2021-03-11 19:13:27 +05:30
import { helpPagePath } from '~/helpers/help_page_helper' ;
2021-04-17 20:07:23 +05:30
import { _ _ , s _ _ } from '~/locale' ;
2021-03-11 19:13:27 +05:30
import {
REPORT _TYPE _SAST ,
2021-12-11 22:18:48 +05:30
REPORT _TYPE _SAST _IAC ,
2021-03-11 19:13:27 +05:30
REPORT _TYPE _DAST ,
2021-04-17 20:07:23 +05:30
REPORT _TYPE _DAST _PROFILES ,
2021-03-11 19:13:27 +05:30
REPORT _TYPE _SECRET _DETECTION ,
REPORT _TYPE _DEPENDENCY _SCANNING ,
REPORT _TYPE _CONTAINER _SCANNING ,
2021-09-30 23:02:18 +05:30
REPORT _TYPE _CLUSTER _IMAGE _SCANNING ,
2021-03-11 19:13:27 +05:30
REPORT _TYPE _COVERAGE _FUZZING ,
2021-11-11 11:23:49 +05:30
REPORT _TYPE _CORPUS _MANAGEMENT ,
2021-04-17 20:07:23 +05:30
REPORT _TYPE _API _FUZZING ,
2021-03-11 19:13:27 +05:30
REPORT _TYPE _LICENSE _COMPLIANCE ,
} from '~/vue_shared/security_reports/constants' ;
2022-05-07 20:08:51 +05:30
import kontraLogo from 'images/vulnerability/kontra-logo.svg' ;
import scwLogo from 'images/vulnerability/scw-logo.svg' ;
2021-09-30 23:02:18 +05:30
import configureSastMutation from '../graphql/configure_sast.mutation.graphql' ;
2021-12-11 22:18:48 +05:30
import configureSastIacMutation from '../graphql/configure_iac.mutation.graphql' ;
2021-09-30 23:02:18 +05:30
import configureSecretDetectionMutation from '../graphql/configure_secret_detection.mutation.graphql' ;
2021-03-11 19:13:27 +05:30
/ * *
2021-10-27 15:23:28 +05:30
* Translations & helpPagePaths for Security Configuration Page
2022-01-26 12:08:38 +05:30
* Make sure to add new scanner translations to the SCANNER _NAMES _MAP below .
2021-03-11 19:13:27 +05:30
* /
2021-10-27 15:23:28 +05:30
2021-04-17 20:07:23 +05:30
export const SAST _NAME = _ _ ( 'Static Application Security Testing (SAST)' ) ;
2021-09-04 01:27:46 +05:30
export const SAST _SHORT _NAME = s _ _ ( 'ciReport|SAST' ) ;
2021-04-17 20:07:23 +05:30
export const SAST _DESCRIPTION = _ _ ( 'Analyze your source code for known vulnerabilities.' ) ;
2021-03-11 19:13:27 +05:30
export const SAST _HELP _PATH = helpPagePath ( 'user/application_security/sast/index' ) ;
2021-09-04 01:27:46 +05:30
export const SAST _CONFIG _HELP _PATH = helpPagePath ( 'user/application_security/sast/index' , {
anchor : 'configuration' ,
} ) ;
2021-03-11 19:13:27 +05:30
2021-12-11 22:18:48 +05:30
export const SAST _IAC _NAME = _ _ ( 'Infrastructure as Code (IaC) Scanning' ) ;
export const SAST _IAC _SHORT _NAME = s _ _ ( 'ciReport|IaC Scanning' ) ;
export const SAST _IAC _DESCRIPTION = _ _ (
'Analyze your infrastructure as code configuration files for known vulnerabilities.' ,
) ;
export const SAST _IAC _HELP _PATH = helpPagePath ( 'user/application_security/iac_scanning/index' ) ;
export const SAST _IAC _CONFIG _HELP _PATH = helpPagePath (
'user/application_security/iac_scanning/index' ,
{
anchor : 'configuration' ,
} ,
) ;
2021-04-17 20:07:23 +05:30
export const DAST _NAME = _ _ ( 'Dynamic Application Security Testing (DAST)' ) ;
2021-09-04 01:27:46 +05:30
export const DAST _SHORT _NAME = s _ _ ( 'ciReport|DAST' ) ;
2022-06-21 17:19:12 +05:30
export const DAST _DESCRIPTION = s _ _ (
'ciReport|Analyze a deployed version of your web application for known vulnerabilities by examining it from the outside in. DAST works by simulating external attacks on your application while it is running.' ,
) ;
2021-03-11 19:13:27 +05:30
export const DAST _HELP _PATH = helpPagePath ( 'user/application_security/dast/index' ) ;
2021-09-04 01:27:46 +05:30
export const DAST _CONFIG _HELP _PATH = helpPagePath ( 'user/application_security/dast/index' , {
2022-07-16 23:28:13 +05:30
anchor : 'enable-automatic-dast-run' ,
2021-09-04 01:27:46 +05:30
} ) ;
2022-06-21 17:19:12 +05:30
export const DAST _BADGE _TEXT = _ _ ( 'Available on-demand' ) ;
export const DAST _BADGE _TOOLTIP = _ _ (
'On-demand scans run outside of the DevOps cycle and find vulnerabilities in your projects' ,
) ;
2021-03-11 19:13:27 +05:30
2022-06-21 17:19:12 +05:30
export const DAST _PROFILES _NAME = _ _ ( 'DAST profiles' ) ;
2021-09-30 23:02:18 +05:30
export const DAST _PROFILES _DESCRIPTION = s _ _ (
'SecurityConfiguration|Manage profiles for use by DAST scans.' ,
2021-04-17 20:07:23 +05:30
) ;
export const DAST _PROFILES _HELP _PATH = helpPagePath ( 'user/application_security/dast/index' ) ;
2022-06-21 17:19:12 +05:30
export const DAST _PROFILES _CONFIG _TEXT = s _ _ ( 'SecurityConfiguration|Manage profiles' ) ;
2021-04-17 20:07:23 +05:30
export const SECRET _DETECTION _NAME = _ _ ( 'Secret Detection' ) ;
export const SECRET _DETECTION _DESCRIPTION = _ _ (
2021-03-11 19:13:27 +05:30
'Analyze your source code and git history for secrets.' ,
) ;
export const SECRET _DETECTION _HELP _PATH = helpPagePath (
'user/application_security/secret_detection/index' ,
) ;
2021-09-04 01:27:46 +05:30
export const SECRET _DETECTION _CONFIG _HELP _PATH = helpPagePath (
'user/application_security/secret_detection/index' ,
{ anchor : 'configuration' } ,
) ;
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
export const DEPENDENCY _SCANNING _NAME = _ _ ( 'Dependency Scanning' ) ;
export const DEPENDENCY _SCANNING _DESCRIPTION = _ _ (
2021-03-11 19:13:27 +05:30
'Analyze your dependencies for known vulnerabilities.' ,
) ;
export const DEPENDENCY _SCANNING _HELP _PATH = helpPagePath (
'user/application_security/dependency_scanning/index' ,
) ;
2021-09-04 01:27:46 +05:30
export const DEPENDENCY _SCANNING _CONFIG _HELP _PATH = helpPagePath (
'user/application_security/dependency_scanning/index' ,
{ anchor : 'configuration' } ,
) ;
2021-03-11 19:13:27 +05:30
2021-04-17 20:07:23 +05:30
export const CONTAINER _SCANNING _NAME = _ _ ( 'Container Scanning' ) ;
export const CONTAINER _SCANNING _DESCRIPTION = _ _ (
2021-03-11 19:13:27 +05:30
'Check your Docker images for known vulnerabilities.' ,
) ;
export const CONTAINER _SCANNING _HELP _PATH = helpPagePath (
'user/application_security/container_scanning/index' ,
) ;
2021-09-04 01:27:46 +05:30
export const CONTAINER _SCANNING _CONFIG _HELP _PATH = helpPagePath (
'user/application_security/container_scanning/index' ,
{ anchor : 'configuration' } ,
) ;
2021-03-11 19:13:27 +05:30
2021-09-30 23:02:18 +05:30
export const CLUSTER _IMAGE _SCANNING _NAME = s _ _ ( 'ciReport|Cluster Image Scanning' ) ;
export const CLUSTER _IMAGE _SCANNING _DESCRIPTION = _ _ (
'Check your Kubernetes cluster images for known vulnerabilities.' ,
) ;
export const CLUSTER _IMAGE _SCANNING _HELP _PATH = helpPagePath (
'user/application_security/cluster_image_scanning/index' ,
) ;
export const CLUSTER _IMAGE _SCANNING _CONFIG _HELP _PATH = helpPagePath (
'user/application_security/cluster_image_scanning/index' ,
{ anchor : 'configuration' } ,
) ;
2021-04-17 20:07:23 +05:30
export const COVERAGE _FUZZING _NAME = _ _ ( 'Coverage Fuzzing' ) ;
export const COVERAGE _FUZZING _DESCRIPTION = _ _ (
2021-03-11 19:13:27 +05:30
'Find bugs in your code with coverage-guided fuzzing.' ,
) ;
export const COVERAGE _FUZZING _HELP _PATH = helpPagePath (
'user/application_security/coverage_fuzzing/index' ,
) ;
2021-10-27 15:23:28 +05:30
export const COVERAGE _FUZZING _CONFIG _HELP _PATH = helpPagePath (
'user/application_security/coverage_fuzzing/index' ,
2022-07-16 23:28:13 +05:30
{ anchor : 'enable-coverage-guided-fuzz-testing' } ,
2021-10-27 15:23:28 +05:30
) ;
2021-03-11 19:13:27 +05:30
2021-11-11 11:23:49 +05:30
export const CORPUS _MANAGEMENT _NAME = _ _ ( 'Corpus Management' ) ;
export const CORPUS _MANAGEMENT _DESCRIPTION = s _ _ (
2022-04-04 11:22:00 +05:30
'SecurityConfiguration|Manage corpus files used as seed inputs with coverage-guided fuzzing.' ,
2021-11-11 11:23:49 +05:30
) ;
export const CORPUS _MANAGEMENT _CONFIG _TEXT = s _ _ ( 'SecurityConfiguration|Manage corpus' ) ;
2021-04-17 20:07:23 +05:30
export const API _FUZZING _NAME = _ _ ( 'API Fuzzing' ) ;
export const API _FUZZING _DESCRIPTION = _ _ ( 'Find bugs in your code with API fuzzing.' ) ;
export const API _FUZZING _HELP _PATH = helpPagePath ( 'user/application_security/api_fuzzing/index' ) ;
export const LICENSE _COMPLIANCE _NAME = _ _ ( 'License Compliance' ) ;
export const LICENSE _COMPLIANCE _DESCRIPTION = _ _ (
2021-03-11 19:13:27 +05:30
'Search your project dependencies for their licenses and apply policies.' ,
) ;
export const LICENSE _COMPLIANCE _HELP _PATH = helpPagePath (
'user/compliance/license_compliance/index' ,
) ;
2022-01-26 12:08:38 +05:30
export const SCANNER _NAMES _MAP = {
SAST : SAST _SHORT _NAME ,
SAST _IAC : SAST _IAC _NAME ,
DAST : DAST _SHORT _NAME ,
API _FUZZING : API _FUZZING _NAME ,
CONTAINER _SCANNING : CONTAINER _SCANNING _NAME ,
CLUSTER _IMAGE _SCANNING : CLUSTER _IMAGE _SCANNING _NAME ,
COVERAGE _FUZZING : COVERAGE _FUZZING _NAME ,
SECRET _DETECTION : SECRET _DETECTION _NAME ,
DEPENDENCY _SCANNING : DEPENDENCY _SCANNING _NAME ,
2022-08-27 11:52:29 +05:30
GENERIC : s _ _ ( 'ciReport|Manually Added' ) ,
2022-01-26 12:08:38 +05:30
} ;
2021-09-04 01:27:46 +05:30
export const securityFeatures = [
{
name : SAST _NAME ,
shortName : SAST _SHORT _NAME ,
description : SAST _DESCRIPTION ,
helpPath : SAST _HELP _PATH ,
configurationHelpPath : SAST _CONFIG _HELP _PATH ,
type : REPORT _TYPE _SAST ,
} ,
2022-01-26 12:08:38 +05:30
{
name : SAST _IAC _NAME ,
shortName : SAST _IAC _SHORT _NAME ,
description : SAST _IAC _DESCRIPTION ,
helpPath : SAST _IAC _HELP _PATH ,
configurationHelpPath : SAST _IAC _CONFIG _HELP _PATH ,
type : REPORT _TYPE _SAST _IAC ,
} ,
2021-09-04 01:27:46 +05:30
{
2022-06-21 17:19:12 +05:30
badge : {
text : DAST _BADGE _TEXT ,
tooltipText : DAST _BADGE _TOOLTIP ,
variant : 'info' ,
} ,
2021-09-04 01:27:46 +05:30
secondary : {
type : REPORT _TYPE _DAST _PROFILES ,
name : DAST _PROFILES _NAME ,
description : DAST _PROFILES _DESCRIPTION ,
configurationText : DAST _PROFILES _CONFIG _TEXT ,
} ,
2022-06-21 17:19:12 +05:30
name : DAST _NAME ,
shortName : DAST _SHORT _NAME ,
description : DAST _DESCRIPTION ,
helpPath : DAST _HELP _PATH ,
configurationHelpPath : DAST _CONFIG _HELP _PATH ,
type : REPORT _TYPE _DAST ,
2022-08-13 15:12:31 +05:30
anchor : 'dast' ,
2021-09-04 01:27:46 +05:30
} ,
{
name : DEPENDENCY _SCANNING _NAME ,
description : DEPENDENCY _SCANNING _DESCRIPTION ,
helpPath : DEPENDENCY _SCANNING _HELP _PATH ,
configurationHelpPath : DEPENDENCY _SCANNING _CONFIG _HELP _PATH ,
type : REPORT _TYPE _DEPENDENCY _SCANNING ,
2022-08-13 15:12:31 +05:30
anchor : 'dependency-scanning' ,
2021-09-04 01:27:46 +05:30
} ,
{
name : CONTAINER _SCANNING _NAME ,
description : CONTAINER _SCANNING _DESCRIPTION ,
helpPath : CONTAINER _SCANNING _HELP _PATH ,
configurationHelpPath : CONTAINER _SCANNING _CONFIG _HELP _PATH ,
type : REPORT _TYPE _CONTAINER _SCANNING ,
} ,
2021-09-30 23:02:18 +05:30
{
name : CLUSTER _IMAGE _SCANNING _NAME ,
description : CLUSTER _IMAGE _SCANNING _DESCRIPTION ,
helpPath : CLUSTER _IMAGE _SCANNING _HELP _PATH ,
configurationHelpPath : CLUSTER _IMAGE _SCANNING _CONFIG _HELP _PATH ,
type : REPORT _TYPE _CLUSTER _IMAGE _SCANNING ,
} ,
2021-09-04 01:27:46 +05:30
{
name : SECRET _DETECTION _NAME ,
description : SECRET _DETECTION _DESCRIPTION ,
helpPath : SECRET _DETECTION _HELP _PATH ,
configurationHelpPath : SECRET _DETECTION _CONFIG _HELP _PATH ,
type : REPORT _TYPE _SECRET _DETECTION ,
} ,
{
name : API _FUZZING _NAME ,
description : API _FUZZING _DESCRIPTION ,
helpPath : API _FUZZING _HELP _PATH ,
type : REPORT _TYPE _API _FUZZING ,
} ,
{
name : COVERAGE _FUZZING _NAME ,
description : COVERAGE _FUZZING _DESCRIPTION ,
helpPath : COVERAGE _FUZZING _HELP _PATH ,
2021-10-27 15:23:28 +05:30
configurationHelpPath : COVERAGE _FUZZING _CONFIG _HELP _PATH ,
2021-09-04 01:27:46 +05:30
type : REPORT _TYPE _COVERAGE _FUZZING ,
2022-05-07 20:08:51 +05:30
secondary : {
type : REPORT _TYPE _CORPUS _MANAGEMENT ,
name : CORPUS _MANAGEMENT _NAME ,
description : CORPUS _MANAGEMENT _DESCRIPTION ,
configurationText : CORPUS _MANAGEMENT _CONFIG _TEXT ,
} ,
2021-09-04 01:27:46 +05:30
} ,
] ;
export const complianceFeatures = [
{
name : LICENSE _COMPLIANCE _NAME ,
description : LICENSE _COMPLIANCE _DESCRIPTION ,
helpPath : LICENSE _COMPLIANCE _HELP _PATH ,
type : REPORT _TYPE _LICENSE _COMPLIANCE ,
} ,
] ;
2021-06-08 01:23:25 +05:30
export const featureToMutationMap = {
[ REPORT _TYPE _SAST ] : {
mutationId : 'configureSast' ,
getMutationPayload : ( projectPath ) => ( {
mutation : configureSastMutation ,
variables : {
input : {
projectPath ,
configuration : { global : [ ] , pipeline : [ ] , analyzers : [ ] } ,
} ,
} ,
} ) ,
} ,
2022-01-26 12:08:38 +05:30
[ REPORT _TYPE _SAST _IAC ] : {
mutationId : 'configureSastIac' ,
getMutationPayload : ( projectPath ) => ( {
mutation : configureSastIacMutation ,
variables : {
input : {
projectPath ,
2021-12-11 22:18:48 +05:30
} ,
2022-01-26 12:08:38 +05:30
} ,
} ) ,
} ,
2021-09-30 23:02:18 +05:30
[ REPORT _TYPE _SECRET _DETECTION ] : {
mutationId : 'configureSecretDetection' ,
getMutationPayload : ( projectPath ) => ( {
mutation : configureSecretDetectionMutation ,
variables : {
input : {
projectPath ,
} ,
} ,
} ) ,
} ,
2021-06-08 01:23:25 +05:30
} ;
2021-10-27 15:23:28 +05:30
export const AUTO _DEVOPS _ENABLED _ALERT _DISMISSED _STORAGE _KEY =
'security_configuration_auto_devops_enabled_dismissed_projects' ;
2022-05-07 20:08:51 +05:30
// Fetch the svg path from the GraphQL query once this issue is resolved
// https://gitlab.com/gitlab-org/gitlab/-/issues/346899
export const TEMP _PROVIDER _LOGOS = {
Kontra : {
svg : kontraLogo ,
} ,
[ _ _ ( 'Secure Code Warrior' ) ] : {
svg : scwLogo ,
} ,
} ;
// Use the `url` field from the GraphQL query once this issue is resolved
// https://gitlab.com/gitlab-org/gitlab/-/issues/356129
export const TEMP _PROVIDER _URLS = {
Kontra : 'https://application.security/' ,
[ _ _ ( 'Secure Code Warrior' ) ] : 'https://www.securecodewarrior.com/' ,
} ;
