This repository has been archived by the owner on Oct 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adding cronjob and docs to producer (#75)
* adding cronjob and docs to producer * fix typos and nits
- Loading branch information
1 parent
be1365d
commit cd8d0b1
Showing
2 changed files
with
47 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| # requires configuration loaded as config map, you can do so with | ||
| # kubectl create configmap jira-config --from-file=<path to jira config.yaml>, | ||
| # example config file is in common/jira/config.yaml same config file works | ||
| # for both jira producer and consumer | ||
| --- | ||
| apiVersion: batch/v1beta1 | ||
| kind: CronJob | ||
| metadata: | ||
| name: hello | ||
| spec: | ||
| schedule: "0 * * * *" # every hour | ||
| jobTemplate: | ||
| spec: | ||
| template: | ||
| spec: | ||
| containers: | ||
| - name: dracon-sync | ||
| image: thoughtmachine/dracon-producer-jira | ||
| env: | ||
| - name: DRACON_SYNC_TOKEN | ||
| value: "<your jira api token>" | ||
| - name: DRACON_SYNC_USER | ||
| value: "<the email of the jira user>" | ||
| - name: DRACON_SYNC_DBCON | ||
| value: "<dracon enrichment db connection string>" | ||
| volumeMounts: | ||
| - name: jira-config | ||
| mountPath: /etc/jira/ | ||
| readOnly: true | ||
| args: | ||
| - --dryRun # remove for actual syncing | ||
| - --jira | ||
| - "<url of jira instance>" | ||
| - --query | ||
| - '<a jira JQL that returns the vulnerabilities you want>, usually something like "filter=1234 AND issue.type=Vulnerability"' | ||
| - --config | ||
| - /etc/jira/config.yaml | ||
| restartPolicy: OnFailure | ||
| volumes: | ||
| - name: jira-config | ||
| configMap: | ||
| name: jira-config |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,10 @@ | ||
| Jira Synchronizer | ||
| === | ||
| This "Producer" for lack of a better term will read from the Jira instance it gets pointed to and synchronise triaged vulnerabilities with the internal Dracon DB, this allows Dracon to understand when a vulnerability has been resolved so it can remove it from the list of duplicates, it also allows for marking vulnerabilities as false positives. | ||
|
|
||
| WORK IN PROGRESS | ||
| A cronjob has been created to make this synchronisation periodic. You can find a template for it under //examples/cronjobs/jira-sync-cronjob.yaml | ||
| This component utilises the default Jira config.yaml that the Jira consumer uses. | ||
|
|
||
| TO run: | ||
| ``` plz run //producers/jira_producer:sync_tickets -- --user="<>" --token="<>" --jira="<>" --query='<jql>' --config /path/to/config.yaml --dbcon "<db connection string>" | ||
| To run this individually: | ||
| ``` plz run //producers/jira_producer:sync_tickets -- --user="<jira email>" --token="<jira api token>" --jira="<>" --query='<jql>' --config /path/to/config.yaml --dbcon "<db connection string>" | ||
| ``` |