Marked netsparker as deprecated + updated documentation #1932

- renamed netsparker gradle subprojects
- changed documentation about new product integration

sechub-scan-product-netsparker/build.gradle → deprecated-sechub-scan-product-netsparker/build.gradle

@@ -8,7 +8,7 @@
 dependencies {
 
     implementation project(':sechub-scan')
-    implementation project(':sechub-adapter-netsparker')
+    implementation project(':deprecated-sechub-adapter-netsparker')
 
     testImplementation project(':sechub-testframework')
 }

gradle/projects.gradle

@@ -51,7 +51,7 @@ projectType = [
             /* adapter projects - have simple spring dependencies, but know only sechub-adapter as base */
             springBootAdapterProjects: [
                     project(':sechub-adapter'),
-                    project(':sechub-adapter-netsparker'),
+                    project(':deprecated-sechub-adapter-netsparker'),
                     project(':sechub-adapter-nessus'),
                     project(':sechub-adapter-checkmarx'),
                     project(':sechub-adapter-pds'),
@@ -74,7 +74,7 @@ projectType = [
                     project(':sechub-shared-kernel'),
 
                     project(':sechub-scan'),
-                    project(':sechub-scan-product-netsparker'),
+                    project(':deprecated-sechub-scan-product-netsparker'),
                     project(':sechub-scan-product-nessus'),
                     project(':sechub-scan-product-checkmarx'),
                     project(':sechub-scan-product-sereco'),

sechub-doc/src/docs/asciidoc/documents/config.adoc

@@ -16,6 +16,7 @@
 :webPage: https://mercedes-benz.github.io/sechub
 :sechub: SecHub
 :pds: PDS
+:pds-solutions-projectsite: {projectSite}/tree/develop/sechub-pds-solutions
 
 :launchServerPackageName: com.mercedesbenz.sechub
 :launchServerClassName: SecHubServerApplication

sechub-doc/src/docs/asciidoc/documents/shared/infrastructure/infra_security_products.adoc

@@ -2,19 +2,16 @@
 [[section-infrastructure-setup-security-products]]
 === Security product integrations
 
-[NOTE]
-====
-This lists all currently supported products. The list will grow in future
-and we will also make the product usage more configurable!
+==== PDS solutions
+{sechub} provides multiple security products via the {pds} (product delegation server) containerized
+and also K8s ready (helm charts). These solutions are always cluster ready and work "out of the box".
 
-For details about the product configurations please refer also product relevant
-<<link-gen-systemproperties,system properties>>
-====
+Please visit {pds-solutions-projectsite} for details and a complete list of supported products. 
 
-include::products/07_03_01_infra_security_products_netsparker.adoc[]
+include::products/07_03_99_infra_security_products_sereco.adoc[]
 
 include::products/07_03_02_infra_security_products_checkmarx.adoc[]
 
-include::products/07_03_03_infra_security_products_nessus.adoc[]
+include::products/07_03_01_infra_security_products_netsparker.adoc[]
 
-include::products/07_03_99_infra_security_products_sereco.adoc[]
+include::products/07_03_03_infra_security_products_nessus.adoc[]

sechub-doc/src/docs/asciidoc/documents/shared/infrastructure/products/07_03_01_infra_security_products_netsparker.adoc

@@ -2,6 +2,11 @@
 [[section-infrastructure-setup-security-products-netsparker]]
 
 ==== Netsparker
+[WARNING]
+====
+Netsparker support is deprecated and will vanish. As a replacement we have:
+{pds-solutions-projectsite}/owasp-zap
+====
 Netsparker is a web scanner.
 
 see https://www.netsparker.com

sechub-doc/src/docs/asciidoc/documents/shared/infrastructure/products/07_03_02_infra_security_products_checkmarx.adoc

@@ -3,6 +3,13 @@
 
 ==== Checkmarx
 
+[NOTE]
+====
+Currently we provide Checkmarx as direct product inside {sechub} and also as a {pds} solution. The aim is to
+provide Checkmarx only as pds} solution in future. So the direct product integration will vanish.
+====
+
+
 Static code analyzer
 see http://www.checkmarx.com/
 

sechub-doc/src/docs/asciidoc/documents/techdoc/09_01_howto_integrate_a_new_product.adoc

@@ -2,81 +2,32 @@
 [[section-howto-integrate-a-new-product]]
 === Howto integrate a new product
 
-[[section-howtos-write-a-new-adapter]]
-==== Write a new adapter
-When you want to write a new adapter you should should base on an existing one.
-
-Here is an easy to go list:
-
-
-===== Copy an existing adapter subproject
-
-NOTE: As an example you could use existing subproject `sechub-adapter-netsparker` as copy base
-
-* Copy the existing adapter subproject and rename it adequate in
-  filesystem
-
-* After this add the new subproject id to
- - `settings.gradle`
- - `projects.gradle` here you should add the project to the section where other adapters are already set
- - `sechub-server/build.gradle` add the new project as dependency there!
-
-===== Reimport into IDE
-- Reimpoirt the new subproject into your IDE - in eclipse you can
-use `EGradle -> Reimport`.
-
-===== Rename packages
-- Use your IDE to rename package of the adapter so you have your own namespace - e.g.
-when using `com.mercedesbenz.sechub.adapter.netsparker` and you want to create an adapter
-for `hubabuba` you should rename the package to `com.mercedesbenz.sechub.adapter.hubabuba`.
-
-===== Rename Classes
-- Use your IDE to rename classes, interfaces and enums. When you have copied project `Netsparker adapter`
-and wanting to support `Hubabuba` you have to replace all name parts containing `Netsparker` with `Hubabuba`.
-This will help you to have `Config`, `ConfigBuilder` and many more classes out of the box.
-
-===== Rewrite Mockadapter
-- Normally mock adapter implementation do just return an example file (e.g. XML or JSON) as a result. So this has to be done
-  for the new adapter as well - means another file must be returned.
-
-===== Rewrite Adapter logic
-Cleanup the old adapter implementation parts and start recreating
-
-===== Adapt TestApplication
-- Every adapter should contain an own simple test application having a simple main application where the adapter can be tested
-without spring container startup etc. So very fast and simple to use, without dependencies to other `{sechub}` parts
-
-==== Write a new product executor
-
-It's the same as described at <<section-howtos-write-a-new-adapter>>: Just copy an existing product executor subproject.
-
-NOTE: As an example you could use existing subproject `sechub-scan-product-netsparker` as copy base
-
-But some additional parts have to be done:
-
-- Always think about the kind of <<sechub-concept-installsetup,InstallSetup>> implementation you want to use!
-  Depending of the target type (intranet, internet) some products must
-  are installed twice or need an special identifier to identify another logic or profile
-  to handle the target correctly. The easiest way is to copy an existing product executor
-  having the same beaviour/installation setup as the new one. +
-  For details see architecture documentation and search for
-  `Automatic Target resolving and calling of adapters` and/or
-  check class hierarchy and javadoc of `InstallSetup`.
-- change all `@value` annotation keys to adequate names, use only fields necessary and remove uninteresting parts
-
-==== Extend SERECO to support the new product
-<<section-infrastructure-setup-security-products-sereco,Sereco>> (`SecHub Report Collector`) must
-be able to extract all necessary data from product results got from
-product executors and merge it into its own meta model. After this `Sereco` will provide a
-report which will be transmitted back to user request.
-
-So we have to write an product importer by implementing `com.mercedesbenz.sechub.sereco.importer.ProductResultImporter`.
-Of course can use an existing importer as a template.
-
-==== Adopt and write tests
-Copied tests from adapter and product executors must be (of course) adapted as well.
-Either remove them or use the existing tests as a template to write your own tests.
-
-You should also write at least one integration test inside `sechub-integrationtest` to check that the sever is using the mocked adapter
-and `SERECO` is returning an expected traffic light and also the correct details.
+At the beginning of {sechub} it was always necessary to implement a new product adapter (in Java), create 
+a new product executor (in Java) and create new product result importer (also in Java).
+
+*Those days are gone*. Nowadays we are shifting every new product into a {pds} (product delegation server)
+ solution. For {pds} we have an already existing {pds} adapter (the logic to communicate with {pds})
+ which is used always.
+
+
+[IMPORTANT]
+====
+At the moment we have still some direct product adapters. Some are marked as deprecated and will
+vanish. Others will be replaced by PDS solutions.
+
+In the future there shall be only two products which have dedicated adapter implementations: SERECO and {pds}.
+====
+
+For every existing type of scan there is a dedicated {pds} product executor available. When the security 
+product is able to produce SARIF output, we are able to import this already.
+You can find multiple existing solutions and more details at {pds-solutions-projectsite}.
+
+[NOTE]
+====
+In the best case scenario there is no need to write anything in Java - we copy an existing
+pds-solution to a new folder name, make some necessary adjustments, change the caller script and we are done...
+ 
+Only when a product result is not already supported by SERECO ({sechub} report collector), 
+we must write a special `ProductResultImporter`.
+====
 

sechub-other/examples/integrationtest/localhost/mocked-products/sechub-codescan-green.json

@@ -11,15 +11,15 @@
             "folders": ["sechub-adapter/src/main/java",
                         "sechub-adapter-checkmarx/src/main/java",
                         "sechub-adapter-nessus/src/main/java",
-                        "sechub-adapter-netsparker/src/main/java",
+                        "deprecated-sechub-adapter-netsparker/src/main/java",
                         "sechub-administration/src/main/java",
                         "sechub-authorization/src/main/java",
                         "sechub-cli/src",
                         "sechub-notification/src/main/java",
                         "sechub-scan/src/main/java",
                         "sechub-scan-product-checkmarx/src/main/java",
                         "sechub-scan-product-nessus/src/main/java",
-                        "sechub-scan-product-netsparker/src/main/java",
+                        "deprecated-sechub-scan-product-netsparker/src/main/java",
                         "sechub-scan-product-sereco/src/main/java",
                         "sechub-schedule/src/main/java",
                         "sechub-sereco/src/main/java",

sechub-scan/build.gradle

@@ -8,7 +8,7 @@
 dependencies {
 
     api project(':sechub-shared-kernel')
-    implementation project(':sechub-adapter') // we use this dependency to provide common adapter support for dedicated scan projects (e.g. sechub-scan-product-netsparker)
+    implementation project(':sechub-adapter') // we use this dependency to provide common adapter support for dedicated scan projects
     implementation library.springboot_starter_thymeleaf
 
     testImplementation project(':sechub-testframework')

sechub-scan/src/main/java/com/mercedesbenz/sechub/domain/scan/product/ProductIdentifier.java

@@ -20,6 +20,7 @@ public enum ProductIdentifier {
     /**
      * Webscanner
      */
+    @Deprecated
     NETSPARKER(ProductType.WEBSCAN),
 
     /**

sechub-server-core/build.gradle

@@ -12,7 +12,7 @@ dependencies {
     api project(':sechub-administration')
     api project(':sechub-notification')
     api project(':sechub-scan')
-    api project(':sechub-scan-product-netsparker')
+    api project(':deprecated-sechub-scan-product-netsparker')
     api project(':sechub-scan-product-nessus')
     api project(':sechub-scan-product-sereco')
     api project(':sechub-scan-product-checkmarx')

sechub-server-core/src/main/java/com/mercedesbenz/sechub/server/core/build.gradle

@@ -12,7 +12,7 @@ dependencies {
     api project(':sechub-administration')
     api project(':sechub-notification')
     api project(':sechub-scan')
-    api project(':sechub-scan-product-netsparker')
+    api project(':deprecated-sechub-scan-product-netsparker')
     api project(':sechub-scan-product-nessus')
     api project(':sechub-scan-product-sereco')
     api project(':sechub-scan-product-checkmarx')

settings.gradle

@@ -29,15 +29,15 @@ include 'sechub-cli',
 /* server parts */
 'sechub-schedule',
 'sechub-scan',
-'sechub-scan-product-netsparker',
+'deprecated-sechub-scan-product-netsparker',
 'sechub-scan-product-nessus',
 'sechub-scan-product-checkmarx',
 'sechub-scan-product-sereco',
 'sechub-scan-product-pds',
 
 // adapters
 'sechub-adapter',
-'sechub-adapter-netsparker',
+'deprecated-sechub-adapter-netsparker',
 'sechub-adapter-nessus',
 'sechub-adapter-checkmarx',
 'sechub-adapter-pds',