From 85d013074ea8b01264104211b7b1ca881b0acacd Mon Sep 17 00:00:00 2001 From: Dilip <116056239+dt-dilip@users.noreply.github.com> Date: Thu, 11 Jul 2024 00:24:16 +0530 Subject: [PATCH] release-4.9.0 --- charts/cdefense/Chart.yaml | 4 +- charts/cdefense/templates/config.yaml | 15 --- charts/cdefense/templates/graphql/config.yaml | 13 -- .../templates/graphql/deployment.yaml | 116 ------------------ .../cdefense/templates/graphql/service.yaml | 16 --- charts/cdefense/templates/ingress.yaml | 20 +-- .../templates/recommendation/deployment.yaml | 90 -------------- .../templates/recommendation/hpa.yaml | 28 ----- .../templates/recommendation/service.yaml | 16 --- charts/cdefense/templates/web/deployment.yaml | 5 - charts/cdefense/values.yaml | 34 +---- release.md | 26 ++-- 12 files changed, 22 insertions(+), 361 deletions(-) delete mode 100644 charts/cdefense/templates/graphql/config.yaml delete mode 100644 charts/cdefense/templates/graphql/deployment.yaml delete mode 100644 charts/cdefense/templates/graphql/service.yaml delete mode 100644 charts/cdefense/templates/recommendation/deployment.yaml delete mode 100644 charts/cdefense/templates/recommendation/hpa.yaml delete mode 100644 charts/cdefense/templates/recommendation/service.yaml diff --git a/charts/cdefense/Chart.yaml b/charts/cdefense/Chart.yaml index f728af8..f784fda 100755 --- a/charts/cdefense/Chart.yaml +++ b/charts/cdefense/Chart.yaml @@ -13,9 +13,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.8.9 +version: 4.9.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "4.8.9" +appVersion: "4.9.0" diff --git a/charts/cdefense/templates/config.yaml b/charts/cdefense/templates/config.yaml index bf4662f..c4dee4f 100644 --- a/charts/cdefense/templates/config.yaml +++ b/charts/cdefense/templates/config.yaml @@ -66,25 +66,10 @@ data: CLOUDDEFENSE_WEBCONSOLE_API_ENDPOINT: http://api.cdefense.svc.cluster.local {{ end }} {{ if .Values.ingress.enabled }} - CLOUDDEFENSE_RECOMMENDATIONS_ENDPOINT: {{ if .Values.recommendation.hostname }}"https://{{ .Values.recommendation.hostname }}"{{- else }}"https://recommendation.{{ .Values.domain }}"{{- end }} - {{ else }} - CLOUDDEFENSE_RECOMMENDATIONS_ENDPOINT: http://recommendation.cdefense.svc.cluster.local - {{ end }} - {{ if .Values.ingress.enabled }} CLOUDDEFENSE_WEBCONSOLE_HOST_URL: https://{{ .Values.hostname }}/project-details {{ else }} CLOUDDEFENSE_WEBCONSOLE_HOST_URL: http://web.cdefense.svc.cluster.local/project-details {{ end }} - {{ if .Values.ingress.enabled }} - CLOUDDEFENSE_ADMIN_API_URL: https://admin-{{ .Values.hostname }} - {{ else }} - CLOUDDEFENSE_ADMIN_API_URL: http://admin.cdefense.svc.cluster.local - {{ end }} - {{ if .Values.ingress.enabled }} - CLOUDDEFENSE_ADMIN_UI_URL: https://adminui-{{ .Values.hostname }} - {{ else }} - CLOUDDEFENSE_ADMIN_UI_URL: http://adminui.cdefense.svc.cluster.local - {{ end }} CLOUDDEFENSE_WEBCONSOLE_AUTH_STAGE: dockerStaging CLOUDDEFENSE_WEBCONSOLE_ONPREM_ENABLED: cdefense CUSTOM_VENDOR: "" diff --git a/charts/cdefense/templates/graphql/config.yaml b/charts/cdefense/templates/graphql/config.yaml deleted file mode 100644 index dc06eea..0000000 --- a/charts/cdefense/templates/graphql/config.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: graphql-config - namespace: {{ .Release.Namespace | default "default"}} - labels: - app: graphql -data: - HASURA_GRAPHQL_DEV_MODE: "true" - HASURA_GRAPHQL_ENABLE_CONSOLE: "true" - HASURA_GRAPHQL_ENABLE_TELEMETRY: "false" - HASURA_GRAPHQL_NO_OF_RETRIES: "10" - HASURA_GRAPHQL_UNAUTHORIZED_ROLE: anonymous \ No newline at end of file diff --git a/charts/cdefense/templates/graphql/deployment.yaml b/charts/cdefense/templates/graphql/deployment.yaml deleted file mode 100644 index ef9f680..0000000 --- a/charts/cdefense/templates/graphql/deployment.yaml +++ /dev/null @@ -1,116 +0,0 @@ -{{ if .Values.graphql.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: graphql - namespace: {{ .Release.Namespace | default "default"}} -spec: - selector: - matchLabels: - app: graphql - replicas: 1 - template: - metadata: - labels: - app: graphql - annotations: - diun.enable: "true" - spec: - {{- if .Values.graphql.nodeSelector }} - nodeSelector: - label: {{ .Values.graphql.nodeSelector }} - {{- end }} - {{- if .Values.graphql.tolerations }} - tolerations: -{{ toYaml .Values.graphql.tolerations | indent 8 }} - {{- end }} - imagePullSecrets: - - name: regcred - containers: - - name: graphql - image: {{ .Values.graphql.image }}:{{ .Values.version }} - imagePullPolicy: Always - env: - - name: HASURA_GRAPHQL_DEV_MODE - valueFrom: - configMapKeyRef: - name: graphql-config - key: HASURA_GRAPHQL_DEV_MODE - - name: HASURA_GRAPHQL_ENABLE_CONSOLE - valueFrom: - configMapKeyRef: - name: graphql-config - key: HASURA_GRAPHQL_ENABLE_CONSOLE - - name: HASURA_GRAPHQL_ENABLE_TELEMETRY - valueFrom: - configMapKeyRef: - name: graphql-config - key: HASURA_GRAPHQL_ENABLE_TELEMETRY - - name: HASURA_GRAPHQL_NO_OF_RETRIES - valueFrom: - configMapKeyRef: - name: graphql-config - key: HASURA_GRAPHQL_NO_OF_RETRIES - - name: HASURA_GRAPHQL_UNAUTHORIZED_ROLE - valueFrom: - configMapKeyRef: - name: graphql-config - key: HASURA_GRAPHQL_UNAUTHORIZED_ROLE - - name: HASURA_GRAPHQL_DATABASE_URL - valueFrom: - secretKeyRef: - key: HASURA_GRAPHQL_DATABASE_URL - name: graphql-secrets - - name: HASURA_GRAPHQL_ADMIN_SECRET - valueFrom: - secretKeyRef: - key: HASURA_GRAPHQL_ADMIN_SECRET - name: graphql-secrets - - name: HASURA_GRAPHQL_JWT_SECRET - valueFrom: - secretKeyRef: - key: HASURA_GRAPHQL_JWT_SECRET - name: graphql-secrets - ports: - - containerPort: 8080 - # resources: - # requests: - # memory: "1G" - # cpu: "250m" - # limits: - # memory: "1G" - initContainers: - - name: check-db - image: postgres:14 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - until pg_isready -h db -p 5432; do echo waiting for database; sleep 5; done; - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - - name: check-authservice-pod - image: bitnami/kubectl:latest - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -c - - while [ "$(kubectl get pod -l app='authservice' -o jsonpath='{.items[0].status.phase}')" != "Running" ]; do echo "Waiting for authservice to be ready."; sleep 10; done - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - # - name: check-authservice - # image: radial/busyboxplus:curl - # imagePullPolicy: IfNotPresent - # command: - # - sh - # - -c - # - until $(curl --connect-timeout 2 --output /dev/null --silent --fail http://authservice); do - # echo waiting for authservice; sleep 10; done; echo connection to authservice ok - # resources: {} - # terminationMessagePath: /dev/termination-log - # terminationMessagePolicy: File ---- -{{ end }} \ No newline at end of file diff --git a/charts/cdefense/templates/graphql/service.yaml b/charts/cdefense/templates/graphql/service.yaml deleted file mode 100644 index 992978b..0000000 --- a/charts/cdefense/templates/graphql/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if .Values.graphql.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: graphql - labels: - app: graphql -spec: - type: NodePort - selector: - app: graphql - ports: - {{- .Values.graphql.service.ports | toYaml | nindent 2 -}} - -{{ end }} \ No newline at end of file diff --git a/charts/cdefense/templates/ingress.yaml b/charts/cdefense/templates/ingress.yaml index 3ccfcac..48e56ee 100644 --- a/charts/cdefense/templates/ingress.yaml +++ b/charts/cdefense/templates/ingress.yaml @@ -57,7 +57,6 @@ spec: tls: - hosts: - {{ .Values.hostname }} - - {{ if .Values.recommendation.hostname }}"{{ .Values.recommendation.hostname }}"{{- else }}"recommendation.{{ .Values.domain }}"{{- end }} # - uptime-{{ .Values.hostname }} secretName: cdefense-on-prem-tls {{ end }} @@ -107,31 +106,22 @@ spec: name: api port: number: 80 - - path: /integration/* + - path: /api-v2/* pathType: ImplementationSpecific backend: service: - name: api + name: newapi port: number: 80 {{ if eq .Values.ingress.type "nginx" }} - - path: /integrations/* - pathType: ImplementationSpecific - backend: - service: - name: api - port: - number: 80 - {{ end }} - - path: /api-v2/* + - path: /authentication/* pathType: ImplementationSpecific backend: service: - name: newapi + name: web port: number: 80 - {{ if eq .Values.ingress.type "nginx" }} - - path: /authentication/* + - path: /integrations-list pathType: ImplementationSpecific backend: service: diff --git a/charts/cdefense/templates/recommendation/deployment.yaml b/charts/cdefense/templates/recommendation/deployment.yaml deleted file mode 100644 index 24a0517..0000000 --- a/charts/cdefense/templates/recommendation/deployment.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{ if .Values.recommendation.enabled }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: recommendation - namespace: {{ .Release.Namespace | default "default"}} -spec: - selector: - matchLabels: - app: recommendation - replicas: {{ .Values.recommendation.replicas }} - template: - metadata: - labels: - app: recommendation - annotations: - diun.enable: "true" - spec: - {{- if .Values.recommendation.nodeSelector }} - nodeSelector: - label: {{ .Values.recommendation.nodeSelector }} - {{- end }} - {{- if .Values.recommendation.tolerations }} - tolerations: -{{ toYaml .Values.recommendation.tolerations | indent 8 }} - {{- end }} - imagePullSecrets: - - name: regcred - containers: - - name: recommendation - image: {{ .Values.recommendation.image }}:{{ .Values.version }} - imagePullPolicy: Always - env: - - name: POSTGRES_HOST - valueFrom: - configMapKeyRef: - name: cdefense-config - key: DB_ADDR - - name: POSTGRES_NAME - valueFrom: - configMapKeyRef: - name: cdefense-config - key: DB_VENDOR - - name: DB_PORT - valueFrom: - configMapKeyRef: - name: cdefense-config - key: DB_PORT - - name: POSTGRES_USER - valueFrom: - configMapKeyRef: - name: cdefense-config - key: DB_USER - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - key: DB_PASSWORD - name: cdefense-secrets - - name: POSTGRES_DB - valueFrom: - configMapKeyRef: - name: cdefense-config - key: DB_NAME - - name: JWT_SECRET - valueFrom: - secretKeyRef: - key: JWT_SECRET - name: recommendation-service-secrets - ports: - - containerPort: 3000 - # resources: - # requests: - # memory: "0.5G" - # cpu: "250m" - # limits: - # memory: "0.5G" - initContainers: - - name: check-db - image: postgres:14 - imagePullPolicy: IfNotPresent - command: - - sh - - -c - - until pg_isready -h db -p 5432; do echo waiting for database; sleep 5; done; - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File ---- -{{ end }} \ No newline at end of file diff --git a/charts/cdefense/templates/recommendation/hpa.yaml b/charts/cdefense/templates/recommendation/hpa.yaml deleted file mode 100644 index 0d0ea03..0000000 --- a/charts/cdefense/templates/recommendation/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{ if .Values.recommendation.autoscaling.enabled }} -apiVersion: autoscaling/v1 -kind: HorizontalPodAutoscaler -metadata: - name: recommendation - labels: - recommendation -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: recommendation - minReplicas: {{ .Values.recommendation.autoscaling.minReplicas }} - maxReplicas: {{ .Values.recommendation.autoscaling.maxReplicas }} - metrics: - {{ if .Values.recommendation.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.recommendation.autoscaling.targetCPUUtilizationPercentage }} - {{ end }} - {{ if .Values.recommendation.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.recommendation.autoscaling.targetMemoryUtilizationPercentage }} - {{ end }} -{{ end }} \ No newline at end of file diff --git a/charts/cdefense/templates/recommendation/service.yaml b/charts/cdefense/templates/recommendation/service.yaml deleted file mode 100644 index fbcd364..0000000 --- a/charts/cdefense/templates/recommendation/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if .Values.recommendation.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: recommendation - labels: - app: recommendation -spec: - type: {{ .Values.recommendation.service.type }} - selector: - app: recommendation - ports: - {{ .Values.recommendation.service.ports | toYaml | nindent 2 }} ---- -{{ end }} \ No newline at end of file diff --git a/charts/cdefense/templates/web/deployment.yaml b/charts/cdefense/templates/web/deployment.yaml index 4eb831c..8c0b648 100644 --- a/charts/cdefense/templates/web/deployment.yaml +++ b/charts/cdefense/templates/web/deployment.yaml @@ -38,11 +38,6 @@ spec: configMapKeyRef: name: cdefense-config key: CLOUDDEFENSE_WEBCONSOLE_API_ENDPOINT - - name: RECOMMENDATIONS_ENDPOINT - valueFrom: - configMapKeyRef: - name: cdefense-config - key: CLOUDDEFENSE_RECOMMENDATIONS_ENDPOINT - name: API_ENDPOINT valueFrom: configMapKeyRef: diff --git a/charts/cdefense/values.yaml b/charts/cdefense/values.yaml index 05069b2..b7ce53f 100644 --- a/charts/cdefense/values.yaml +++ b/charts/cdefense/values.yaml @@ -1,4 +1,4 @@ -version: "release-4.8.9" +version: "release-4.9.0" domain: clouddefenseai.com hostname: cdefense.clouddefenseai.com @@ -89,18 +89,6 @@ authservice: port: 80 targetPort: 8080 -graphql: - enabled: false - nodeSelector: cdefense - tolerations: [] - image: cdefense/graphql - service: - type: NodePort - ports: - - name: http - port: 80 - targetPort: 8080 - api: nodeSelector: cdefense tolerations: [] @@ -174,26 +162,6 @@ alertservice: targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 -recommendation: - enabled: false - nodeSelector: cdefense - tolerations: [] - replicas: 1 - image: cdefense/recommendation-service - version: "latest" - service: - type: NodePort - ports: - - name: http - port: 80 - targetPort: 3000 - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 3 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: 80 - web: nodeSelector: cdefense tolerations: [] diff --git a/release.md b/release.md index b6dc99f..e081340 100644 --- a/release.md +++ b/release.md @@ -1,19 +1,21 @@ -Release Date : 19.06.2024 -Release Notes : 4.8.9 +Release Date : 09.07.2024 +Release Notes : 4.9.0 New Features: -1) Refactored Rule Management: We have refactored the Rule Management for both Global and Application level, making it more user friendly with filter option on scan types and languages. -2) Integrate DAST with pipeline: The DAST scan can now be run under CI/CD pipeline via CLI, with scan result summary details. -3) User details export to CSV: The user details can now be exported to CSV from under User Management. -4) OWASP Top 10 slide-out code link: Added hyperlink for the OWASP Top 10 slide-out code link. -5) Added newly found vulnerabilities filter: Added newly found vulnerabilities filter under Report > Vulnerabilities Report page. -6) Added count on filter under Vulnerabilities Report Page: Added resource count when selecting filter under Vulnerabilities Report Page for better readability. -7) Added false-positive filter under Application overview page: We have added false-positive filter under Application overview page for better usability. +1) The ability to provide scan results under pull request: We have introduced the ability to provide scan results directly under pull request, giving the developer early insights into code analysis. +2) Functionality for Team Admin to be able to assign applications to teams from under Team management: We have introduced the functionality for a team admin role to be able to change application assigned team to a different team the Team Admin is part of. +3) Tags update for report: We have provided feature to have the associated tags with an application to be available as separate columns on checking the 'separateColumns' checkbox. +4) Added note under Applications Branches page to highlight the Protected and Un-protected branch count +5) Added sorting for the Rule management columns for Global and Application level for ease of use. +6) Introduced EXPLOITABLE SEVERITY COUNT configuration under Build Policy filter/rules +7) Added latest scan status on the top level Application list under Application page for better user-experience. +8) Added click functionality for OWASP Top 10, SANS Top 25, and Most Critical Vulnerabilities charts under Dashboard to show insights into the Application responsible for violation. Improvements: -1) Refactored APIs and added new indexes: We have refactored APIs and added new indexes to improve the latency seen. +1) Fixed the Comprehensive Report under application scan results page: We have fixed the Comprehensive Report under Application page. 2) Bug Fixing on Backend: Fixed bugs across the application for better user experience. -3) Fixes pagination bug under Dashboard > Vulnerabilities by Age: We have fixed the pagination bug found under Dashboard > Vulnerabilities by Age. -4) Fixed list of UI issues. \ No newline at end of file +3) Fixed list of UI issues. +4) Improved latency issue under Application page for better user experience. +5) Updated Audit logs and Import logs for better readability and correctness. \ No newline at end of file