From 3178a2b1c537308d65f0804f989b7e79089eccc8 Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Sun, 9 Feb 2025 22:04:08 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=B9=20update=20readme=20(#360)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .web-docs/README.md | 6 ++-- .../components/provisioner/cnspec/README.md | 11 ++++++ .../components/provisioner/mondoo/README.md | 2 +- README.md | 35 +------------------ docs/README.md | 6 ++-- docs/provisioners/cnspec.mdx | 13 ++++++- docs/provisioners/mondoo.mdx | 4 +-- 7 files changed, 31 insertions(+), 46 deletions(-) diff --git a/.web-docs/README.md b/.web-docs/README.md index 4463e89..5fb16f4 100644 --- a/.web-docs/README.md +++ b/.web-docs/README.md @@ -31,10 +31,8 @@ $ packer plugins install github.com/mondoohq/cnspec #### Provisioners - [cnspec](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/cnspec) - Packer plugin [cnspec](https://github.com/mondoohq/cnspec) by [Mondoo](https://mondoo.com) scans -Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack. -- [mondoo](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/mondoo) - The `mondoo` provisioner scans [Packer](https://www.packer.io) builds for vulnerabilities and misconfigurations by executing security -policies-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of -certified security policies which can be easily customize to meet your needs. +Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs policy-as-code security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack. +- [mondoo](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/mondoo) - Deprecated. Use the `cnspec` provisioner instead. ### Tutorials diff --git a/.web-docs/components/provisioner/cnspec/README.md b/.web-docs/components/provisioner/cnspec/README.md index 91f68b6..8f47f36 100644 --- a/.web-docs/components/provisioner/cnspec/README.md +++ b/.web-docs/components/provisioner/cnspec/README.md @@ -3,6 +3,7 @@ Type: `cnspec` Packer plugin [cnspec](https://github.com/mondoohq/cnspec) by [Mondoo](https://mondoo.com) scans Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack. ## Basic Example + ```hcl provisioner "cnspec" { on_failure = "continue" @@ -13,6 +14,16 @@ provisioner "cnspec" { } ``` +The following configuration shows how to set the output format to JUnit and the output target to `test-results.xml`: + +```hcl +provisioner "cnspec" { + on_failure = "continue" + output = "junit" + output_target = "test-results.xml" +} +``` + ## Configuration Reference Optional Parameters: diff --git a/.web-docs/components/provisioner/mondoo/README.md b/.web-docs/components/provisioner/mondoo/README.md index 13a1b7c..44ea2fd 100644 --- a/.web-docs/components/provisioner/mondoo/README.md +++ b/.web-docs/components/provisioner/mondoo/README.md @@ -4,7 +4,7 @@ Type: `mondoo` > This plugin has been deprecated. Migrate to [Packer plugin cnspec by Mondoo](https://developer.hashicorp.com/packer/plugins/provisioner/mondoo/cnspec) for even easier security scanning of your Packer builds. The `mondoo` provisioner scans [Packer](https://www.packer.io) builds for vulnerabilities and misconfigurations by executing security -policies-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of +policy-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of certified security policies which can be easily customize to meet your needs. Mondoo supports scanning of Linux, Windows, and macOS, as well as Docker containers. diff --git a/README.md b/README.md index 223cc51..a5df2d1 100644 --- a/README.md +++ b/README.md @@ -79,40 +79,7 @@ packer build amazon-linux-2.pkr.hcl ## Configure Packer Plugin cnspec -| **Name** | **Description** | **Type** | **Default** | **Required** | -| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ----------- | ------------ | -| `annotations` | Apply custom annotations to Packer build assets to provide additional metadata for asset tracking. | `map of strings` | None | No | -| `asset_name` | Overwrite the asset name in Mondoo Platform. | `string` | None | No | -| `on_failure` | Set `on_failure = "continue"` to ignore build failures that do not meet any set `score_threshold`. | `string` | None | No | -| `score_threshold` | Set a score threshold for Packer builds `[0-100]`. Any scans that fall below the `score_threshold` will fail unless `on_failure = "continue"`. To learn more, read [How Mondoo scores policies](https://mondoo.com/docs/platform/console/monitor/#how-mondoo-scores-policies) in the Mondoo documentation. | `int` | None | No | -| `sudo` | Use sudo to elevate permissions when running Mondoo scans. | `bool` | None | No | -| `mondoo_config_path` | The path to the Mondoo's service account. Defaults to `$HOME/.config/mondoo/mondoo.yml` | `string` | None | No | -| `output` | Set output format: compact, csv, full, json, junit, report, summary, yaml (default "compact") | `string` | None | No | -| `output_target` | Set output target. E.g. path to local file `result.xml` | `string` | None | No | - -### Example: Complete Configuration - -A simple configuration where we set a score threshold of 85 and use sudo to elevate permissions when running the scans: - -```hcl -provisioner "cnspec" { - on_failure = "continue" - score_threshold = 85 - sudo { - active = true - } -} -``` - -The following configuration shows how to set the output format to JUnit and the output target to `test-results.xml`: - -```hcl -provisioner "cnspec" { - on_failure = "continue" - output = "junit" - output_target = "test-results.xml" -} -``` +For detailed instructions on configuring the Packer Plugin cnspec, please visit the official HashiCorp documentation at Packer Plugin cnspec. There you'll find comprehensive guidance on setup and configuration options. ## Sample Packer Templates diff --git a/docs/README.md b/docs/README.md index 4463e89..5fb16f4 100644 --- a/docs/README.md +++ b/docs/README.md @@ -31,10 +31,8 @@ $ packer plugins install github.com/mondoohq/cnspec #### Provisioners - [cnspec](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/cnspec) - Packer plugin [cnspec](https://github.com/mondoohq/cnspec) by [Mondoo](https://mondoo.com) scans -Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack. -- [mondoo](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/mondoo) - The `mondoo` provisioner scans [Packer](https://www.packer.io) builds for vulnerabilities and misconfigurations by executing security -policies-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of -certified security policies which can be easily customize to meet your needs. +Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs policy-as-code security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack. +- [mondoo](/packer/integrations/mondoohq/cnspec/latest/components/provisioner/mondoo) - Deprecated. Use the `cnspec` provisioner instead. ### Tutorials diff --git a/docs/provisioners/cnspec.mdx b/docs/provisioners/cnspec.mdx index ff1d552..c7f9141 100644 --- a/docs/provisioners/cnspec.mdx +++ b/docs/provisioners/cnspec.mdx @@ -1,7 +1,7 @@ --- description: | The cnspec packer provisioner by Mondoo scans machine-image builds for vulnerabilities - and misconfigurations by executing security policies-as-code. + and misconfigurations by executing security policy-as-code. page_title: cnspec - Provisioner sidebar_title: cnspec --- @@ -13,6 +13,7 @@ Type: `cnspec` Packer plugin [cnspec](https://github.com/mondoohq/cnspec) by [Mondoo](https://mondoo.com) scans Linux and Windows machine images for vulnerabilities and security misconfigurations. The plugin retrieves CVE data from Mondoo, which is updated daily with the latest CVEs and advisories. Additionally, cnspec runs security scans using [cnspec-policies](https://github.com/mondoohq/cnspec-policies) to uncover common misconfigurations that open your hosts to the risk of attack. ## Basic Example + ```hcl provisioner "cnspec" { on_failure = "continue" @@ -23,6 +24,16 @@ provisioner "cnspec" { } ``` +The following configuration shows how to set the output format to JUnit and the output target to `test-results.xml`: + +```hcl +provisioner "cnspec" { + on_failure = "continue" + output = "junit" + output_target = "test-results.xml" +} +``` + ## Configuration Reference Optional Parameters: diff --git a/docs/provisioners/mondoo.mdx b/docs/provisioners/mondoo.mdx index 0a1daf1..904d42e 100644 --- a/docs/provisioners/mondoo.mdx +++ b/docs/provisioners/mondoo.mdx @@ -1,7 +1,7 @@ --- description: | The Mondoo packer provisioner scans machine-image builds for vulnerabilities - and misconfigurations by executing security policies-as-code. + and misconfigurations by executing security policy-as-code. page_title: Mondoo - Provisioner sidebar_title: Mondoo --- @@ -14,7 +14,7 @@ Type: `mondoo` > This plugin has been deprecated. Migrate to [Packer plugin cnspec by Mondoo](https://developer.hashicorp.com/packer/plugins/provisioners/mondoo/cnspec) for even easier security scanning of your Packer builds. The `mondoo` provisioner scans [Packer](https://www.packer.io) builds for vulnerabilities and misconfigurations by executing security -policies-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of +policy-as-code enabled in [Mondoo Platform](https://console.mondoo.com). Mondoo Platform comes stocked with an ever-increasing collection of certified security policies which can be easily customize to meet your needs. Mondoo supports scanning of Linux, Windows, and macOS, as well as Docker containers.