diff --git a/docs/_config.yml b/docs/_config.yml new file mode 100644 index 00000000..7f4c0f2f --- /dev/null +++ b/docs/_config.yml @@ -0,0 +1,8 @@ +remote_theme: pages-themes/cayman@v0.2.0 +url: https://google.github.io +baseurl: /tsunami-security-scanner +paginate: 5 +paginate_path: "/blog/page:num/" +plugins: +- jekyll-remote-theme +- jekyll-paginate diff --git a/docs/_data/nav.yml b/docs/_data/nav.yml new file mode 100644 index 00000000..b4b1ace6 --- /dev/null +++ b/docs/_data/nav.yml @@ -0,0 +1,14 @@ +- title: "What's new" + path: / + +- title: "All articles" + path: /blog/ + +- title: "Documentation" + path: /howto/ + +- title: "Contributing" + path: /contribute/ + +- title: "About Tsunami" + path: /about/ diff --git a/docs/_includes/nav.html b/docs/_includes/nav.html new file mode 100644 index 00000000..e7ceaa67 --- /dev/null +++ b/docs/_includes/nav.html @@ -0,0 +1,11 @@ +{% for nav in site.data.nav %} + {% if nav.subcategories != null %} + {% for subcategory in nav.subcategories %} + {{ subcategory.title }} + {% endfor %} + {% elsif nav.title == page.title %} + {{ nav.title }} + {% else %} + {{ nav.title }} + {% endif %} +{% endfor %} diff --git a/docs/_layouts/default.html b/docs/_layouts/default.html new file mode 100644 index 00000000..4eb602a3 --- /dev/null +++ b/docs/_layouts/default.html @@ -0,0 +1,42 @@ + + + + + +{% seo %} + + + + + + + {% include head-custom.html %} + + + + + + +
+ {{ content }} + + +
+ + diff --git a/docs/_layouts/home.html b/docs/_layouts/home.html new file mode 100644 index 00000000..113d53af --- /dev/null +++ b/docs/_layouts/home.html @@ -0,0 +1,5 @@ +--- +layout: none +--- + +{{ site.posts.first }} diff --git a/docs/_layouts/post.html b/docs/_layouts/post.html new file mode 100644 index 00000000..9aa0d658 --- /dev/null +++ b/docs/_layouts/post.html @@ -0,0 +1,11 @@ +--- +layout: default +--- +

+ Posted on {{ page.date | date_to_long_string: "ordinal" }} by + {% for author in page.authors %} + {{ author.name }} + {% endfor %} +

+ +{{ content }} diff --git a/docs/_posts/2024-03-19-tsunami-network-scanner-ai-security.md b/docs/_posts/2024-03-19-tsunami-network-scanner-ai-security.md new file mode 100644 index 00000000..eb25cdf9 --- /dev/null +++ b/docs/_posts/2024-03-19-tsunami-network-scanner-ai-security.md @@ -0,0 +1,52 @@ +--- +authors: +- name: Annie Mao +excerpt: 'Interested in creating an AI-related plugin for the Tsunami network scanner and +getting rewarded for your efforts? See this post for details!' +title: 'Tsunami Network Scanner & AI Security' +--- + +You may already be familiar with the +[Tsunami Network Scanner](https://github.com/google/tsunami-security-scanner) +from our +[Patch Rewards program](https://bughunters.google.com/about/rules/4928084514701312/patch-rewards-program-rules#tsunami-patch-rewards), +which rewards external contributors for creating new +[detector plugins](https://github.com/google/tsunami-security-scanner-plugins/tree/master/google). +Now with AI being on everyone's minds, we want to double down on securing open +source AI infrastructure via Tsunami. + +On our +[GitHub page](https://github.com/google/tsunami-security-scanner-plugins/issues), +you can find a list of AI-relevant **plugin & web fingerprint** implementation +requests tagged as "help wanted". **Anyone** can contribute to a Tsunami plugin +from this list, and the implementation will be reviewed & rewarded under our +Tsunami Patch Rewards program, with rewards ranging from $500 to $3,133.7 +([details](https://bughunters.google.com/about/rules/4928084514701312/patch-rewards-program-rules#reward-amounts-tsunami-)). + +Here are the rules of engagement for implementing AI-related plugins: + +* **First come, first served**: Each contributor can pick up any of the + unassigned plugins, but please only take one **at a time**. +* **Reassignment of inactive plugins**: If an assigned plugin has not been + worked on for **over a week**, then the Tsunami review panel will unassign + the contributor from the plugin. The plugin request is returned to the + free-for-all pool. +* **Vulnerability Research**: As a first step, the contributor has to provide + detailed vulnerability research & an implementation design for the plugin to + the review panel, and then wait for confirmation from the review panel + before moving on to the implementation stage. +* **Testbed Requirement**: All test containers or configurations for each + plugin have to be submitted to + [google/security-testbeds](https://github.com/google/security-testbeds). +* **Review Priority**: If a contributor already has a different plugin in the + review queue, we will prioritize reviewing the ML plugin, unless the + originally provided plugin is critical. + +Finally, we welcome you to propose new plugins that address critical security +issues in AI-serving frameworks and related tools on our +[GitHub page](https://github.com/google/tsunami-security-scanner-plugins/issues). +For faster acceptance, when sharing your proposal, please provide context on how +a given service is used in the AI ecosystem. + +We're looking forward to collaborating with you to keep AI infrastructure +secure! diff --git a/docs/about/index.md b/docs/about/index.md index 4548c2b2..579319a3 100644 --- a/docs/about/index.md +++ b/docs/about/index.md @@ -1,3 +1,5 @@ +# About Tsunami + ## Why Tsunami? When security vulnerabilities or misconfigurations are actively exploited by diff --git a/docs/assets/css/style.scss b/docs/assets/css/style.scss new file mode 100644 index 00000000..67f58b24 --- /dev/null +++ b/docs/assets/css/style.scss @@ -0,0 +1,13 @@ +--- +--- + +@import '{{ site.theme }}'; + +.pagination { + text-align: center; + background-color: #eee; + border-radius: 0.3rem; + padding: 3px; + margin-top: 0.75rem; + margin-bottom: 0.75rem; +} diff --git a/docs/blog/index.html b/docs/blog/index.html new file mode 100644 index 00000000..e2935c27 --- /dev/null +++ b/docs/blog/index.html @@ -0,0 +1,28 @@ +--- +title: Posts +layout: default +--- + +{% for post in paginator.posts %} +

{{ post.title }}

+

+ Posted on {{ post.date | date_to_long_string: "ordinal" }} +

+
+ {{ post.excerpt }} +
+{% endfor %} + + diff --git a/docs/code-of-conduct.md b/docs/contribute/code-of-conduct.md similarity index 100% rename from docs/code-of-conduct.md rename to docs/contribute/code-of-conduct.md diff --git a/docs/contributing.md b/docs/contribute/contributing.md similarity index 100% rename from docs/contributing.md rename to docs/contribute/contributing.md diff --git a/docs/contribute/index.md b/docs/contribute/index.md new file mode 100644 index 00000000..7ad9f1d3 --- /dev/null +++ b/docs/contribute/index.md @@ -0,0 +1,5 @@ +# Contributing to Tsunami + +{% include_relative contributing.md %} + +{% include_relative code-of-conduct.md %} diff --git a/docs/howto.md b/docs/howto/howto.md similarity index 100% rename from docs/howto.md rename to docs/howto/howto.md diff --git a/docs/img/orchestration.svg b/docs/howto/img/orchestration.svg similarity index 100% rename from docs/img/orchestration.svg rename to docs/howto/img/orchestration.svg diff --git a/docs/howto/index.md b/docs/howto/index.md new file mode 100644 index 00000000..478c7466 --- /dev/null +++ b/docs/howto/index.md @@ -0,0 +1,4 @@ +# Tsunami documentation + +- [How tsunami works]({{ site.baseurl }}/howto/orchestration) +- [Howto]({{ site.baseurl }}/howto/howto) diff --git a/docs/orchestration.md b/docs/howto/orchestration.md similarity index 99% rename from docs/orchestration.md rename to docs/howto/orchestration.md index 0f95427d..98b5bf9e 100644 --- a/docs/orchestration.md +++ b/docs/howto/orchestration.md @@ -19,7 +19,7 @@ exposed network endpoint: Following diagram shows the overall workflow for a Tsunami scan. -![orchestration](/docs/img/orchestration.svg) +![orchestration](img/orchestration.svg) ## Reconnaissance diff --git a/docs/index.md b/docs/index.md index 576cd66c..e69de29b 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,17 +0,0 @@ -# Tsunami - -{% include_relative about/index.md %} - -## How Tsunami Scan Works - -See [Tsunami Scan Orchestration](/docs/orchestration.md). - -## How do I ... - -* ... [build and execute the scanner?](/docs/howto.md#build_n_execute) -* ... [install Tsunami plugins?](/docs/howto.md#install_plugins) -* ... [create a new Tsunami plugin?](/docs/howto.md#create_plugins) -* ... - [apply my plugins to certain types of services / software?](/docs/howto.md#filter_plugins) -* ... [add command line arguments for my plugin?](/docs/howto.md#command_line) -* ... [add configuration properties for my plugin?](/docs/howto.md#configuration)