Merge pull request #13 from syn-4ck/dev

Update Docs
syn-4ck · Feb 20, 2024 · 2493a3d · 2493a3d
2 parents 943fec8 + b3df389
commit 2493a3d
Show file tree

Hide file tree

Showing 9 changed files with 100 additions and 17 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 FROM  python:3-alpine3.19
 
-ENV VERSION=1.0.0
+ARG VERSION=0.1.0
 
 RUN apk update && apk upgrade
 
@@ -12,7 +12,7 @@ RUN pip install --upgrade pip
 
 RUN pip install wheel
 RUN python setup.py bdist_wheel
-RUN pip install dist/fafnir-${VERSION}-py3-none-any.whl
+RUN pip install dist/fafnir-$VERSION-py3-none-any.whl
 
 RUN adduser -D fafnir
-USER fafnir
+USER fafnir
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.0.0
+0.1.0
diff --git a/docs/source/configuration.rst b/docs/source/configuration.rst
@@ -0,0 +1,42 @@
+
+fafnir-sec configuration
+========================
+
+.. _configuration:
+
+Set up fafnir-sec with a configuration file
+--------------------------------------------
+
+Exclude tools
+^^^^^^^^^^^^^^
+
+.. code-block:: yaml
+
+    exclude-tools: # Uncomment the tools you want to exclude from analysis
+    - semgrep
+    - bandit
+    - find-sec-bugs
+    - osv-scanner
+    #- trivy-sca
+    - gitleaks
+    - checkov
+    - syft
+
+Tools configuration
+^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: yaml
+
+    tools-config:
+        semgrep:
+            api-key:  # Semgrep API key
+        checkov:
+            api-key:  #"Add an api key '--bc-api-key <api-key>' to see more detailed insights via https://bridgecrew.cloud"
+
+Container analysis (local image scan)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: yaml
+
+    containers:
+        image: ""
diff --git a/docs/source/index.rst b/docs/source/index.rst
@@ -2,11 +2,12 @@
 Welcome to fafnir's documentation!
 ==================================
 
-**Fafnir** is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the software supply chain.
+**fafnir-sec** is an open-source tool that allows for the complete automation of launching different security tools detecting vulnerabilities in the software supply chain.
 
 This tool reports vulnerabilities in the different parts of the supply chain management, like source code, dependencies, containers, infrastructure as code...
 
-Fafnir was a dwarf-like creature in Norse mythology, who transformed himself into a terrifying dragon to protect his treasure. `More about his history here`_.
+.. note::
+   Fafnir was a dwarf-like creature in Norse mythology, who transformed himself into a terrifying dragon to protect his treasure. `More about his history here`_.
 
 .. toctree::
    :maxdepth: 2
@@ -15,5 +16,6 @@ Fafnir was a dwarf-like creature in Norse mythology, who transformed himself int
    whatis
    usage
    run
+   configuration
 
 .. _more about his history here: https://vikingr.org/other-beings/fafnir
diff --git a/docs/source/run.rst b/docs/source/run.rst
@@ -1,8 +1,40 @@
-Execution example
-=================
+Run fafnir-sec
+==============
 
 .. _run:
 
-First time running fafnir
--------------------------
+Run fafnir-sec for first time
+------------------------------
 
+You can run the tool in a easy way using the following command:
+
+.. code-block:: console
+
+   fafnir $PATH_TO_CODE
+
+.. _options:
+
+Options
+--------
+
++----------------+----------------------+---------------------------------+
+| Option name    | Flag                 | Description                     |
+|                |                      |                                 |
++================+======================+=================================+
+| Verbose        | -v, --verbose        | Verbose mode (debug mode)       |
++----------------+----------------------+---------------------------------+
+| Configuration  | -c, --configuration  | Set up fafnir-sec configuration |
+|                |                      | using the configuration file    |
++----------------+----------------------+---------------------------------+
+| Asynchronous   | -a, --asynchronous   | Asynchronous mode to run        |
+|                |                      | security tools at the same time |
++----------------+----------------------+---------------------------------+
+| Output type    | -t, --output-type    | Report type: json, sarif        |
+|                |                      |                                 |
++----------------+----------------------+---------------------------------+
+| Output path    | -t, --output-path    | Path to the fafnir-sec report   |
+|                |                      |                                 |
++----------------+----------------------+---------------------------------+
+| Disable API    | -x, --disable-apis   | Disable API requests            |
+|                |                      |                                 |
++----------------+----------------------+---------------------------------+
diff --git a/docs/source/usage.rst b/docs/source/usage.rst
@@ -6,7 +6,7 @@ Getting started
 Installation
 ------------
 
-**fafnir** can be executed in Linux, MacOS and Windows OS. To use ``fafnir``, you can install it using two ways: docker or python.
+**fafnir-sec** can be executed in Linux, MacOS and Windows OS. To use ``fafnir``, you can install it using two ways: docker or python.
 
 Docker:
 ^^^^^^^
@@ -18,7 +18,7 @@ Docker:
 
 .. code-block:: console
 
-   docker pull ghsyn4ck/fafnir:latest
+   docker pull ghsyn4ck/fafnir-sec:latest
 
 
 Python:
@@ -28,7 +28,7 @@ Python:
 
 * Python 3.6 or later installed
 * Pip installed
-* Internet access in the machine to install ``fafnir`` module and the dependencies from Pypi.
+* Internet access in the machine to install ``fafnir-sec`` module and the dependencies from Pypi.
 
 .. code-block:: console
 
@@ -51,7 +51,7 @@ Run the container previously pulled with the command to execute:
 
 .. code-block:: console
 
-   docker run ghsyn4ck/fafnir:latest fafnir --help
+   docker run ghsyn4ck/fafnir-sec:latest fafnir --help
 
 
 Python:

diff --git a/docs/source/whatis.rst b/docs/source/whatis.rst
@@ -1,7 +1,7 @@
 What is fafnir?
 ================
 
-``fafnir`` is a free open-source **application security posture management (ASPM)** tool to detect vulnerabilities in the software supply chain.
+``fafnir-sec`` is a free open-source **application security posture management (ASPM)** tool to detect vulnerabilities in the software supply chain.
 
 This tool uses other open-source tools to detect the vulnerabilities related with the application code and build & deploy process.
 
@@ -10,4 +10,10 @@ This tool uses other open-source tools to detect the vulnerabilities related wit
 How fafnir works?
 ------------------
 
-``fafnir`` 
+``fafnir-sec`` pulls the official Docker image of the security tools to analyze and detect vulnerabilities.
+
+First of all, ``fafnir-sec`` evaluates the programming languages, technologies and configuration files to choose the needed security tools in the best way. 
+
+Then, ``fafnir-sec`` runs the security tools using official Docker images to detect all vulnerabilities from SAST, SCA, container analysis, secrets, IaC...
+
+Finally, the goal of ``fafnir-sec`` is group all vulnerabilities and report it in a standard and single way.
diff --git a/src/main.py b/src/main.py
@@ -11,7 +11,7 @@
 
 from .report.report import generate_report
 
-VERSION = '1.0.0'
+VERSION = '0.1.0'
 
 
 @click.command()

diff --git a/src/report/generate_report/generate_sarif.py b/src/report/generate_report/generate_sarif.py
@@ -1,3 +1,4 @@
+
 def generate_report_sarif(scan_fullpath: str, report: dict) -> dict:
     """
     Generates a SARIF report from the given report.