Merge remote-tracking branch 'origin/main' into feature/webhook-events

Author: refoo0

.env.example

@@ -16,6 +16,8 @@ INSTANCE_DOMAIN=https://api.main.devguard.org   #Choose which version of devguar
 
 FRONTEND_URL=http://localhost:3000
 
+OSI_LICENSES_API=https://opensource.org/api/license/
+
 PDF_GENERATION_API=https://dwt-api.dev-l3montree.cloud/pdf
 # comment to disable error tracking
 ERROR_TRACKING_DSN="https://<your-error-tracking-dsn>"

.github/workflows/devguard-scanner.yaml

@@ -8,42 +8,6 @@ on:
 
 
 jobs:
-  # Secret scanning job to detect secrets in codebase
-  secret-scanning:
-    uses: l3montree-dev/devguard-action/.github/workflows/secret-scanning.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-
-    # Secret scanning job to detect secrets in codebase
-  iac:
-    uses: l3montree-dev/devguard-action/.github/workflows/iac.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-  
-  sast:
-    uses: l3montree-dev/devguard-action/.github/workflows/sast.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-
-  sca:
-    uses: l3montree-dev/devguard-action/.github/workflows/software-composition-analysis.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-      fail-on-risk: high
-      fail-on-cvss: high
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-
   golangci:
     name: lint
     runs-on: ubuntu-latest
@@ -83,158 +47,81 @@ jobs:
         name: code-coverage
         path: coverage.out
 
-  # Docker image build job
-  build-image:
-    uses: l3montree-dev/devguard-action/.github/workflows/build-image.yml@main
+
+  devguard:
+    uses: l3montree-dev/devguard-action/.github/workflows/full.yml@main
     with:
       asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
+      fail-on-risk: high
+      fail-on-cvss: high
+      should-deploy:  ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
     secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-      build-args: "--context=. --dockerfile=Dockerfile --build-arg GITHUB_REF_NAME=$GITHUB_REF_NAME"
+      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}       
+      build-args: "--context=. --dockerfile=Dockerfile --build-arg GITHUB_REF_NAME=$GITHUB_REF_NAME"       
+
 
   build-scanner-image:
     uses: l3montree-dev/devguard-action/.github/workflows/build-image.yml@main
     with:
-      image-suffix: "-scanner"
-      artifact-suffix: "-scanner"
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-scanner
+      artifact-name: "scanner"
+      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
     secrets:
       devguard-token: ${{ secrets.DEVGUARD_TOKEN }}  
       build-args: "--context=. --dockerfile=Dockerfile.scanner"
 
-  # Image scanning job to detect vulnerabilities in the built Docker image
-  container-scanning:
-    uses: l3montree-dev/devguard-action/.github/workflows/container-scanning.yml@main
-    needs: 
-    - build-image
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-      fail-on-risk: high
-      fail-on-cvss: high
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
 
   # Image scanning job to detect vulnerabilities in the built Docker image
   scanner-container-scanning:
     uses: l3montree-dev/devguard-action/.github/workflows/container-scanning.yml@main
     needs: 
     - build-scanner-image
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-scanner
-      api-url: https://api.main.devguard.org
-      artifact-suffix: "-scanner"
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-      
-  deploy:
-    needs: 
-    - build-image
-    - container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
-    uses: l3montree-dev/devguard-action/.github/workflows/deploy.yml@main
-    if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
     with:
       asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
+      artifact-name: "scanner"
     secrets:
       devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-
+      
   deploy-scanner:
     needs: 
     - build-scanner-image
     - scanner-container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
+    - devguard
     uses: l3montree-dev/devguard-action/.github/workflows/deploy.yml@main
     with:
-      artifact-suffix: "-scanner"
-      image-suffix: "-scanner"
+      artifact-name: "scanner"
       asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
     secrets:
       devguard-token: ${{ secrets.DEVGUARD_TOKEN }}     
     if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/troubleshooting-sast'
 
-  sign:
-    needs: 
-    - build-image
-    - container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
-    uses: l3montree-dev/devguard-action/.github/workflows/sign.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
-      api-url: https://api.main.devguard.org
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-    if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
 
   sign-scanner:
     needs: 
     - build-scanner-image
     - scanner-container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
+    - devguard
     uses: l3montree-dev/devguard-action/.github/workflows/sign.yml@main
-    with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-scanner
-      api-url: https://api.main.devguard.org
-      artifact-suffix: "-scanner"
-    secrets:
-      devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
-    if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
-
-  attest:
-    needs: 
-    - build-image
-    - container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
-    uses: l3montree-dev/devguard-action/.github/workflows/attest.yml@main
     with:
       asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
+      artifact-name: "scanner"
     secrets:
       devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
+    if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
 
   attest-scanner:
     needs: 
     - build-scanner-image
     - scanner-container-scanning
-    - secret-scanning
-    - sca
-    - sast
-    - golangci
-    - tests
-    - iac
+    - devguard
     uses: l3montree-dev/devguard-action/.github/workflows/attest.yml@main
     with:
-      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard-scanner
+      asset-name: l3montree-cybersecurity/projects/devguard/assets/devguard
       api-url: https://api.main.devguard.org
-      artifact-suffix: "-scanner"
+      artifact-name: "scanner"
     secrets:
       devguard-token: ${{ secrets.DEVGUARD_TOKEN }}

.kratos/kratos.docker-compose-try-it.yml

@@ -0,0 +1,113 @@
+version: v0.13.0
+
+dsn: memory
+
+session:
+  cookie:
+    name: ory_kratos_session
+
+serve:
+  public:
+    base_url: http://localhost:4433/
+    cors:
+      enabled: true
+  admin:
+    base_url: http://localhost:4434/
+
+selfservice:
+  default_browser_return_url: http://localhost:3000/
+  allowed_return_urls:
+  - http://localhost:3000
+  methods:
+    password:
+      enabled: true
+    totp:
+      config:
+        issuer: Kratos
+      enabled: true
+    lookup_secret:
+      enabled: true
+    link:
+      enabled: true
+    code:
+      enabled: true
+    passkey:
+      enabled: true
+      config:
+        rp:
+          # This MUST be your root domain (not a subdomain)
+          id: localhost:3000
+          # This MUST be the exact URL of the page which will prompt for WebAuthn!
+          # Only the scheme (https / http), host (auth.example.org), and port (4455) are relevant. The
+          # path is irrelevant.
+          origins:
+          - http://localhost:3000
+          # A display name which will be shown to the user on her/his device.
+          display_name: DevGuard
+  flows:
+    error:
+      ui_url: http://localhost:3000/error
+
+    settings:
+      ui_url: http://localhost:3000/user-settings
+      privileged_session_max_age: 15m
+      required_aal: highest_available
+
+    recovery:
+      enabled: true
+      ui_url: http://localhost:3000/recovery
+      use: code
+
+    verification:
+      enabled: true
+      ui_url: http://localhost:3000/verification
+      use: code
+      after:
+        default_browser_return_url: http://localhost:3000/
+
+    logout:
+      after:
+        default_browser_return_url: http://localhost:3000/login
+
+    login:
+      ui_url: http://localhost:3000/login
+      lifespan: 10m
+
+    registration:
+      lifespan: 10m
+      ui_url: http://localhost:3000/registration
+      after:
+        password:
+          hooks:
+          - hook: session
+
+log:
+  level: debug
+  format: text
+  leak_sensitive_values: true
+
+secrets:
+  cookie:
+  - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
+  cipher:
+  - 32-LONG-SECRET-NOT-SECURE-AT-ALL
+
+ciphers:
+  algorithm: xchacha20-poly1305
+
+hashers:
+  algorithm: bcrypt
+  bcrypt:
+    cost: 8
+
+identity:
+  default_schema_id: default
+  schemas:
+  - id: default
+    url: file:///etc/config/kratos/identity.schema.json
+
+courier:
+  smtp:
+    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
+    from_address: noreply@devguard.org
+    from_name: DevGuard

cmd/devguard-cli/commands/components.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/l3montree-dev/devguard/internal/core"
 	"github.com/l3montree-dev/devguard/internal/core/component"
+	"github.com/l3montree-dev/devguard/internal/core/vuln"
 	"github.com/l3montree-dev/devguard/internal/core/vulndb"
 	"github.com/l3montree-dev/devguard/internal/database/models"
 	"github.com/l3montree-dev/devguard/internal/database/repositories"
@@ -37,6 +38,7 @@ func newUpdateDepsDevInformation() *cobra.Command {
 			depsDevService := vulndb.NewDepsDevService()
 			componentProjectRepository := repositories.NewComponentProjectRepository(database)
 			componentRepository := repositories.NewComponentRepository(database)
+			licenseRiskService := vuln.NewLicenseRiskService(repositories.NewLicenseRiskRepository(database), repositories.NewVulnEventRepository(database))
 
 			components, err := componentRepository.All()
 			if err != nil {
@@ -48,6 +50,7 @@ func newUpdateDepsDevInformation() *cobra.Command {
 				&depsDevService,
 				componentProjectRepository,
 				componentRepository,
+				licenseRiskService,
 			)
 
 			bar := progressbar.Default(int64(len(components)))