2021-03-11 19:13:27 +05:30
import { helpPagePath } from '~/helpers/help_page_helper' ;
2021-04-17 20:07:23 +05:30
import { _ _ , s _ _ } from '~/locale' ;
2021-03-11 19:13:27 +05:30
import {
REPORT _TYPE _SAST ,
2021-12-11 22:18:48 +05:30
REPORT _TYPE _SAST _IAC ,
2021-03-11 19:13:27 +05:30
REPORT _TYPE _DAST ,
2021-04-17 20:07:23 +05:30
REPORT _TYPE _DAST _PROFILES ,
2023-06-20 00:43:36 +05:30
REPORT _TYPE _BREACH _AND _ATTACK _SIMULATION ,
2021-03-11 19:13:27 +05:30
REPORT _TYPE _SECRET _DETECTION ,
REPORT _TYPE _DEPENDENCY _SCANNING ,
REPORT _TYPE _CONTAINER _SCANNING ,
REPORT _TYPE _COVERAGE _FUZZING ,
2021-11-11 11:23:49 +05:30
REPORT _TYPE _CORPUS _MANAGEMENT ,
2021-04-17 20:07:23 +05:30
REPORT _TYPE _API _FUZZING ,
2021-03-11 19:13:27 +05:30
} from '~/vue_shared/security_reports/constants' ;
2022-05-07 20:08:51 +05:30
import kontraLogo from 'images/vulnerability/kontra-logo.svg' ;
import scwLogo from 'images/vulnerability/scw-logo.svg' ;
2023-07-09 08:55:56 +05:30
import secureflagLogo from 'images/vulnerability/secureflag-logo.svg' ;
2021-09-30 23:02:18 +05:30
import configureSastMutation from '../graphql/configure_sast.mutation.graphql' ;
2021-12-11 22:18:48 +05:30
import configureSastIacMutation from '../graphql/configure_iac.mutation.graphql' ;
2021-09-30 23:02:18 +05:30
import configureSecretDetectionMutation from '../graphql/configure_secret_detection.mutation.graphql' ;
2021-03-11 19:13:27 +05:30
/ * *
2021-10-27 15:23:28 +05:30
* Translations & helpPagePaths for Security Configuration Page
2022-01-26 12:08:38 +05:30
* Make sure to add new scanner translations to the SCANNER _NAMES _MAP below .
2021-03-11 19:13:27 +05:30
* /
2021-10-27 15:23:28 +05:30
2021-04-17 20:07:23 +05:30
export const SAST _NAME = _ _ ( 'Static Application Security Testing (SAST)' ) ;
2021-09-04 01:27:46 +05:30
export const SAST _SHORT _NAME = s _ _ ( 'ciReport|SAST' ) ;
2021-04-17 20:07:23 +05:30
export const SAST _DESCRIPTION = _ _ ( 'Analyze your source code for known vulnerabilities.' ) ;
2021-03-11 19:13:27 +05:30
export const SAST _HELP _PATH = helpPagePath ( 'user/application_security/sast/index' ) ;
2021-09-04 01:27:46 +05:30
export const SAST _CONFIG _HELP _PATH = helpPagePath ( 'user/application_security/sast/index' , {
anchor : 'configuration' ,
} ) ;
2021-03-11 19:13:27 +05:30
2021-12-11 22:18:48 +05:30
export const SAST _IAC _NAME = _ _ ( 'Infrastructure as Code (IaC) Scanning' ) ;
2023-05-27 22:25:52 +05:30
export const SAST _IAC _SHORT _NAME = s _ _ ( 'ciReport|SAST IaC' ) ;
2021-12-11 22:18:48 +05:30
export const SAST _IAC _DESCRIPTION = _ _ (
'Analyze your infrastructure as code configuration files for known vulnerabilities.' ,
) ;
export const SAST _IAC _HELP _PATH = helpPagePath ( 'user/application_security/iac_scanning/index' ) ;
export const SAST _IAC _CONFIG _HELP _PATH = helpPagePath (
'user/application_security/iac_scanning/index' ,
{
anchor : 'configuration' ,
} ,
) ;
2021-04-17 20:07:23 +05:30
export const DAST _NAME = _ _ ( 'Dynamic Application Security Testing (DAST)' ) ;
2021-09-04 01:27:46 +05:30
export const DAST _SHORT _NAME = s _ _ ( 'ciReport|DAST' ) ;
2022-06-21 17:19:12 +05:30
export const DAST _DESCRIPTION = s _ _ (
'ciReport|Analyze a deployed version of your web application for known vulnerabilities by examining it from the outside in. DAST works by simulating external attacks on your application while it is running.' ,
) ;
2021-03-11 19:13:27 +05:30
export const DAST _HELP _PATH = helpPagePath ( 'user/application_security/dast/index' ) ;
2021-09-04 01:27:46 +05:30
export const DAST _CONFIG _HELP _PATH = helpPagePath ( 'user/application_security/dast/index' , {
2022-07-16 23:28:13 +05:30
anchor : 'enable-automatic-dast-run' ,
2021-09-04 01:27:46 +05:30
} ) ;
2022-06-21 17:19:12 +05:30
export const DAST _BADGE _TEXT = _ _ ( 'Available on-demand' ) ;
export const DAST _BADGE _TOOLTIP = _ _ (
'On-demand scans run outside of the DevOps cycle and find vulnerabilities in your projects' ,
) ;
2021-03-11 19:13:27 +05:30
2022-06-21 17:19:12 +05:30
export const DAST _PROFILES _NAME = _ _ ( 'DAST profiles' ) ;
2021-09-30 23:02:18 +05:30
export const DAST _PROFILES _DESCRIPTION = s _ _ (
'SecurityConfiguration|Manage profiles for use by DAST scans.' ,
2021-04-17 20:07:23 +05:30
) ;
2022-06-21 17:19:12 +05:30
export const DAST _PROFILES _CONFIG _TEXT = s _ _ ( 'SecurityConfiguration|Manage profiles' ) ;
2021-04-17 20:07:23 +05:30
2023-06-20 00:43:36 +05:30
export const BAS _BADGE _TEXT = s _ _ ( 'SecurityConfiguration|Incubating feature' ) ;
export const BAS _BADGE _TOOLTIP = s _ _ (
'SecurityConfiguration|Breach and Attack Simulation is an incubating feature extending existing security testing by simulating adversary activity.' ,
) ;
export const BAS _DESCRIPTION = s _ _ (
'SecurityConfiguration|Simulate breach and attack scenarios against your running application by attempting to detect and exploit known vulnerabilities.' ,
) ;
export const BAS _HELP _PATH = helpPagePath (
'user/application_security/breach_and_attack_simulation/index' ,
) ;
export const BAS _NAME = s _ _ ( 'SecurityConfiguration|Breach and Attack Simulation (BAS)' ) ;
export const BAS _SHORT _NAME = s _ _ ( 'SecurityConfiguration|BAS' ) ;
export const BAS _DAST _FEATURE _FLAG _DESCRIPTION = s _ _ (
'SecurityConfiguration|Enable incubating Breach and Attack Simulation focused features such as callback attacks in your DAST scans.' ,
) ;
export const BAS _DAST _FEATURE _FLAG _HELP _PATH = helpPagePath (
'user/application_security/breach_and_attack_simulation/index' ,
{ anchor : 'extend-dynamic-application-security-testing-dast' } ,
) ;
export const BAS _DAST _FEATURE _FLAG _NAME = s _ _ (
'SecurityConfiguration|Out-of-Band Application Security Testing (OAST)' ,
) ;
2021-04-17 20:07:23 +05:30
export const SECRET _DETECTION _NAME = _ _ ( 'Secret Detection' ) ;
export const SECRET _DETECTION _DESCRIPTION = _ _ (
2021-03-11 19:13:27 +05:30
'Analyze your source code and git history for secrets.' ,
) ;
export const SECRET _DETECTION _HELP _PATH = helpPagePath (
'user/application_security/secret_detection/index' ,
) ;
2021-09-04 01:27:46 +05:30
export const SECRET _DETECTION _CONFIG _HELP _PATH = helpPagePath (
'user/application_security/secret_detection/index' ,
{ anchor : 'configuration' } ,
) ;
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
export const DEPENDENCY _SCANNING _NAME = _ _ ( 'Dependency Scanning' ) ;
export const DEPENDENCY _SCANNING _DESCRIPTION = _ _ (
2021-03-11 19:13:27 +05:30
'Analyze your dependencies for known vulnerabilities.' ,
) ;
export const DEPENDENCY _SCANNING _HELP _PATH = helpPagePath (
'user/application_security/dependency_scanning/index' ,
) ;
2021-09-04 01:27:46 +05:30
export const DEPENDENCY _SCANNING _CONFIG _HELP _PATH = helpPagePath (
'user/application_security/dependency_scanning/index' ,
{ anchor : 'configuration' } ,
) ;
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
export const CONTAINER _SCANNING _NAME = _ _ ( 'Container Scanning' ) ;
export const CONTAINER _SCANNING _DESCRIPTION = _ _ (
2021-03-11 19:13:27 +05:30
'Check your Docker images for known vulnerabilities.' ,
) ;
export const CONTAINER _SCANNING _HELP _PATH = helpPagePath (
'user/application_security/container_scanning/index' ,
) ;
2021-09-04 01:27:46 +05:30
export const CONTAINER _SCANNING _CONFIG _HELP _PATH = helpPagePath (
'user/application_security/container_scanning/index' ,
{ anchor : 'configuration' } ,
) ;
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
export const COVERAGE _FUZZING _NAME = _ _ ( 'Coverage Fuzzing' ) ;
export const COVERAGE _FUZZING _DESCRIPTION = _ _ (
2021-03-11 19:13:27 +05:30
'Find bugs in your code with coverage-guided fuzzing.' ,
) ;
export const COVERAGE _FUZZING _HELP _PATH = helpPagePath (
'user/application_security/coverage_fuzzing/index' ,
) ;
2021-10-27 15:23:28 +05:30
export const COVERAGE _FUZZING _CONFIG _HELP _PATH = helpPagePath (
'user/application_security/coverage_fuzzing/index' ,
2022-07-16 23:28:13 +05:30
{ anchor : 'enable-coverage-guided-fuzz-testing' } ,
2021-10-27 15:23:28 +05:30
) ;
2021-03-11 19:13:27 +05:30
2021-11-11 11:23:49 +05:30
export const CORPUS _MANAGEMENT _NAME = _ _ ( 'Corpus Management' ) ;
export const CORPUS _MANAGEMENT _DESCRIPTION = s _ _ (
2022-04-04 11:22:00 +05:30
'SecurityConfiguration|Manage corpus files used as seed inputs with coverage-guided fuzzing.' ,
2021-11-11 11:23:49 +05:30
) ;
export const CORPUS _MANAGEMENT _CONFIG _TEXT = s _ _ ( 'SecurityConfiguration|Manage corpus' ) ;
2021-04-17 20:07:23 +05:30
export const API _FUZZING _NAME = _ _ ( 'API Fuzzing' ) ;
export const API _FUZZING _DESCRIPTION = _ _ ( 'Find bugs in your code with API fuzzing.' ) ;
export const API _FUZZING _HELP _PATH = helpPagePath ( 'user/application_security/api_fuzzing/index' ) ;
2023-07-09 08:55:56 +05:30
export const CLUSTER _IMAGE _SCANNING _NAME = s _ _ ( 'ciReport|Cluster Image Scanning' ) ;
2021-03-11 19:13:27 +05:30
2022-01-26 12:08:38 +05:30
export const SCANNER _NAMES _MAP = {
SAST : SAST _SHORT _NAME ,
SAST _IAC : SAST _IAC _NAME ,
DAST : DAST _SHORT _NAME ,
API _FUZZING : API _FUZZING _NAME ,
CONTAINER _SCANNING : CONTAINER _SCANNING _NAME ,
COVERAGE _FUZZING : COVERAGE _FUZZING _NAME ,
SECRET _DETECTION : SECRET _DETECTION _NAME ,
DEPENDENCY _SCANNING : DEPENDENCY _SCANNING _NAME ,
2023-07-09 08:55:56 +05:30
BREACH _AND _ATTACK _SIMULATION : BAS _NAME ,
CLUSTER _IMAGE _SCANNING : CLUSTER _IMAGE _SCANNING _NAME ,
2022-10-11 01:57:18 +05:30
GENERIC : s _ _ ( 'ciReport|Manually added' ) ,
2022-01-26 12:08:38 +05:30
} ;
2021-09-04 01:27:46 +05:30
export const securityFeatures = [
{
name : SAST _NAME ,
shortName : SAST _SHORT _NAME ,
description : SAST _DESCRIPTION ,
helpPath : SAST _HELP _PATH ,
configurationHelpPath : SAST _CONFIG _HELP _PATH ,
type : REPORT _TYPE _SAST ,
} ,
2022-01-26 12:08:38 +05:30
{
name : SAST _IAC _NAME ,
shortName : SAST _IAC _SHORT _NAME ,
description : SAST _IAC _DESCRIPTION ,
helpPath : SAST _IAC _HELP _PATH ,
configurationHelpPath : SAST _IAC _CONFIG _HELP _PATH ,
type : REPORT _TYPE _SAST _IAC ,
} ,
2021-09-04 01:27:46 +05:30
{
2022-06-21 17:19:12 +05:30
badge : {
text : DAST _BADGE _TEXT ,
tooltipText : DAST _BADGE _TOOLTIP ,
variant : 'info' ,
} ,
2021-09-04 01:27:46 +05:30
secondary : {
type : REPORT _TYPE _DAST _PROFILES ,
name : DAST _PROFILES _NAME ,
description : DAST _PROFILES _DESCRIPTION ,
configurationText : DAST _PROFILES _CONFIG _TEXT ,
} ,
2022-06-21 17:19:12 +05:30
name : DAST _NAME ,
shortName : DAST _SHORT _NAME ,
description : DAST _DESCRIPTION ,
helpPath : DAST _HELP _PATH ,
configurationHelpPath : DAST _CONFIG _HELP _PATH ,
type : REPORT _TYPE _DAST ,
2022-08-13 15:12:31 +05:30
anchor : 'dast' ,
2021-09-04 01:27:46 +05:30
} ,
{
name : DEPENDENCY _SCANNING _NAME ,
description : DEPENDENCY _SCANNING _DESCRIPTION ,
helpPath : DEPENDENCY _SCANNING _HELP _PATH ,
configurationHelpPath : DEPENDENCY _SCANNING _CONFIG _HELP _PATH ,
type : REPORT _TYPE _DEPENDENCY _SCANNING ,
2022-08-13 15:12:31 +05:30
anchor : 'dependency-scanning' ,
2021-09-04 01:27:46 +05:30
} ,
{
name : CONTAINER _SCANNING _NAME ,
description : CONTAINER _SCANNING _DESCRIPTION ,
helpPath : CONTAINER _SCANNING _HELP _PATH ,
configurationHelpPath : CONTAINER _SCANNING _CONFIG _HELP _PATH ,
type : REPORT _TYPE _CONTAINER _SCANNING ,
} ,
{
name : SECRET _DETECTION _NAME ,
description : SECRET _DETECTION _DESCRIPTION ,
helpPath : SECRET _DETECTION _HELP _PATH ,
configurationHelpPath : SECRET _DETECTION _CONFIG _HELP _PATH ,
type : REPORT _TYPE _SECRET _DETECTION ,
} ,
{
name : API _FUZZING _NAME ,
description : API _FUZZING _DESCRIPTION ,
helpPath : API _FUZZING _HELP _PATH ,
type : REPORT _TYPE _API _FUZZING ,
} ,
{
name : COVERAGE _FUZZING _NAME ,
description : COVERAGE _FUZZING _DESCRIPTION ,
helpPath : COVERAGE _FUZZING _HELP _PATH ,
2021-10-27 15:23:28 +05:30
configurationHelpPath : COVERAGE _FUZZING _CONFIG _HELP _PATH ,
2021-09-04 01:27:46 +05:30
type : REPORT _TYPE _COVERAGE _FUZZING ,
2022-05-07 20:08:51 +05:30
secondary : {
type : REPORT _TYPE _CORPUS _MANAGEMENT ,
name : CORPUS _MANAGEMENT _NAME ,
description : CORPUS _MANAGEMENT _DESCRIPTION ,
configurationText : CORPUS _MANAGEMENT _CONFIG _TEXT ,
} ,
2021-09-04 01:27:46 +05:30
} ,
2023-06-20 00:43:36 +05:30
{
anchor : 'bas' ,
badge : {
alwaysDisplay : true ,
text : BAS _BADGE _TEXT ,
tooltipText : BAS _BADGE _TOOLTIP ,
variant : 'info' ,
} ,
description : BAS _DESCRIPTION ,
name : BAS _NAME ,
helpPath : BAS _HELP _PATH ,
secondary : {
configurationHelpPath : BAS _DAST _FEATURE _FLAG _HELP _PATH ,
description : BAS _DAST _FEATURE _FLAG _DESCRIPTION ,
name : BAS _DAST _FEATURE _FLAG _NAME ,
} ,
shortName : BAS _SHORT _NAME ,
type : REPORT _TYPE _BREACH _AND _ATTACK _SIMULATION ,
} ,
2021-09-04 01:27:46 +05:30
] ;
2021-06-08 01:23:25 +05:30
export const featureToMutationMap = {
[ REPORT _TYPE _SAST ] : {
mutationId : 'configureSast' ,
getMutationPayload : ( projectPath ) => ( {
mutation : configureSastMutation ,
variables : {
input : {
projectPath ,
configuration : { global : [ ] , pipeline : [ ] , analyzers : [ ] } ,
} ,
} ,
} ) ,
} ,
2022-01-26 12:08:38 +05:30
[ REPORT _TYPE _SAST _IAC ] : {
mutationId : 'configureSastIac' ,
getMutationPayload : ( projectPath ) => ( {
mutation : configureSastIacMutation ,
variables : {
input : {
projectPath ,
2021-12-11 22:18:48 +05:30
} ,
2022-01-26 12:08:38 +05:30
} ,
} ) ,
} ,
2021-09-30 23:02:18 +05:30
[ REPORT _TYPE _SECRET _DETECTION ] : {
mutationId : 'configureSecretDetection' ,
getMutationPayload : ( projectPath ) => ( {
mutation : configureSecretDetectionMutation ,
variables : {
input : {
projectPath ,
} ,
} ,
} ) ,
} ,
2021-06-08 01:23:25 +05:30
} ;
2021-10-27 15:23:28 +05:30
export const AUTO _DEVOPS _ENABLED _ALERT _DISMISSED _STORAGE _KEY =
'security_configuration_auto_devops_enabled_dismissed_projects' ;
2022-05-07 20:08:51 +05:30
// Fetch the svg path from the GraphQL query once this issue is resolved
// https://gitlab.com/gitlab-org/gitlab/-/issues/346899
export const TEMP _PROVIDER _LOGOS = {
Kontra : {
svg : kontraLogo ,
} ,
[ _ _ ( 'Secure Code Warrior' ) ] : {
svg : scwLogo ,
} ,
2023-07-09 08:55:56 +05:30
SecureFlag : {
svg : secureflagLogo ,
} ,
2022-05-07 20:08:51 +05:30
} ;
// Use the `url` field from the GraphQL query once this issue is resolved
// https://gitlab.com/gitlab-org/gitlab/-/issues/356129
export const TEMP _PROVIDER _URLS = {
Kontra : 'https://application.security/' ,
[ _ _ ( 'Secure Code Warrior' ) ] : 'https://www.securecodewarrior.com/' ,
2023-07-09 08:55:56 +05:30
SecureFlag : 'https://www.secureflag.com/' ,
2022-05-07 20:08:51 +05:30
} ;