Start a scan via web UI (#3767)

* Restructured pages and added create scan component #1900
* Added buttons and file input #1900
* Create configuration from user input #1900
* Added scan function and data upload api for source code and binaries #1900
* Added test setup #1900
* Added encryption ENV to docker images (local), refactored code #1900

sechub-pds-solutions/checkmarx/env

@@ -12,3 +12,5 @@ BUILD_TYPE=download
 # The Checkmarx Wrapper version to use
 # See: https://github.com/mercedes-benz/sechub/releases
 CHECKMARX_WRAPPER_VERSION="1.3.0"
+PDS_ENCRYPTION_ALGORITHM="NONE"
+PDS_ENCRYPTION_SECRET_KEY=""

sechub-pds-solutions/findsecuritybugs/env

@@ -2,3 +2,5 @@
 FINDSECURITYBUGS_VERSION="1.13.0"
 # The Spotbugs version to use. See https://github.com/spotbugs/spotbugs/releases
 SPOTBUGS_VERSION="4.8.3"
+PDS_ENCRYPTION_ALGORITHM="NONE"
+PDS_ENCRYPTION_SECRET_KEY=""

sechub-pds-solutions/gitleaks/env

@@ -16,3 +16,5 @@ BUILD_TYPE=download
 # The Secret-Validation Wrapper version to use
 # See: https://github.com/mercedes-benz/sechub/releases
 SECRETVALIDATION_WRAPPER_VERSION="1.1.0"
+PDS_ENCRYPTION_ALGORITHM="NONE"
+PDS_ENCRYPTION_SECRET_KEY=""

sechub-pds-solutions/gosec/env

@@ -1,2 +1,4 @@
 # See: https://github.com/securego/gosec/releases
 GOSEC_VERSION="2.16.0"
+PDS_ENCRYPTION_ALGORITHM="NONE"
+PDS_ENCRYPTION_SECRET_KEY=""

sechub-pds-solutions/iac/env

@@ -2,3 +2,5 @@
 # uncomment to use local image
 # BASE_IMAGE="pds-base_pds"
 KICS_VERSION="2.1.3"
+PDS_ENCRYPTION_ALGORITHM="NONE"
+PDS_ENCRYPTION_SECRET_KEY=""

sechub-pds-solutions/owaspzap/env

@@ -22,3 +22,5 @@ PDS_CONFIG_EXECUTE_WORKER_THREAD_COUNT=1
 #ZAP_PROXY_HOST=127.0.0.1
 #ZAP_PROXY_PORT=9999
 ZAP_PROXY_FOR_PDS_TARGET_TYPE=INTERNET
+PDS_ENCRYPTION_ALGORITHM="NONE"
+PDS_ENCRYPTION_SECRET_KEY=""

sechub-pds-solutions/prepare/env

@@ -37,4 +37,6 @@ PDS_PREPARE_MODULE_GIT_REMOVE_GIT_FILES_BEFORE_UPLOAD="true"
 PDS_PREPARE_MODULE_GIT_CLONE_WITHOUT_GIT_HISTORY="true"
 # SKOPEO
 # Enable/ Disable skopeo module
-PDS_PREPARE_MODULE_SKOPEO_ENABLED="true"
+PDS_PREPARE_MODULE_SKOPEO_ENABLED="true"
+PDS_ENCRYPTION_ALGORITHM="NONE"
+PDS_ENCRYPTION_SECRET_KEY=""

sechub-pds-solutions/scancode/env

@@ -5,3 +5,5 @@ SCANCODE_VERSION="32.0.4"
 SPDX_TOOL_VERSION="1.1.7"
 
 PDS_MAX_FILE_UPLOAD_BYTES=26214400000
+PDS_ENCRYPTION_ALGORITHM="NONE"
+PDS_ENCRYPTION_SECRET_KEY=""

sechub-pds-solutions/tern/env

@@ -5,3 +5,5 @@ TERN_VERSION="2.12.1"
 SCANCODE_VERSION="32.0.4"
 
 PDS_MAX_FILE_UPLOAD_BYTES=26214400000
+PDS_ENCRYPTION_ALGORITHM="NONE"
+PDS_ENCRYPTION_SECRET_KEY=""

sechub-pds-solutions/xray/env

@@ -15,3 +15,5 @@ BUILD_TYPE=download
 # The Xray Wrapper version to use
 # See: https://github.com/mercedes-benz/sechub/releases
 XRAY_WRAPPER_VERSION="1.0.0"
+PDS_ENCRYPTION_ALGORITHM="NONE"
+PDS_ENCRYPTION_SECRET_KEY=""

sechub-solution/docker/SecHub-Debian.dockerfile

@@ -13,7 +13,7 @@ ARG BASE_IMAGE
 ARG TARGETARCH
 
 # Build args
-ARG BUILD_TYPE="download"
+ARG BUILD_TYPE
 
 ARG SECHUB_VERSION
 ARG TAG=""

sechub-web-ui/.env

@@ -5,6 +5,7 @@
 VITE_API_HOST=http://localhost:3000
 
 # Optional variables needed for testing with SecHub Server Basic Auth
+# Note: if your password includes special characters e.g. $ you must write /$
 VITE_API_LOCAL_DEV=false
 VITE_API_USER='example-test-user'
 VITE_API_PASSWORD='example-api-token'

sechub-web-ui/README.md

@@ -40,22 +40,44 @@ To start the development server with hot-reload, run the following command. The
 npm run dev
 ```
 
-> If you receive an empty page, do a reload (sometimes it needs a little bit of time until everything is setup correctly)
+> If you receive an empty page or buttons do not work, do a reload (sometimes it needs a little bit of time until everything is setup correctly)
 
 > Add NODE_OPTIONS='--no-warnings' to suppress the JSON import warnings that happen as part of the Vuetify import mapping. If you are on Node [v21.3.0](https://nodejs.org/en/blog/release/v21.3.0) or higher, you can change this to NODE_OPTIONS='--disable-warning=5401'. If you don't mind the warning, you can remove this from your package.json dev script.
 
-#### Running in Development mode with sechub for testing
+#### Running in Development mode with SecHub Integrationtest Server for testing
 
-1. Start SecHub Integration Test Server (or Docker Server)
+1. Start SecHub Integration Test Server (or Docker Server)  
+(for the correct run configuration follow the [developer guide](https://mercedes-benz.github.io/sechub/latest/sechub-developer-quickstart-guide.html#run-integration-tests-from-ide))
 2. Configure your `.env.local` file by copying `.env` to `.env.local` and adjusting the variables as needed.
 Set `VITE_API_LOCAL_DEV=true`
 Set `VITE_API_USER` to your SecHub user
 Set `VITE_API_PASSWORD` to your SecHub Api Token
 3. Set `VITE_API_HOST` to the URL of your application http://localhost:3000 - this is because of the proxy defined in the Vite dev server to avoid CORS Issues
 4. Start the SPA in Development mode (npm run dev)
+5. (Optional) See the /test-setups/setup-integration-test-server.sh script for setups (please note: the executor is only needed when PDS is used)
 
 Happy Testing!
 
+#### Running in Development mode with SecHub Integrationtest Server and PDS Integrationtest Server (using Mocked scan products)
+> Only useful If you want to get mocked scan results
+1. Follow the steps above
+2. Start the integration test PDS  
+(for the correct run configuration follow the [developer guide](https://mercedes-benz.github.io/sechub/latest/sechub-developer-quickstart-guide.html#run-integration-tests-from-ide))
+3. (Optional) Initial setup: execute /test-setups/setup-integration-test-server.sh
+
+#### Running in Development mode with SecHub Server and PDS as Docker Container
+> Only useful If you want to get real scan results
+1. Start the SecHub Server as Docker Container (see sechub-solution/01-...)
+2. Start the required PDS as Docker (e.g. sechub-pds-solutions/gosec/05-...)
+3. Set up PDS in sechub-solution/setups/ e.g. setup-gosec.sh
+4. Configure your `.env.local` file by copying `.env` to `.env.local` and adjusting the variables as needed.
+Set `VITE_API_LOCAL_DEV=true`
+Set `VITE_API_USER` to your SecHub user
+Set `VITE_API_PASSWORD` to your SecHub Api Token
+5. Make sure your user is assigned to the project you want to scan
+
+Now you can test your web-ui with sechub and real scans!
+
 ### Building for Production
 
 Set Environment Variables:

sechub-web-ui/package.json

@@ -12,15 +12,18 @@
     "@mdi/font": "7.4.47",
     "@openapitools/openapi-generator-cli": "^2.15.3",
     "core-js": "^3.37.1",
+    "crypto-js": "^4.2.0",
     "pinia": "^2.3.0",
     "roboto-fontface": "*",
+    "uuid": "^11.0.3",
     "vue": "^3.4.31",
     "vue-i18n": "^10.0.5",
     "vuetify": "^3.6.11"
   },
   "devDependencies": {
     "@babel/types": "^7.24.7",
     "@intlify/unplugin-vue-i18n": "^6.0.0",
+    "@types/crypto-js": "^4.2.2",
     "@types/node": "^20.14.10",
     "@vitejs/plugin-vue": "^5.0.5",
     "@vue/eslint-config-typescript": "^13.0.0",

sechub-web-ui/src/components.d.ts

@@ -13,8 +13,13 @@ declare module 'vue' {
     Project: typeof import('./components/Project.vue')['default']
     ProjectDetails: typeof import('./components/ProjectDetails.vue')['default']
     ProjectDetailsFab: typeof import('./components/ProjectDetailsFab.vue')['default']
+    ProjectJobList: typeof import('./components/ProjectJobList.vue')['default']
     ProjectsList: typeof import('./components/ProjectsList.vue')['default']
     RouterLink: typeof import('vue-router')['RouterLink']
     RouterView: typeof import('vue-router')['RouterView']
+    ScanCreate: typeof import('./components/ScanCreate.vue')['default']
+    ScanFileUpload: typeof import('./components/ScanFileUpload.vue')['default']
+    ScanFileUploadTest: typeof import('./components/ScanFileUploadTest.vue')['default']
+    ScanTypeSelect: typeof import('./components/ScanTypeSelect.vue')['default']
   }
 }

sechub-web-ui/src/components/AppHeader.vue

@@ -54,7 +54,7 @@
 </template>
 
 <script setup lang="ts">
-  const username = 'Erika Mustermann'
+  const username = 'SecHub User'
 </script>
 
 <style scoped>