Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs(ci): move to using stand alone ci examples #1371

Merged
merged 1 commit into from
Nov 6, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions docs/.eleventy.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,9 @@ const markdownItAnchor = require("markdown-it-anchor")
const pluginTOC = require("eleventy-plugin-toc")
const now = String(Date.now())
const path = require("path")
const fs = require("fs")
const mermaid = require("./_src/_plugins/mermaid")
const nav = require("./_data/nav")

const mdSetup = markdownIt({ html: true })
.use(markdownItEmoji)
Expand Down Expand Up @@ -48,6 +50,35 @@ module.exports = function (eleventyConfig) {
eleventyConfig.addShortcode("version", function () {
return now
})
eleventyConfig.addShortcode("sectionLinks", function (sectionName) {
const section = nav.find(item => item.name == sectionName)
let out = ""
if(section){
section.items.forEach(item => {
out += `- [${item.name}](${item.url})\n`
})
}

return out
})

// {% yamlExample "ci/gitlab/basic" %}
eleventyConfig.addShortcode('yamlExample', function (exampleName) {
const example = fs.readFileSync(`./_data/examples/${exampleName}.yaml`, 'utf8')
return '```yaml\n' + example + '\n```';
});

eleventyConfig.addShortcode('githubAction', function(data){
out = "| Option | Description | Default |\n"
out += "| - | - | - |\n"
Object.keys(data).sort().forEach(key => {
const item = data[key]
const default_val = item.default ? "`"+item.default+"`" : ""
out += `| **${key}** | ${item.description} | ${default_val} |\n`
});
return out
})

eleventyConfig.setLibrary("md", mdSetup)
eleventyConfig.addPlugin(EleventyHtmlBasePlugin, {
baseHref: "/",
Expand Down
18 changes: 18 additions & 0 deletions docs/_data/examples/ci/circleci/basic.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
version: 2.1

jobs:
bearer:
machine:
image: ubuntu-2204:2023.07.2
environment:
# Set to default branch of your repo
DEFAULT_BRANCH: main
steps:
- checkout
- run: curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh -s -- -b /tmp
- run: CURRENT_BRANCH=$CIRCLE_BRANCH SHA=$CIRCLE_SHA1 /tmp/bearer scan .

workflows:
test:
jobs:
- bearer
29 changes: 29 additions & 0 deletions docs/_data/examples/ci/circleci/reviewdog.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
version: 2.1

jobs:
bearer:
machine:
image: ubuntu-2204:2023.07.2
environment:
# Set to default branch of your repo
DEFAULT_BRANCH: main
steps:
- checkout
- run: curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh -s -- -b /tmp
- run: curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b /tmp
- run: |
CURRENT_BRANCH=$CIRCLE_BRANCH SHA=$CIRCLE_SHA1 /tmp/bearer scan . --format=rdjson --output=rd.json || export BEARER_EXIT=$?
cat rd.json | REVIEWDOG_GITHUB_API_TOKEN=$GITHUB_TOKEN /tmp/reviewdog -f=rdjson -reporter=github-pr-review
exit $BEARER_EXIT

workflows:
test:
jobs:
- bearer:
filters:
branches:
# No need to run a check on default branch
ignore: main
context:
- bearer
# make sure to set GITHUB_TOKEN in your context
21 changes: 21 additions & 0 deletions docs/_data/examples/ci/github/basic-with-options.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Bearer

on:
push:
branches:
- main

permissions:
contents: read

jobs:
rule_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Bearer
uses: bearer/bearer-action@v2
with:
config-file: '/some/path/bearer.yml'
only-rule: 'ruby_lang_cookies,ruby_lang_http_post_insecure_with_data'
skip-path: 'users/*.go,users/admin.sql'
17 changes: 17 additions & 0 deletions docs/_data/examples/ci/github/basic.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Bearer

on:
push:
branches:
- main

permissions:
contents: read

jobs:
rule_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Bearer
uses: bearer/bearer-action@v2
17 changes: 17 additions & 0 deletions docs/_data/examples/ci/github/cloud.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Bearer
on:
push:
branches:
- main
permissions:
contents: read
jobs:
rule_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Report
id: report
uses: bearer/bearer-action@v2
with:
api-key: ${{ secrets.BEARER_TOKEN }}
29 changes: 29 additions & 0 deletions docs/_data/examples/ci/github/defect-dojo.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Bearer Defect Dojo

on:
push:
branches:
- main

permissions:
contents: read

jobs:
rule_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Report
id: report
uses: bearer/bearer-action@v2
with:
format: gitlab-sast
output: gl-sast-report.json
- name: Defect Dojo
if: always()
env:
DD_TOKEN: ${{ secrets.DD_TOKEN}}
DD_APP: ${{ secrets.DD_APP}}
DD_ENGAGEMENT: ${{ secrets.DD_ENGAGEMENT}}
run: |
curl -X POST -F "[email protected]" -F "product_name=$DD_APP" -F "engagement_name=$DD_ENGAGEMENT" -F "scan_type=GitLab SAST Report" -H "Authorization: Token $DD_TOKEN" http://example.com/api/v2/import-scan/
30 changes: 30 additions & 0 deletions docs/_data/examples/ci/github/diff-reviewdog.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Bearer PR Check

on:
pull_request:
types: [opened, synchronize, reopened]

permissions:
contents: read
pull-requests: write

jobs:
rule_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: reviewdog/action-setup@v1
with:
reviewdog_version: latest
- name: Bearer
uses: bearer/bearer-action@v2
with:
format: rdjson
output: rd.json
diff: true
- name: Run reviewdog
if: always()
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cat rd.json | reviewdog -f=rdjson -reporter=github-pr-review
18 changes: 18 additions & 0 deletions docs/_data/examples/ci/github/diff.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Bearer PR Check

on:
pull_request:
types: [opened, synchronize, reopened]

permissions:
contents: read

jobs:
rule_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Bearer
uses: bearer/bearer-action@v2
with:
diff: true
25 changes: 25 additions & 0 deletions docs/_data/examples/ci/github/sarif.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Bearer

on:
push:
branches:
- main

permissions:
contents: read

jobs:
rule_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Bearer
uses: bearer/bearer-action@v2
with:
format: sarif
output: results.sarif
- name: Upload SARIF file
if: always()
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
5 changes: 5 additions & 0 deletions docs/_data/examples/ci/gitlab/basic.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
bearer:
image:
name: bearer/bearer
entrypoint: [ "" ]
script: bearer scan .
5 changes: 5 additions & 0 deletions docs/_data/examples/ci/gitlab/cloud.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
bearer:
image:
name: bearer/bearer
entrypoint: [ "" ]
script: bearer scan . --api-key=$BEARER_TOKEN
10 changes: 10 additions & 0 deletions docs/_data/examples/ci/gitlab/diff-reviewdog.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
bearer_mr:
variables:
DIFF_BASE_BRANCH: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME
DIFF_BASE_COMMIT: $CI_MERGE_REQUEST_DIFF_BASE_SHA
script:
- curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh -s -- -b /usr/local/bin
- curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b /usr/local/bin
- bearer scan . --format=rdjson --output=rd.json || export BEARER_EXIT=$?
- cat rd.json | reviewdog -f=rdjson -reporter=gitlab-mr-discussion
- exit $BEARER_EXIT
8 changes: 8 additions & 0 deletions docs/_data/examples/ci/gitlab/diff.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
bearer_mr:
image:
name: bearer/bearer
entrypoint: [ "" ]
variables:
DIFF_BASE_BRANCH: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME
DIFF_BASE_COMMIT: $CI_MERGE_REQUEST_DIFF_BASE_SHA
script: bearer scan .
9 changes: 9 additions & 0 deletions docs/_data/examples/ci/gitlab/sast.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
bearer:
image:
name: bearer/bearer
entrypoint: [ "" ]
script:
- bearer scan . --format gitlab-sast --output gl-sast-report.json
artifacts:
reports:
sast: gl-sast-report.json
1 change: 1 addition & 0 deletions docs/_data/meta.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,6 @@ module.exports = {
links: {
discord: "https://discord.gg/eaHZBJUXRF",
issues: "https://github.com/Bearer/bearer/issues",
action: "https://github.com/marketplace/actions/bearer-action"
},
};
6 changes: 1 addition & 5 deletions docs/explanations/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,4 @@ title: Explanations

Explanations dive into the rational behind Bearer CLI and explain some of its heavier concepts.

- [How Bearer CLI works](/explanations/workflow/)
- [Sensitive data flow](/explanations/discovery-and-classification/)
- [Report types](/explanations/reports/)
- [Scanner Types](/explanations/scanners/)
- [Dynamic Severity Levels](/explanations/severity/)
{% sectionLinks "Explanations" %}
35 changes: 2 additions & 33 deletions docs/guides/bearer-cloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,46 +49,15 @@ bearer scan project-folder --api-key=XXXXXXXX

Using the same setup process found in [the GitHub action guide](/guides/github-action/), configure the action to run `with` the `api-key` option. For example:

```yaml
# .github/workflows/bearer.yml
name: Bearer
on:
push:
branches:
- main
permissions:
contents: read
jobs:
rule_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Report
id: report
uses: bearer/bearer-action@v2
with:
api-key: {% raw %}${{ secrets.BEARER_TOKEN }}{% endraw %}
```
{% yamlExample "ci/github/cloud" %}

We highly recommend using GitHub's [encrypted secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets). In the example above, the secret is named `BEARER_TOKEN`.

### GitLab CI/CD

Set up the [GitLab CI/CD configuration](/guides/gitlab), then adjust your settings to include the `--api-key` flag with the `scan` command:

```yaml
# .gitlab-ci.yml
bearer:
image:
name: bearer/bearer
entrypoint: [ "" ]
variables:
SHA: $CI_COMMIT_SHA
CURRENT_BRANCH: $CI_COMMIT_REF_NAME
DEFAULT_BRANCH: $CI_DEFAULT_BRANCH
ORIGIN_URL: $CI_REPOSITORY_URL
script: bearer scan . --api-key=$BEARER_TOKEN
```
{% yamlExample "ci/gitlab/cloud" %}

We recommend using [GitLab's CI/CD variables](https://docs.gitlab.com/ee/ci/variables/) to protect your token. In the example above, the variable is named `BEARER_TOKEN`.

Expand Down
Loading
Loading