubernetes/pull-secret-extractor/readme.md index 35602ddcc..35dc60cbd 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/readme.md +++ b/auto-discovery/kubernetes/pull-secret-extractor/readme.md @@ -1,5 +1,5 @@ diff --git a/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license b/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license index 7446c9b19..3034c0d74 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license +++ b/auto-discovery/kubernetes/pull-secret-extractor/requirements.txt.license @@ -1,3 +1,3 @@ -SPDX-FileCopyrightText: 2021 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py b/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py index dd5b04c0b..1730a7dce 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py +++ b/auto-discovery/kubernetes/pull-secret-extractor/secret_extraction.py @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py b/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py index 48f1d03a8..945c84dd9 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py +++ b/auto-discovery/kubernetes/pull-secret-extractor/test_docker_image.py @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py b/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py index a4a2b6fdf..a0a6191eb 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py +++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secret_extraction.py @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license index 7446c9b19..3034c0d74 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license +++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/.dockerconfigjson.license @@ -1,3 +1,3 @@ -SPDX-FileCopyrightText: 2021 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license index 7446c9b19..3034c0d74 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license +++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_1/not_a_docker_config_json.license @@ -1,3 +1,3 @@ -SPDX-FileCopyrightText: 2021 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license index 7446c9b19..3034c0d74 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license +++ b/auto-discovery/kubernetes/pull-secret-extractor/test_secrets/secret_2/.dockerconfigjson.license @@ -1,3 +1,3 @@ -SPDX-FileCopyrightText: 2021 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/documentation/blog/2022-01-18-log4shell.md b/documentation/blog/2022-01-18-log4shell.md index ec53eabc8..f46bd9db0 100644 --- a/documentation/blog/2022-01-18-log4shell.md +++ b/documentation/blog/2022-01-18-log4shell.md @@ -1,5 +1,5 @@ --- -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/hooks/persistence-azure-monitor/.helm-docs.gotmpl b/hooks/persistence-azure-monitor/.helm-docs.gotmpl index c6d6e8d44..86d1378de 100644 --- a/hooks/persistence-azure-monitor/.helm-docs.gotmpl +++ b/hooks/persistence-azure-monitor/.helm-docs.gotmpl @@ -1,5 +1,5 @@ {{- /* -SPDX-FileCopyrightText: 2021 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 */ -}} diff --git a/hooks/persistence-azure-monitor/.helmignore b/hooks/persistence-azure-monitor/.helmignore index a166d1464..ba05e3013 100644 --- a/hooks/persistence-azure-monitor/.helmignore +++ b/hooks/persistence-azure-monitor/.helmignore @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 # Patterns to ignore when building packages. diff --git a/hooks/persistence-azure-monitor/Chart.yaml b/hooks/persistence-azure-monitor/Chart.yaml index 57fc13c31..c37e557db 100644 --- a/hooks/persistence-azure-monitor/Chart.yaml +++ b/hooks/persistence-azure-monitor/Chart.yaml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2022 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/hooks/persistence-azure-monitor/Makefile b/hooks/persistence-azure-monitor/Makefile index 75795cea8..e825bc975 100644 --- a/hooks/persistence-azure-monitor/Makefile +++ b/hooks/persistence-azure-monitor/Makefile @@ -1,6 +1,6 @@ #!/usr/bin/make -f # -# SPDX-FileCopyrightText: 2022 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 # diff --git a/hooks/persistence-azure-monitor/hook/hook.js b/hooks/persistence-azure-monitor/hook/hook.js index 2efae2c21..f303201f6 100644 --- a/hooks/persistence-azure-monitor/hook/hook.js +++ b/hooks/persistence-azure-monitor/hook/hook.js @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2022 iteratec GmbH +// SPDX-FileCopyrightText: the secureCodeBox authors // // SPDX-License-Identifier: Apache-2.0 diff --git a/hooks/persistence-azure-monitor/hook/hook.test.js b/hooks/persistence-azure-monitor/hook/hook.test.js index 9eb794fb9..04e500ea5 100644 --- a/hooks/persistence-azure-monitor/hook/hook.test.js +++ b/hooks/persistence-azure-monitor/hook/hook.test.js @@ -1,4 +1,4 @@ -// SPDX-FileCopyrightText: 2022 iteratec GmbH +// SPDX-FileCopyrightText: the secureCodeBox authors // // SPDX-License-Identifier: Apache-2.0 diff --git a/hooks/persistence-azure-monitor/hook/package-lock.json.license b/hooks/persistence-azure-monitor/hook/package-lock.json.license index d69bd78ce..c95bc3718 100644 --- a/hooks/persistence-azure-monitor/hook/package-lock.json.license +++ b/hooks/persistence-azure-monitor/hook/package-lock.json.license @@ -1,3 +1,3 @@ -SPDX-FileCopyrightText: 2022 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 diff --git a/hooks/persistence-azure-monitor/hook/package.json.license b/hooks/persistence-azure-monitor/hook/package.json.license index d69bd78ce..c95bc3718 100644 --- a/hooks/persistence-azure-monitor/hook/package.json.license +++ b/hooks/persistence-azure-monitor/hook/package.json.license @@ -1,3 +1,3 @@ -SPDX-FileCopyrightText: 2022 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 diff --git a/hooks/persistence-azure-monitor/templates/NOTES.txt b/hooks/persistence-azure-monitor/templates/NOTES.txt index 1e695f413..9ba8f4ff1 100644 --- a/hooks/persistence-azure-monitor/templates/NOTES.txt +++ b/hooks/persistence-azure-monitor/templates/NOTES.txt @@ -1,5 +1,5 @@ {{- /* -SPDX-FileCopyrightText: 2021 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 */}} diff --git a/hooks/persistence-azure-monitor/templates/_helpers.tpl b/hooks/persistence-azure-monitor/templates/_helpers.tpl index e910e1b3a..dc3334222 100644 --- a/hooks/persistence-azure-monitor/templates/_helpers.tpl +++ b/hooks/persistence-azure-monitor/templates/_helpers.tpl @@ -1,5 +1,5 @@ {{- /* -SPDX-FileCopyrightText: 2021 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 */ -}} diff --git a/hooks/persistence-azure-monitor/templates/persistence-provider.yaml b/hooks/persistence-azure-monitor/templates/persistence-provider.yaml index d68793d07..ebb514505 100644 --- a/hooks/persistence-azure-monitor/templates/persistence-provider.yaml +++ b/hooks/persistence-azure-monitor/templates/persistence-provider.yaml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/hooks/persistence-azure-monitor/values.yaml b/hooks/persistence-azure-monitor/values.yaml index 4d51868e6..768b3fc42 100644 --- a/hooks/persistence-azure-monitor/values.yaml +++ b/hooks/persistence-azure-monitor/values.yaml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2022 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/scanners/doggo/scanner/wrapper.sh b/scanners/doggo/scanner/wrapper.sh index 654d5128e..5604877fd 100644 --- a/scanners/doggo/scanner/wrapper.sh +++ b/scanners/doggo/scanner/wrapper.sh @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 set -e diff --git a/scanners/gitleaks/examples/provide-own-rules/scan.yaml b/scanners/gitleaks/examples/provide-own-rules/scan.yaml index 857a0ce92..7fd0f95e1 100644 --- a/scanners/gitleaks/examples/provide-own-rules/scan.yaml +++ b/scanners/gitleaks/examples/provide-own-rules/scan.yaml @@ -23,7 +23,7 @@ spec: - name: "gitleaks-config" mountPath: "/config/" -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/scanners/gitleaks/examples/secureCodeBox/scan.yaml b/scanners/gitleaks/examples/secureCodeBox/scan.yaml index f95ab6817..710945977 100644 --- a/scanners/gitleaks/examples/secureCodeBox/scan.yaml +++ b/scanners/gitleaks/examples/secureCodeBox/scan.yaml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/scanners/nikto/parser/__testFiles__/unresolvable-host.json.license b/scanners/nikto/parser/__testFiles__/unresolvable-host.json.license index c59b85a5b..c95bc3718 100644 --- a/scanners/nikto/parser/__testFiles__/unresolvable-host.json.license +++ b/scanners/nikto/parser/__testFiles__/unresolvable-host.json.license @@ -1,3 +1,3 @@ -SPDX-FileCopyrightText: 2021 iteratec GmbH +SPDX-FileCopyrightText: the secureCodeBox authors SPDX-License-Identifier: Apache-2.0 diff --git a/scanners/sslyze/scanner/Dockerfile b/scanners/sslyze/scanner/Dockerfile index 4a55c7e3c..9678ee14f 100644 --- a/scanners/sslyze/scanner/Dockerfile +++ b/scanners/sslyze/scanner/Dockerfile @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/scanners/sslyze/scanner/wrapper.sh b/scanners/sslyze/scanner/wrapper.sh index 90f40bebb..5c6800787 100644 --- a/scanners/sslyze/scanner/wrapper.sh +++ b/scanners/sslyze/scanner/wrapper.sh @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/scanners/wpscan/scanner/Dockerfile b/scanners/wpscan/scanner/Dockerfile index 5b17ce664..9ff919e27 100644 --- a/scanners/wpscan/scanner/Dockerfile +++ b/scanners/wpscan/scanner/Dockerfile @@ -1,5 +1,5 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 diff --git a/scanners/wpscan/scanner/wrapper.sh b/scanners/wpscan/scanner/wrapper.sh index 801c408fe..cb831f8dd 100644 --- a/scanners/wpscan/scanner/wrapper.sh +++ b/scanners/wpscan/scanner/wrapper.sh @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2021 iteratec GmbH +# SPDX-FileCopyrightText: the secureCodeBox authors # # SPDX-License-Identifier: Apache-2.0 From 212e936b08af8a8e0c6a6cec00d0ac521acd3ea2 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Fri, 15 Sep 2023 14:45:19 +0200 Subject: [PATCH 14/16] Add license to njk files Signed-off-by: Heiko Kiesel --- .../hook/notification-templates/msteams-messageCard.njk | 5 +++++ .../notification/hook/notification-templates/rocket-chat.njk | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/hooks/notification/hook/notification-templates/msteams-messageCard.njk b/hooks/notification/hook/notification-templates/msteams-messageCard.njk index 539b1ca34..251c703d3 100644 --- a/hooks/notification/hook/notification-templates/msteams-messageCard.njk +++ b/hooks/notification/hook/notification-templates/msteams-messageCard.njk @@ -1,3 +1,8 @@ +{# +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 +#} type: message attachments: - contentType: application/vnd.microsoft.card.adaptive diff --git a/hooks/notification/hook/notification-templates/rocket-chat.njk b/hooks/notification/hook/notification-templates/rocket-chat.njk index 12e72378c..8b6ecfb21 100644 --- a/hooks/notification/hook/notification-templates/rocket-chat.njk +++ b/hooks/notification/hook/notification-templates/rocket-chat.njk @@ -1,3 +1,8 @@ +{# +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 +#} channel: "{{ scan.metadata.annotations["notification.securecodebox.io/rocket-chat-channel"] | default(args["ROCKET_CHAT_DEFAULT_CHANNEL"], true) | safe}}" text: "New Scan Results for {{ scan.metadata.name }}" attachments: From 25b207648245da9b39ba8fa150eac572995f4995 Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Mon, 18 Sep 2023 09:08:25 +0200 Subject: [PATCH 15/16] Move SPDX license header to extra file for jest snapshots Signed-off-by: Heiko Kiesel --- scanners/cmseek/parser/__snapshots__/parser.test.js.snap | 4 ---- .../cmseek/parser/__snapshots__/parser.test.js.snap.license | 3 +++ scanners/doggo/parser/__snapshots__/parser.test.js.snap | 4 ---- .../doggo/parser/__snapshots__/parser.test.js.snap.license | 3 +++ scanners/typo3scan/parser/__snapshots__/parser.test.js.snap | 3 --- .../parser/__snapshots__/parser.test.js.snap.license | 3 +++ 6 files changed, 9 insertions(+), 11 deletions(-) create mode 100644 scanners/cmseek/parser/__snapshots__/parser.test.js.snap.license create mode 100644 scanners/doggo/parser/__snapshots__/parser.test.js.snap.license create mode 100644 scanners/typo3scan/parser/__snapshots__/parser.test.js.snap.license diff --git a/scanners/cmseek/parser/__snapshots__/parser.test.js.snap b/scanners/cmseek/parser/__snapshots__/parser.test.js.snap index 0a3308f66..61f924ef2 100644 --- a/scanners/cmseek/parser/__snapshots__/parser.test.js.snap +++ b/scanners/cmseek/parser/__snapshots__/parser.test.js.snap @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: the secureCodeBox authors -// -// SPDX-License-Identifier: Apache-2.0 - // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`parser parses result of Joomla scan with core vulnerabilities successfully 1`] = ` diff --git a/scanners/cmseek/parser/__snapshots__/parser.test.js.snap.license b/scanners/cmseek/parser/__snapshots__/parser.test.js.snap.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/cmseek/parser/__snapshots__/parser.test.js.snap.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/doggo/parser/__snapshots__/parser.test.js.snap b/scanners/doggo/parser/__snapshots__/parser.test.js.snap index 374fd3fe1..e8e78094e 100644 --- a/scanners/doggo/parser/__snapshots__/parser.test.js.snap +++ b/scanners/doggo/parser/__snapshots__/parser.test.js.snap @@ -1,7 +1,3 @@ -// SPDX-FileCopyrightText: the secureCodeBox authors -// -// SPDX-License-Identifier: Apache-2.0 - // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`should properly parse doggo json file 1`] = ` diff --git a/scanners/doggo/parser/__snapshots__/parser.test.js.snap.license b/scanners/doggo/parser/__snapshots__/parser.test.js.snap.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/doggo/parser/__snapshots__/parser.test.js.snap.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap b/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap index 9fe0d8883..9954ef3b6 100644 --- a/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap +++ b/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap @@ -1,6 +1,3 @@ -// SPDX-FileCopyrightText: the secureCodeBox authors -// -// SPDX-License-Identifier: Apache-2.0 // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`parser parses large json result with vulnerable extensions successfully 1`] = ` diff --git a/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap.license b/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap.license new file mode 100644 index 000000000..3034c0d74 --- /dev/null +++ b/scanners/typo3scan/parser/__snapshots__/parser.test.js.snap.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: the secureCodeBox authors + +SPDX-License-Identifier: Apache-2.0 \ No newline at end of file From 08f4c1896ba9aeb2bc9fa3eeb24af78ccfa0bb5e Mon Sep 17 00:00:00 2001 From: Heiko Kiesel Date: Thu, 21 Sep 2023 09:00:18 +0200 Subject: [PATCH 16/16] Specify the issue template path in dep5 file Signed-off-by: Heiko Kiesel --- .reuse/dep5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.reuse/dep5 b/.reuse/dep5 index eb1b2c89a..79f9fdf41 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -3,6 +3,6 @@ Upstream-Name: secureCodeBox Upstream-Contact: Robert Seedorff Source: https://github.com/secureCodeBox/secureCodeBox -Files: .github/*.md +Files: .github/ISSUE_TEMPLATE/*.md Copyright: the secureCodeBox authors License: Apache-2.0