Skip to content
This repository has been archived by the owner on Jul 18, 2024. It is now read-only.

include secretScanningAlerts step back again #305

Merged
merged 1 commit into from
Jul 10, 2024
Merged

include secretScanningAlerts step back again #305

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
104 changes: 53 additions & 51 deletions docs/jupiterone.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,62 +155,64 @@ https://github.com/JupiterOne/sdk/blob/main/docs/integrations/development.md

The following entities are created:

| Resources | Entity `_type` | Entity `_class` |
| ----------------------------- | ------------------------------- | --------------- |
| Account | `github_account` | `Account` |
| GitHub Code Scanning Alerts | `github_code_scanning_finding` | `Finding` |
| GitHub Env Secret | `github_env_secret` | `Secret` |
| GitHub Vulnerability Alert | `github_finding` | `Finding` |
| Github App | `github_app` | `Application` |
| Github Branch Protection Rule | `github_branch_protection_rule` | `Rule` |
| Github Environment | `github_environment` | `Configuration` |
| Github Issue | `github_issue` | `Issue` |
| Github Org Secret | `github_org_secret` | `Secret` |
| Github Pull Request | `github_pullrequest` | `PR` |
| Github Repo | `github_repo` | `CodeRepo` |
| Github Repo Secret | `github_repo_secret` | `Secret` |
| Github Team | `github_team` | `UserGroup` |
| Github User | `github_user` | `User` |
| Resources | Entity `_type` | Entity `_class` |
| ----------------------------- | -------------------------------- | --------------- |
| Account | `github_account` | `Account` |
| GitHub Code Scanning Alerts | `github_code_scanning_finding` | `Finding` |
| GitHub Env Secret | `github_env_secret` | `Secret` |
| GitHub Secret Scanning Alert | `github_secret_scanning_finding` | `Finding` |
| GitHub Vulnerability Alert | `github_finding` | `Finding` |
| Github App | `github_app` | `Application` |
| Github Branch Protection Rule | `github_branch_protection_rule` | `Rule` |
| Github Environment | `github_environment` | `Configuration` |
| Github Issue | `github_issue` | `Issue` |
| Github Org Secret | `github_org_secret` | `Secret` |
| Github Pull Request | `github_pullrequest` | `PR` |
| Github Repo | `github_repo` | `CodeRepo` |
| Github Repo Secret | `github_repo_secret` | `Secret` |
| Github Team | `github_team` | `UserGroup` |
| Github User | `github_user` | `User` |

### Relationships

The following relationships are created:

| Source Entity `_type` | Relationship `_class` | Target Entity `_type` |
| --------------------- | --------------------- | ------------------------------- |
| `github_account` | **INSTALLED** | `github_app` |
| `github_account` | **HAS** | `github_org_secret` |
| `github_account` | **OWNS** | `github_repo` |
| `github_account` | **HAS** | `github_team` |
| `github_account` | **HAS** | `github_user` |
| `github_app` | **OVERRIDES** | `github_branch_protection_rule` |
| `github_env_secret` | **OVERRIDES** | `github_org_secret` |
| `github_env_secret` | **OVERRIDES** | `github_repo_secret` |
| `github_environment` | **HAS** | `github_env_secret` |
| `github_pullrequest` | **CONTAINS** | `github_pullrequest` |
| `github_repo` | **HAS** | `github_branch_protection_rule` |
| `github_repo` | **HAS** | `github_code_scanning_finding` |
| `github_repo` | **USES** | `github_env_secret` |
| `github_repo` | **HAS** | `github_environment` |
| `github_repo` | **HAS** | `github_finding` |
| `github_repo` | **HAS** | `github_issue` |
| `github_repo` | **USES** | `github_org_secret` |
| `github_repo` | **HAS** | `github_pullrequest` |
| `github_repo` | **HAS** | `github_repo_secret` |
| `github_repo` | **USES** | `github_repo_secret` |
| `github_repo` | **ALLOWS** | `github_team` |
| `github_repo` | **ALLOWS** | `github_user` |
| `github_repo_secret` | **OVERRIDES** | `github_org_secret` |
| `github_team` | **OVERRIDES** | `github_branch_protection_rule` |
| `github_team` | **HAS** | `github_user` |
| `github_user` | **MANAGES** | `github_account` |
| `github_user` | **OVERRIDES** | `github_branch_protection_rule` |
| `github_user` | **ASSIGNED** | `github_issue` |
| `github_user` | **CREATED** | `github_issue` |
| `github_user` | **APPROVED** | `github_pullrequest` |
| `github_user` | **OPENED** | `github_pullrequest` |
| `github_user` | **REVIEWED** | `github_pullrequest` |
| `github_user` | **MANAGES** | `github_team` |
| Source Entity `_type` | Relationship `_class` | Target Entity `_type` |
| --------------------- | --------------------- | -------------------------------- |
| `github_account` | **INSTALLED** | `github_app` |
| `github_account` | **HAS** | `github_org_secret` |
| `github_account` | **OWNS** | `github_repo` |
| `github_account` | **HAS** | `github_team` |
| `github_account` | **HAS** | `github_user` |
| `github_app` | **OVERRIDES** | `github_branch_protection_rule` |
| `github_env_secret` | **OVERRIDES** | `github_org_secret` |
| `github_env_secret` | **OVERRIDES** | `github_repo_secret` |
| `github_environment` | **HAS** | `github_env_secret` |
| `github_pullrequest` | **CONTAINS** | `github_pullrequest` |
| `github_repo` | **HAS** | `github_branch_protection_rule` |
| `github_repo` | **HAS** | `github_code_scanning_finding` |
| `github_repo` | **USES** | `github_env_secret` |
| `github_repo` | **HAS** | `github_environment` |
| `github_repo` | **HAS** | `github_finding` |
| `github_repo` | **HAS** | `github_issue` |
| `github_repo` | **USES** | `github_org_secret` |
| `github_repo` | **HAS** | `github_pullrequest` |
| `github_repo` | **HAS** | `github_repo_secret` |
| `github_repo` | **USES** | `github_repo_secret` |
| `github_repo` | **HAS** | `github_secret_scanning_finding` |
| `github_repo` | **ALLOWS** | `github_team` |
| `github_repo` | **ALLOWS** | `github_user` |
| `github_repo_secret` | **OVERRIDES** | `github_org_secret` |
| `github_team` | **OVERRIDES** | `github_branch_protection_rule` |
| `github_team` | **HAS** | `github_user` |
| `github_user` | **MANAGES** | `github_account` |
| `github_user` | **OVERRIDES** | `github_branch_protection_rule` |
| `github_user` | **ASSIGNED** | `github_issue` |
| `github_user` | **CREATED** | `github_issue` |
| `github_user` | **APPROVED** | `github_pullrequest` |
| `github_user` | **OPENED** | `github_pullrequest` |
| `github_user` | **REVIEWED** | `github_pullrequest` |
| `github_user` | **MANAGES** | `github_team` |

### Mapped Relationships

Expand Down
13 changes: 6 additions & 7 deletions src/config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -442,11 +442,10 @@ export const ingestionConfig: IntegrationIngestionConfigFieldMap = {
title: 'GitHub Repository Secrets',
description: 'Secrets metadata available in a repository.',
},
// TODO: enable when this is ready https://jupiterone.atlassian.net/browse/INT-9938
// [IngestionSources.SECRET_SCANNING_ALERTS]: {
// title: 'GitHub Secret Scanning Alerts',
// description:
// 'Alerts for potential leaks of known secrets in public repositories',
// defaultsToDisabled: true,
// },
[IngestionSources.SECRET_SCANNING_ALERTS]: {
title: 'GitHub Secret Scanning Alerts',
description:
'Alerts for potential leaks of known secrets in public repositories',
defaultsToDisabled: true,
},
};
36 changes: 17 additions & 19 deletions src/getStepStartStates.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,14 +34,13 @@ export default async function getStepStartStates(
)
: !scopes?.has('security_events') && !scopes?.has('repo');

// TODO: enable when this is ready https://jupiterone.atlassian.net/browse/INT-9938
// const disabledSecretScanningAlerts = isAppAuth
// ? !scopes?.has('secret_scanning_alerts') ||
// !utils.isSupported(
// EnterpriseFeatures.LIST_SECRET_SCANNING_ALERT_FOR_ORG,
// gheServerVersion,
// )
// : !scopes?.has('repo') && !scopes?.has('security_events');
const disabledSecretScanningAlerts = isAppAuth
? !scopes?.has('secret_scanning_alerts') ||
!utils.isSupported(
EnterpriseFeatures.LIST_SECRET_SCANNING_ALERT_FOR_ORG,
gheServerVersion,
)
: !scopes?.has('repo') && !scopes?.has('security_events');

return {
[Steps.FETCH_ACCOUNT]: { disabled: false },
Expand Down Expand Up @@ -103,16 +102,15 @@ export default async function getStepStartStates(
!scopes?.has('discussions'),
disabledReason: DisabledStepReason.PERMISSION,
},
// TODO: enable when this is ready https://jupiterone.atlassian.net/browse/INT-9938
// [Steps.FETCH_SECRET_SCANNING_ALERTS]: {
// disabled: disabledSecretScanningAlerts,
// disabledReason: (
// isAppAuth
// ? !scopes?.has('secret_scanning_alerts')
// : !scopes?.has('repo') && !scopes?.has('security_events')
// )
// ? DisabledStepReason.PERMISSION
// : DisabledStepReason.API_VERSION,
// },
[Steps.FETCH_SECRET_SCANNING_ALERTS]: {
disabled: disabledSecretScanningAlerts,
disabledReason: (
isAppAuth
? !scopes?.has('secret_scanning_alerts')
: !scopes?.has('repo') && !scopes?.has('security_events')
)
? DisabledStepReason.PERMISSION
: DisabledStepReason.API_VERSION,
},
};
}
Loading
Loading