diff --git a/docs/latest/images/diagram_encryption_pds.svg b/docs/latest/images/diagram_encryption_pds.svg new file mode 100644 index 0000000000..8d9f21c209 --- /dev/null +++ b/docs/latest/images/diagram_encryption_pds.svg @@ -0,0 +1 @@ +com.mercedesbenz.sechub.commons.encryptioncom.mercedesbenz.sechub.pdsencryptionjobPersistentCipherFactoryPersistentCipherEncryptionSupportPDSStartupAssertEnvironmentVariablesUsedPDSEncryptionConfigurationPDSEncryptionServicePDSCreateJobServicePDSJobConfigurationAccess \ No newline at end of file diff --git a/docs/latest/images/diagram_encryption_sechub_config.png b/docs/latest/images/diagram_encryption_sechub_config.png new file mode 100644 index 0000000000..ee267b7ebd Binary files /dev/null and b/docs/latest/images/diagram_encryption_sechub_config.png differ diff --git a/docs/latest/images/diagram_encryption_sechub_use_of_commons.png b/docs/latest/images/diagram_encryption_sechub_use_of_commons.png new file mode 100644 index 0000000000..1781ee588a Binary files /dev/null and b/docs/latest/images/diagram_encryption_sechub_use_of_commons.png differ diff --git a/docs/latest/images/diagram_pds_events_storage.svg b/docs/latest/images/diagram_pds_events_storage.svg index f60aa33e0f..335f19d0ff 100644 --- a/docs/latest/images/diagram_pds_events_storage.svg +++ b/docs/latest/images/diagram_pds_events_storage.svg @@ -1 +1 @@ -$workspace/$jobUUID/eventsPDS-Job-QueuelauncherScriptEvent FilePDSWorkspaceServicevoid sendEvent(UUID jobUUID, ExecutionEventType eventType,ExecutionEventData eventData)ExecutionEventData fetchEventDataOrNull(UUID jobUUID, ExecutionEventType eventType) {ExecutionEventDataPDSExecutionCallableFactoryPDSExecutionCallablePDSBatchTriggerServicevoid triggerExecutionOfNextJob()PDSJobCancelTriggerServicevoid triggerHandleCancelRequests()PDSCancelServicevoid handleJobCancelRequests()PDSExecutionServiceInside the event folder we havefiles with name pattern"${eventTypeName}.json". Someevents have only one file.Remark: Currently not implemented,but if an event type shall supports multiplefiles in fture the name pattern shall be:"${eventTypeName}[${nr}].json"cancel job by job UUIDcreatescreates/useswrites/reads event filesinto workspace foldercontains files whichhave JSOn contentcan readcreates processprepares workspace, sends eventscallsuses \ No newline at end of file +$workspace/$jobUUID/eventsPDS-Job-QueuelauncherScriptEvent FilePDSWorkspaceServicevoid sendEvent(UUID jobUUID, ExecutionEventType eventType,ExecutionEventData eventData)ExecutionEventData fetchEventDataOrNull(UUID jobUUID, ExecutionEventType eventType) {ExecutionEventDataPDSExecutionCallableFactoryPDSExecutionCallablePDSBatchTriggerServicevoid triggerExecutionOfNextJob()PDSJobCancelTriggerServicevoid triggerHandleCancelRequests()PDSCancelServicevoid handleJobCancelRequests()PDSExecutionServiceInside the event folder we havefiles with name pattern"${eventTypeName}.json". Someevents have only one file.Remark: Currently not implemented,but if an event type shall supports multiplefiles in future the name pattern shall be:"${eventTypeName}[${nr}].json"cancel job by job UUIDcreatescreates/useswrites/reads event filesinto workspace foldercontains files whichhave JSOn contentcan readcreates processprepares workspace, sends eventscallsuses \ No newline at end of file diff --git a/docs/latest/images/diagram_sechub_job_cancellation.svg b/docs/latest/images/diagram_sechub_job_cancellation.svg index 02671e84c8..c4053637ef 100644 --- a/docs/latest/images/diagram_sechub_job_cancellation.svg +++ b/docs/latest/images/diagram_sechub_job_cancellation.svg @@ -1 +1 @@ -Event Nr.Message IDWhat happens at this event ?A1START_SCANScan - runningB1REQUEST_SCHEDULER_JOB_STATUSScan - periodic inspection if scheduler job marked as cancel requestedC1REQUEST_JOB_CANCELLATIONCancel request startedD1CANCELLATION_RUNNINGCancel scan running/ ongoingE1PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONEProduct execucutor cancel operations have finished (post processing donecom.mercedesbenz.sechub.domain.schedulecom.mercedesbenz.sechub.sharedkernelcom.mercedesbenz.sechub.domain.scancom.mercedesbenz.sechub.domain.administrationcom.mercedesbenz.sechub.domain.notification«Entity»ScheduleSecHubJobExecutionStateINITIALIZINGREADY_TO_STARTSTARTEDCANCEL_REQUESTEDCANCELEDENDEDExecutionResultNONEOKFAILEDSynchronSecHubJobExecutorSchedulerJobStatusRequestHandlerScheduleJobLauncherServiceSchedulerJobBatchTriggerServiceScheduleMessagehandlerhandleCancelJobRequested()SchedulerCancelJobServiceThe steps- D*are only triggered when the SecHub job hasthe execution result NONE.The execution state isnotinspected.DomainMessageServiceEventBus«Entity»ProductResultUUID uuidUUID secHubJobUUIDUUID productExecutorConfigUUIDString resultString messagesString metaDataLocalDateTime startedLocalDateTime endedSecHubExecutionContextmarkCancelRequested()ScanProgressMonitorProductExecutorList<ProductResult> execute(SecHubExecutionContext context, ProductExecutorContext executorContext)ScanServicestartScan()ScanJobExecutorScanJobExecutionRunnableScanJobCancellationRunnableAdapterAdapterExecutionResult start(C config, AdapterMetaDataCallback callback)boolean cancel(C config, AdapterMetaDataCallback callback)ProductExecutionStoreServiceexecuteProductsAndStoreResults(SecHubExecutionContext context)AbstractProductExecutionServiceAbstractProductExecutorCanceableProductExecutorboolean cancel(ProductExecutorData data)ScanJobRunnableDataProductExecutorDataSecHubExecutionHistorySecHubExecutionHistoryElementThe scan job executor is central point ofthe scan steep in scan domain.It does the start of the scan itself anddoes also periodically the inspect the schedulerjob status via event busExecutorThreadCancellationThreadJobAdministrationRestControllerJobAdministrationMessageHandlerJobCancelServiceNotificationMessageHandlerProcuctIs used to have eventcommunications between domainssends async REQUEST_JOB_CANCELLATION (C1)sends async CANCELLATION_RUNNING (D1)sends async CANCELLATION_RUNNING (D1)stores resultusescalls cancel servicebecause of C2marks as CANCEL_REQUESTED (C3)callssends async CANCELLATION_RUNNING (D1)sends async REQUEST_JOB_CANCELLATION (C1)receives "PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE" (E1) ASYNCHRONsends synch REQUEST_SCHEDULER_JOB_STATUS (B1)set SecHub job finally as CANCELEDcreatesusesstores resultsusescallsusesconfigures and usesusescreates + uses (A3)runsinterrupts ExecutorThreadwhen being canceled.This immediately interrupts all product calls hard.runscreatescancelsstartscreates if necessarystarts when necessarycreates contextcreatesmarks as cancel requestedso available in product executorscallsuses information aboutproduct executors and datasends "START_SCAN" (A1) SYNCHRONsends synchron REQUEST_SCHEDULER_JOB_STATUS (B1)and receives job statusrecevies "START_SCAN" (A2) SYNCHRON (returns result)communicationsends "PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE" (E1) ASYNCHRON \ No newline at end of file +Event Nr.Message IDWhat happens at this event ?A1START_SCANScan - runningB1REQUEST_SCHEDULER_JOB_STATUSScan - periodic inspection if scheduler job marked as cancel requestedC1REQUEST_JOB_CANCELLATIONCancel request startedD1CANCELLATION_RUNNINGCancel scan running/ ongoingE1PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONEProduct execucutor cancel operations have finished (post processing donecom.mercedesbenz.sechub.domain.schedulecom.mercedesbenz.sechub.sharedkernelcom.mercedesbenz.sechub.domain.scancom.mercedesbenz.sechub.domain.administrationcom.mercedesbenz.sechub.domain.notification«Entity»ScheduleSecHubJobExecutionStateINITIALIZINGREADY_TO_STARTSTARTEDCANCEL_REQUESTEDCANCELEDENDEDExecutionResultNONEOKFAILEDSynchronSecHubJobExecutorSchedulerJobStatusRequestHandlerScheduleJobLauncherServiceSchedulerJobBatchTriggerServiceScheduleMessagehandlerhandleCancelJobRequested()SchedulerCancelJobServiceThe steps- D*are only triggered when the SecHub job hasthe execution result NONE.The execution state isnotinspected.DomainMessageServiceEventBus«Entity»ProductResultUUID uuidUUID secHubJobUUIDUUID productExecutorConfigUUIDString resultString messagesString metaDataLocalDateTime startedLocalDateTime endedSecHubExecutionContextmarkCancelRequested()ScanProgressMonitorProductExecutorList<ProductResult> execute(SecHubExecutionContext context, ProductExecutorContext executorContext)ScanServicestartScan()ScanJobExecutorScanJobExecutionRunnableScanJobCancellationRunnableAdapterAdapterExecutionResult start(C config, AdapterMetaDataCallback callback)boolean cancel(C config, AdapterMetaDataCallback callback)ProductExecutionStoreServiceexecuteProductsAndStoreResults(SecHubExecutionContext context)AbstractProductExecutionServiceAbstractProductExecutorCanceableProductExecutorboolean cancel(ProductExecutorData data)ScanJobRunnableDataProductExecutorDataSecHubExecutionHistorySecHubExecutionHistoryElementThe scan job executor is central point ofthe scan steep in scan domain.It does the start of the scan itself anddoes also periodically the inspect the schedulerjob status via event busExecutorThreadCancellationThreadJobAdministrationRestControllerJobAdministrationMessageHandlerJobCancelServiceNotificationMessageHandlerProcuctIs used to have eventcommunications between domainssends async REQUEST_JOB_CANCELLATION (C1)sends async CANCELLATION_RUNNING (D1)sends async CANCELLATION_RUNNING (D1)stores resultusescalls cancel servicebecause of C2marks as CANCEL_REQUESTED (C3)callssends async CANCELLATION_RUNNING (D1)sends async REQUEST_JOB_CANCELLATION (C1)receives "PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE" (E1) ASYNCHRONsends synch REQUEST_SCHEDULER_JOB_STATUS (B1)set SecHub job finally as CANCELEDcreatesusesstores resultsusescallsusesconfigures and usesusescreates + uses (A3)runsinterrupts ExecutorThreadwhen being canceled.This immediately interrupts all product calls hard.runscreatescancelsstartscreates if necessarystarts when necessarycreates contextcreatesmarks as cancel requestedso available in product executorscallsuses information aboutproduct executors and datasends "START_SCAN" (A1) SYNCHRONsends synchron REQUEST_SCHEDULER_JOB_STATUS (B1)and receives job statusrecevies "START_SCAN" (A2) SYNCHRON (returns result)communicationsends "PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE" (E1) ASYNCHRON \ No newline at end of file diff --git a/docs/latest/images/diagram_target_architecture.svg b/docs/latest/images/diagram_target_architecture.svg index 5ce19c0f7d..107f3308c1 100644 --- a/docs/latest/images/diagram_target_architecture.svg +++ b/docs/latest/images/diagram_target_architecture.svg @@ -1 +1 @@ -ProductExecutorList<ProductResult> execute()ScanType getScanType()int getVersion()boolean isMultipleConfigurationAllowed()SerecoReportProductExecutorProductExecutorDataNetworkLocationProviderList<URI> getURIs();List<InetAddress> getInetAdresses();NetworkTargetProductServerDataProviderString getIdentifierWhenInternetTarget();String getIdentifierWhenIntranetTarget();String getBaseURLWhenInternetTarget();String getBaseURLWhenIntranetTarget();String getUsernameWhenInternetTarget();String getUsernameWhenIntranetTarget();String getPasswordWhenInternetTarget();String getPasswordWhenIntranetTarget();boolean hasUntrustedCertificateWhenIntranetTarget();boolean hasUntrustedCertificateWhenInternetTarget();NetworkTargetInfoNetworkTargetType getNetworkTargetType()Set<URI> getNetworkTargetURIs()Set<InetAddress> getNetworkTargetIPs()AbstractProductExecutorabstract void customize(ProductExecutorData data);abstract List<ProductResult> executeByAdapter(ProductExecutorData data)NetworkTargetResolverNetworkTarget resolveTarget(URI uri);NetworkTarget resolveTarget(InetAddress inetAdress);The base class for mostly all product executors (except for Sereco).The child classes must implmemnt the `customize` method andconfigure the product executor data object accordingly.It will handle automatically target specific partsfor scan types where it is necessary (WebScan, InfraScan).All other scan types (e.g. CodeScan) do notneed to setup specific product executor data(like NetworkLocationProvider).NetworkTargetgetURI()getInetAdress()NetworkTargetType getType()Represents a network targetto use for a dedicated network typeNetworkTargetTypeNetworkTargetRegistryNetworkTargetInfoFactoryNetworkTargetInfo createInfo()Represents (final) information about whichURIs /IPs are for a dedicated networktarget type (e.g. INTERNET).NetworkTargetProductServerDataSuppportString getIdentifier(NetworkTargetType target)boolean isAbletoScan(NetworkTargetType target)String getBaseURL(NetworkTargetType type)String getUserId(NetworkTargetType type)String getPassword(NetworkTargetType target)Data normally comes fromsechub configurationData normally comes from aninstall setupcreates + customizesusesuses data supportcreate+use (if necessary)create+use (if necessary)internally created + usedusesusescontains1nprovides \ No newline at end of file +ProductExecutorList<ProductResult> execute()ScanType getScanType()int getVersion()boolean isMultipleConfigurationAllowed()SerecoReportProductExecutorProductExecutorDataNetworkLocationProviderList<URI> getURIs();List<InetAddress> getInetAdresses();NetworkTargetProductServerDataProviderString getIdentifierWhenInternetTarget();String getIdentifierWhenIntranetTarget();String getBaseURLWhenInternetTarget();String getBaseURLWhenIntranetTarget();String getUsernameWhenInternetTarget();String getUsernameWhenIntranetTarget();String getPasswordWhenInternetTarget();String getPasswordWhenIntranetTarget();boolean hasUntrustedCertificateWhenIntranetTarget();boolean hasUntrustedCertificateWhenInternetTarget();NetworkTargetInfoNetworkTargetType getNetworkTargetType()Set<URI> getNetworkTargetURIs()Set<InetAddress> getNetworkTargetIPs()AbstractProductExecutorabstract void customize(ProductExecutorData data);abstract List<ProductResult> executeByAdapter(ProductExecutorData data)NetworkTargetResolverNetworkTarget resolveTarget(URI uri);NetworkTarget resolveTarget(InetAddress inetAdress);The base class for mostly all product executors (except for Sereco).The child classes must implmemnt the `customize` method andconfigure the product executor data object accordingly.It will handle automatically target specific partsfor scan types where it is necessary (WebScan, InfraScan).All other scan types (e.g. CodeScan) do notneed to setup specific product executor data(like NetworkLocationProvider).NetworkTargetgetURI()getInetAdress()NetworkTargetType getType()Represents a network targetto use for a dedicated network typeNetworkTargetTypeNetworkTargetRegistryNetworkTargetInfoFactoryNetworkTargetInfo createInfo()Represents (final) information about whichURIs /IPs are for a dedicated networktarget type (e.g. INTERNET).NetworkTargetProductServerDataSuppportString getIdentifier(NetworkTargetType target)boolean isAbletoScan(NetworkTargetType target)String getBaseURL(NetworkTargetType type)String getUserId(NetworkTargetType type)String getPassword(NetworkTargetType target)Data normally comes fromsechub configurationData normally comes from aninstall setupcreates + customizesusesuses data supportcreate+use (if necessary)create+use (if necessary)internally created + usedusesusescontains1nprovides \ No newline at end of file diff --git a/docs/latest/images/eclipse-java-formatter-activate.png b/docs/latest/images/eclipse-java-formatter-activate.png new file mode 100644 index 0000000000..0cd3f69c4e Binary files /dev/null and b/docs/latest/images/eclipse-java-formatter-activate.png differ diff --git a/docs/latest/images/eclipse-java-formatter-import.png b/docs/latest/images/eclipse-java-formatter-import.png new file mode 100644 index 0000000000..cf216a12d3 Binary files /dev/null and b/docs/latest/images/eclipse-java-formatter-import.png differ diff --git a/docs/latest/images/event_overview_uc_admin_enables_scheduler_job_processing.svg b/docs/latest/images/event_overview_uc_admin_enables_scheduler_job_processing.svg index 104018dda4..eae359746b 100644 --- a/docs/latest/images/event_overview_uc_admin_enables_scheduler_job_processing.svg +++ b/docs/latest/images/event_overview_uc_admin_enables_scheduler_job_processing.svg @@ -1 +1 @@ -UC_ADMIN_ENABLES_SCHEDULER_JOB_PROCESSINGadministrationnotificationschedule0executedREQUEST_SCHEDULER_ENABLE_JOB_PROCESSING1SCHEDULER_JOB_PROCESSING_ENABLEDSCHEDULER_JOB_PROCESSING_ENABLED \ No newline at end of file +UC_ADMIN_ENABLES_SCHEDULER_JOB_PROCESSINGadministrationnotificationschedule0executedREQUEST_SCHEDULER_ENABLE_JOB_PROCESSING1SCHEDULER_JOB_PROCESSING_ENABLEDSCHEDULER_JOB_PROCESSING_ENABLED \ No newline at end of file diff --git a/docs/latest/images/event_overview_uc_admin_updates_auto_cleanup_configuration.svg b/docs/latest/images/event_overview_uc_admin_updates_auto_cleanup_configuration.svg index 2bc500512c..f1bbea3fc0 100644 --- a/docs/latest/images/event_overview_uc_admin_updates_auto_cleanup_configuration.svg +++ b/docs/latest/images/event_overview_uc_admin_updates_auto_cleanup_configuration.svg @@ -1 +1 @@ -UC_ADMIN_UPDATES_AUTO_CLEANUP_CONFIGURATIONadministrationscanschedule0executedAUTO_CLEANUP_CONFIGURATION_CHANGEDAUTO_CLEANUP_CONFIGURATION_CHANGEDAUTO_CLEANUP_CONFIGURATION_CHANGED \ No newline at end of file +UC_ADMIN_UPDATES_AUTO_CLEANUP_CONFIGURATIONadministrationscanschedule0executedAUTO_CLEANUP_CONFIGURATION_CHANGEDAUTO_CLEANUP_CONFIGURATION_CHANGEDAUTO_CLEANUP_CONFIGURATION_CHANGED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_analyze_scan_results_available.svg b/docs/latest/images/gen_domain_messaging_analyze_scan_results_available.svg index 69c0f2f816..dda30fb34e 100644 --- a/docs/latest/images/gen_domain_messaging_analyze_scan_results_available.svg +++ b/docs/latest/images/gen_domain_messaging_analyze_scan_results_available.svg @@ -1 +1 @@ -Communication detailsofmessage ANALYZE_SCAN_RESULTS_AVAILABLEscanstatisticEventBusAnalyticsProductExecutionServiceImplStatisticMessageHandler1ANALYZE_SCAN_RESULTS_AVAILABLE2ANALYZE_SCAN_RESULTS_AVAILABLE \ No newline at end of file +Communication detailsofmessage ANALYZE_SCAN_RESULTS_AVAILABLEscanstatisticEventBusAnalyticsProductExecutionServiceImplStatisticMessageHandler1ANALYZE_SCAN_RESULTS_AVAILABLE2ANALYZE_SCAN_RESULTS_AVAILABLE \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_auto_cleanup_configuration_changed.svg b/docs/latest/images/gen_domain_messaging_auto_cleanup_configuration_changed.svg index 8b3a03128c..d7347551f8 100644 --- a/docs/latest/images/gen_domain_messaging_auto_cleanup_configuration_changed.svg +++ b/docs/latest/images/gen_domain_messaging_auto_cleanup_configuration_changed.svg @@ -1 +1 @@ -Communication detailsofmessage AUTO_CLEANUP_CONFIGURATION_CHANGEDadministrationscanscheduleEventBusAdministrationConfigServiceJobAdministrationMessageHandlerScanMessageHandlerScheduleMessageHandler1AUTO_CLEANUP_CONFIGURATION_CHANGED2AUTO_CLEANUP_CONFIGURATION_CHANGED3AUTO_CLEANUP_CONFIGURATION_CHANGED4AUTO_CLEANUP_CONFIGURATION_CHANGED \ No newline at end of file +Communication detailsofmessage AUTO_CLEANUP_CONFIGURATION_CHANGEDschedulescanadministrationEventBusScheduleMessageHandlerScanMessageHandlerJobAdministrationMessageHandlerAdministrationConfigService1AUTO_CLEANUP_CONFIGURATION_CHANGED2AUTO_CLEANUP_CONFIGURATION_CHANGED3AUTO_CLEANUP_CONFIGURATION_CHANGED4AUTO_CLEANUP_CONFIGURATION_CHANGED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_binary_upload_done.svg b/docs/latest/images/gen_domain_messaging_binary_upload_done.svg index 9c1b12d5f9..e78e62ff66 100644 --- a/docs/latest/images/gen_domain_messaging_binary_upload_done.svg +++ b/docs/latest/images/gen_domain_messaging_binary_upload_done.svg @@ -1 +1 @@ -Communication detailsofmessage BINARY_UPLOAD_DONEschedulestatisticEventBusSchedulerBinariesUploadServiceStatisticMessageHandler1BINARY_UPLOAD_DONE2BINARY_UPLOAD_DONE \ No newline at end of file +Communication detailsofmessage BINARY_UPLOAD_DONEschedulestatisticEventBusSchedulerBinariesUploadServiceStatisticMessageHandler1BINARY_UPLOAD_DONE2BINARY_UPLOAD_DONE \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_get_encryption_status_schedule_domain.svg b/docs/latest/images/gen_domain_messaging_get_encryption_status_schedule_domain.svg new file mode 100644 index 0000000000..7e66b74efd --- /dev/null +++ b/docs/latest/images/gen_domain_messaging_get_encryption_status_schedule_domain.svg @@ -0,0 +1 @@ +Communication detailsofmessage GET_ENCRYPTION_STATUS_SCHEDULE_DOMAINscheduleadministrationEventBusScheduleEncryptionStatusServiceAdministrationEncryptionStatusService1GET_ENCRYPTION_STATUS_SCHEDULE_DOMAIN2GET_ENCRYPTION_STATUS_SCHEDULE_DOMAIN3RESULT_ENCRYPTION_STATUS_SCHEDULE_DOMAIN4 \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_job_cancellation_running.svg b/docs/latest/images/gen_domain_messaging_job_cancellation_running.svg index 757e8c6fcd..fc34b9ed83 100644 --- a/docs/latest/images/gen_domain_messaging_job_cancellation_running.svg +++ b/docs/latest/images/gen_domain_messaging_job_cancellation_running.svg @@ -1 +1 @@ -Communication detailsofmessage JOB_CANCELLATION_RUNNINGadministrationschedulenotificationEventBusJobAdministrationMessageHandlerSchedulerCancelJobServiceNotificationMessageHandler1JOB_CANCELLATION_RUNNING2JOB_CANCELLATION_RUNNING3JOB_CANCELLATION_RUNNING \ No newline at end of file +Communication detailsofmessage JOB_CANCELLATION_RUNNINGscheduleadministrationnotificationEventBusSchedulerCancelJobServiceJobAdministrationMessageHandlerNotificationMessageHandler1JOB_CANCELLATION_RUNNING2JOB_CANCELLATION_RUNNING3JOB_CANCELLATION_RUNNING \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_job_created.svg b/docs/latest/images/gen_domain_messaging_job_created.svg index 2d72d85371..66f8b00e84 100644 --- a/docs/latest/images/gen_domain_messaging_job_created.svg +++ b/docs/latest/images/gen_domain_messaging_job_created.svg @@ -1 +1 @@ -Communication detailsofmessage JOB_CREATEDschedulestatisticEventBusSchedulerCreateJobServiceStatisticMessageHandler1JOB_CREATED2JOB_CREATED \ No newline at end of file +Communication detailsofmessage JOB_CREATEDschedulestatisticEventBusSchedulerCreateJobServiceStatisticMessageHandler1JOB_CREATED2JOB_CREATED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_job_done.svg b/docs/latest/images/gen_domain_messaging_job_done.svg index 84dcb8a3a3..27bba06a8b 100644 --- a/docs/latest/images/gen_domain_messaging_job_done.svg +++ b/docs/latest/images/gen_domain_messaging_job_done.svg @@ -1 +1 @@ -Communication detailsofmessage JOB_DONEadministrationschedulestatisticEventBusJobAdministrationMessageHandlerSynchronSecHubJobExecutorStatisticMessageHandler1JOB_DONE2JOB_DONE3JOB_DONE \ No newline at end of file +Communication detailsofmessage JOB_DONEscheduleadministrationstatisticEventBusSynchronSecHubJobExecutorJobAdministrationMessageHandlerStatisticMessageHandler1JOB_DONE2JOB_DONE3JOB_DONE \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_job_execution_starting.svg b/docs/latest/images/gen_domain_messaging_job_execution_starting.svg index b4a9da9b6f..ece98e84ad 100644 --- a/docs/latest/images/gen_domain_messaging_job_execution_starting.svg +++ b/docs/latest/images/gen_domain_messaging_job_execution_starting.svg @@ -1 +1 @@ -Communication detailsofmessage JOB_EXECUTION_STARTINGschedulestatisticEventBusSynchronSecHubJobExecutorStatisticMessageHandler1JOB_EXECUTION_STARTING2JOB_EXECUTION_STARTING \ No newline at end of file +Communication detailsofmessage JOB_EXECUTION_STARTINGschedulestatisticEventBusSynchronSecHubJobExecutorStatisticMessageHandler1JOB_EXECUTION_STARTING2JOB_EXECUTION_STARTING \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_job_failed.svg b/docs/latest/images/gen_domain_messaging_job_failed.svg index 88a6f7f8c7..1b6c6e074e 100644 --- a/docs/latest/images/gen_domain_messaging_job_failed.svg +++ b/docs/latest/images/gen_domain_messaging_job_failed.svg @@ -1 +1 @@ -Communication detailsofmessage JOB_FAILEDadministrationschedulestatisticEventBusJobAdministrationMessageHandlerSynchronSecHubJobExecutorStatisticMessageHandler1JOB_FAILED2JOB_FAILED3JOB_FAILED \ No newline at end of file +Communication detailsofmessage JOB_FAILEDscheduleadministrationstatisticEventBusSynchronSecHubJobExecutorJobAdministrationMessageHandlerStatisticMessageHandler1JOB_FAILED2JOB_FAILED3JOB_FAILED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_job_restart_canceled.svg b/docs/latest/images/gen_domain_messaging_job_restart_canceled.svg index 7294b320e8..f872cc8855 100644 --- a/docs/latest/images/gen_domain_messaging_job_restart_canceled.svg +++ b/docs/latest/images/gen_domain_messaging_job_restart_canceled.svg @@ -1 +1 @@ -Communication detailsofmessage JOB_RESTART_CANCELEDschedulenotificationEventBusSchedulerRestartJobServiceNotificationMessageHandler1JOB_RESTART_CANCELED2JOB_RESTART_CANCELED \ No newline at end of file +Communication detailsofmessage JOB_RESTART_CANCELEDschedulenotificationEventBusSchedulerRestartJobServiceNotificationMessageHandler1JOB_RESTART_CANCELED2JOB_RESTART_CANCELED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_job_restart_triggered.svg b/docs/latest/images/gen_domain_messaging_job_restart_triggered.svg index 9b04162f22..12c8b74c3f 100644 --- a/docs/latest/images/gen_domain_messaging_job_restart_triggered.svg +++ b/docs/latest/images/gen_domain_messaging_job_restart_triggered.svg @@ -1 +1 @@ -Communication detailsofmessage JOB_RESTART_TRIGGEREDschedulenotificationEventBusSchedulerRestartJobServiceNotificationMessageHandler1JOB_RESTART_TRIGGERED2JOB_RESTART_TRIGGERED \ No newline at end of file +Communication detailsofmessage JOB_RESTART_TRIGGEREDschedulenotificationEventBusSchedulerRestartJobServiceNotificationMessageHandler1JOB_RESTART_TRIGGERED2JOB_RESTART_TRIGGERED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_job_started.svg b/docs/latest/images/gen_domain_messaging_job_started.svg index 13eaf0eb48..15c0657843 100644 --- a/docs/latest/images/gen_domain_messaging_job_started.svg +++ b/docs/latest/images/gen_domain_messaging_job_started.svg @@ -1 +1 @@ -Communication detailsofmessage JOB_STARTEDadministrationscheduleEventBusJobAdministrationMessageHandlerScheduleJobLauncherService1JOB_STARTED2JOB_STARTED \ No newline at end of file +Communication detailsofmessage JOB_STARTEDscheduleadministrationEventBusScheduleJobLauncherServiceJobAdministrationMessageHandler1JOB_STARTED2JOB_STARTED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_mapping_configuration_changed.svg b/docs/latest/images/gen_domain_messaging_mapping_configuration_changed.svg index d85fec5b91..576bffb675 100644 --- a/docs/latest/images/gen_domain_messaging_mapping_configuration_changed.svg +++ b/docs/latest/images/gen_domain_messaging_mapping_configuration_changed.svg @@ -1 +1 @@ -Communication detailsofmessage MAPPING_CONFIGURATION_CHANGEDadministrationscanEventBusUpdateMappingServiceScanMessageHandler1MAPPING_CONFIGURATION_CHANGED2MAPPING_CONFIGURATION_CHANGED \ No newline at end of file +Communication detailsofmessage MAPPING_CONFIGURATION_CHANGEDscanadministrationEventBusScanMessageHandlerUpdateMappingService1MAPPING_CONFIGURATION_CHANGED2MAPPING_CONFIGURATION_CHANGED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_overview.svg b/docs/latest/images/gen_domain_messaging_overview.svg index d18dd1bd77..121c718e1c 100644 --- a/docs/latest/images/gen_domain_messaging_overview.svg +++ b/docs/latest/images/gen_domain_messaging_overview.svg @@ -1 +1 @@ -Overviewof domainmessagingadministrationscanauthorizationschedulestatisticnotificationEventBusadministrationscanauthorizationschedulestatisticnotification1START_SCAN2START_SCANalt[success]3SCAN_DONE[failure]4SCAN_FAILED[failure]5UNSUPPORTED_OPERATION61USER_CREATED2USER_CREATED3USER_CREATED1USER_API_TOKEN_CHANGED2USER_API_TOKEN_CHANGED3USER_API_TOKEN_CHANGED4USER_API_TOKEN_CHANGED1USER_NEW_API_TOKEN_REQUESTED2USER_NEW_API_TOKEN_REQUESTED3USER_NEW_API_TOKEN_REQUESTED1USER_ADDED_TO_PROJECT2USER_ADDED_TO_PROJECT3USER_ADDED_TO_PROJECT1USER_REMOVED_FROM_PROJECT2USER_REMOVED_FROM_PROJECT3USER_REMOVED_FROM_PROJECT1USER_ROLES_CHANGED2USER_ROLES_CHANGED1USER_DELETED2USER_DELETED3USER_DELETED4USER_DELETED5USER_DELETED1PROJECT_CREATED2PROJECT_CREATED1PROJECT_DELETED2PROJECT_DELETED3PROJECT_DELETED4PROJECT_DELETED1PROJECT_WHITELIST_UPDATED2PROJECT_WHITELIST_UPDATED1JOB_CREATED2JOB_CREATED1JOB_STARTED2JOB_STARTED1JOB_EXECUTION_STARTING2JOB_EXECUTION_STARTING1JOB_DONE2JOB_DONE3JOB_DONE1USER_SIGNUP_REQUESTED2USER_SIGNUP_REQUESTED1JOB_FAILED2JOB_FAILED3JOB_FAILED1REQUEST_USER_ROLE_RECALCULATION2REQUEST_USER_ROLE_RECALCULATION3REQUEST_USER_ROLE_RECALCULATION4REQUEST_USER_ROLE_RECALCULATION5REQUEST_USER_ROLE_RECALCULATION6REQUEST_USER_ROLE_RECALCULATION7REQUEST_USER_ROLE_RECALCULATION8REQUEST_USER_ROLE_RECALCULATION9REQUEST_USER_ROLE_RECALCULATION1USER_BECOMES_SUPERADMIN2USER_BECOMES_SUPERADMIN1USER_NO_LONGER_SUPERADMIN2USER_NO_LONGER_SUPERADMIN1REQUEST_SCHEDULER_DISABLE_JOB_PROCESSING2REQUEST_SCHEDULER_DISABLE_JOB_PROCESSING1SCHEDULER_JOB_PROCESSING_ENABLED2SCHEDULER_JOB_PROCESSING_ENABLED3SCHEDULER_JOB_PROCESSING_ENABLED1SCHEDULER_JOB_PROCESSING_DISABLED2SCHEDULER_JOB_PROCESSING_DISABLED3SCHEDULER_JOB_PROCESSING_DISABLED1REQUEST_SCHEDULER_ENABLE_JOB_PROCESSING2REQUEST_SCHEDULER_ENABLE_JOB_PROCESSING1REQUEST_SCHEDULER_STATUS_UPDATE2REQUEST_SCHEDULER_STATUS_UPDATE1SCHEDULER_STATUS_UPDATE2SCHEDULER_STATUS_UPDATE1REQUEST_JOB_CANCELLATION2REQUEST_JOB_CANCELLATION1JOB_CANCELLATION_RUNNING2JOB_CANCELLATION_RUNNING3JOB_CANCELLATION_RUNNING1MAPPING_CONFIGURATION_CHANGED2MAPPING_CONFIGURATION_CHANGED1REQUEST_JOB_RESTART2REQUEST_JOB_RESTART1REQUEST_JOB_RESTART_HARD2REQUEST_JOB_RESTART_HARD1JOB_RESTART_TRIGGERED2JOB_RESTART_TRIGGERED1JOB_RESTART_CANCELED2JOB_RESTART_CANCELED1JOB_RESULTS_PURGED2JOB_RESULTS_PURGED1REQUEST_PURGE_JOB_RESULTS2REQUEST_PURGE_JOB_RESULTSalt[success]3JOB_RESULT_PURGE_DONE[failed]4JOB_RESULT_PURGE_FAILED51REQUEST_SCHEDULER_JOB_STATUS2REQUEST_SCHEDULER_JOB_STATUS3SCHEDULER_JOB_STATUS41SCHEDULER_STARTED2SCHEDULER_STARTED1PROJECT_OWNER_CHANGED2PROJECT_OWNER_CHANGED1PROJECT_ACCESS_LEVEL_CHANGED2PROJECT_ACCESS_LEVEL_CHANGED3PROJECT_ACCESS_LEVEL_CHANGED1USER_EMAIL_ADDRESS_CHANGED2USER_EMAIL_ADDRESS_CHANGED1AUTO_CLEANUP_CONFIGURATION_CHANGED2AUTO_CLEANUP_CONFIGURATION_CHANGED3AUTO_CLEANUP_CONFIGURATION_CHANGED4AUTO_CLEANUP_CONFIGURATION_CHANGED1PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE2PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE1ANALYZE_SCAN_RESULTS_AVAILABLE2ANALYZE_SCAN_RESULTS_AVAILABLE1SOURCE_UPLOAD_DONE2SOURCE_UPLOAD_DONE1BINARY_UPLOAD_DONE2BINARY_UPLOAD_DONE \ No newline at end of file +Overviewof domainmessagingschedulescanadministrationnotificationauthorizationstatisticEventBusschedulescanadministrationnotificationauthorizationstatistic1START_SCAN2START_SCANalt[success]3SCAN_DONE[failure]4SCAN_FAILED[failure]5UNSUPPORTED_OPERATION61USER_CREATED2USER_CREATED3USER_CREATED1USER_API_TOKEN_CHANGED2USER_API_TOKEN_CHANGED3USER_API_TOKEN_CHANGED4USER_API_TOKEN_CHANGED1USER_NEW_API_TOKEN_REQUESTED2USER_NEW_API_TOKEN_REQUESTED3USER_NEW_API_TOKEN_REQUESTED1USER_ADDED_TO_PROJECT2USER_ADDED_TO_PROJECT3USER_ADDED_TO_PROJECT1USER_REMOVED_FROM_PROJECT2USER_REMOVED_FROM_PROJECT3USER_REMOVED_FROM_PROJECT1USER_ROLES_CHANGED2USER_ROLES_CHANGED1USER_DELETED2USER_DELETED3USER_DELETED4USER_DELETED5USER_DELETED1PROJECT_CREATED2PROJECT_CREATED1PROJECT_DELETED2PROJECT_DELETED3PROJECT_DELETED4PROJECT_DELETED1PROJECT_WHITELIST_UPDATED2PROJECT_WHITELIST_UPDATED1JOB_CREATED2JOB_CREATED1JOB_STARTED2JOB_STARTED1JOB_EXECUTION_STARTING2JOB_EXECUTION_STARTING1JOB_DONE2JOB_DONE3JOB_DONE1USER_SIGNUP_REQUESTED2USER_SIGNUP_REQUESTED1JOB_FAILED2JOB_FAILED3JOB_FAILED1REQUEST_USER_ROLE_RECALCULATION2REQUEST_USER_ROLE_RECALCULATION3REQUEST_USER_ROLE_RECALCULATION4REQUEST_USER_ROLE_RECALCULATION5REQUEST_USER_ROLE_RECALCULATION6REQUEST_USER_ROLE_RECALCULATION7REQUEST_USER_ROLE_RECALCULATION8REQUEST_USER_ROLE_RECALCULATION9REQUEST_USER_ROLE_RECALCULATION1USER_BECOMES_SUPERADMIN2USER_BECOMES_SUPERADMIN1USER_NO_LONGER_SUPERADMIN2USER_NO_LONGER_SUPERADMIN1REQUEST_SCHEDULER_DISABLE_JOB_PROCESSING2REQUEST_SCHEDULER_DISABLE_JOB_PROCESSING1SCHEDULER_JOB_PROCESSING_ENABLED2SCHEDULER_JOB_PROCESSING_ENABLED3SCHEDULER_JOB_PROCESSING_ENABLED1SCHEDULER_JOB_PROCESSING_DISABLED2SCHEDULER_JOB_PROCESSING_DISABLED3SCHEDULER_JOB_PROCESSING_DISABLED1REQUEST_SCHEDULER_ENABLE_JOB_PROCESSING2REQUEST_SCHEDULER_ENABLE_JOB_PROCESSING1REQUEST_SCHEDULER_STATUS_UPDATE2REQUEST_SCHEDULER_STATUS_UPDATE1SCHEDULER_STATUS_UPDATE2SCHEDULER_STATUS_UPDATE1REQUEST_JOB_CANCELLATION2REQUEST_JOB_CANCELLATION1JOB_CANCELLATION_RUNNING2JOB_CANCELLATION_RUNNING3JOB_CANCELLATION_RUNNING1MAPPING_CONFIGURATION_CHANGED2MAPPING_CONFIGURATION_CHANGED1REQUEST_JOB_RESTART2REQUEST_JOB_RESTART1REQUEST_JOB_RESTART_HARD2REQUEST_JOB_RESTART_HARD1JOB_RESTART_TRIGGERED2JOB_RESTART_TRIGGERED1JOB_RESTART_CANCELED2JOB_RESTART_CANCELED1JOB_RESULTS_PURGED2JOB_RESULTS_PURGED1REQUEST_PURGE_JOB_RESULTS2REQUEST_PURGE_JOB_RESULTSalt[success]3JOB_RESULT_PURGE_DONE[failed]4JOB_RESULT_PURGE_FAILED51REQUEST_SCHEDULER_JOB_STATUS2REQUEST_SCHEDULER_JOB_STATUS3SCHEDULER_JOB_STATUS41SCHEDULER_STARTED2SCHEDULER_STARTED1PROJECT_OWNER_CHANGED2PROJECT_OWNER_CHANGED1PROJECT_ACCESS_LEVEL_CHANGED2PROJECT_ACCESS_LEVEL_CHANGED3PROJECT_ACCESS_LEVEL_CHANGED1USER_EMAIL_ADDRESS_CHANGED2USER_EMAIL_ADDRESS_CHANGED1AUTO_CLEANUP_CONFIGURATION_CHANGED2AUTO_CLEANUP_CONFIGURATION_CHANGED3AUTO_CLEANUP_CONFIGURATION_CHANGED4AUTO_CLEANUP_CONFIGURATION_CHANGED1PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE2PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE1ANALYZE_SCAN_RESULTS_AVAILABLE2ANALYZE_SCAN_RESULTS_AVAILABLE1SOURCE_UPLOAD_DONE2SOURCE_UPLOAD_DONE1BINARY_UPLOAD_DONE2BINARY_UPLOAD_DONE1START_ENCRYPTION_ROTATION2START_ENCRYPTION_ROTATION1SCHEDULE_ENCRYPTION_POOL_INITIALIZED2SCHEDULE_ENCRYPTION_POOL_INITIALIZED1GET_ENCRYPTION_STATUS_SCHEDULE_DOMAIN2GET_ENCRYPTION_STATUS_SCHEDULE_DOMAIN3RESULT_ENCRYPTION_STATUS_SCHEDULE_DOMAIN4 \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_product_executor_cancel_operations_done.svg b/docs/latest/images/gen_domain_messaging_product_executor_cancel_operations_done.svg index 8847b44c80..8b50069c6a 100644 --- a/docs/latest/images/gen_domain_messaging_product_executor_cancel_operations_done.svg +++ b/docs/latest/images/gen_domain_messaging_product_executor_cancel_operations_done.svg @@ -1 +1 @@ -Communication detailsofmessage PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONEscanscheduleEventBusScanJobCancellationRunnableScheduleMessageHandler1PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE2PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE \ No newline at end of file +Communication detailsofmessage PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONEschedulescanEventBusScheduleMessageHandlerScanJobCancellationRunnable1PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE2PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_project_access_level_changed.svg b/docs/latest/images/gen_domain_messaging_project_access_level_changed.svg index 5dbf9919d5..94f552ec86 100644 --- a/docs/latest/images/gen_domain_messaging_project_access_level_changed.svg +++ b/docs/latest/images/gen_domain_messaging_project_access_level_changed.svg @@ -1 +1 @@ -Communication detailsofmessage PROJECT_ACCESS_LEVEL_CHANGEDadministrationscanscheduleEventBusProjectChangeAccessLevelServiceScanMessageHandlerScheduleMessageHandler1PROJECT_ACCESS_LEVEL_CHANGED2PROJECT_ACCESS_LEVEL_CHANGED3PROJECT_ACCESS_LEVEL_CHANGED \ No newline at end of file +Communication detailsofmessage PROJECT_ACCESS_LEVEL_CHANGEDschedulescanadministrationEventBusScheduleMessageHandlerScanMessageHandlerProjectChangeAccessLevelService1PROJECT_ACCESS_LEVEL_CHANGED2PROJECT_ACCESS_LEVEL_CHANGED3PROJECT_ACCESS_LEVEL_CHANGED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_project_created.svg b/docs/latest/images/gen_domain_messaging_project_created.svg index 715f2e7406..a778f0a378 100644 --- a/docs/latest/images/gen_domain_messaging_project_created.svg +++ b/docs/latest/images/gen_domain_messaging_project_created.svg @@ -1 +1 @@ -Communication detailsofmessage PROJECT_CREATEDadministrationscheduleEventBusProjectCreationServiceScheduleMessageHandler1PROJECT_CREATED2PROJECT_CREATED \ No newline at end of file +Communication detailsofmessage PROJECT_CREATEDscheduleadministrationEventBusScheduleMessageHandlerProjectCreationService1PROJECT_CREATED2PROJECT_CREATED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_project_deleted.svg b/docs/latest/images/gen_domain_messaging_project_deleted.svg index db3c5cc336..46a7d43fdb 100644 --- a/docs/latest/images/gen_domain_messaging_project_deleted.svg +++ b/docs/latest/images/gen_domain_messaging_project_deleted.svg @@ -1 +1 @@ -Communication detailsofmessage PROJECT_DELETEDadministrationscanschedulenotificationEventBusProjectDeleteServiceScanMessageHandlerScheduleMessageHandlerNotificationMessageHandler1PROJECT_DELETED2PROJECT_DELETED3PROJECT_DELETED4PROJECT_DELETED \ No newline at end of file +Communication detailsofmessage PROJECT_DELETEDschedulescanadministrationnotificationEventBusScheduleMessageHandlerScanMessageHandlerProjectDeleteServiceNotificationMessageHandler1PROJECT_DELETED2PROJECT_DELETED3PROJECT_DELETED4PROJECT_DELETED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_project_whitelist_updated.svg b/docs/latest/images/gen_domain_messaging_project_whitelist_updated.svg index 75e18c4696..d6d09531b1 100644 --- a/docs/latest/images/gen_domain_messaging_project_whitelist_updated.svg +++ b/docs/latest/images/gen_domain_messaging_project_whitelist_updated.svg @@ -1 +1 @@ -Communication detailsofmessage PROJECT_WHITELIST_UPDATEDadministrationscheduleEventBusProjectUpdateWhitelistServiceScheduleMessageHandler1PROJECT_WHITELIST_UPDATED2PROJECT_WHITELIST_UPDATED \ No newline at end of file +Communication detailsofmessage PROJECT_WHITELIST_UPDATEDscheduleadministrationEventBusScheduleMessageHandlerProjectUpdateWhitelistService1PROJECT_WHITELIST_UPDATED2PROJECT_WHITELIST_UPDATED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_request_job_cancellation.svg b/docs/latest/images/gen_domain_messaging_request_job_cancellation.svg index 9c28bd3b3e..dc5409f55b 100644 --- a/docs/latest/images/gen_domain_messaging_request_job_cancellation.svg +++ b/docs/latest/images/gen_domain_messaging_request_job_cancellation.svg @@ -1 +1 @@ -Communication detailsofmessage REQUEST_JOB_CANCELLATIONadministrationscheduleEventBusJobCancelServiceScheduleMessageHandler1REQUEST_JOB_CANCELLATION2REQUEST_JOB_CANCELLATION \ No newline at end of file +Communication detailsofmessage REQUEST_JOB_CANCELLATIONscheduleadministrationEventBusScheduleMessageHandlerJobCancelService1REQUEST_JOB_CANCELLATION2REQUEST_JOB_CANCELLATION \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_request_job_restart.svg b/docs/latest/images/gen_domain_messaging_request_job_restart.svg index b96b2aa0de..3f0e8cc2ac 100644 --- a/docs/latest/images/gen_domain_messaging_request_job_restart.svg +++ b/docs/latest/images/gen_domain_messaging_request_job_restart.svg @@ -1 +1 @@ -Communication detailsofmessage REQUEST_JOB_RESTARTadministrationscheduleEventBusJobRestartRequestServiceScheduleMessageHandler1REQUEST_JOB_RESTART2REQUEST_JOB_RESTART \ No newline at end of file +Communication detailsofmessage REQUEST_JOB_RESTARTscheduleadministrationEventBusScheduleMessageHandlerJobRestartRequestService1REQUEST_JOB_RESTART2REQUEST_JOB_RESTART \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_request_job_restart_hard.svg b/docs/latest/images/gen_domain_messaging_request_job_restart_hard.svg index 87ffcde0e5..f01267e46c 100644 --- a/docs/latest/images/gen_domain_messaging_request_job_restart_hard.svg +++ b/docs/latest/images/gen_domain_messaging_request_job_restart_hard.svg @@ -1 +1 @@ -Communication detailsofmessage REQUEST_JOB_RESTART_HARDadministrationscheduleEventBusJobRestartRequestServiceScheduleMessageHandler1REQUEST_JOB_RESTART_HARD2REQUEST_JOB_RESTART_HARD \ No newline at end of file +Communication detailsofmessage REQUEST_JOB_RESTART_HARDscheduleadministrationEventBusScheduleMessageHandlerJobRestartRequestService1REQUEST_JOB_RESTART_HARD2REQUEST_JOB_RESTART_HARD \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_request_purge_job_results.svg b/docs/latest/images/gen_domain_messaging_request_purge_job_results.svg index 6bb8b3fb5e..dfc75650f3 100644 --- a/docs/latest/images/gen_domain_messaging_request_purge_job_results.svg +++ b/docs/latest/images/gen_domain_messaging_request_purge_job_results.svg @@ -1 +1 @@ -Communication detailsofmessage REQUEST_PURGE_JOB_RESULTSscanscheduleEventBusScanMessageHandlerSchedulerRestartJobService1REQUEST_PURGE_JOB_RESULTS2REQUEST_PURGE_JOB_RESULTSalt[success]3JOB_RESULT_PURGE_DONE[failed]4JOB_RESULT_PURGE_FAILED5 \ No newline at end of file +Communication detailsofmessage REQUEST_PURGE_JOB_RESULTSschedulescanEventBusSchedulerRestartJobServiceScanMessageHandler1REQUEST_PURGE_JOB_RESULTS2REQUEST_PURGE_JOB_RESULTSalt[success]3JOB_RESULT_PURGE_DONE[failed]4JOB_RESULT_PURGE_FAILED5 \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_request_scheduler_disable_job_processing.svg b/docs/latest/images/gen_domain_messaging_request_scheduler_disable_job_processing.svg index 076e97c2fd..9aae7362b2 100644 --- a/docs/latest/images/gen_domain_messaging_request_scheduler_disable_job_processing.svg +++ b/docs/latest/images/gen_domain_messaging_request_scheduler_disable_job_processing.svg @@ -1 +1 @@ -Communication detailsofmessage REQUEST_SCHEDULER_DISABLE_JOB_PROCESSINGadministrationscheduleEventBusSwitchSchedulerJobProcessingServiceScheduleMessageHandler1REQUEST_SCHEDULER_DISABLE_JOB_PROCESSING2REQUEST_SCHEDULER_DISABLE_JOB_PROCESSING \ No newline at end of file +Communication detailsofmessage REQUEST_SCHEDULER_DISABLE_JOB_PROCESSINGscheduleadministrationEventBusScheduleMessageHandlerSwitchSchedulerJobProcessingService1REQUEST_SCHEDULER_DISABLE_JOB_PROCESSING2REQUEST_SCHEDULER_DISABLE_JOB_PROCESSING \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_request_scheduler_enable_job_processing.svg b/docs/latest/images/gen_domain_messaging_request_scheduler_enable_job_processing.svg index 66d755f59f..e6c281de8b 100644 --- a/docs/latest/images/gen_domain_messaging_request_scheduler_enable_job_processing.svg +++ b/docs/latest/images/gen_domain_messaging_request_scheduler_enable_job_processing.svg @@ -1 +1 @@ -Communication detailsofmessage REQUEST_SCHEDULER_ENABLE_JOB_PROCESSINGadministrationscheduleEventBusSwitchSchedulerJobProcessingServiceScheduleMessageHandler1REQUEST_SCHEDULER_ENABLE_JOB_PROCESSING2REQUEST_SCHEDULER_ENABLE_JOB_PROCESSING \ No newline at end of file +Communication detailsofmessage REQUEST_SCHEDULER_ENABLE_JOB_PROCESSINGscheduleadministrationEventBusScheduleMessageHandlerSwitchSchedulerJobProcessingService1REQUEST_SCHEDULER_ENABLE_JOB_PROCESSING2REQUEST_SCHEDULER_ENABLE_JOB_PROCESSING \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_request_scheduler_job_status.svg b/docs/latest/images/gen_domain_messaging_request_scheduler_job_status.svg index 770656600e..456b84cad9 100644 --- a/docs/latest/images/gen_domain_messaging_request_scheduler_job_status.svg +++ b/docs/latest/images/gen_domain_messaging_request_scheduler_job_status.svg @@ -1 +1 @@ -Communication detailsofmessage REQUEST_SCHEDULER_JOB_STATUSscanscheduleEventBusScanProgressMonitorSchedulerJobStatusRequestHandler1REQUEST_SCHEDULER_JOB_STATUS2REQUEST_SCHEDULER_JOB_STATUS3SCHEDULER_JOB_STATUS4 \ No newline at end of file +Communication detailsofmessage REQUEST_SCHEDULER_JOB_STATUSschedulescanEventBusSchedulerJobStatusRequestHandlerScanProgressMonitor1REQUEST_SCHEDULER_JOB_STATUS2REQUEST_SCHEDULER_JOB_STATUS3SCHEDULER_JOB_STATUS4 \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_request_scheduler_status_update.svg b/docs/latest/images/gen_domain_messaging_request_scheduler_status_update.svg index dbf03a1b95..bcaca00a8f 100644 --- a/docs/latest/images/gen_domain_messaging_request_scheduler_status_update.svg +++ b/docs/latest/images/gen_domain_messaging_request_scheduler_status_update.svg @@ -1 +1 @@ -Communication detailsofmessage REQUEST_SCHEDULER_STATUS_UPDATEadministrationscheduleEventBusTriggerSchedulerStatusRefreshServiceScheduleMessageHandler1REQUEST_SCHEDULER_STATUS_UPDATE2REQUEST_SCHEDULER_STATUS_UPDATE \ No newline at end of file +Communication detailsofmessage REQUEST_SCHEDULER_STATUS_UPDATEscheduleadministrationEventBusScheduleMessageHandlerTriggerSchedulerStatusRefreshService1REQUEST_SCHEDULER_STATUS_UPDATE2REQUEST_SCHEDULER_STATUS_UPDATE \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_request_user_role_recalculation.svg b/docs/latest/images/gen_domain_messaging_request_user_role_recalculation.svg index 3d95b5833f..9df1285980 100644 --- a/docs/latest/images/gen_domain_messaging_request_user_role_recalculation.svg +++ b/docs/latest/images/gen_domain_messaging_request_user_role_recalculation.svg @@ -1 +1 @@ -Communication detailsofmessage REQUEST_USER_ROLE_RECALCULATIONadministrationauthorizationEventBusUserRevokeSuperAdminRightsServiceUserGrantSuperAdminRightsServiceProjectCreationServiceProjectAssignUserServiceProjectUnassignUserServiceProjectDeleteServiceProjectChangeOwnerServiceUserRoleAdministrationMessageHandlerAuthUserCreationService1REQUEST_USER_ROLE_RECALCULATION2REQUEST_USER_ROLE_RECALCULATION3REQUEST_USER_ROLE_RECALCULATION4REQUEST_USER_ROLE_RECALCULATION5REQUEST_USER_ROLE_RECALCULATION6REQUEST_USER_ROLE_RECALCULATION7REQUEST_USER_ROLE_RECALCULATION8REQUEST_USER_ROLE_RECALCULATION9REQUEST_USER_ROLE_RECALCULATION \ No newline at end of file +Communication detailsofmessage REQUEST_USER_ROLE_RECALCULATIONadministrationauthorizationEventBusUserRoleAdministrationMessageHandlerUserRevokeSuperAdminRightsServiceUserGrantSuperAdminRightsServiceProjectDeleteServiceProjectUnassignUserServiceProjectCreationServiceProjectAssignUserServiceProjectChangeOwnerServiceAuthUserCreationService1REQUEST_USER_ROLE_RECALCULATION2REQUEST_USER_ROLE_RECALCULATION3REQUEST_USER_ROLE_RECALCULATION4REQUEST_USER_ROLE_RECALCULATION5REQUEST_USER_ROLE_RECALCULATION6REQUEST_USER_ROLE_RECALCULATION7REQUEST_USER_ROLE_RECALCULATION8REQUEST_USER_ROLE_RECALCULATION9REQUEST_USER_ROLE_RECALCULATION \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_result_encryption_status_schedule_domain.svg b/docs/latest/images/gen_domain_messaging_result_encryption_status_schedule_domain.svg new file mode 100644 index 0000000000..4c2c3430b0 --- /dev/null +++ b/docs/latest/images/gen_domain_messaging_result_encryption_status_schedule_domain.svg @@ -0,0 +1 @@ +Communication detailsofmessage RESULT_ENCRYPTION_STATUS_SCHEDULE_DOMAINscheduleEventBusScheduleEncryptionStatusService \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_schedule_encryption_pool_initialized.svg b/docs/latest/images/gen_domain_messaging_schedule_encryption_pool_initialized.svg new file mode 100644 index 0000000000..a80377bcf9 --- /dev/null +++ b/docs/latest/images/gen_domain_messaging_schedule_encryption_pool_initialized.svg @@ -0,0 +1 @@ +Communication detailsofmessage SCHEDULE_ENCRYPTION_POOL_INITIALIZEDscheduleEventBusScheduleMessageHandlerScheduleEncryptionService1SCHEDULE_ENCRYPTION_POOL_INITIALIZED2SCHEDULE_ENCRYPTION_POOL_INITIALIZED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_scheduler_job_processing_disabled.svg b/docs/latest/images/gen_domain_messaging_scheduler_job_processing_disabled.svg index 1610fdf2f9..9d09855856 100644 --- a/docs/latest/images/gen_domain_messaging_scheduler_job_processing_disabled.svg +++ b/docs/latest/images/gen_domain_messaging_scheduler_job_processing_disabled.svg @@ -1 +1 @@ -Communication detailsofmessage SCHEDULER_JOB_PROCESSING_DISABLEDadministrationschedulenotificationEventBusSchedulerAdministrationMessageHandlerSchedulerConfigServiceNotificationMessageHandler1SCHEDULER_JOB_PROCESSING_DISABLED2SCHEDULER_JOB_PROCESSING_DISABLED3SCHEDULER_JOB_PROCESSING_DISABLED \ No newline at end of file +Communication detailsofmessage SCHEDULER_JOB_PROCESSING_DISABLEDscheduleadministrationnotificationEventBusSchedulerConfigServiceSchedulerAdministrationMessageHandlerNotificationMessageHandler1SCHEDULER_JOB_PROCESSING_DISABLED2SCHEDULER_JOB_PROCESSING_DISABLED3SCHEDULER_JOB_PROCESSING_DISABLED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_scheduler_job_processing_enabled.svg b/docs/latest/images/gen_domain_messaging_scheduler_job_processing_enabled.svg index 8408e7dec3..b822d5847d 100644 --- a/docs/latest/images/gen_domain_messaging_scheduler_job_processing_enabled.svg +++ b/docs/latest/images/gen_domain_messaging_scheduler_job_processing_enabled.svg @@ -1 +1 @@ -Communication detailsofmessage SCHEDULER_JOB_PROCESSING_ENABLEDadministrationschedulenotificationEventBusSchedulerAdministrationMessageHandlerSchedulerConfigServiceNotificationMessageHandler1SCHEDULER_JOB_PROCESSING_ENABLED2SCHEDULER_JOB_PROCESSING_ENABLED3SCHEDULER_JOB_PROCESSING_ENABLED \ No newline at end of file +Communication detailsofmessage SCHEDULER_JOB_PROCESSING_ENABLEDscheduleadministrationnotificationEventBusSchedulerConfigServiceSchedulerAdministrationMessageHandlerNotificationMessageHandler1SCHEDULER_JOB_PROCESSING_ENABLED2SCHEDULER_JOB_PROCESSING_ENABLED3SCHEDULER_JOB_PROCESSING_ENABLED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_scheduler_job_status.svg b/docs/latest/images/gen_domain_messaging_scheduler_job_status.svg index 0f2627ab51..8b38e1c31d 100644 --- a/docs/latest/images/gen_domain_messaging_scheduler_job_status.svg +++ b/docs/latest/images/gen_domain_messaging_scheduler_job_status.svg @@ -1 +1 @@ -Communication detailsofmessage SCHEDULER_JOB_STATUSscheduleEventBusSchedulerJobStatusRequestHandler \ No newline at end of file +Communication detailsofmessage SCHEDULER_JOB_STATUSscheduleEventBusSchedulerJobStatusRequestHandler \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_scheduler_started.svg b/docs/latest/images/gen_domain_messaging_scheduler_started.svg index 9c48036c84..e81032306a 100644 --- a/docs/latest/images/gen_domain_messaging_scheduler_started.svg +++ b/docs/latest/images/gen_domain_messaging_scheduler_started.svg @@ -1 +1 @@ -Communication detailsofmessage SCHEDULER_STARTEDschedulenotificationEventBusSchedulerStartHandlerNotificationMessageHandler1SCHEDULER_STARTED2SCHEDULER_STARTED \ No newline at end of file +Communication detailsofmessage SCHEDULER_STARTEDschedulenotificationEventBusSchedulerStartHandlerNotificationMessageHandler1SCHEDULER_STARTED2SCHEDULER_STARTED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_scheduler_status_update.svg b/docs/latest/images/gen_domain_messaging_scheduler_status_update.svg index 18c12a76a7..ae4a4230df 100644 --- a/docs/latest/images/gen_domain_messaging_scheduler_status_update.svg +++ b/docs/latest/images/gen_domain_messaging_scheduler_status_update.svg @@ -1 +1 @@ -Communication detailsofmessage SCHEDULER_STATUS_UPDATEadministrationscheduleEventBusSchedulerAdministrationMessageHandlerSchedulerStatusService1SCHEDULER_STATUS_UPDATE2SCHEDULER_STATUS_UPDATE \ No newline at end of file +Communication detailsofmessage SCHEDULER_STATUS_UPDATEscheduleadministrationEventBusSchedulerStatusServiceSchedulerAdministrationMessageHandler1SCHEDULER_STATUS_UPDATE2SCHEDULER_STATUS_UPDATE \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_source_upload_done.svg b/docs/latest/images/gen_domain_messaging_source_upload_done.svg index 81db164ad3..a332ecee36 100644 --- a/docs/latest/images/gen_domain_messaging_source_upload_done.svg +++ b/docs/latest/images/gen_domain_messaging_source_upload_done.svg @@ -1 +1 @@ -Communication detailsofmessage SOURCE_UPLOAD_DONEschedulestatisticEventBusSchedulerSourcecodeUploadServiceStatisticMessageHandler1SOURCE_UPLOAD_DONE2SOURCE_UPLOAD_DONE \ No newline at end of file +Communication detailsofmessage SOURCE_UPLOAD_DONEschedulestatisticEventBusSchedulerSourcecodeUploadServiceStatisticMessageHandler1SOURCE_UPLOAD_DONE2SOURCE_UPLOAD_DONE \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_start_encryption_rotation.svg b/docs/latest/images/gen_domain_messaging_start_encryption_rotation.svg new file mode 100644 index 0000000000..16a14bc2ff --- /dev/null +++ b/docs/latest/images/gen_domain_messaging_start_encryption_rotation.svg @@ -0,0 +1 @@ +Communication detailsofmessage START_ENCRYPTION_ROTATIONscheduleadministrationEventBusScheduleMessageHandlerAdministrationEncryptionRotationService1START_ENCRYPTION_ROTATION2START_ENCRYPTION_ROTATION \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_start_scan.svg b/docs/latest/images/gen_domain_messaging_start_scan.svg index 9c28c68ee8..05c802f6ab 100644 --- a/docs/latest/images/gen_domain_messaging_start_scan.svg +++ b/docs/latest/images/gen_domain_messaging_start_scan.svg @@ -1 +1 @@ -Communication detailsofmessage START_SCANscanscheduleEventBusScanServiceSynchronSecHubJobExecutor1START_SCAN2START_SCANalt[success]3SCAN_DONE[failure]4SCAN_FAILED[failure]5UNSUPPORTED_OPERATION6 \ No newline at end of file +Communication detailsofmessage START_SCANschedulescanEventBusSynchronSecHubJobExecutorScanService1START_SCAN2START_SCANalt[success]3SCAN_DONE[failure]4SCAN_FAILED[failure]5UNSUPPORTED_OPERATION6 \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_user_added_to_project.svg b/docs/latest/images/gen_domain_messaging_user_added_to_project.svg index c36a3bf16b..067d241ccb 100644 --- a/docs/latest/images/gen_domain_messaging_user_added_to_project.svg +++ b/docs/latest/images/gen_domain_messaging_user_added_to_project.svg @@ -1 +1 @@ -Communication detailsofmessage USER_ADDED_TO_PROJECTadministrationscanscheduleEventBusProjectAssignUserServiceScanMessageHandlerScheduleMessageHandler1USER_ADDED_TO_PROJECT2USER_ADDED_TO_PROJECT3USER_ADDED_TO_PROJECT \ No newline at end of file +Communication detailsofmessage USER_ADDED_TO_PROJECTschedulescanadministrationEventBusScheduleMessageHandlerScanMessageHandlerProjectAssignUserService1USER_ADDED_TO_PROJECT2USER_ADDED_TO_PROJECT3USER_ADDED_TO_PROJECT \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_user_api_token_changed.svg b/docs/latest/images/gen_domain_messaging_user_api_token_changed.svg index 8dba8e24d0..758641c792 100644 --- a/docs/latest/images/gen_domain_messaging_user_api_token_changed.svg +++ b/docs/latest/images/gen_domain_messaging_user_api_token_changed.svg @@ -1 +1 @@ -Communication detailsofmessage USER_API_TOKEN_CHANGEDadministrationauthorizationnotificationEventBusInternalInitialDataServiceAnonymousUserGetAPITokenByOneTimeTokenServiceAuthMessageHandlerNotificationMessageHandler1USER_API_TOKEN_CHANGED2USER_API_TOKEN_CHANGED3USER_API_TOKEN_CHANGED4USER_API_TOKEN_CHANGED \ No newline at end of file +Communication detailsofmessage USER_API_TOKEN_CHANGEDadministrationnotificationauthorizationEventBusInternalInitialDataServiceAnonymousUserGetAPITokenByOneTimeTokenServiceNotificationMessageHandlerAuthMessageHandler1USER_API_TOKEN_CHANGED2USER_API_TOKEN_CHANGED3USER_API_TOKEN_CHANGED4USER_API_TOKEN_CHANGED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_user_deleted.svg b/docs/latest/images/gen_domain_messaging_user_deleted.svg index 92248a3868..612b3e8ba3 100644 --- a/docs/latest/images/gen_domain_messaging_user_deleted.svg +++ b/docs/latest/images/gen_domain_messaging_user_deleted.svg @@ -1 +1 @@ -Communication detailsofmessage USER_DELETEDadministrationscanauthorizationschedulenotificationEventBusUserDeleteServiceScanMessageHandlerAuthMessageHandlerScheduleMessageHandlerNotificationMessageHandler1USER_DELETED2USER_DELETED3USER_DELETED4USER_DELETED5USER_DELETED \ No newline at end of file +Communication detailsofmessage USER_DELETEDschedulescanadministrationnotificationauthorizationEventBusScheduleMessageHandlerScanMessageHandlerUserDeleteServiceNotificationMessageHandlerAuthMessageHandler1USER_DELETED2USER_DELETED3USER_DELETED4USER_DELETED5USER_DELETED \ No newline at end of file diff --git a/docs/latest/images/gen_domain_messaging_user_removed_from_project.svg b/docs/latest/images/gen_domain_messaging_user_removed_from_project.svg index bf9e3a8454..8af99eeebb 100644 --- a/docs/latest/images/gen_domain_messaging_user_removed_from_project.svg +++ b/docs/latest/images/gen_domain_messaging_user_removed_from_project.svg @@ -1 +1 @@ -Communication detailsofmessage USER_REMOVED_FROM_PROJECTadministrationscanscheduleEventBusProjectUnassignUserServiceScanMessageHandlerScheduleMessageHandler1USER_REMOVED_FROM_PROJECT2USER_REMOVED_FROM_PROJECT3USER_REMOVED_FROM_PROJECT \ No newline at end of file +Communication detailsofmessage USER_REMOVED_FROM_PROJECTschedulescanadministrationEventBusScheduleMessageHandlerScanMessageHandlerProjectUnassignUserService1USER_REMOVED_FROM_PROJECT2USER_REMOVED_FROM_PROJECT3USER_REMOVED_FROM_PROJECT \ No newline at end of file diff --git a/docs/latest/images/gen_springprofiles-dev.svg b/docs/latest/images/gen_springprofiles-dev.svg index 2585c98b1e..34af9a15bf 100644 --- a/docs/latest/images/gen_springprofiles-dev.svg +++ b/docs/latest/images/gen_springprofiles-dev.svg @@ -1 +1 @@ -<dev>devh2initial_admin_predefinedmocked_notificationsadmin_accesspostgreslocalserverreal_productsmocked_productsdefault \ No newline at end of file +<dev>devinitial_admin_predefinedreal_productsdefaultmocked_notificationslocalserverpostgresadmin_accessh2mocked_products \ No newline at end of file diff --git a/docs/latest/images/gen_springprofiles-integrationtest.svg b/docs/latest/images/gen_springprofiles-integrationtest.svg index a80559b2b5..57862fa415 100644 --- a/docs/latest/images/gen_springprofiles-integrationtest.svg +++ b/docs/latest/images/gen_springprofiles-integrationtest.svg @@ -1 +1 @@ -<integrationtest>integrationtesth2mocked_notificationsinitial_admin_staticadmin_accesspostgreslocalserverreal_productsmocked_productsdefault \ No newline at end of file +<integrationtest>integrationtestinitial_admin_staticreal_productsdefaultmocked_notificationslocalserverpostgresadmin_accessh2mocked_products \ No newline at end of file diff --git a/docs/latest/images/gen_springprofiles-prod.svg b/docs/latest/images/gen_springprofiles-prod.svg index 832b2c5475..db3dfad510 100644 --- a/docs/latest/images/gen_springprofiles-prod.svg +++ b/docs/latest/images/gen_springprofiles-prod.svg @@ -1 +1 @@ -<prod>prodpostgresreal_productsinitial_admin_createdserverdefault \ No newline at end of file +<prod>prodreal_productsdefaultserverinitial_admin_createdpostgres \ No newline at end of file diff --git a/docs/latest/images/gen_springprofiles.svg b/docs/latest/images/gen_springprofiles.svg index 8f80257010..7b2188dc6f 100644 --- a/docs/latest/images/gen_springprofiles.svg +++ b/docs/latest/images/gen_springprofiles.svg @@ -1 +1 @@ -h2integrationtestdevinitial_admin_predefinedprodmocked_notificationsinitial_admin_staticadmin_accesspostgreslocalserverreal_productsinitial_admin_createdmocked_productsserverdebugdefaulttest \ No newline at end of file +initial_admin_staticinitial_admin_predefinedreal_productsdefaultdebugintegrationtestmocked_notificationsserverproddevinitial_admin_createdlocalserverpostgresadmin_accessh2mocked_productstest \ No newline at end of file diff --git a/docs/latest/images/intelliJ-java-formatter-activate.png b/docs/latest/images/intelliJ-java-formatter-activate.png new file mode 100644 index 0000000000..822c0fd643 Binary files /dev/null and b/docs/latest/images/intelliJ-java-formatter-activate.png differ diff --git a/docs/latest/images/intelliJ-java-formatter-import.png b/docs/latest/images/intelliJ-java-formatter-import.png new file mode 100644 index 0000000000..5d4265796c Binary files /dev/null and b/docs/latest/images/intelliJ-java-formatter-import.png differ diff --git a/docs/latest/pds-download.html b/docs/latest/pds-download.html index ef8bbf8c02..0a39dab3b5 100644 --- a/docs/latest/pds-download.html +++ b/docs/latest/pds-download.html @@ -1,7 +1,7 @@ - + Main Page diff --git a/docs/latest/sechub-architecture.html b/docs/latest/sechub-architecture.html index 540570e0ba..f106efd95a 100644 --- a/docs/latest/sechub-architecture.html +++ b/docs/latest/sechub-architecture.html @@ -531,7 +531,7 @@
-
7.5.1.11. Other
+
7.5.1.11. Encryption
+
+

Usecases for encryption parts

+
+
+ +
+
+
+
7.5.1.12. Other

All other use cases

@@ -3011,14 +3106,14 @@

7.5.12. UC_011-User starts scan by client

4

-

download job report and traffic light

+

get job status

SUPERADMIN, USER

4

4

-

get job status

+

download job report and traffic light

SUPERADMIN, USER

@@ -3241,17 +3336,17 @@

7.5.16. UC_015-Admin assigns user to project

2

-

Assign user

-

SUPERADMIN

+

Update schedule authorization parts

+

2

-

The service will add the user to the project. If user does not have ROLE_USER it will obtain it

+

2

-

Update schedule authorization parts

- +

Assign user

+

SUPERADMIN

3

- +

The service will add the user to the project. If user does not have ROLE_USER it will obtain it

3

@@ -3340,10 +3435,10 @@

7.5.17. UC_016-Admin unassigns user from project

2

-

Unassign user

-

SUPERADMIN

+

Update authorization parts

+

2

-

The service will remove the user to the project. If users has no longer access to projects ROLE_USER will be removed

+

2

@@ -3354,10 +3449,10 @@

7.5.17. UC_016-Admin unassigns user from project

2

-

Update authorization parts

- +

Unassign user

+

SUPERADMIN

4

- +

The service will remove the user to the project. If users has no longer access to projects ROLE_USER will be removed

4

@@ -5125,24 +5220,24 @@

7.5.43. UC_042-Admin restarts a job (hard)

3

-

Inform sechub admins when job restart was canceled

+

Try to restart job

3

- +

When job is found and job is not already finsihed, a restart will be triggered. Existing batch jobs will be terminated

3

-

Try to restart job

+

Try to rstart job (hard)

3

-

When job is found and job is not already finsihed, a restart will be triggered. Existing batch jobs will be terminated

+

When job is found, a restart will be triggered. Existing batch jobs will be terminated

3

-

Try to rstart job (hard)

+

Inform sechub admins when job restart was canceled

4

-

When job is found, a restart will be triggered. Existing batch jobs will be terminated

+

4

@@ -6524,16 +6619,23 @@

7.5.69. UC_068-Sechub schedule domain auto clean

2

Delete old data

- +

3

deletes old job information

+ +

3

+

Schedule cipher pool data cleanup

+ + +

Removes cipher pool data entries from database which are no longer used by any job

+

7.5.70. UC_069-User uploads binaries

The binaries must be inside a valid tar file.

@@ -6707,81 +6809,336 @@

7.5.73. UC_072-Admin shows user details for emai

-
-
-

7.6. Rest API documentation

-

7.6.1. Overview

-
-
7.6.1.1. Anonymous
+

7.5.74. UC_073-Admin starts encryption rotation

-

All these usecases handling anonymous access.

+

An administrator starts encryption rotation.

-
- +
+

Steps

+ +++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NrTitleRole(s)NextDescription

1

Rest call

SUPERADMIN

2

Admin triggers rotation of encryption via REST

2

Service call

3

Triggers rotation of encryption via domain message

3

Service call

4

Forces new cipher pool entry creation and triggers encryption service pool refresh

4

Service call

5

Creates new cipher pool entry in database in own transaction

5

Refresh encryption pool

6

Encryption pool is refreshed (necessary because pool changed before this method call)

6

Update encrypted data

Encrypted data is updated (a direct pool refresh was triggered by admin action)

-
-
7.6.1.2. User administration
+
+

7.5.75. UC_074-Scheduler encryption pool refresh

-

Usecases handling administration of users

+

The scheduler refreshes its encryption pool data to handle new setup

-
- +
+

Steps

+ +++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NrTitleRole(s)NextDescription

1

Init encryption pool

3

Encryption pool is created on startup

1

Encryption pool data refresh trigger

2

Scheduler instance will check if encryption pool is in sync with the database definitions. If not, the instance will try to create new encryption pool object and provide the new setup.

2

Refresh encryption pool

3

Encryption pool is refreshed (if necessary)

3

Update encrypted data

Encrypted data is updated (all other cluster members)

-
-
7.6.1.3. Project administration
+
+

7.5.76. UC_075-Scheduler rotates data encryption

-

Usecases for project administration

+

The scheduler checks for old encrypted data and will encrypt with latest cipher

-
-
    -
  • +
    +

    Steps

    +
    + +++++++ + + + + + + + + + + + + + + + + + + +
    NrTitleRole(s)NextDescription

    1

    Update encrypted data

    Final update of encrypted job data. Will update all SecHub jobs having a pool id which is lower than latest from encryption pool

    +
+
+

7.5.77. UC_076-Admin fetches encryption status

+
+

An administrator fetches encryption status from all domains where encryption is used.

+
+
+

Steps

+
+ +++++++ + + + + + + + + + + + + + + + + + + + + + + + + + +
NrTitleRole(s)NextDescription

1

Rest call

SUPERADMIN

1

Admin fetches encryption status from domains via REST

1

Service call

Services collects encryption status from domains via event bus

+
+
+

7.5.78. UC_077-SecHub does cleanup encryption

+
+

Secub does an ecnryption cleanup.

+
+
+

Inside relevant domains the encryption situation will be checked and +old encryption setup, which is no longer necessary, will be dropped.

+
+
+

For example: When encryption was done with formerly via ENV variable +SECRET_1_AES_256 and the new one setup is using SECRET_2_AES_256 and +all jobs have been migrated to the new encryption, the cipher setup +using SECRET_1_AES_256 will become obsolete and will be automatically +removed. After the remove is done, there is no longer a need to +start the server with SECRET_1_AES_256, but only with SECRET_2_AES_256 …​

+
+
+

Steps

+
+ +++++++ + + + + + + + + + + + + + + + + + + +
NrTitleRole(s)NextDescription

1

Schedule cipher pool data cleanup

Removes cipher pool data entries from database which are no longer used by any job

+
+
+
+

7.6. Rest API documentation

+
+

7.6.1. Overview

+
+
7.6.1.1. Anonymous
+
+

All these usecases handling anonymous access.

+
+
+ +
+
+
+
7.6.1.2. User administration
+
+

Usecases handling administration of users

+
+
+ +
+
+
+
7.6.1.3. Project administration
+
+

Usecases for project administration

+
+
+
-
7.6.1.10. Other
+
7.6.1.10. Encryption
+
+

Usecases for encryption parts

+
+
+ +
+
+
+
7.6.1.11. Other

All other use cases

@@ -7020,7 +7393,7 @@

7.6.2. Check if the server is

REST API for usecase UC_039-Check if the server is alive and running.

-
7.6.2.1. GET variant
+
7.6.2.1. HEAD variant

Definition

@@ -7043,7 +7416,7 @@
7.6.2.1. GET variant

Method

-

GET

+

HEAD

Status code

@@ -7059,7 +7432,7 @@
7.6.2.1. GET variant
-
$ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X GET
+
$ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X HEAD
@@ -7068,7 +7441,7 @@
7.6.2.1. GET variant
-
7.6.2.2. HEAD variant
+
7.6.2.2. GET variant

Definition

@@ -7091,7 +7464,7 @@
7.6.2.2. HEAD variant

Method

-

HEAD

+

GET

Status code

@@ -7107,7 +7480,7 @@
7.6.2.2. HEAD variant
-
$ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X HEAD
+
$ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X GET
@@ -7822,7 +8195,7 @@

7.6.9. Admin downloads all

-
$ curl 'https://sechub.example.com/api/admin/scan/download/65fc6925-ffcb-4f71-8468-01b1a5b5a65d' -i -u 'user:secret' -X GET \
+
$ curl 'https://sechub.example.com/api/admin/scan/download/50a3de31-e207-4ac3-a6da-0f46e478d7ff' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8'
@@ -8987,7 +9360,7 @@

7.6.20. Admin shows scan logs for pro

-
[{"sechubJobUUID":"1c24f69f-c988-4ce7-94ef-22dfac5ba3db","executedBy":"spartakus","started":"2024-07-09T13:57:03.927240632","ended":"2024-07-10T13:57:03.927258626","status":"OK"}]
+
[{"sechubJobUUID":"fc559da4-0535-46c7-941f-1a76d09a2ca1","executedBy":"spartakus","started":"2024-08-07T08:05:51.724664496","ended":"2024-08-08T08:05:51.724691357","status":"OK"}]
@@ -9597,7 +9970,7 @@
7.6.25.1. Code Scan variant
-
{"jobId":"2c7e0719-0c4e-4f6a-aa56-6a39e63c2fe5"}
+
{"jobId":"e80bc191-1fab-4e51-9c53-44b956b37b88"}
@@ -9776,7 +10149,7 @@
7.6.25.2. Code Sc
-
{"jobId":"e61914c5-b3b6-4af0-a9bf-748a376c2638"}
+
{"jobId":"278d510e-e7b2-4d07-b593-7fa77b54eef8"}
@@ -9935,7 +10308,7 @@
7.6.25.3. Secret scan variant
-
{"jobId":"75d2cfea-3690-4397-8ea7-b7a0f87123a9"}
+
{"jobId":"07c86999-76c1-4a12-90b7-4b97a7632579"}
@@ -10094,7 +10467,7 @@
7.6.25.4. License scan variant
-
{"jobId":"a37386d3-a808-4dcb-b68e-a7fcde86f2bd"}
+
{"jobId":"18b74d14-fd93-4beb-9ed0-623ba27171df"}
@@ -10248,7 +10621,7 @@
7.6.25.5. Infrastructure s
-
{"jobId":"1718acea-bb09-4621-9cfd-d5337be22244"}
+
{"jobId":"a47a9992-6b75-46db-a77a-5590b115e8e4"}
@@ -10417,7 +10790,7 @@
7.6.25.6. Web scan anonymou
-
{"jobId":"24a520cd-a6ce-4120-addc-fdc21980de51"}
+
{"jobId":"ad2715a7-ed7c-49c5-9b0d-ef7b80f276c1"}
@@ -10581,7 +10954,7 @@
7.6.25.7. Web sca
-
{"jobId":"fa954d23-1920-4338-bec4-6f4eb3271427"}
+
{"jobId":"f4542da9-59bb-41d2-a120-39a5f14e286a"}
@@ -10740,7 +11113,7 @@
7.
-
{"jobId":"603cbbb3-792e-4647-acde-a018c9672d26"}
+
{"jobId":"361d942a-c955-42ba-baea-41bfccfe08e3"}
@@ -10914,7 +11287,7 @@
7.6.25.9. Web Scan login
-
{"jobId":"c6f36e9c-22ce-4405-a50a-809b01ddec4a"}
+
{"jobId":"48c03859-a741-4e25-9ade-314a1583e45f"}
@@ -11108,7 +11481,7 @@
7.6.25.10. Web Sc
-
{"jobId":"e09816f7-bde7-4764-acb4-1b9e67316ba4"}
+
{"jobId":"046e0236-dd5f-4b07-8c57-3c45801b6c37"}
@@ -11272,7 +11645,7 @@
7.6.25.11. Web Scan headers v
-
{"jobId":"515131cd-f610-43fb-b3c7-73c227dcc919"}
+
{"jobId":"dd1b6f6b-7a47-408d-a919-0f06c9b43200"}
@@ -11361,7 +11734,7 @@

7.6.26. User uploads source code

-
$ curl 'https://sechub.example.com/api/project/project1/job/4cdef6b6-f307-42cb-bb15-13ed84e11efc/sourcecode?checkSum=checkSumValue' -i -X POST \
+
$ curl 'https://sechub.example.com/api/project/project1/job/d26d431f-532e-403d-8649-41840afaf02a/sourcecode?checkSum=checkSumValue' -i -X POST \
     -H 'Content-Type: multipart/form-data;charset=UTF-8' \
     -F 'file=PK  
       �<M                       test1.txtPK  ?
@@ -11458,7 +11831,7 @@ 
7.6.27. User approves sechub job
-
$ curl 'https://sechub.example.com/api/project/project1/job/dd1fc660-d0e5-48aa-bedd-d8786eea7dcc/approve' -i -X PUT \
+
$ curl 'https://sechub.example.com/api/project/project1/job/2599f5c1-4bb0-4ca2-9745-49411e356282/approve' -i -X PUT \
     -H 'Content-Type: application/json;charset=UTF-8'
@@ -11610,7 +11983,7 @@

7.6.28. User checks sechub job state

-
$ curl 'https://sechub.example.com/api/project/project1/job/7c58dbab-860f-4d45-b1f9-3de1b7a8e5b5' -i -X GET \
+
$ curl 'https://sechub.example.com/api/project/project1/job/acd54ae3-6a88-4002-85f0-c7026639380a' -i -X GET \
     -H 'Content-Type: application/json;charset=UTF-8'
@@ -11619,7 +11992,7 @@

7.6.28. User checks sechub job state

-
{"jobUUID":"7c58dbab-860f-4d45-b1f9-3de1b7a8e5b5","owner":"CREATOR1","created":"","started":"2024-07-10T13:42:02.31702027","ended":"2024-07-10T13:57:02.317046408","state":"ENDED","result":"OK","trafficLight":"GREEN"}
+
{"jobUUID":"acd54ae3-6a88-4002-85f0-c7026639380a","owner":"CREATOR1","created":"","started":"2024-08-08T07:50:50.192109111","ended":"2024-08-08T08:05:50.192137775","state":"ENDED","result":"OK","trafficLight":"GREEN"}
@@ -11694,7 +12067,7 @@
7.6.29.1. JSON variant
-
$ curl 'https://sechub.example.com/api/project/project1/report/1452ace3-df08-4d20-8fa8-c48d219b4e98' -i -u 'user:secret' -X GET \
+
$ curl 'https://sechub.example.com/api/project/project1/report/5e4d6d16-930d-4a32-9277-b178d2e0a033' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'Accept: application/json'
@@ -11766,7 +12139,7 @@
7.6.29.2. HTML variant
-
$ curl 'https://sechub.example.com/api/project/project1/report/d6929af5-02d1-4060-89b8-bb5a88a81917' -i -u 'user:secret' -X GET \
+
$ curl 'https://sechub.example.com/api/project/project1/report/d2552d0b-e265-4673-ad90-e43e0f61a610' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'Accept: application/xhtml+xml'
@@ -12324,7 +12697,7 @@

7.6.33. User uploads binaries

-
$ curl 'https://sechub.example.com/api/project/project1/job/844bf46d-865c-407d-a28c-e2286a7d7a96/binaries' -i -X POST \
+
$ curl 'https://sechub.example.com/api/project/project1/job/897847f1-3e25-44cc-a4cf-67508dbd295a/binaries' -i -X POST \
     -H 'Content-Type: multipart/form-data;charset=UTF-8' \
     -H 'x-file-size: 10240' \
     -F 'file=test1.txt                                                                                           0000664 0001750 0001750 00000000000 13353454574 012170  0                                                                                                    ustar   albert                          albert                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 ' \
@@ -12405,7 +12778,7 @@ 
7.6.34. User downloads job rep
-
$ curl 'https://sechub.example.com/api/project/project1/report/spdx/69ab8fa2-fe63-45ca-aafe-6efdc937b4e8' -i -u 'user:secret' -X GET \
+
$ curl 'https://sechub.example.com/api/project/project1/report/spdx/28097c41-5d4d-4355-a509-ce22bdb69537' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'Accept: application/json'
@@ -12944,11 +13317,6 @@

7.6.40. Admin lists all running jobs

String

Timestamp since when job has been started

- -

[].configuration

-

String

-

Configuration used for this job

-
@@ -12968,7 +13336,7 @@

7.6.40. Admin lists all running jobs

-
[{"jobUUID":"364a395c-7439-4f84-ae4b-b26517c3fe53","projectId":"project-name","owner":"owner-userid","status":"RUNNING","since":"2024-07-10T13:57:06.714971112","configuration":"{ config data }"}]
+
[{"jobUUID":"1761a2a9-37a9-48e1-98e5-63e3c2785c67","projectId":"project-name","owner":"owner-userid","status":"RUNNING","since":"2024-08-08T08:05:55.044912463"}]
@@ -13052,7 +13420,7 @@

7.6.41. Admin cancels a job

-
$ curl 'https://sechub.example.com/api/admin/jobs/cancel/cb7e5145-587c-4cc3-b536-0a516788b323' -i -u 'user:secret' -X POST \
+
$ curl 'https://sechub.example.com/api/admin/jobs/cancel/08eaf3b6-4d6e-4ad9-a7ac-7d88b4884d13' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8'
@@ -13141,7 +13509,7 @@

7.6.42. Admin restarts a job

-
$ curl 'https://sechub.example.com/api/admin/jobs/restart/c798ca3b-4ac7-4e54-9507-e8267d591a3a' -i -u 'user:secret' -X POST \
+
$ curl 'https://sechub.example.com/api/admin/jobs/restart/98470906-23a7-4233-8228-4e213cb5b173' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8'
@@ -13230,7 +13598,7 @@

7.6.43. Admin restarts a job (hard)

-
$ curl 'https://sechub.example.com/api/admin/jobs/restart-hard/f96ec449-ff8e-4328-a66c-0783edd140d6' -i -u 'user:secret' -X POST \
+
$ curl 'https://sechub.example.com/api/admin/jobs/restart-hard/c3a07e23-27f4-4a02-9313-c5e8ee6aa8f7' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8'
@@ -13755,7 +14123,7 @@

7.6.48. Admin creates an execut 
$ curl 'https://sechub.example.com/api/admin/config/executor' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8' \
-    -d '{"name":"PDS gosec config 1","productIdentifier":"PDS_CODESCAN","executorVersion":1,"enabled":false,"setup":{"baseURL":"https://productXYZ.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"},{"key":"example.key2","value":"Another value"}]}}'
+ -d '{"name":"PDS gosec configuration 1","productIdentifier":"PDS_CODESCAN","executorVersion":1,"enabled":false,"setup":{"baseURL":"https://productXYZ.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"},{"key":"example.key2","value":"Another value"}]}}'
@@ -13763,7 +14131,7 @@

7.6.48. Admin creates an execut

-
16d02d16-9d30-4b50-a079-0a992d5d1f8c
+
19a513e8-f664-43f3-ad0e-ec881c7762f7
@@ -13847,7 +14215,7 @@

7.6.49. Admin deletes executor con
-
$ curl 'https://sechub.example.com/api/admin/config/executor/f88cb1e3-caf7-4d3a-b8c1-5801c0bcad7a' -i -u 'user:secret' -X DELETE \
+
$ curl 'https://sechub.example.com/api/admin/config/executor/22fb2f08-7b58-4d57-acbb-00f12619c6e1' -i -u 'user:secret' -X DELETE \
     -H 'Content-Type: application/json;charset=UTF-8'
@@ -13962,7 +14330,7 @@

7.6.50. Admin fetches executo
-
{"executorConfigurations":[{"uuid":"85535231-46bc-4301-b5f5-37730131dec6","name":"example configuration","enabled":true}],"type":"executorConfigurationList"}
+
{"executorConfigurations":[{"uuid":"7d298d34-1148-4803-975d-226862654d0b","name":"example configuration","enabled":true}],"type":"executorConfigurationList"}
@@ -14115,7 +14483,7 @@

7.6.51. Admin fetches executor con
-
$ curl 'https://sechub.example.com/api/admin/config/executor/6071b1b3-4573-4ae7-a13e-e1b0fdaf149a' -i -u 'user:secret' -X GET \
+
$ curl 'https://sechub.example.com/api/admin/config/executor/b60c002d-6882-41b7-9378-a1279f10fca9' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8'
@@ -14124,7 +14492,7 @@

7.6.51. Admin fetches executor con
-
{"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"}]},"executorVersion":1,"enabled":false,"uuid":"6071b1b3-4573-4ae7-a13e-e1b0fdaf149a"}
+
{"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"}]},"executorVersion":1,"enabled":false,"uuid":"b60c002d-6882-41b7-9378-a1279f10fca9"}
@@ -14272,7 +14640,7 @@

7.6.52. Admin updates execut
-
$ curl 'https://sechub.example.com/api/admin/config/executor/81170e88-a5f7-4527-a19a-b9494b138f0f' -i -u 'user:secret' -X PUT \
+
$ curl 'https://sechub.example.com/api/admin/config/executor/70e7df3d-e2c9-4416-b64e-4d93d5500933' -i -u 'user:secret' -X PUT \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -d '{"name":"New name","productIdentifier":"PDS_CODESCAN","executorVersion":1,"enabled":false,"setup":{"baseURL":"https://productNew.example.com","credentials":{"user":"env:EXAMPLE_NEW_USENAME","password":"env:EXAMPLE_NEW_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value but changed. Remark: the other parameter (example.key2) has been removed by this call"}]}}'
@@ -14616,7 +14984,7 @@

7.6.55. Admin updates execution profile 
$ curl 'https://sechub.example.com/api/admin/config/execution/profile/existing-profile-1' -i -u 'user:secret' -X PUT \
     -H 'Content-Type: application/json;charset=UTF-8' \
-    -d '{"description":"changed description","configurations":[{"uuid":"f016a684-830a-4c66-aa5b-1f49e85e9996","executorVersion":0,"enabled":false,"setup":{"credentials":{},"jobParameters":[]}}],"enabled":true}'
+ -d '{"description":"changed description","configurations":[{"uuid":"44742c74-0b9b-46c2-afa7-1c0e8e7f3291","executorVersion":0,"enabled":false,"setup":{"credentials":{},"jobParameters":[]}}],"enabled":true}'

@@ -14736,7 +15104,7 @@

7.6.56. Admin fetches execution profile

configurations[].enabled

Boolean

-

enabled state of this config

+

enabled state of this configuration

configurations[].productIdentifier

@@ -14772,7 +15140,7 @@

7.6.56. Admin fetches execution profile

-
{"description":"a description","enabled":true,"configurations":[{"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value but changed. Remark: the other parameter (example.key2) has been removed by this call"}]},"executorVersion":1,"enabled":false,"uuid":"df9984fd-f307-4847-a49a-27700ee434d0"}],"projectIds":["project-1","project-2"]}
+
{"description":"a description","enabled":true,"configurations":[{"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value but changed. Remark: the other parameter (example.key2) has been removed by this call"}]},"executorVersion":1,"enabled":false,"uuid":"ce989c37-b285-4975-a802-3930530d627b"}],"projectIds":["project-1","project-2"]}
@@ -15212,11 +15580,11 @@

7.6.61. Admin updates auto cle
-

7.6.62. Admin disables job processing in scheduler

-
-

REST API for usecase UC_030-Admin disables job processing in scheduler

+

7.6.62. Admin starts encryption rotation

+ -
+

Definition

@@ -15234,7 +15602,7 @@

7.6.62. Admin disables job p

- + @@ -15242,7 +15610,7 @@

7.6.62. Admin disables job p

- +

Path

/api/admin/scheduler/disable/job-processing

/api/admin/encryption/rotate

Method

Status code

202 ACCEPTED

200 OK
@@ -15269,8 +15637,13 @@

7.6.62. Admin disables job p

-
$ curl 'https://sechub.example.com/api/admin/scheduler/disable/job-processing' -i -u 'user:secret' -X POST \
-    -H 'Content-Type: application/json;charset=UTF-8'
+
$ curl 'https://sechub.example.com/api/admin/encryption/rotate' -i -u 'user:secret' -X POST \
+    -H 'Content-Type: application/json;charset=UTF-8' \
+    -d '{
+  "algorithm" : "AES_GCM_SIV_256",
+  "passwordSourceType" : "ENVIRONMENT_VARIABLE",
+  "passwordSourceData" : "SECRET_1"
+}'
@@ -15279,11 +15652,11 @@

7.6.62. Admin disables job p

-

7.6.63. Admin enables scheduler job processing

-
-

REST API for usecase UC_031-Admin enables scheduler job processing

+

7.6.63. Admin fetches encryption status

+ -
+

Definition

@@ -15301,15 +15674,15 @@

7.6.63. Admin enables scheduler

- + - + - +

Path

/api/admin/scheduler/enable/job-processing

/api/admin/encryption/status

Method

POST

GET

Status code

202 ACCEPTED

200 OK
@@ -15329,45 +15702,252 @@

7.6.63. Admin enables scheduler
-

Example

-
-
-

Curl request

-
-
-
-
$ curl 'https://sechub.example.com/api/admin/scheduler/enable/job-processing' -i -u 'user:secret' -X POST \
-    -H 'Content-Type: application/json;charset=UTF-8'
-
-
-
-

Response body
-(empty)

-
-

-
-

7.6.64. Admin get scheduler status

-
-

REST API for usecase UC_032-Admin get scheduler status

-
-
-

Definition

+

Response fields

---+++ - - + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 131. General request information
ValuePathTypeDescription

Path

type

String

The type description of the json content

domains[].name

String

Name of the domain which will provide this encryption data elements

domains[].data[].id

String

Unique identifier

domains[].data[].algorithm

String

Algorithm used for encryption

domains[].data[].passwordSource.type

String

Type of password source. Can be [NONE, ENVIRONMENT_VARIABLE]

domains[].data[].passwordSource.data

String

Data for password source. If type is ENVIRONMENT_VARIABLE then it is the the name of the environment variable.

domains[].data[].usage

Object

Map containing information about usage of this encryption

domains[].data[].usage.*

Number

Key value data

domains[].data[].created

String

Creation timestamp

domains[].data[].createdFrom

String

User id of admin who created the encryption entry

+
+

Example

+
+
+

Curl request

+
+
+
+
$ curl 'https://sechub.example.com/api/admin/encryption/status' -i -u 'user:secret' -X GET \
+    -H 'Content-Type: application/json;charset=UTF-8'
+
+
+
+

Response body

+
+
+
+
{"type":"encryptionStatus","domains":[{"name":"schedule","data":[{"id":"1","algorithm":"AES_GCM_SIV_256","passwordSource":{"type":"ENVIRONMENT_VARIABLE","data":"SECRET_1"},"usage":{"job.state.cancel_requested":4,"job.state.canceled":5,"job.state.ended":6,"job.state.initializing":1,"job.state.ready_to_start":2,"job.state.started":3},"createdFrom":"admin-username","created":"2024-08-01T09:26:00"}]}]}
+
+
+
+
+

7.6.64. Admin disables job processing in scheduler

+ +
+

Definition

+
+ + ++++ + + + + + + + + + + + + + + + + + + + + +
Table 131. General request information
Value

Path

/api/admin/scheduler/disable/job-processing

Method

POST

Status code

202 ACCEPTED

+
+

Request headers

+
+ ++++ + + + + + + +
NameDescription
+
+

Example

+
+
+

Curl request

+
+
+
+
$ curl 'https://sechub.example.com/api/admin/scheduler/disable/job-processing' -i -u 'user:secret' -X POST \
+    -H 'Content-Type: application/json;charset=UTF-8'
+
+
+
+

Response body
+(empty)

+
+
+
+

7.6.65. Admin enables scheduler job processing

+ +
+

Definition

+
+ + ++++ + + + + + + + + + + + + + + + + + + + + +
Table 132. General request information
Value

Path

/api/admin/scheduler/enable/job-processing

Method

POST

Status code

202 ACCEPTED

+
+

Request headers

+
+ ++++ + + + + + + +
NameDescription
+
+

Example

+
+
+

Curl request

+
+
+
+
$ curl 'https://sechub.example.com/api/admin/scheduler/enable/job-processing' -i -u 'user:secret' -X POST \
+    -H 'Content-Type: application/json;charset=UTF-8'
+
+
+
+

Response body
+(empty)

+
+
+
+

7.6.66. Admin get scheduler status

+
+

REST API for usecase UC_032-Admin get scheduler status

+
+
+

Definition

+
+ + ++++ + + + + + + + + + @@ -15413,7 +15993,7 @@

7.6.64. Admin get scheduler status

-

7.6.65. Admin lists status information

+

7.6.67. Admin lists status information

@@ -15421,7 +16001,7 @@

7.6.65. Admin lists status informationDefinition

Table 133. General request information
Value

Path

/api/admin/scheduler/status/refresh
- +@@ -15513,7 +16093,7 @@

7.6.65. Admin lists status information
-

7.6.66. Admin fetches server runtime data

+

7.6.68. Admin fetches server runtime data

@@ -15521,7 +16101,7 @@

7.6.66. Admin fetches server runtime

Definition

Table 132. General request informationTable 134. General request information
- +@@ -15593,7 +16173,7 @@

7.6.66. Admin fetches server runtime
-

7.6.67. User lists jobs for project

+

7.6.69. User lists jobs for project

@@ -15601,7 +16181,7 @@

7.6.67. User lists jobs for project

Definition

Table 133. General request informationTable 135. General request information
- +@@ -15631,7 +16211,7 @@

7.6.67. User lists jobs for project

Path parameters

Table 134. General request informationTable 136. General request information
- +@@ -15755,7 +16335,7 @@

7.6.67. User lists jobs for project

-
{"page":0,"totalPages":1,"content":[{"jobUUID":"c84c93ed-3719-4a72-8d2a-42be7efdbc5d","executedBy":"User1","created":"2024-07-10T13:40:02.462329442","started":"2024-07-10T13:42:02.462359458","ended":"2024-07-10T13:57:02.46237082","executionState":"ENDED","trafficLight":"GREEN","executionResult":"OK","metaData":{"labels":{"stage":"test"}}}]}
+
{"page":0,"totalPages":1,"content":[{"jobUUID":"048f9167-5b7a-41fb-a235-8e3a7e996efa","executedBy":"User1","created":"2024-08-08T07:48:50.319019742","started":"2024-08-08T07:50:50.319048296","ended":"2024-08-08T08:05:50.319059717","executionState":"ENDED","trafficLight":"GREEN","executionResult":"OK","metaData":{"labels":{"stage":"test"}}}]}
@@ -15794,7 +16374,7 @@
7.7.2.1. Overview
7.7.2.1.1. Diagram
-Sequence diagram of messaging overview +Sequence diagram of messaging overview
@@ -15812,6 +16392,9 @@
Table 135. https://localhost:8081/api/project/{projectId}/jobsTable 137. https://localhost:8081/api/project/{projectId}/jobs
- +
Table 136. Scope 'administration'
+@@ -17245,8 +17869,8 @@

8.2.3. General configuration

Table 138. Scope 'administration'
- - +
Table 137. Scope 'anonymous'
+@@ -17267,8 +17891,8 @@

8.2.3. General configuration

Table 139. Scope 'anonymous'
- - +
Table 138. Scope 'checkmarx'
+@@ -17299,8 +17923,8 @@

8.2.3. General configuration

Table 140. Scope 'checkmarx'
- - +
Table 139. Scope 'initial'
+@@ -17331,8 +17955,8 @@

8.2.3. General configuration

Table 141. Scope 'initial'
- - +
Table 140. Scope 'migration'
+@@ -17353,8 +17977,8 @@

8.2.3. General configuration

Table 142. Scope 'migration'
- - +
Table 141. Scope 'mock'
+@@ -17375,8 +17999,8 @@

8.2.3. General configuration

Table 143. Scope 'mock'
- - +
Table 142. Scope 'nessus'
+@@ -17452,8 +18076,8 @@

8.2.3. General configuration

Table 144. Scope 'nessus'
- - +
Table 143. Scope 'netsparker'
+@@ -17524,8 +18148,8 @@

8.2.3. General configuration

Table 145. Scope 'netsparker'
- - +
Table 144. Scope 'new'
+@@ -17546,8 +18170,8 @@

8.2.3. General configuration

Table 146. Scope 'new'
- - +
Table 145. Scope 'notification'
+@@ -17578,8 +18202,8 @@

8.2.3. General configuration

Table 147. Scope 'notification'
- - +
Table 146. Scope 'p'
+@@ -17623,10 +18247,20 @@

8.2.3. General configuration

+ + + + + + + + + +
Table 148. Scope 'p'

240

Time in minutes when adapter result check will automatically time out and adapter stops execution automatically. When -1 timeout is 7200 minutes

sechub.adapter.pds.resilience.encryption-out-of-sync.retry.max

3

Amount of retries done when a PDS encryption out of sync problem happens

sechub.adapter.pds.resilience.encryption-out-of-sync.retry.wait

2000

Time to wait until retry is done when a PDS encryption out of sync problem happens
- - +
Table 147. Scope 's'
+@@ -17667,8 +18301,8 @@

8.2.3. General configuration

Table 149. Scope 's'
- - +
Table 148. Scope 'scan'
+@@ -17704,8 +18338,8 @@

8.2.3. General configuration

Table 150. Scope 'scan'
- - +
Table 149. Scope 'scheduler'
+@@ -17722,7 +18356,7 @@

8.2.3. General configuration

- + @@ -17737,7 +18371,7 @@

8.2.3. General configuration

- + @@ -17766,8 +18400,8 @@

8.2.3. General configuration

Table 151. Scope 'scheduler'

sechub.config.trigger.healthcheck.enabled

true

When enabled each trigger will do an healtching by monitoring service. If system has too much CPU load or uses too much memory, the trigger will not execute until memory and CPU load is at normal level!

When enabled each trigger will do an health check by monitoring service. If system has too much CPU load or uses too much memory, the trigger will not execute until memory and CPU load is at normal level!

sechub.config.trigger.nextjob.delay

sechub.config.trigger.nextjob.maxwaitretry

300

When retry mechanism is enabled by sechub.config.trigger.nextjob.retries, and a retry is necessary, this value is used to define the maximum time period in millis which will be waited before retry. Why max value? Because cluster instances seems to be created often on exact same time by kubernetes. So having here a max value will result in a randomized wait time so cluster members will do fetch operations time shifted and automatically reduce collisions!

When retry mechanism is enabled by sechub.config.trigger.nextjob.retries, and a retry is necessary, this value is used to define the maximum time period in millis which will be waited before retry. Why max value? Because cluster instances seems to be created often on exact same time by kubernetes. So having here a max value will result in a randomized wait time: means cluster members will do fetch operations time shifted and this automatically reduces collisions!

sechub.config.trigger.nextjob.retries
- - +
Table 150. Scope 'sec'
+@@ -17822,14 +18456,19 @@

8.2.3. General configuration

+ + + + +
Table 152. Scope 'sec'

Maximum limit for job information list entries per page

sechub.schedule.encryption.refresh.accept-outdated.milliseconds

1800000

The maximum amount of milliseconds an outdated encryption pool is still accepted in refresh phase

sechub.server.baseurl

Base url of SecHub server - e.g. https://sechub.example.org
- - +
Table 151. Scope 'security'
+@@ -17850,8 +18489,8 @@

8.2.3. General configuration

Table 153. Scope 'security'
- - +
Table 152. Scope 'server'
+@@ -17872,8 +18511,8 @@

8.2.3. General configuration

Table 154. Scope 'server'
- - +
Table 153. Scope 'storage'
+@@ -17959,8 +18598,8 @@

8.2.3. General configuration

Table 155. Scope 'storage'
- - +
Table 154. Scope 'system'
+@@ -17991,8 +18630,8 @@

8.2.3. General configuration

Table 156. Scope 'system'
- - +
Table 155. Scope 'target'
+@@ -18024,7 +18663,7 @@

8.2.3. General configuration

8.2.4. Scheduling definitions

Table 157. Scope 'target'
- +@@ -18046,7 +18685,7 @@

8.2.4. Scheduling definitions

- +@@ -18068,7 +18707,7 @@

8.2.4. Scheduling definitions

Table 157. Scope 'scan'Table 159. Scope 'scan'
- +@@ -18092,13 +18731,18 @@

8.2.4. Scheduling definitions

+ + + + +
Table 158. Scope 'schedule'Table 160. Scope 'schedule'

initial delay:${sechub.config.trigger.nextjob.initialdelay:5000} fixed delay:${sechub.config.trigger.nextjob.delay:10000}

Job scheduling is triggered by a cron job operation - default is 10 seconds to delay after last execution. For initial delay 5000 milliseconds are defined. It can be configured differently. This is useful when you need to startup a cluster. Simply change the initial delay values in to allow the cluster to startup.

Fixed

initial delay:${sechub.schedule.encryption.refresh.initialdelay:5000} fixed delay:${sechub.schedule.encryption.refresh.delay:300000}

Defines the initial and also the fixed delay for the refresh interval. These values are also used for calculation of remaining run time of outdated encrytion pools (when refresh fails)

8.2.5. Configuration properties for mocked adapters

- - +
Table 159. Scope 'abstract'
+@@ -18119,8 +18763,8 @@

8.2.5. Configuration properties for mocked adapters

Table 161. Scope 'abstract'
- - +
Table 160. Scope 'mocked'
+@@ -18971,7 +19615,7 @@

9.5.1. General

provides REST access

  • -

    a very simple priviledge model with just two users (tech user + admin user), +

    a very simple privilege model with just two users (tech user + admin user), basic auth via TLS, credentials are simply defined by environment entries on startup

  • @@ -19009,9 +19653,212 @@

    9.5.3. Big picture

    -

    9.5.4. Storage and sharing

    +

    9.5.4. Encryption

    +
    +

    In PDS we can have also some sensitive data we want to be encrypted. For example: The remote data +section inside the sechub job configuration contains credentials to fetch data. +Such sensitive information shall be always encrypted.

    +
    +
    +
    9.5.4.1. General
    -

    PDS needs - like SecHub - the possiblity to store job data in a central storage location when +

    We want

    +
    +
    +
      +
    1. +

      Simple encryption rotation approach
      +In contrast to SecHub, the data in the PDS is only temporary and is not made available for a +longer period of time. Subsequent access to encrypted data is also no longer necessary, +but only while a SecHub job is running. +
      +
      +This means we simply accept the situation that a PDS restart with new encryption setup could +lead to a situation where a former created job is no longer executable by PDS.

      +
      2. +
    +
    +
    +

    When the encryption changes for a job between its creation and when it begins running, the job will +be marked automatically as failed and having encryption out of sync. +The PDS product executor at SecHub side will take care of such a situation and will restart +a new PDS job (which will then be encrypted correctly again).

    +
    +
    +
      +
    1. +

      Full automated
      +There is no need for manual interaction - means it is not necessary to create any cron jobs or +something else to convert non encrypted data to encrypted data or to rotate a password or to +use a new encryption method.

      +
      2. +
    2. +

      Data protection /Privacy policy

      +
      +
        +
      • +

        Even for administrators it shall not be possible to fetch the information directly
        +(of course a person who knows the encryption password and has access to the database will always + be able to calculate values - but we separate here between administration and operation inside + this concept, so protection is fully possible)

        +
        • +
      • +

        The data must not be accidentally made available in decrypted form - for example through a REST +call in which the data object is passed along unencrypted.

        +
        • +
      +
      +
      3. +
    3. +

      Easy encryption administration

      +
      +
        +
      • +

        It shall be possible for an administrator to configure a new cipher entry at deployment time

        +
        • +
      +
      +
      4. +
    4. +

      Secure storage of encryption passwords

      +
      +
        +
      • +

        Encryption passwords are always provided via environment entries, we store always +the environment variable name to use inside the database but never plain values!

        +
        • +
      +
      +
      5. +
    +
    +
    +
    +
    9.5.4.2. PDS startup
    +
    +

    A PDS server only knows the encryption defined inside two variables:

    +
    +
    +
      +
    • +

      PDS_ENCRYPTION_SECRET_KEY
      +contains the base64 encoded secret key used for encryption

      +
      • +
    • +

      PDS_ENCRYPTION_ALGORITHM
      +contains the information about the used encryption algorithm. Can be
      +NONE, AES_GCM_SIV_128 or AES_GCM_SIV_256 .

      +
      • +
    +
    +
    +

    This setup will be used inside the complete instance as long as it is running. +There is no pooling of different encryptions (in constrast to SecHub, where pooling feature exists).

    +
    +
    +
    • Table 162. Scope 'mocked'
    + + + + +
    + + +
    +

    If the secret key is not a base 64 value the server startup will fail!

    +
    +
    +
    +
    +
    +
    9.5.4.3. Administration
    +
    +
    9.5.4.3.1. Encryption rotation
    +
    +

    There is no complete rotation of encryption - old data will have no encryption update.

    +
    +
    +

    But an administrator is able to do re-deployment of the PDS cluster +and using other secret or algorithm.

    +
    +
    +

    This will

    +
    +
    +
      +
    • +

      use new encryption setup for all new PDS jobs

      +
      • +
    • +

      keep existing encrypted data as is

      +
      • +
    • +

      can lead to a rare race condition when SecHub has created the job with old PDS instance and +new PDS instance tries to run the PDS job (the access to the encrypted data is no longer possible)

      +
      • +
    +
    +
    + + + + + +
    + + +
    +

    Via auto cleanup the old data will automatically disappear. +If an encryption cleanup for PDS via auto cleanup is too late (e.g. credentials were leaked and +an update is really urgent) , it is still possible to just delete +via SQL all jobs at database which have a timestamp older then the newest deployment time (or +just all).

    +
    +
    +
    +
    +
    +
    9.5.4.3.2. Encryption status
    +
    +

    There is no direct possibility to check encryption status. But the job contains a creation time stamp +and can be mapped to the startup of containers if this would become necessary.

    +
    +
    +
    +
    9.5.4.3.3. Cleanup old encrypted data
    +
    +

    Auto Cleanup automatically removes old information. +This means that old encrypted information (with older encryption settings) automatically +disappears after a certain period of time.

    +
    +
    +

    Since no other encryption data is persisted except in the PDS job, nothing else needs to be cleaned up.

    +
    +
    +
    +
    +
    9.5.4.4. Diagrams
    +
    +
    +Diagram +
    +
    Figure 10. title
    +
    +
    +
    +
    +

    9.5.5. Auto cleanup

    +
    +

    The PDS provides an auto cleanup mechanism which will remove old PDS jobs automatically.

    +
    +
    +

    The default configuration is set to 2 days. +Administrators can change the default configuration via REST.

    +
    +
    +
    +

    9.5.6. Storage and sharing

    +
    +

    PDS needs - like SecHub - the possiblity to store job data in a central storage location when operating inside a cluster (it’s not clear which cluster member uploads job data and which one does execute the job and need the data at exectuion time).

    @@ -19069,7 +19916,7 @@

    9.5.4. Storage and sharing

    -
    9.5.4.1. Shared S3 storage
    +
    9.5.6.1. Shared S3 storage

    In the next example PDS and SecHub are using the same S3 bucket to store files uploaded by the user.

    @@ -19116,7 +19963,7 @@
    9.5.4.1. Shared S3 storage
    -
    9.5.4.2. Different S3 storages
    +
    9.5.6.2. Different S3 storages

    In the next example PDS and SecHub are using different S3 buckets as storage.

    @@ -19177,7 +20024,7 @@
    9.5.4.2. Different S3 storages
    -
    9.5.4.3. Same shared volume (NFS)
    +
    9.5.6.3. Same shared volume (NFS)

    In the next example PDS server and SecHub are using same shared volume as storage.

    @@ -19224,7 +20071,7 @@
    9.5.4.3. Same shared volume (NFS)
    -
    9.5.4.4. Different shared volumes (NFS)
    +
    9.5.6.4. Different shared volumes (NFS)

    In the next example PDS and SecHub are using different shared volumes as storage.

    @@ -19285,7 +20132,7 @@
    9.5.4.4. Different shared volumes (N
    -
    9.5.4.5. Mixing S3 and shared volume (NFS)
    +
    9.5.6.5. Mixing S3 and shared volume (NFS)

    This example is only mentioned for the sake of completeness: It is the same as before described for different S3 and different shared volumes: pds.config.use.sechub.storage cannot be used in this case.

    @@ -19302,7 +20149,7 @@
    9.5.4.5. Mixing S3 and shared vo
    -

    9.5.5. Process execution

    +

    9.5.7. Process execution

    PDS instances are executing so called caller scripts by spanning a new process. At this time dedicated environment variables are automatically injected and available inside the scripts.

    @@ -19327,7 +20174,7 @@

    9.5.5. Process execution

    -
    9.5.5.1. How PDS provides output and error stream content of running jobs in clustered environments
    +
    9.5.7.1. How PDS provides output and error stream content of running jobs in clustered environments

    We use error.txt and output.txt inside the workspace location of a running PDS job.

    @@ -19368,7 +20215,7 @@
    -
    9.5.5.2. How PDS handles meta data
    +
    9.5.7.2. How PDS handles meta data

    When communication of PDS with the used product is stateful and is a long running operation, it can be useful to store such state/meta data.

    @@ -19410,7 +20257,7 @@
    9.5.5.2. How PDS handles meta data
    -
    9.5.5.2.1. Checkmarx PDS solution adapter meta data handling
    +
    9.5.7.2.1. Checkmarx PDS solution adapter meta data handling

    The PDS solution for Checkmarx does reuse the already existing CheckmarxAdapter class. A sechub-wrapper-checkmarx gradle project was introduced which contains a simple spring boot @@ -19428,14 +20275,14 @@

    9.5.5.2.1. Checkmarx
    -
    9.5.5.3. How PDS handles storage data
    +
    9.5.7.3. How PDS handles storage data

    The PDS does automatically fetch uploaded files from shared storage temporary into its local filesystem. After the scan has been done, the temporary local files will be automatically deleted.

    -
    9.5.5.3.1. Source code fetching
    +
    9.5.7.3.1. Source code fetching

    Source code is always contained in a file called sourcecode.zip. When a PDS starts a new job, it will fetch the complete ZIP file from storage @@ -19450,7 +20297,7 @@

    9.5.5.3.1. Source code fetching
    -
    9.5.5.3.2. Binaries fetching
    +
    9.5.7.3.2. Binaries fetching

    Binaries are always contained in a file called binaries.tar. When a PDS starts a new job and the scan does references a binary data section, it will fetch @@ -19465,7 +20312,7 @@

    9.5.5.3.2. Binaries fetching
    -
    9.5.5.3.3. Data structure inside TAR and ZIP files
    +
    9.5.7.3.3. Data structure inside TAR and ZIP files

    The data structure inside TAR and ZIP files contains data configuration parts inside data folder.

    @@ -19664,7 +20511,7 @@
    9.5.5.3.3. Data structure inside TAR and
    -
    9.5.5.3.4. Automated Extraction of relevant parts
    +
    9.5.7.3.4. Automated Extraction of relevant parts

    Only files and folders which are available for the configured scan type will be automatically extracted!
    @@ -19809,7 +20656,7 @@

    9.5.5.3.4. Automated Extraction
    -
    9.5.5.4. How PDS handles user messages
    +
    9.5.7.4. How PDS handles user messages

    Inside a PDS workspace a special messages folder exists. The launcher script can create there dedicated user message files by creating simple text files (see PDS_JOB_USER_MESSAGES_FOLDER @@ -19821,22 +20668,22 @@

    9.5.5.4. How PDS handles user messages Diagram
    -
    Figure 10. PDS user message handling
    +
    Figure 11. PDS user message handling
    -
    9.5.5.5. How PDS handles execution events
    +
    9.5.7.5. How PDS handles execution events
    -

    9.5.6. PDS events

    +

    9.5.8. PDS events

    Sometimes it is necessary that the PDS inform the script about changes. This can be done by execution events.

    -
    9.5.6.1. Overview
    +
    9.5.8.1. Overview

    The product adapter is able to read and write events into a dedicated folder inside the workspace. This is utilized by the PDSWorkspaceService class.

    @@ -19857,11 +20704,11 @@
    9.5.6.1. Overview
    Diagram
    -
    Figure 11. Storing PDS events
    +
    Figure 12. Storing PDS events
    -
    9.5.6.2. Handling events in launcher script
    +
    9.5.8.2. Handling events in launcher script

    The launcher scripts (or in started wrapper applications by these scripts) have the environment variable PDS_JOB_EVENTS_FOLDER injected.

    @@ -19892,7 +20739,7 @@
    9.5.6.2. Handling events in launcher
    -
    9.5.6.3. How PDS product executors configure the PDS adapter
    +
    9.5.8.3. How PDS product executors configure the PDS adapter

    The different PDS product executors have different config builders which inherit from different abstract base classes (e.g. AbstractCodeScanAdapterConfigBuilder). We have no multi inheritance in Java, but we do also not @@ -19903,7 +20750,7 @@

    9.5.6.3. How PDS pr
    -
    9.5.6.4. Overview
    +
    9.5.8.4. Overview
    Diagram @@ -19912,11 +20759,11 @@
    9.5.6.4. Overview
    -

    9.5.7. SecHub integration

    +

    9.5.9. SecHub integration

    -
    9.5.7.1. Executors and Adapters
    +
    9.5.9.1. Executors and Adapters
    -
    9.5.7.1.1. Executors
    +
    9.5.9.1.1. Executors

    With PDS there is a default REST API available.

    @@ -19926,7 +20773,7 @@
    9.5.7.1.1. Executors
    -
    9.5.7.1.2. Adapters
    +
    9.5.9.1.2. Adapters

    The Adapter will always be the same, but filled with other necessary parameters.

    @@ -19945,9 +20792,8 @@
    9.5.7.1.2. Adapters
    -
    -
    -

    9.6. HowTo integrate a new product via PDS

    +
    +

    9.5.10. HowTo integrate a new product via PDS

    Having new security product XYZ but being a command line tool, we

    @@ -20025,9 +20871,28 @@

    9.6. HowTo integrate a new produc

    +
    + + + + + +
    + + +
    +

    Output and error stream of a PDS launcher script are stored in PDS database as plain text! +Means: NEVER log any sensitive data in launcher scripts!

    +
    +
    +

    If you want to give hints for debugging etc. you have to mask the information in log output.

    +
    +
    +
    +
    -

    9.7. Archive extraction

    +

    9.6. Archive extraction

    The data structure concept does need an automated archive extraction. The main java class is ArchiveSupport.

    @@ -20042,16 +20907,16 @@

    9.7. Archive extraction

    -

    9.8. False-positive handling

    +

    9.7. False-positive handling

    SecHub must be able to handle false positives of used products.

    -

    9.8.1. General

    +

    9.7.1. General

    -
    9.8.1.1. How can false positives be handled across multiple security products?
    +
    9.7.1.1. How can false positives be handled across multiple security products?
    -
    9.8.1.1.1. Problem
    +
    9.7.1.1.1. Problem
    1. @@ -20065,7 +20930,7 @@
      9.8.1.1.1. Problem
    -
    9.8.1.1.2. Solution
    +
    9.7.1.1.2. Solution

    Instead of configuring false positives for each product (e.g. by calling a REST API) we do the filtering of false positives always at SecHub side only!

    @@ -20082,12 +20947,12 @@
    9.8.1.1.2. Solution
    -
    9.8.1.2. Different kinds of false-positive filtering
    +
    9.7.1.2. Different kinds of false-positive filtering

    Some people prefer code/API-centric way to define false positives, some prefer a WebUI.

    -
    9.8.1.2.1. API centric
    +
    9.7.1.2.1. API centric

    Define false positive handling in JSON by referencing a former SecHub job UUID and the corresponding finding entry (by id) and post it to REST API.

    @@ -20172,13 +21037,13 @@
    9.8.1.2.1. API centr
    -
    9.8.1.2.2. Web UI
    +
    9.7.1.2.2. Web UI

    Just uses the API centric approach (by using given REST API,) over UI.

    -
    9.8.1.2.3. Code centric
    +
    9.7.1.2.3. Code centric

    Inside source code / deployment scripts etc. users can define comments to define false positive handling - this is only possible for situations where we have access to source code - means SAST @@ -20207,14 +21072,14 @@

    9.8.1.2.3. Code cen
    -

    9.8.2. Code scan

    +

    9.7.2. Code scan

    -
    9.8.2.1. API centric
    +
    9.7.2.1. API centric

    see general concept

    -
    9.8.2.1.1. How to identify same vulnerability on code changes?
    +
    9.7.2.1.1. How to identify same vulnerability on code changes?
    • @@ -20259,13 +21124,13 @@
      9.8.2.1.1. How to id
    -
    9.8.2.2. Web UI
    +
    9.7.2.2. Web UI

    see general concept

    -
    9.8.2.3. Code centric
    +
    9.7.2.3. Code centric
    @@ -20322,7 +21187,7 @@
    9.8.2.3. Code centric
    -
    9.8.2.3.1. Java
    +
    9.7.2.3.1. Java

    We will provide single comments (//)

    @@ -20358,36 +21223,36 @@
    9.8.2.3.1. Java
    -

    9.8.3. Web scan

    +

    9.7.3. Web scan

    -
    9.8.3.1. Code centric
    +
    9.7.3.1. Code centric

    Not possible

    -
    9.8.3.2. API centric
    +
    9.7.3.2. API centric

    see general concept

    -
    9.8.3.3. Web UI
    +
    9.7.3.3. Web UI

    see general concept

    -

    9.8.4. Infra scan

    +

    9.7.4. Infra scan

    -
    9.8.4.1. Code centric
    +
    9.7.4.1. Code centric

    Not possible

    -
    9.8.4.2. API centric
    +
    9.7.4.2. API centric

    see general concept

    @@ -20420,7 +21285,7 @@
    9.8.4.2. API centric
    -
    9.8.4.3. Web UI
    +
    9.7.4.3. Web UI

    see general concept

    @@ -20428,7 +21293,7 @@
    9.8.4.3. Web UI
    -

    9.9. Product execution profiles and executor configuration

    +

    9.8. Product execution profiles and executor configuration

    To have the possibility of using dedicated security products for different projects, to disable/enable products on demand without server restart or just to test new products in one evaluation project but @@ -20438,23 +21303,23 @@

    9.9. Product execution profiles and

    This is provided by execution profiles and and executor configurations.

    -

    9.9.1. Overview

    +

    9.8.1. Overview

    Diagram
    -
    Figure 12. Overview profiles and configurations
    +
    Figure 13. Overview profiles and configurations
    -

    9.9.2. Executor configuration

    +

    9.8.2. Executor configuration

    An executor configuration represents a runtime configuration for product executors. The configuration has an enabled state. So it is possible to enable/disable product execution.

    -

    9.9.3. Execution profile

    +

    9.8.3. Execution profile

    An execution profile can contain multiple executor configurations. The configurations can be shared between multiple profiles. E.g. a config with name "pds-gosec-1" can be used in profiles "profileA" @@ -20469,7 +21334,7 @@

    9.9.3. Execution profile

    -

    9.9.4. How execution process uses profiles and configurations

    +

    9.8.4. How execution process uses profiles and configurations

    ScanService is called by SecHub batch operation from scheduler and contains the project id for the project to scan for.

    @@ -20479,7 +21344,7 @@

    9.9.4. How execu project id and executes all enabled product executors for the wanted scan job - e.g. code scan product executors

    -
    9.9.4.1. Results handling done by configured report executor or fallback
    +
    9.8.4.1. Results handling done by configured report executor or fallback

    All of the results returned by the dedicated product executors are stored in database. After this has been done, the configured report product executor(s) is (are) executed (if none has been defined in at least one profile, the @@ -20489,7 +21354,7 @@

    9.9.4.1
    -

    9.10. Product results

    +

    9.9. Product results

    Product results can be either from security products or from reporting products.

    @@ -20514,12 +21379,12 @@

    9.10. Product results

    -

    9.10.1. Product messages inside product result

    +

    9.9.1. Product messages inside product result

    Every product can add custom messages which shall be available to user.

    -
    9.10.1.1. Storing product messages
    +
    9.9.1.1. Storing product messages

    The product adapter fetches the information from the product and delivers it to the product executor, who stores the SecHub messages inside the ProductResult entity.

    @@ -20528,11 +21393,11 @@
    9.10.1.1. Storing product messages
    Diagram
    -
    Figure 13. Storing product messages
    +
    Figure 14. Storing product messages
    -
    9.10.1.2. Read and delivery of report data to end user
    +
    9.9.1.2. Read and delivery of report data to end user

    SerecoProductExecutor collects all SecHub messages from other job results and combines them inside its own data as SerecoAnnotation. The annotations will be inspected on report creation @@ -20545,14 +21410,14 @@

    9.10.1.2. Read and deliver
    Diagram
    -
    Figure 14. Messages to Sereco annotations
    +
    Figure 15. Messages to Sereco annotations
    -

    9.10.2. Report data flow

    +

    9.9.2. Report data flow

    -
    9.10.2.1. Report model
    +
    9.9.2.1. Report model

    Here a reduced class model of the report data model:

    @@ -20560,11 +21425,11 @@
    9.10.2.1. Report model
    Diagram
    -
    Figure 15. Report data model
    +
    Figure 16. Report data model
    -
    9.10.2.2. Creation of ScanReport entities
    +
    9.9.2.2. Creation of ScanReport entities

    Here a graphical overview how the report data is created by the ScanService and finally written as ScanReport entity into the database:

    @@ -20573,11 +21438,11 @@
    9.10.2.2. Creation of ScanReport entiti
    Diagram
    -
    Figure 16. Report data flow
    +
    Figure 17. Report data flow
    -
    9.10.2.3. Read and delivery of report data to end user
    +
    9.9.2.3. Read and delivery of report data to end user

    When the user downloads the report, the result inside the persisted scan report entity will be used.

    @@ -20585,41 +21450,41 @@
    9.10.2.3. Read and deliv
    Diagram
    -
    Figure 17. Report delivery to user
    +
    Figure 18. Report delivery to user
    -

    9.11. Job status

    +

    9.10. Job status

    After a SecHub job has been created, it has a status which will change at the different process steps. Some of these steps are described here.

    -

    9.11.1. Job status fetching

    +

    9.10.1. Job status fetching

    Diagram
    -
    Figure 18. Job status fetrching
    +
    Figure 19. Job status fetrching
    -

    9.11.2. Job status data flow

    +

    9.10.2. Job status data flow

    -
    9.11.2.1. Job execution done, final Job status update
    +
    9.10.2.1. Job execution done, final Job status update
    Diagram
    -
    Figure 19. Delivery
    +
    Figure 20. Delivery
    -

    9.12. SecHub job cancellation

    +

    9.11. SecHub job cancellation

    An administrator is able to cancel a running SecHub job. This is done across different domains and there are multiple events involved. The next diagram shall bring an overview.

    @@ -20628,14 +21493,17 @@

    9.12. SecHub job cancellation

    Diagram
    -
    Figure 20. Overview SecHub job cancellation
    +
    Figure 21. Overview SecHub job cancellation
    -

    9.13. Auto cleanup

    +

    9.12. Auto cleanup

    To prevent full hard drives there is an option to automatically remove old data.

    +
    +

    It also cleans up old encryption settings when it comes to encryption rotation.

    +
    @@ -20670,7 +21538,7 @@

    9.13. Auto cleanup

    -

    9.13.1. Configuration

    +

    9.12.1. Configuration

    Administrators can configure the auto cleanup configuration by uploading a json configuration via REST (see REST API for UC_065-Admin updates auto cleanup configuration ).

    @@ -20717,13 +21585,13 @@

    9.13.1. Configuration

    -

    9.13.2. Execution

    +

    9.12.2. Execution

    The execution is automatically done by SecHub.

    -

    9.13.3. Cleaned data

    +

    9.12.3. Cleaned data

    All data which is older than the defined time period is removed from:

    @@ -20762,7 +21630,7 @@

    9.13.3. Cleaned data

    -

    9.14. PDS solutions

    +

    9.13. PDS solutions

    It is easy to integrate security products, even command line tools without a network API, into SecHub via PDS (Product delegation server).

    @@ -20784,7 +21652,7 @@

    9.14. PDS solutions

    -

    9.14.1. Checkmarx PDS solution

    +

    9.13.1. Checkmarx PDS solution

    The checkmarx PDS solution uses sechub-wrapper-checkmarx which is a standalone Spring Boot application. If started in non production mode, the data will be mocked when inside IDE.

    @@ -20796,7 +21664,7 @@

    9.14.1. Checkmarx PDS solution

    -

    9.14.2. PDS code scan executor Configuration

    +

    9.13.2. PDS code scan executor Configuration

    @@ -20896,7 +21764,7 @@

    9.14.2. PDS code scan executor Con
    -

    9.15. Analytics

    +

    9.14. Analytics

    SecHub can be configured to analyze a scan situation at the beginning to improve runtime behavior or to create statistic data. This is done before all other scans.

    @@ -20918,7 +21786,7 @@

    9.15. Analytics

    -

    9.16. Statistics

    +

    9.15. Statistics

    For statistic data handling exists an own domain statistic. The data is collected in dedicated statistic SQL tables.

    @@ -20937,10 +21805,405 @@

    9.16. Statistics

    +
    +
    +

    9.16. Data encryption

    +
    +

    In SecHub we have some sensitive data we want to be encrypted. For example: Inside remote data +section the configuration contains credentials to fetch data. These sensitive information shall +be always encrypted.

    +
    +
    +

    9.16.1. General

    +
    +

    We want

    +
    +
    +
      +
    1. +

      Data consistency

      +
      +
        +
      • +

        It shall not be possible that we loose data by encryption in any way.
        +It must be ensured that the servers are always able to read and write data.

        +
        • +
      +
      +
      2. +
    2. +

      Full automated cipher rotation
      +There is no need for manual interaction - means it is not necessary to create any cron jobs or +something else to convert non encrypted data to encrypted data or to rotate a password or to +use a new encryption method.

      +
      3. +
    3. +

      Data protection /Privacy policy

      +
      +
        +
      • +

        Even for administrators it shall not be possible to fetch the information directly
        +(of course a person who knows the encryption password and has access to the database will always + be able to calculate values - but we separate here between administration and operation inside + this concept, so protection is fully possible)

        +
        • +
      • +

        The data must not be accidentally made available in decrypted form - for example through a REST +call in which the data object is passed along unencrypted.

        +
        • +
      +
      +
      4. +
    4. +

      Easy encryption administration

      +
      +
        +
      • +

        It shall be possible for an administrator to configure a new cipher entry via REST

        +
        • +
      +
      +
      5. +
    5. +

      Secure storage of encryption passwords

      +
      +
        +
      • +

        Encryption passwords are always provided via environment entries, we store always +the environment variable name to use inside the database but never plain values!

        +
        • +
      +
      +
      6. +
    +
    +
    +
    +

    9.16.2. Server startup

    +
    +

    A SecHub server will stop on startup phase when one of the entries inside the cipher pool cannot +be handled by this server.

    +
    +
    +

    This ensures that every new started server is able to handle all of them / is always readable.

    +
    +
    +
    +

    9.16.3. Administration

    +
    +
    9.16.3.1. Encryption rotation
    +
    +

    An administrator is able to start encryption rotation via REST. This will

    +
    +
    +
      +
    • +

      use new encryption setup for all new data

      +
      • +
    • +

      automatically convert existing encrypted data with new encryption setup in background

      +
      • +
    +
    +
    +
    +
    9.16.3.2. Encryption status
    +
    +

    An administrator is able to fetch encryption status from SecHub server. All domains which are +doing data encryption add their current status information into result.

    +
    +
    +
    +
    9.16.3.3. Cleanup old encryption setup
    +
    +

    Auto Cleanup automatically removes old information. +This means that old encrypted information that cannot be updated for some reason may eventually +disappear and old encryption configurations are then no longer needed and can be removed.

    +
    +
    +

    To fully automate this, after the respective Auto Cleanup, the domains are always checked for encryption configurations that are no longer used and these are then automatically removed (except for the most recent encryption configuration).

    +
    +
    + + + + + +
    + + +
    +

    If you have setup auto cleanup to 0 days, the auto cleanup is disabled completely and +unused encryption setup will also not be removed.

    +
    +
    +
    +
    +
    +
    +

    9.16.4. Scheduler

    +
    +

    Inside the schedule domain, the sensitive information is the sechub job configuration.

    +
    +
    +
    9.16.4.1. Database
    +
    +
    9.16.4.1.1. Table
    +
    +

    We store the cipher information inside table: SCHEDULE_CIPHER_POOL_DATA.

    +
    +
    + + + + + +
    + + +
    +

    Why in schedule domain and only there? Because it is the responsible domain for the storage. All other +domains may NEVER persist this information (for PDS the configuration will be sent from SecHub +and stored at PDS side encrypted as well)

    +
    +
    +
    +
    +

    Here an an overview of the table (names can be different in database):

    +
    + ++++++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    idalgorithmpassword_source_typepassword_source_dataencodingtest_texttest_initial_vectortest_encryptedcreation_timestampcreated_from

    0

    NO_ENCRYPTION

    PLAIN_TEXT

    PLAIN

    no-encryption

    no-encryption

    2024-06-24_10:00:01

    null

    1

    AES_GCM_SIV_128

    ENVIRONMENT_VARIABLE

    SECHUB_CRYPTO_P0

    PLAIN

    SecHub

    easdfa313334

    53d$125666eeffeded

    2024-06-24_10:05:34

    Admin1

    2

    AES_GCM_SIV_256

    ENVIRONMENT_VARIABLE

    SECHUB_CRYPTO_P1

    PLAIN

    Apfel

    fxadsfeec33s

    13x313412124$rfewd

    2024-06-24_11:02:14

    Admin2

    +
    +

    algorithm

    +
    +
    +

    Algorithm to use in encryption - currently we provide:

    +
    +
    +
      +
    • +

      NONE (means not encrypted!)

      +
      • +
    • +

      AES_GCM_SIV_128

      +
      • +
    • +

      AES_GCM_SIV_256

      +
      • +
    +
    +
    +

    password_source_type

    +
    +
    +

    Currently supported password source types are

    +
    +
    +
      +
    1. +

      ENVIRONMENT_VARIABLE
      +Here we provide environment variables, the password source data is the name of the environment variable

      +
      2. +
    2. +

      NONE
      +No password - only allowed for NONE algorithm

      +
      3. +
    +
    +
    +

    We separated source type and source data to be able to provide additional source - e.g. a password fault for the future.

    +
    +
    +

    password_source_data

    +
    +
    +

    Depends on the source

    +
    +
    +
      +
    • +

      If source is env than this is the name of the environment variable which holds the secret

      +
      • +
    +
    +
    +
    +
    9.16.4.1.2. Usage inside rows
    +
    +

    Inside the encrypted rows we will persist the pool id together with an initial vector

    +
    +
    +

    initial vector +Some algorithm like AES_GCM_SIV do need an initial vector to encrypt secure. The value here is +auto generated by SecHub and is dependent on the algorithm.

    +
    +
    +

    SecHub will always auto generate a dedicate value when it comes to encryption and the vector +will be stored together with the encrypted data. If the initial vector is changed, the row cannot +be decrypted, even when the secret key is known!

    +
    +
    +
    +
    +
    9.16.4.2. Constraints on scheduling
    +
    +

    The only situation we need to access the encrypted job configuration is the point, when +it comes to job execution. At all other situations it does not matter if the configuration +can be decrypted or not.

    +
    +
    +

    This means that it may not be possible that an scheduler instance executes a job which is +not supported by the current encryption pool!

    +
    +
    +
    +
    +

    9.16.5. Handling server updates

    +
    +
    9.16.5.1. SecHub server 1.x to 2.x
    +
    +

    Old server versions do not have the encryption field inside the scheduler job table or the cipher pool table.

    +
    +
    +

    Our SQL migration scripts will initialize scheduler cipher pool table on creation time with a +NONE entry (pool id = 0). This is encryption setup (meaning no encryption) will be added +to all existing jobs.

    +
    +
    +

    We want to have zero downtime and rolling updates with k8s and SecHub. To provide this, +it must be ensured, that there is no old server running which creates new jobs with +plain text configurations while update is running. To prevent such a situation +the column name inside schedule_sechub_job have been renamed from configuration to unencrypted_configuration. +If there appears any race conditions, old servers would no longer be able to write data and a +SQL error would happen.

    +
    +
    +
    +
    +

    9.16.6. Handling server downgrade

    +
    +
    9.16.6.1. SecHub server 2.x to 1.x
    +
    +

    For a downgrade from SecHub server V2.x to V1.x it is necessary to ensure, that all data is +encrypted with NONE cipher type (can be done by encryption rotation). When ensured that everything +is "encrypted" with this cipher type, the old server version can be deployed/used and migration +is automatically done as usual.

    +
    +
    +
    +
    +

    9.16.7. Handling sensitive data at runtime

    +
    +

    JVM crash dumps contain string information. Classes containing sensitive information shall +store such information inside sealed objects.

    +
    +
    +
    +

    9.16.8. Handling metadata from job configuration

    +
    +

    The SecHub configuration is encrypted, because it can contain sensitive data. E.g. when defining a remote data +section.

    +
    +
    +

    There exists a REST endpoint which gives users the possiblity to fetch job information, together with +the meta data defined inside the SecHub configuration.

    +
    +
    +

    To obtain this information, the configuration will be decrypted temporary at runtime and the meta +data are resolved and returned.

    +
    +
    +

    Because meta data shall not contain any sensitive information, this will not be audit logged.

    +
    +
    +
    +

    9.16.9. Diagrams

    +
    +
    9.16.9.1. Usage of encryption commons
    +
    +
    +Diagram +
    +
    +
    +
    +
    9.16.9.2. Encryption rotation overview
    +
    +
    +Diagram +
    +
    Figure 22. a reduced view of the steps done on encryption rotation
    +
    +
    +

    10. Design Decisions

    @@ -21127,7 +22390,7 @@

    13. Glossary

    diff --git a/docs/latest/sechub-client.html b/docs/latest/sechub-client.html index 54d991c225..365533918d 100644 --- a/docs/latest/sechub-client.html +++ b/docs/latest/sechub-client.html @@ -531,7 +531,7 @@ @@ -1045,7 +1045,7 @@

    1.2.7. Install SecHub’s

    diff --git a/docs/latest/sechub-operations.html b/docs/latest/sechub-operations.html index 7f8c73bb14..b52bab919e 100644 --- a/docs/latest/sechub-operations.html +++ b/docs/latest/sechub-operations.html @@ -531,7 +531,7 @@
    -
    3.1.4.3. Same shared volume (NFS)
    +
    3.1.6.3. Same shared volume (NFS)

    In the next example PDS server and SecHub are using same shared volume as storage.

    @@ -1128,7 +1346,7 @@
    3.1.4.3. Same shared volume (NFS)
    -
    3.1.4.4. Different shared volumes (NFS)
    +
    3.1.6.4. Different shared volumes (NFS)

    In the next example PDS and SecHub are using different shared volumes as storage.

    @@ -1189,7 +1407,7 @@
    3.1.4.4. Different shared volumes (N
    -
    3.1.4.5. Mixing S3 and shared volume (NFS)
    +
    3.1.6.5. Mixing S3 and shared volume (NFS)

    This example is only mentioned for the sake of completeness: It is the same as before described for different S3 and different shared volumes: pds.config.use.sechub.storage cannot be used in this case.

    @@ -1206,7 +1424,7 @@
    3.1.4.5. Mixing S3 and shared vo
    -

    3.1.5. Process execution

    +

    3.1.7. Process execution

    PDS instances are executing so called caller scripts by spanning a new process. At this time dedicated environment variables are automatically injected and available inside the scripts.

    @@ -1231,7 +1449,7 @@

    3.1.5. Process execution

    -
    3.1.5.1. How PDS provides output and error stream content of running jobs in clustered environments
    +
    3.1.7.1. How PDS provides output and error stream content of running jobs in clustered environments

    We use error.txt and output.txt inside the workspace location of a running PDS job.

    @@ -1272,7 +1490,7 @@
    -
    3.1.5.2. How PDS handles meta data
    +
    3.1.7.2. How PDS handles meta data

    When communication of PDS with the used product is stateful and is a long running operation, it can be useful to store such state/meta data.

    @@ -1314,7 +1532,7 @@
    3.1.5.2. How PDS handles meta data
    -
    3.1.5.2.1. Checkmarx PDS solution adapter meta data handling
    +
    3.1.7.2.1. Checkmarx PDS solution adapter meta data handling

    The PDS solution for Checkmarx does reuse the already existing CheckmarxAdapter class. A sechub-wrapper-checkmarx gradle project was introduced which contains a simple spring boot @@ -1332,14 +1550,14 @@

    3.1.5.2.1. Checkmarx
    -
    3.1.5.3. How PDS handles storage data
    +
    3.1.7.3. How PDS handles storage data

    The PDS does automatically fetch uploaded files from shared storage temporary into its local filesystem. After the scan has been done, the temporary local files will be automatically deleted.

    -
    3.1.5.3.1. Source code fetching
    +
    3.1.7.3.1. Source code fetching

    Source code is always contained in a file called sourcecode.zip. When a PDS starts a new job, it will fetch the complete ZIP file from storage @@ -1354,7 +1572,7 @@

    3.1.5.3.1. Source code fetching
    -
    3.1.5.3.2. Binaries fetching
    +
    3.1.7.3.2. Binaries fetching

    Binaries are always contained in a file called binaries.tar. When a PDS starts a new job and the scan does references a binary data section, it will fetch @@ -1369,7 +1587,7 @@

    3.1.5.3.2. Binaries fetching
    -
    3.1.5.3.3. Data structure inside TAR and ZIP files
    +
    3.1.7.3.3. Data structure inside TAR and ZIP files

    The data structure inside TAR and ZIP files contains data configuration parts inside data folder.

    @@ -1568,7 +1786,7 @@
    3.1.5.3.3. Data structure inside TAR and
    -
    3.1.5.3.4. Automated Extraction of relevant parts
    +
    3.1.7.3.4. Automated Extraction of relevant parts

    Only files and folders which are available for the configured scan type will be automatically extracted!
    @@ -1713,7 +1931,7 @@

    3.1.5.3.4. Automated Extraction
    -
    3.1.5.4. How PDS handles user messages
    +
    3.1.7.4. How PDS handles user messages

    Inside a PDS workspace a special messages folder exists. The launcher script can create there dedicated user message files by creating simple text files (see PDS_JOB_USER_MESSAGES_FOLDER @@ -1725,22 +1943,22 @@

    3.1.5.4. How PDS handles user messages Diagram
    -
    Figure 1. PDS user message handling
    +
    Figure 2. PDS user message handling
    -
    3.1.5.5. How PDS handles execution events
    +
    3.1.7.5. How PDS handles execution events
    -

    3.1.6. PDS events

    +

    3.1.8. PDS events

    Sometimes it is necessary that the PDS inform the script about changes. This can be done by execution events.

    -
    3.1.6.1. Overview
    +
    3.1.8.1. Overview

    The product adapter is able to read and write events into a dedicated folder inside the workspace. This is utilized by the PDSWorkspaceService class.

    @@ -1761,11 +1979,11 @@
    3.1.6.1. Overview
    Diagram
    -
    Figure 2. Storing PDS events
    +
    Figure 3. Storing PDS events
    -
    3.1.6.2. Handling events in launcher script
    +
    3.1.8.2. Handling events in launcher script

    The launcher scripts (or in started wrapper applications by these scripts) have the environment variable PDS_JOB_EVENTS_FOLDER injected.

    @@ -1796,7 +2014,7 @@
    3.1.6.2. Handling events in launcher
    -
    3.1.6.3. How PDS product executors configure the PDS adapter
    +
    3.1.8.3. How PDS product executors configure the PDS adapter

    The different PDS product executors have different config builders which inherit from different abstract base classes (e.g. AbstractCodeScanAdapterConfigBuilder). We have no multi inheritance in Java, but we do also not @@ -1807,7 +2025,7 @@

    3.1.6.3. How PDS pr
    -
    3.1.6.4. Overview
    +
    3.1.8.4. Overview
    Diagram @@ -1816,11 +2034,11 @@
    3.1.6.4. Overview
    -

    3.1.7. SecHub integration

    +

    3.1.9. SecHub integration

    -
    3.1.7.1. Executors and Adapters
    +
    3.1.9.1. Executors and Adapters
    -
    3.1.7.1.1. Executors
    +
    3.1.9.1.1. Executors

    With PDS there is a default REST API available.

    @@ -1830,7 +2048,7 @@
    3.1.7.1.1. Executors
    -
    3.1.7.1.2. Adapters
    +
    3.1.9.1.2. Adapters

    The Adapter will always be the same, but filled with other necessary parameters.

    @@ -1849,9 +2067,8 @@
    3.1.7.1.2. Adapters
    -
    -
    -

    3.2. HowTo integrate a new product via PDS

    +
    +

    3.1.10. HowTo integrate a new product via PDS

    Having new security product XYZ but being a command line tool, we

    @@ -1929,6 +2146,25 @@

    3.2. HowTo integrate a new produc

    +
    + + + + + +
    + + +
    +

    Output and error stream of a PDS launcher script are stored in PDS database as plain text! +Means: NEVER log any sensitive data in launcher scripts!

    +
    +
    +

    If you want to give hints for debugging etc. you have to mask the information in log output.

    +
    +
    +
    +
    @@ -2125,8 +2361,35 @@

    4.1.4. General configuration

    - - +
    Table 1. Scope 'credentials'
    + +++++ + + + + + + + + + + + + + + + + + + + +
    Table 1. Scope 'Encryption'
    Key or variable nameDefaultDescription

    PDS_ENCRYPTION_ALGORITHM

    NONE

    The encryption type. Allowed values are: NONE, AES_GCM_SIV_128 or AES_GCM_SIV_256 This must be defined as an environment variable!

    PDS_ENCRYPTION_SECRET_KEY

    The secret key used for encryption. It must be base64 encoded, otherwise it is not accepted. This must be defined as an environment variable!

    + +@@ -2157,8 +2420,8 @@

    4.1.4. General configuration

    Table 2. Scope 'credentials'
    - - +
    Table 2. Scope 'credentials.'
    +@@ -2175,12 +2438,12 @@

    4.1.4. General configuration

    - +
    Table 3. Scope 'credentials.'

    PDS_TECHUSER_USERID

    Techuser user id This must be defined as an environment variable!

    Techuser user id. This must be defined as an environment variable!
    - - +
    Table 3. Scope 'development'
    +@@ -2206,8 +2469,8 @@

    4.1.4. General configuration

    Table 4. Scope 'development'
    - - +
    Table 4. Scope 'execution'
    +@@ -2273,8 +2536,8 @@

    4.1.4. General configuration

    Table 5. Scope 'execution'
    - - +
    Table 5. Scope 'migration'
    +@@ -2295,8 +2558,8 @@

    4.1.4. General configuration

    Table 6. Scope 'migration'
    - - +
    Table 6. Scope 'monitoring'
    +@@ -2332,8 +2595,8 @@

    4.1.4. General configuration

    Table 7. Scope 'monitoring'
    - - +
    Table 7. Scope 'p'
    +@@ -2374,8 +2637,8 @@

    4.1.4. General configuration

    Table 8. Scope 'p'
    - - +
    Table 8. Scope 'scheduler'
    +@@ -2406,8 +2669,8 @@

    4.1.4. General configuration

    Table 9. Scope 'scheduler'
    - - +
    Table 9. Scope 'security'
    +@@ -2428,8 +2691,8 @@

    4.1.4. General configuration

    Table 10. Scope 'security'
    - - +
    Table 10. Scope 'startup'
    +@@ -2445,7 +2708,7 @@

    4.1.4. General configuration

    - + @@ -2455,8 +2718,8 @@

    4.1.4. General configuration

    Table 11. Scope 'startup'

    pds.config.file

    ./pds-config.json

    ./pds-configuration.json

    Define path to PDS configuration file
    - - +
    Table 11. Scope 'storage'
    +@@ -2542,8 +2805,8 @@

    4.1.4. General configuration

    Table 12. Scope 'storage'
    - - +
    Table 12. Scope 'upload'
    +@@ -3067,7 +3330,7 @@

    4.6.2. Parameter variables

    We have following standard parameters:

    Table 13. Scope 'upload'
    - +@@ -4366,7 +4629,7 @@

    4.7.14. PDS_UC_013-Admin fetches auto cleanu

    - + @@ -4409,7 +4672,7 @@

    4.7.15. PDS_UC_014-Admin updates auto cleanu

    - + @@ -4813,7 +5076,7 @@

    4.8.8. Get monitoring status

    diff --git a/docs/latest/sechub-restapi.html b/docs/latest/sechub-restapi.html index d01716833a..d0bc6c7c98 100644 --- a/docs/latest/sechub-restapi.html +++ b/docs/latest/sechub-restapi.html @@ -531,7 +531,7 @@
    Table 13. PDS executor configuration parametersTable 14. PDS executor configuration parameters

    2

    Fetches auto cleanup config

    Fetches auto cleanup configuration

    Fetches auto cleanup configuration from database

    2

    Updates auto cleanup config

    Updates auto cleanup configuration

    3, 4, 5

    Updates auto cleanup configuration as JSON in database
    -

    Documentation version: Server 1.10.0 - Build date: 20240710135650

    +

    Documentation version: Server 2.0.0 - Build date: 20240808080534

    @@ -2554,6 +2567,25 @@

    2.1.10. MetaData

    The SecHub configuration file can have optional meta data.

    +
    + + + + + +
    + + +
    +

    The SecHub configuration is stored encrypted in database and access is restricted, even +for administrators. But the meta data can be fetched by users of the project or administrators +without additional audit logging.

    +
    +
    +

    Because of this you should never store sensitive information inside the meta data!

    +
    +
    +
    2.1.10.1. Labels
    @@ -2924,7 +2956,23 @@
    2.2.1.9. Configuration
    -
    2.2.1.10. Other
    +
    2.2.1.10. Encryption
    +
    +

    Usecases for encryption parts

    +
    +
    + +
    +
    +
    +
    2.2.1.11. Other

    All other use cases

    @@ -2958,7 +3006,7 @@

    2.2.2. Check if the server is

    REST API for usecase UC_039-Check if the server is alive and running.

    -
    2.2.2.1. GET variant
    +
    2.2.2.1. HEAD variant

    Definition

    @@ -2981,7 +3029,7 @@
    2.2.2.1. GET variant

    Method

    -

    GET

    +

    HEAD

    Status code

    @@ -2997,7 +3045,7 @@
    2.2.2.1. GET variant
    -
    $ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X GET
    +
    $ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X HEAD
    @@ -3006,7 +3054,7 @@
    2.2.2.1. GET variant
    -
    2.2.2.2. HEAD variant
    +
    2.2.2.2. GET variant

    Definition

    @@ -3029,7 +3077,7 @@
    2.2.2.2. HEAD variant

    Method

    -

    HEAD

    +

    GET

    Status code

    @@ -3045,7 +3093,7 @@
    2.2.2.2. HEAD variant
    -
    $ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X HEAD
    +
    $ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X GET
    @@ -3760,7 +3808,7 @@

    2.2.9. Admin downloads all

    -
    $ curl 'https://sechub.example.com/api/admin/scan/download/65fc6925-ffcb-4f71-8468-01b1a5b5a65d' -i -u 'user:secret' -X GET \
+
    $ curl 'https://sechub.example.com/api/admin/scan/download/50a3de31-e207-4ac3-a6da-0f46e478d7ff' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -4925,7 +4973,7 @@

    2.2.20. Admin shows scan logs for pro
    -
    [{"sechubJobUUID":"1c24f69f-c988-4ce7-94ef-22dfac5ba3db","executedBy":"spartakus","started":"2024-07-09T13:57:03.927240632","ended":"2024-07-10T13:57:03.927258626","status":"OK"}]
    +
    [{"sechubJobUUID":"fc559da4-0535-46c7-941f-1a76d09a2ca1","executedBy":"spartakus","started":"2024-08-07T08:05:51.724664496","ended":"2024-08-08T08:05:51.724691357","status":"OK"}]
    @@ -5535,7 +5583,7 @@

    2.2.25.1. Code Scan variant
    -
    {"jobId":"2c7e0719-0c4e-4f6a-aa56-6a39e63c2fe5"}
    +
    {"jobId":"e80bc191-1fab-4e51-9c53-44b956b37b88"}
    @@ -5714,7 +5762,7 @@
    2.2.25.2. Code Sc
    -
    {"jobId":"e61914c5-b3b6-4af0-a9bf-748a376c2638"}
    +
    {"jobId":"278d510e-e7b2-4d07-b593-7fa77b54eef8"}
    @@ -5873,7 +5921,7 @@
    2.2.25.3. Secret scan variant
    -
    {"jobId":"75d2cfea-3690-4397-8ea7-b7a0f87123a9"}
    +
    {"jobId":"07c86999-76c1-4a12-90b7-4b97a7632579"}
    @@ -6032,7 +6080,7 @@
    2.2.25.4. License scan variant
    -
    {"jobId":"a37386d3-a808-4dcb-b68e-a7fcde86f2bd"}
    +
    {"jobId":"18b74d14-fd93-4beb-9ed0-623ba27171df"}
    @@ -6186,7 +6234,7 @@
    2.2.25.5. Infrastructure s
    -
    {"jobId":"1718acea-bb09-4621-9cfd-d5337be22244"}
    +
    {"jobId":"a47a9992-6b75-46db-a77a-5590b115e8e4"}
    @@ -6355,7 +6403,7 @@
    2.2.25.6. Web scan anonymou
    -
    {"jobId":"24a520cd-a6ce-4120-addc-fdc21980de51"}
    +
    {"jobId":"ad2715a7-ed7c-49c5-9b0d-ef7b80f276c1"}
    @@ -6519,7 +6567,7 @@
    2.2.25.7. Web sca
    -
    {"jobId":"fa954d23-1920-4338-bec4-6f4eb3271427"}
    +
    {"jobId":"f4542da9-59bb-41d2-a120-39a5f14e286a"}
    @@ -6678,7 +6726,7 @@
    2.
    -
    {"jobId":"603cbbb3-792e-4647-acde-a018c9672d26"}
    +
    {"jobId":"361d942a-c955-42ba-baea-41bfccfe08e3"}
    @@ -6852,7 +6900,7 @@
    2.2.25.9. Web Scan login
    -
    {"jobId":"c6f36e9c-22ce-4405-a50a-809b01ddec4a"}
    +
    {"jobId":"48c03859-a741-4e25-9ade-314a1583e45f"}
    @@ -7046,7 +7094,7 @@
    2.2.25.10. Web Sc
    -
    {"jobId":"e09816f7-bde7-4764-acb4-1b9e67316ba4"}
    +
    {"jobId":"046e0236-dd5f-4b07-8c57-3c45801b6c37"}
    @@ -7210,7 +7258,7 @@
    2.2.25.11. Web Scan headers v
    -
    {"jobId":"515131cd-f610-43fb-b3c7-73c227dcc919"}
    +
    {"jobId":"dd1b6f6b-7a47-408d-a919-0f06c9b43200"}
    @@ -7299,7 +7347,7 @@

    2.2.26. User uploads source code

    -
    $ curl 'https://sechub.example.com/api/project/project1/job/4cdef6b6-f307-42cb-bb15-13ed84e11efc/sourcecode?checkSum=checkSumValue' -i -X POST \
+
    $ curl 'https://sechub.example.com/api/project/project1/job/d26d431f-532e-403d-8649-41840afaf02a/sourcecode?checkSum=checkSumValue' -i -X POST \
     -H 'Content-Type: multipart/form-data;charset=UTF-8' \
     -F 'file=PK  
       �<M                       test1.txtPK  ?
@@ -7396,7 +7444,7 @@ 
    2.2.27. User approves sechub job
    -
    $ curl 'https://sechub.example.com/api/project/project1/job/dd1fc660-d0e5-48aa-bedd-d8786eea7dcc/approve' -i -X PUT \
+
    $ curl 'https://sechub.example.com/api/project/project1/job/2599f5c1-4bb0-4ca2-9745-49411e356282/approve' -i -X PUT \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -7548,7 +7596,7 @@

    2.2.28. User checks sechub job state

    -
    $ curl 'https://sechub.example.com/api/project/project1/job/7c58dbab-860f-4d45-b1f9-3de1b7a8e5b5' -i -X GET \
+
    $ curl 'https://sechub.example.com/api/project/project1/job/acd54ae3-6a88-4002-85f0-c7026639380a' -i -X GET \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -7557,7 +7605,7 @@

    2.2.28. User checks sechub job state

    -
    {"jobUUID":"7c58dbab-860f-4d45-b1f9-3de1b7a8e5b5","owner":"CREATOR1","created":"","started":"2024-07-10T13:42:02.31702027","ended":"2024-07-10T13:57:02.317046408","state":"ENDED","result":"OK","trafficLight":"GREEN"}
    +
    {"jobUUID":"acd54ae3-6a88-4002-85f0-c7026639380a","owner":"CREATOR1","created":"","started":"2024-08-08T07:50:50.192109111","ended":"2024-08-08T08:05:50.192137775","state":"ENDED","result":"OK","trafficLight":"GREEN"}
    @@ -7632,7 +7680,7 @@
    2.2.29.1. JSON variant
    -
    $ curl 'https://sechub.example.com/api/project/project1/report/1452ace3-df08-4d20-8fa8-c48d219b4e98' -i -u 'user:secret' -X GET \
+
    $ curl 'https://sechub.example.com/api/project/project1/report/5e4d6d16-930d-4a32-9277-b178d2e0a033' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'Accept: application/json'
    @@ -7704,7 +7752,7 @@
    2.2.29.2. HTML variant
    -
    $ curl 'https://sechub.example.com/api/project/project1/report/d6929af5-02d1-4060-89b8-bb5a88a81917' -i -u 'user:secret' -X GET \
+
    $ curl 'https://sechub.example.com/api/project/project1/report/d2552d0b-e265-4673-ad90-e43e0f61a610' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'Accept: application/xhtml+xml'
    @@ -8262,7 +8310,7 @@

    2.2.33. User uploads binaries

    -
    $ curl 'https://sechub.example.com/api/project/project1/job/844bf46d-865c-407d-a28c-e2286a7d7a96/binaries' -i -X POST \
+
    $ curl 'https://sechub.example.com/api/project/project1/job/897847f1-3e25-44cc-a4cf-67508dbd295a/binaries' -i -X POST \
     -H 'Content-Type: multipart/form-data;charset=UTF-8' \
     -H 'x-file-size: 10240' \
     -F 'file=test1.txt                                                                                           0000664 0001750 0001750 00000000000 13353454574 012170  0                                                                                                    ustar   albert                          albert                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 ' \
@@ -8343,7 +8391,7 @@ 
    2.2.34. User downloads job rep
    -
    $ curl 'https://sechub.example.com/api/project/project1/report/spdx/69ab8fa2-fe63-45ca-aafe-6efdc937b4e8' -i -u 'user:secret' -X GET \
+
    $ curl 'https://sechub.example.com/api/project/project1/report/spdx/28097c41-5d4d-4355-a509-ce22bdb69537' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'Accept: application/json'
    @@ -8882,11 +8930,6 @@

    2.2.40. Admin lists all running jobs

    String

    Timestamp since when job has been started

    - -

    [].configuration

    -

    String

    -

    Configuration used for this job

    -
    @@ -8906,7 +8949,7 @@

    2.2.40. Admin lists all running jobs

    -
    [{"jobUUID":"364a395c-7439-4f84-ae4b-b26517c3fe53","projectId":"project-name","owner":"owner-userid","status":"RUNNING","since":"2024-07-10T13:57:06.714971112","configuration":"{ config data }"}]
    +
    [{"jobUUID":"1761a2a9-37a9-48e1-98e5-63e3c2785c67","projectId":"project-name","owner":"owner-userid","status":"RUNNING","since":"2024-08-08T08:05:55.044912463"}]
    @@ -8990,7 +9033,7 @@

    2.2.41. Admin cancels a job

    -
    $ curl 'https://sechub.example.com/api/admin/jobs/cancel/cb7e5145-587c-4cc3-b536-0a516788b323' -i -u 'user:secret' -X POST \
+
    $ curl 'https://sechub.example.com/api/admin/jobs/cancel/08eaf3b6-4d6e-4ad9-a7ac-7d88b4884d13' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -9079,7 +9122,7 @@

    2.2.42. Admin restarts a job

    -
    $ curl 'https://sechub.example.com/api/admin/jobs/restart/c798ca3b-4ac7-4e54-9507-e8267d591a3a' -i -u 'user:secret' -X POST \
+
    $ curl 'https://sechub.example.com/api/admin/jobs/restart/98470906-23a7-4233-8228-4e213cb5b173' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -9168,7 +9211,7 @@

    2.2.43. Admin restarts a job (hard)

    -
    $ curl 'https://sechub.example.com/api/admin/jobs/restart-hard/f96ec449-ff8e-4328-a66c-0783edd140d6' -i -u 'user:secret' -X POST \
+
    $ curl 'https://sechub.example.com/api/admin/jobs/restart-hard/c3a07e23-27f4-4a02-9313-c5e8ee6aa8f7' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -9693,7 +9736,7 @@

    2.2.48. Admin creates an execut 
    $ curl 'https://sechub.example.com/api/admin/config/executor' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8' \
-    -d '{"name":"PDS gosec config 1","productIdentifier":"PDS_CODESCAN","executorVersion":1,"enabled":false,"setup":{"baseURL":"https://productXYZ.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"},{"key":"example.key2","value":"Another value"}]}}'
    + -d '{"name":"PDS gosec configuration 1","productIdentifier":"PDS_CODESCAN","executorVersion":1,"enabled":false,"setup":{"baseURL":"https://productXYZ.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"},{"key":"example.key2","value":"Another value"}]}}'
    @@ -9701,7 +9744,7 @@

    2.2.48. Admin creates an execut

    -
    16d02d16-9d30-4b50-a079-0a992d5d1f8c
    +
    19a513e8-f664-43f3-ad0e-ec881c7762f7
    @@ -9785,7 +9828,7 @@

    2.2.49. Admin deletes executor con
    -
    $ curl 'https://sechub.example.com/api/admin/config/executor/f88cb1e3-caf7-4d3a-b8c1-5801c0bcad7a' -i -u 'user:secret' -X DELETE \
+
    $ curl 'https://sechub.example.com/api/admin/config/executor/22fb2f08-7b58-4d57-acbb-00f12619c6e1' -i -u 'user:secret' -X DELETE \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -9900,7 +9943,7 @@

    2.2.50. Admin fetches executo
    -
    {"executorConfigurations":[{"uuid":"85535231-46bc-4301-b5f5-37730131dec6","name":"example configuration","enabled":true}],"type":"executorConfigurationList"}
    +
    {"executorConfigurations":[{"uuid":"7d298d34-1148-4803-975d-226862654d0b","name":"example configuration","enabled":true}],"type":"executorConfigurationList"}
    @@ -10053,7 +10096,7 @@

    2.2.51. Admin fetches executor con
    -
    $ curl 'https://sechub.example.com/api/admin/config/executor/6071b1b3-4573-4ae7-a13e-e1b0fdaf149a' -i -u 'user:secret' -X GET \
+
    $ curl 'https://sechub.example.com/api/admin/config/executor/b60c002d-6882-41b7-9378-a1279f10fca9' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -10062,7 +10105,7 @@

    2.2.51. Admin fetches executor con
    -
    {"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"}]},"executorVersion":1,"enabled":false,"uuid":"6071b1b3-4573-4ae7-a13e-e1b0fdaf149a"}
    +
    {"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"}]},"executorVersion":1,"enabled":false,"uuid":"b60c002d-6882-41b7-9378-a1279f10fca9"}
    @@ -10210,7 +10253,7 @@

    2.2.52. Admin updates execut
    -
    $ curl 'https://sechub.example.com/api/admin/config/executor/81170e88-a5f7-4527-a19a-b9494b138f0f' -i -u 'user:secret' -X PUT \
+
    $ curl 'https://sechub.example.com/api/admin/config/executor/70e7df3d-e2c9-4416-b64e-4d93d5500933' -i -u 'user:secret' -X PUT \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -d '{"name":"New name","productIdentifier":"PDS_CODESCAN","executorVersion":1,"enabled":false,"setup":{"baseURL":"https://productNew.example.com","credentials":{"user":"env:EXAMPLE_NEW_USENAME","password":"env:EXAMPLE_NEW_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value but changed. Remark: the other parameter (example.key2) has been removed by this call"}]}}'
    @@ -10554,7 +10597,7 @@

    2.2.55. Admin updates execution profile 
    $ curl 'https://sechub.example.com/api/admin/config/execution/profile/existing-profile-1' -i -u 'user:secret' -X PUT \
     -H 'Content-Type: application/json;charset=UTF-8' \
-    -d '{"description":"changed description","configurations":[{"uuid":"f016a684-830a-4c66-aa5b-1f49e85e9996","executorVersion":0,"enabled":false,"setup":{"credentials":{},"jobParameters":[]}}],"enabled":true}'
    + -d '{"description":"changed description","configurations":[{"uuid":"44742c74-0b9b-46c2-afa7-1c0e8e7f3291","executorVersion":0,"enabled":false,"setup":{"credentials":{},"jobParameters":[]}}],"enabled":true}'

    @@ -10674,7 +10717,7 @@

    2.2.56. Admin fetches execution profile

    configurations[].enabled

    Boolean

    -

    enabled state of this config

    +

    enabled state of this configuration

    configurations[].productIdentifier

    @@ -10710,7 +10753,7 @@

    2.2.56. Admin fetches execution profile

    -
    {"description":"a description","enabled":true,"configurations":[{"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value but changed. Remark: the other parameter (example.key2) has been removed by this call"}]},"executorVersion":1,"enabled":false,"uuid":"df9984fd-f307-4847-a49a-27700ee434d0"}],"projectIds":["project-1","project-2"]}
    +
    {"description":"a description","enabled":true,"configurations":[{"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value but changed. Remark: the other parameter (example.key2) has been removed by this call"}]},"executorVersion":1,"enabled":false,"uuid":"ce989c37-b285-4975-a802-3930530d627b"}],"projectIds":["project-1","project-2"]}
    @@ -11150,7 +11193,219 @@

    2.2.61. Admin updates auto cle
    -

    2.2.62. Admin disables job processing in scheduler

    +

    2.2.62. Admin starts encryption rotation

    + +
    +

    Definition

    +
    + + ++++ + + + + + + + + + + + + + + + + + + + + +
    Table 129. General request information
    Value

    Path

    /api/admin/encryption/rotate

    Method

    POST

    Status code

    200 OK

    +
    +

    Request headers

    +
    + ++++ + + + + + + +
    NameDescription
    +
    +

    Example

    +
    +
    +

    Curl request

    +
    +
    +
    +
    $ curl 'https://sechub.example.com/api/admin/encryption/rotate' -i -u 'user:secret' -X POST \
+    -H 'Content-Type: application/json;charset=UTF-8' \
+    -d '{
+  "algorithm" : "AES_GCM_SIV_256",
+  "passwordSourceType" : "ENVIRONMENT_VARIABLE",
+  "passwordSourceData" : "SECRET_1"
+}'
    +
    +
    +
    +

    Response body
    +(empty)

    +
    +
    +
    +

    2.2.63. Admin fetches encryption status

    + +
    +

    Definition

    +
    + + ++++ + + + + + + + + + + + + + + + + + + + + +
    Table 130. General request information
    Value

    Path

    /api/admin/encryption/status

    Method

    GET

    Status code

    200 OK

    +
    +

    Request headers

    +
    + ++++ + + + + + + +
    NameDescription
    +
    +

    Response fields

    +
    + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    PathTypeDescription

    type

    String

    The type description of the json content

    domains[].name

    String

    Name of the domain which will provide this encryption data elements

    domains[].data[].id

    String

    Unique identifier

    domains[].data[].algorithm

    String

    Algorithm used for encryption

    domains[].data[].passwordSource.type

    String

    Type of password source. Can be [NONE, ENVIRONMENT_VARIABLE]

    domains[].data[].passwordSource.data

    String

    Data for password source. If type is ENVIRONMENT_VARIABLE then it is the the name of the environment variable.

    domains[].data[].usage

    Object

    Map containing information about usage of this encryption

    domains[].data[].usage.*

    Number

    Key value data

    domains[].data[].created

    String

    Creation timestamp

    domains[].data[].createdFrom

    String

    User id of admin who created the encryption entry

    +
    +

    Example

    +
    +
    +

    Curl request

    +
    +
    +
    +
    $ curl 'https://sechub.example.com/api/admin/encryption/status' -i -u 'user:secret' -X GET \
+    -H 'Content-Type: application/json;charset=UTF-8'
    +
    +
    +
    +

    Response body

    +
    +
    +
    +
    {"type":"encryptionStatus","domains":[{"name":"schedule","data":[{"id":"1","algorithm":"AES_GCM_SIV_256","passwordSource":{"type":"ENVIRONMENT_VARIABLE","data":"SECRET_1"},"usage":{"job.state.cancel_requested":4,"job.state.canceled":5,"job.state.ended":6,"job.state.initializing":1,"job.state.ready_to_start":2,"job.state.started":3},"createdFrom":"admin-username","created":"2024-08-01T09:26:00"}]}]}
    +
    +
    +
    +
    +

    2.2.64. Admin disables job processing in scheduler

    @@ -11158,7 +11413,7 @@

    2.2.62. Admin disables job p

    Definition

    - +@@ -11217,7 +11472,7 @@

    2.2.62. Admin disables job p
    -

    2.2.63. Admin enables scheduler job processing

    +

    2.2.65. Admin enables scheduler job processing

    @@ -11225,7 +11480,7 @@

    2.2.63. Admin enables scheduler

    Definition

    Table 129. General request informationTable 131. General request information
    - +@@ -11284,7 +11539,7 @@

    2.2.63. Admin enables scheduler
    -

    2.2.64. Admin get scheduler status

    +

    2.2.66. Admin get scheduler status

    @@ -11292,7 +11547,7 @@

    2.2.64. Admin get scheduler status

    Definition

    Table 130. General request informationTable 132. General request information
    - +@@ -11351,7 +11606,7 @@

    2.2.64. Admin get scheduler status

    -

    2.2.65. Admin lists status information

    +

    2.2.67. Admin lists status information

    @@ -11359,7 +11614,7 @@

    2.2.65. Admin lists status informationDefinition

    Table 131. General request informationTable 133. General request information
    - +@@ -11451,7 +11706,7 @@

    2.2.65. Admin lists status information
    -

    2.2.66. Admin fetches server runtime data

    +

    2.2.68. Admin fetches server runtime data

    @@ -11459,7 +11714,7 @@

    2.2.66. Admin fetches server runtime

    Definition

    Table 132. General request informationTable 134. General request information
    - +@@ -11531,7 +11786,7 @@

    2.2.66. Admin fetches server runtime
    -

    2.2.67. User lists jobs for project

    +

    2.2.69. User lists jobs for project

    @@ -11539,7 +11794,7 @@

    2.2.67. User lists jobs for project

    Definition

    Table 133. General request informationTable 135. General request information
    - +@@ -11569,7 +11824,7 @@

    2.2.67. User lists jobs for project

    Path parameters

    Table 134. General request informationTable 136. General request information
    - +@@ -11693,7 +11948,7 @@

    2.2.67. User lists jobs for project

    -
    {"page":0,"totalPages":1,"content":[{"jobUUID":"c84c93ed-3719-4a72-8d2a-42be7efdbc5d","executedBy":"User1","created":"2024-07-10T13:40:02.462329442","started":"2024-07-10T13:42:02.462359458","ended":"2024-07-10T13:57:02.46237082","executionState":"ENDED","trafficLight":"GREEN","executionResult":"OK","metaData":{"labels":{"stage":"test"}}}]}
    +
    {"page":0,"totalPages":1,"content":[{"jobUUID":"048f9167-5b7a-41fb-a235-8e3a7e996efa","executedBy":"User1","created":"2024-08-08T07:48:50.319019742","started":"2024-08-08T07:50:50.319048296","ended":"2024-08-08T08:05:50.319059717","executionState":"ENDED","trafficLight":"GREEN","executionResult":"OK","metaData":{"labels":{"stage":"test"}}}]}
    @@ -12252,7 +12507,32 @@
    4.1.1.10. Configuration
    -
    4.1.1.11. Other
    +
    4.1.1.11. Encryption
    +
    +

    Usecases for encryption parts

    +
    +
    + +
    +
    +
    +
    4.1.1.12. Other

    All other use cases

    @@ -12956,14 +13236,14 @@

    4.1.12. UC_011-User starts scan by client

    - + - + @@ -13186,17 +13466,17 @@

    4.1.16. UC_015-Admin assigns user to project

    - - + + - + - - + + - + @@ -13285,10 +13565,10 @@

    4.1.17. UC_016-Admin unassigns user from project

    - - + + - + @@ -13299,10 +13579,10 @@

    4.1.17. UC_016-Admin unassigns user from project

    - - + + - + @@ -15070,24 +15350,24 @@

    4.1.43. UC_042-Admin restarts a job (hard)

    - + - + - + - + - + - + @@ -16469,16 +16749,23 @@

    4.1.69. UC_068-Sechub schedule domain auto clean

    - + + + + + + + +
    Table 135. https://localhost:8081/api/project/{projectId}/jobsTable 137. https://localhost:8081/api/project/{projectId}/jobs

    4

    download job report and traffic light

    get job status

    SUPERADMIN, USER

    4

    4

    get job status

    download job report and traffic light

    SUPERADMIN, USER

    2

    Assign user

    SUPERADMIN

    Update schedule authorization parts

    2

    The service will add the user to the project. If user does not have ROLE_USER it will obtain it

    2

    Update schedule authorization parts

    Assign user

    SUPERADMIN

    3

    The service will add the user to the project. If user does not have ROLE_USER it will obtain it

    3

    2

    Unassign user

    SUPERADMIN

    Update authorization parts

    2

    The service will remove the user to the project. If users has no longer access to projects ROLE_USER will be removed

    2

    2

    Update authorization parts

    Unassign user

    SUPERADMIN

    4

    The service will remove the user to the project. If users has no longer access to projects ROLE_USER will be removed

    4

    3

    Inform sechub admins when job restart was canceled

    Try to restart job

    3

    When job is found and job is not already finsihed, a restart will be triggered. Existing batch jobs will be terminated

    3

    Try to restart job

    Try to rstart job (hard)

    3

    When job is found and job is not already finsihed, a restart will be triggered. Existing batch jobs will be terminated

    When job is found, a restart will be triggered. Existing batch jobs will be terminated

    3

    Try to rstart job (hard)

    Inform sechub admins when job restart was canceled

    4

    When job is found, a restart will be triggered. Existing batch jobs will be terminated

    4

    2

    Delete old data

    3

    deletes old job information

    3

    Schedule cipher pool data cleanup

    Removes cipher pool data entries from database which are no longer used by any job

    4.1.70. UC_069-User uploads binaries

    The binaries must be inside a valid tar file.

    @@ -16651,18 +16938,273 @@

    4.1.73. UC_072-Admin shows user details for emai +

    +
    +

    4.1.74. UC_073-Admin starts encryption rotation

    +
    +

    An administrator starts encryption rotation.

    +
    +
    +

    Steps

    +
    + +++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    NrTitleRole(s)NextDescription

    1

    Rest call

    SUPERADMIN

    2

    Admin triggers rotation of encryption via REST

    2

    Service call

    3

    Triggers rotation of encryption via domain message

    3

    Service call

    4

    Forces new cipher pool entry creation and triggers encryption service pool refresh

    4

    Service call

    5

    Creates new cipher pool entry in database in own transaction

    5

    Refresh encryption pool

    6

    Encryption pool is refreshed (necessary because pool changed before this method call)

    6

    Update encrypted data

    Encrypted data is updated (a direct pool refresh was triggered by admin action)

    +
    +
    +

    4.1.75. UC_074-Scheduler encryption pool refresh

    +
    +

    The scheduler refreshes its encryption pool data to handle new setup

    +
    +
    +

    Steps

    +
    + +++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    NrTitleRole(s)NextDescription

    1

    Init encryption pool

    3

    Encryption pool is created on startup

    1

    Encryption pool data refresh trigger

    2

    Scheduler instance will check if encryption pool is in sync with the database definitions. If not, the instance will try to create new encryption pool object and provide the new setup.

    2

    Refresh encryption pool

    3

    Encryption pool is refreshed (if necessary)

    3

    Update encrypted data

    Encrypted data is updated (all other cluster members)

    +
    +
    +

    4.1.76. UC_075-Scheduler rotates data encryption

    +
    +

    The scheduler checks for old encrypted data and will encrypt with latest cipher

    +
    +
    +

    Steps

    +
    + +++++++ + + + + + + + + + + + + + + + + + + +
    NrTitleRole(s)NextDescription

    1

    Update encrypted data

    Final update of encrypted job data. Will update all SecHub jobs having a pool id which is lower than latest from encryption pool

    +
    +
    +

    4.1.77. UC_076-Admin fetches encryption status

    +
    +

    An administrator fetches encryption status from all domains where encryption is used.

    +
    +
    +

    Steps

    +
    + +++++++ + + + + + + + + + + + + + + + + + + + + + + + + + +
    NrTitleRole(s)NextDescription

    1

    Rest call

    SUPERADMIN

    1

    Admin fetches encryption status from domains via REST

    1

    Service call

    Services collects encryption status from domains via event bus

    +
    +
    +

    4.1.78. UC_077-SecHub does cleanup encryption

    +
    +

    Secub does an ecnryption cleanup.

    +
    +
    +

    Inside relevant domains the encryption situation will be checked and +old encryption setup, which is no longer necessary, will be dropped.

    +
    +
    +

    For example: When encryption was done with formerly via ENV variable +SECRET_1_AES_256 and the new one setup is using SECRET_2_AES_256 and +all jobs have been migrated to the new encryption, the cipher setup +using SECRET_1_AES_256 will become obsolete and will be automatically +removed. After the remove is done, there is no longer a need to +start the server with SECRET_1_AES_256, but only with SECRET_2_AES_256 …​

    +
    +
    +

    Steps

    +
    + +++++++ + + + + + + + + + + + + + + + + + + +
    NrTitleRole(s)NextDescription

    1

    Schedule cipher pool data cleanup

    Removes cipher pool data entries from database which are no longer used by any job

    -
    4.1.73.1. Overview
    +
    4.1.78.1. Overview
    -
    4.1.73.1.1. Diagram
    +
    4.1.78.1.1. Diagram
    -Sequence diagram of messaging overview +Sequence diagram of messaging overview
    - +
    -
    4.1.73.2. Message ANALYZE_SCAN_RESULTS_AVAILABLE
    +
    4.1.78.2. Message ANALYZE_SCAN_RESULTS_AVAILABLE
    Sequence diagram of messaging ANALYZE_SCAN_RESULTS_AVAILABLE @@ -16831,10 +17385,10 @@
    4.1.73.2. Message
    -
    4.1.73.3. Message AUTO_CLEANUP_CONFIGURATION_CHANGED
    +
    4.1.78.3. Message AUTO_CLEANUP_CONFIGURATION_CHANGED
    -Sequence diagram of messaging AUTO_CLEANUP_CONFIGURATION_CHANGED +Sequence diagram of messaging AUTO_CLEANUP_CONFIGURATION_CHANGED
    @@ -16860,7 +17414,7 @@
    4.1.73.3. Mess
    -
    4.1.73.4. Message BINARY_UPLOAD_DONE
    +
    4.1.78.4. Message BINARY_UPLOAD_DONE
    Sequence diagram of messaging BINARY_UPLOAD_DONE @@ -16868,15 +17422,23 @@
    4.1.73.4. Message BINARY_UPLOA
    -
    4.1.73.5. Message JOB_CANCELLATION_RUNNING
    +
    4.1.78.5. Message GET_ENCRYPTION_STATUS_SCHEDULE_DOMAIN
    -Sequence diagram of messaging JOB_CANCELLATION_RUNNING +Sequence diagram of messaging GET_ENCRYPTION_STATUS_SCHEDULE_DOMAIN
    -
    4.1.73.6. Message JOB_CREATED
    +
    4.1.78.6. Message JOB_CANCELLATION_RUNNING
    +
    +
    +Sequence diagram of messaging JOB_CANCELLATION_RUNNING +
    +
    +
    +
    +
    4.1.78.7. Message JOB_CREATED
    Sequence diagram of messaging JOB_CREATED @@ -16884,7 +17446,7 @@
    4.1.73.6. Message JOB_CREATED
    -
    4.1.73.7. Message JOB_DONE
    +
    4.1.78.8. Message JOB_DONE
    Sequence diagram of messaging JOB_DONE @@ -16916,7 +17478,7 @@
    4.1.73.7. Message JOB_DONE
    -
    4.1.73.8. Message JOB_EXECUTION_STARTING
    +
    4.1.78.9. Message JOB_EXECUTION_STARTING
    Sequence diagram of messaging JOB_EXECUTION_STARTING @@ -16948,7 +17510,7 @@
    4.1.73.8. Message JOB_EXEC
    -
    4.1.73.9. Message JOB_FAILED
    +
    4.1.78.10. Message JOB_FAILED
    Sequence diagram of messaging JOB_FAILED @@ -16956,7 +17518,7 @@
    4.1.73.9. Message JOB_FAILED
    -
    4.1.73.10. Message JOB_RESTART_CANCELED
    +
    4.1.78.11. Message JOB_RESTART_CANCELED
    Sequence diagram of messaging JOB_RESTART_CANCELED @@ -16988,7 +17550,7 @@
    4.1.73.10. Message JOB_RESTA
    -
    4.1.73.11. Message JOB_RESTART_TRIGGERED
    +
    4.1.78.12. Message JOB_RESTART_TRIGGERED
    Sequence diagram of messaging JOB_RESTART_TRIGGERED @@ -17020,7 +17582,7 @@
    4.1.73.11. Message JOB_REST
    -
    4.1.73.12. Message JOB_RESULTS_PURGED
    +
    4.1.78.13. Message JOB_RESULTS_PURGED
    Sequence diagram of messaging JOB_RESULTS_PURGED @@ -17049,7 +17611,7 @@
    4.1.73.12. Message JOB_RESULTS
    -
    4.1.73.13. Message JOB_RESULT_PURGE_DONE
    +
    4.1.78.14. Message JOB_RESULT_PURGE_DONE
    Sequence diagram of messaging JOB_RESULT_PURGE_DONE @@ -17057,7 +17619,7 @@
    4.1.73.13. Message JOB_RESU
    -
    4.1.73.14. Message JOB_RESULT_PURGE_FAILED
    +
    4.1.78.15. Message JOB_RESULT_PURGE_FAILED
    Sequence diagram of messaging JOB_RESULT_PURGE_FAILED @@ -17065,7 +17627,7 @@
    4.1.73.14. Message JOB_RE
    -
    4.1.73.15. Message JOB_STARTED
    +
    4.1.78.16. Message JOB_STARTED
    Sequence diagram of messaging JOB_STARTED @@ -17097,7 +17659,7 @@
    4.1.73.15. Message JOB_STARTED
    -
    4.1.73.16. Message MAPPING_CONFIGURATION_CHANGED
    +
    4.1.78.17. Message MAPPING_CONFIGURATION_CHANGED
    Sequence diagram of messaging MAPPING_CONFIGURATION_CHANGED @@ -17105,7 +17667,7 @@
    4.1.73.16. Message
    -
    4.1.73.17. Message PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE
    +
    4.1.78.18. Message PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE
    Sequence diagram of messaging PRODUCT_EXECUTOR_CANCEL_OPERATIONS_DONE @@ -17113,15 +17675,15 @@
    4.1.73.17
    -
    4.1.73.18. Message PROJECT_ACCESS_LEVEL_CHANGED
    +
    4.1.78.19. Message PROJECT_ACCESS_LEVEL_CHANGED
    -Sequence diagram of messaging PROJECT_ACCESS_LEVEL_CHANGED +Sequence diagram of messaging PROJECT_ACCESS_LEVEL_CHANGED
    -
    4.1.73.19. Message PROJECT_CREATED
    +
    4.1.78.20. Message PROJECT_CREATED
    Sequence diagram of messaging PROJECT_CREATED @@ -17129,15 +17691,15 @@
    4.1.73.19. Message PROJECT_CREATE
    -
    4.1.73.20. Message PROJECT_DELETED
    +
    4.1.78.21. Message PROJECT_DELETED
    -Sequence diagram of messaging PROJECT_DELETED +Sequence diagram of messaging PROJECT_DELETED
    -
    4.1.73.21. Message PROJECT_OWNER_CHANGED
    +
    4.1.78.22. Message PROJECT_OWNER_CHANGED
    Sequence diagram of messaging PROJECT_OWNER_CHANGED @@ -17145,7 +17707,7 @@
    4.1.73.21. Message PROJECT_
    -
    4.1.73.22. Message PROJECT_WHITELIST_UPDATED
    +
    4.1.78.23. Message PROJECT_WHITELIST_UPDATED
    Sequence diagram of messaging PROJECT_WHITELIST_UPDATED @@ -17153,7 +17715,7 @@
    4.1.73.22. Message PROJ
    -
    4.1.73.23. Message REQUEST_JOB_CANCELLATION
    +
    4.1.78.24. Message REQUEST_JOB_CANCELLATION
    Sequence diagram of messaging REQUEST_JOB_CANCELLATION @@ -17161,7 +17723,7 @@
    4.1.73.23. Message REQUE
    -
    4.1.73.24. Message REQUEST_JOB_RESTART
    +
    4.1.78.25. Message REQUEST_JOB_RESTART
    Sequence diagram of messaging REQUEST_JOB_RESTART @@ -17190,7 +17752,7 @@
    4.1.73.24. Message REQUEST_JO
    -
    4.1.73.25. Message REQUEST_JOB_RESTART_HARD
    +
    4.1.78.26. Message REQUEST_JOB_RESTART_HARD
    Sequence diagram of messaging REQUEST_JOB_RESTART_HARD @@ -17219,7 +17781,7 @@
    4.1.73.25. Message REQUE
    -
    4.1.73.26. Message REQUEST_PURGE_JOB_RESULTS
    +
    4.1.78.27. Message REQUEST_PURGE_JOB_RESULTS
    Sequence diagram of messaging REQUEST_PURGE_JOB_RESULTS @@ -17248,7 +17810,7 @@
    4.1.73.26. Message REQU
    -
    4.1.73.27. Message REQUEST_SCHEDULER_DISABLE_JOB_PROCESSING
    +
    4.1.78.28. Message REQUEST_SCHEDULER_DISABLE_JOB_PROCESSING
    Sequence diagram of messaging REQUEST_SCHEDULER_DISABLE_JOB_PROCESSING @@ -17277,7 +17839,7 @@
    4.1.73.2
    -
    4.1.73.28. Message REQUEST_SCHEDULER_ENABLE_JOB_PROCESSING
    +
    4.1.78.29. Message REQUEST_SCHEDULER_ENABLE_JOB_PROCESSING
    Sequence diagram of messaging REQUEST_SCHEDULER_ENABLE_JOB_PROCESSING @@ -17306,7 +17868,7 @@
    4.1.73.28
    -
    4.1.73.29. Message REQUEST_SCHEDULER_JOB_STATUS
    +
    4.1.78.30. Message REQUEST_SCHEDULER_JOB_STATUS
    Sequence diagram of messaging REQUEST_SCHEDULER_JOB_STATUS @@ -17338,7 +17900,7 @@
    4.1.73.29. Message R
    -
    4.1.73.30. Message REQUEST_SCHEDULER_STATUS_UPDATE
    +
    4.1.78.31. Message REQUEST_SCHEDULER_STATUS_UPDATE
    Sequence diagram of messaging REQUEST_SCHEDULER_STATUS_UPDATE @@ -17346,10 +17908,10 @@
    4.1.73.30. Messag
    -
    4.1.73.31. Message REQUEST_USER_ROLE_RECALCULATION
    +
    4.1.78.32. Message REQUEST_USER_ROLE_RECALCULATION
    -Sequence diagram of messaging REQUEST_USER_ROLE_RECALCULATION +Sequence diagram of messaging REQUEST_USER_ROLE_RECALCULATION
    @@ -17381,7 +17943,15 @@
    4.1.73.31. Messag
    -
    4.1.73.32. Message SCAN_DONE
    +
    4.1.78.33. Message RESULT_ENCRYPTION_STATUS_SCHEDULE_DOMAIN
    +
    +
    +Sequence diagram of messaging RESULT_ENCRYPTION_STATUS_SCHEDULE_DOMAIN +
    +
    +
    +
    +
    4.1.78.34. Message SCAN_DONE
    Sequence diagram of messaging SCAN_DONE @@ -17389,7 +17959,7 @@
    4.1.73.32. Message SCAN_DONE
    -
    4.1.73.33. Message SCAN_FAILED
    +
    4.1.78.35. Message SCAN_FAILED
    Sequence diagram of messaging SCAN_FAILED @@ -17397,10 +17967,10 @@
    4.1.73.33. Message SCAN_FAILED
    -
    4.1.73.34. Message SCHEDULER_JOB_PROCESSING_DISABLED
    +
    4.1.78.36. Message SCHEDULER_JOB_PROCESSING_DISABLED
    -Sequence diagram of messaging SCHEDULER_JOB_PROCESSING_DISABLED +Sequence diagram of messaging SCHEDULER_JOB_PROCESSING_DISABLED
    @@ -17426,10 +17996,10 @@
    4.1.73.34. Mess
    -
    4.1.73.35. Message SCHEDULER_JOB_PROCESSING_ENABLED
    +
    4.1.78.37. Message SCHEDULER_JOB_PROCESSING_ENABLED
    -Sequence diagram of messaging SCHEDULER_JOB_PROCESSING_ENABLED +Sequence diagram of messaging SCHEDULER_JOB_PROCESSING_ENABLED
    @@ -17455,7 +18025,7 @@
    4.1.73.35. Messa
    -
    4.1.73.36. Message SCHEDULER_JOB_STATUS
    +
    4.1.78.38. Message SCHEDULER_JOB_STATUS
    Sequence diagram of messaging SCHEDULER_JOB_STATUS @@ -17463,7 +18033,7 @@
    4.1.73.36. Message SCHEDULER
    -
    4.1.73.37. Message SCHEDULER_STARTED
    +
    4.1.78.39. Message SCHEDULER_STARTED
    Sequence diagram of messaging SCHEDULER_STARTED @@ -17471,15 +18041,23 @@
    4.1.73.37. Message SCHEDULER_ST
    -
    4.1.73.38. Message SCHEDULER_STATUS_UPDATE
    +
    4.1.78.40. Message SCHEDULER_STATUS_UPDATE
    -Sequence diagram of messaging SCHEDULER_STATUS_UPDATE +Sequence diagram of messaging SCHEDULER_STATUS_UPDATE
    -
    4.1.73.39. Message SOURCE_UPLOAD_DONE
    +
    4.1.78.41. Message SCHEDULE_ENCRYPTION_POOL_INITIALIZED
    +
    +
    +Sequence diagram of messaging SCHEDULE_ENCRYPTION_POOL_INITIALIZED +
    +
    +
    +
    +
    4.1.78.42. Message SOURCE_UPLOAD_DONE
    Sequence diagram of messaging SOURCE_UPLOAD_DONE @@ -17487,10 +18065,18 @@
    4.1.73.39. Message SOURCE_UPLO
    -
    4.1.73.40. Message START_SCAN
    +
    4.1.78.43. Message START_ENCRYPTION_ROTATION
    +
    +
    +Sequence diagram of messaging START_ENCRYPTION_ROTATION +
    +
    +
    +
    +
    4.1.78.44. Message START_SCAN
    -Sequence diagram of messaging START_SCAN +Sequence diagram of messaging START_SCAN
    @@ -17519,7 +18105,7 @@
    4.1.73.40. Message START_SCAN
    -
    4.1.73.41. Message UNSUPPORTED_OPERATION
    +
    4.1.78.45. Message UNSUPPORTED_OPERATION
    Sequence diagram of messaging UNSUPPORTED_OPERATION @@ -17527,10 +18113,10 @@
    4.1.73.41. Message UNSUPPOR
    -
    4.1.73.42. Message USER_ADDED_TO_PROJECT
    +
    4.1.78.46. Message USER_ADDED_TO_PROJECT
    -Sequence diagram of messaging USER_ADDED_TO_PROJECT +Sequence diagram of messaging USER_ADDED_TO_PROJECT
    @@ -17556,7 +18142,7 @@
    4.1.73.42. Message USER_ADD
    -
    4.1.73.43. Message USER_API_TOKEN_CHANGED
    +
    4.1.78.47. Message USER_API_TOKEN_CHANGED
    Sequence diagram of messaging USER_API_TOKEN_CHANGED @@ -17564,7 +18150,7 @@
    4.1.73.43. Message USER_AP
    -
    4.1.73.44. Message USER_BECOMES_SUPERADMIN
    +
    4.1.78.48. Message USER_BECOMES_SUPERADMIN
    Sequence diagram of messaging USER_BECOMES_SUPERADMIN @@ -17572,7 +18158,7 @@
    4.1.73.44. Message USER_B
    -
    4.1.73.45. Message USER_CREATED
    +
    4.1.78.49. Message USER_CREATED
    Sequence diagram of messaging USER_CREATED @@ -17601,15 +18187,15 @@
    4.1.73.45. Message USER_CREATED
    -
    4.1.73.46. Message USER_DELETED
    +
    4.1.78.50. Message USER_DELETED
    -Sequence diagram of messaging USER_DELETED +Sequence diagram of messaging USER_DELETED
    -
    4.1.73.47. Message USER_EMAIL_ADDRESS_CHANGED
    +
    4.1.78.51. Message USER_EMAIL_ADDRESS_CHANGED
    Sequence diagram of messaging USER_EMAIL_ADDRESS_CHANGED @@ -17617,7 +18203,7 @@
    4.1.73.47. Message USE
    -
    4.1.73.48. Message USER_NEW_API_TOKEN_REQUESTED
    +
    4.1.78.52. Message USER_NEW_API_TOKEN_REQUESTED
    Sequence diagram of messaging USER_NEW_API_TOKEN_REQUESTED @@ -17646,7 +18232,7 @@
    4.1.73.48. Message U
    -
    4.1.73.49. Message USER_NO_LONGER_SUPERADMIN
    +
    4.1.78.53. Message USER_NO_LONGER_SUPERADMIN
    Sequence diagram of messaging USER_NO_LONGER_SUPERADMIN @@ -17654,10 +18240,10 @@
    4.1.73.49. Message USER
    -
    4.1.73.50. Message USER_REMOVED_FROM_PROJECT
    +
    4.1.78.54. Message USER_REMOVED_FROM_PROJECT
    -Sequence diagram of messaging USER_REMOVED_FROM_PROJECT +Sequence diagram of messaging USER_REMOVED_FROM_PROJECT
    @@ -17683,7 +18269,7 @@
    4.1.73.50. Message USER
    -
    4.1.73.51. Message USER_ROLES_CHANGED
    +
    4.1.78.55. Message USER_ROLES_CHANGED
    Sequence diagram of messaging USER_ROLES_CHANGED @@ -17718,7 +18304,7 @@
    4.1.73.51. Message USER_ROLES_
    -
    4.1.73.52. Message USER_SIGNUP_REQUESTED
    +
    4.1.78.56. Message USER_SIGNUP_REQUESTED
    Sequence diagram of messaging USER_SIGNUP_REQUESTED @@ -17753,7 +18339,7 @@
    4.1.73.52. Message USER_SIG
    diff --git a/docs/latest/sechub-techdoc.html b/docs/latest/sechub-techdoc.html index 0920ab2668..31cb32670f 100644 --- a/docs/latest/sechub-techdoc.html +++ b/docs/latest/sechub-techdoc.html @@ -531,7 +531,7 @@
    2.1.3.2. Others
    @@ -1651,6 +1700,40 @@
    2.1.3.2.2. Create localhost serve

    This will generate a self signed server certificate for localhost.

    +
    +
    2.1.3.2.3. Add Sechub Java Code Formatter (IntelliJ)
    +
    +
      +
    1. +

      Download the formatter xml file here and unzip it.

      +
      2. +
    2. +

      Open Java Formatter page in preferences (File→Settings). Then press the import button and select the former unpacked xml file.

      +
      +
      +intelliJ java formatter import +
      +
      +
      3. +
    3. +

      Ensure SecHub is your active profile. Select SecHub as active profile, then press apply and close.

      +
      +
      +intelliJ java formatter activate +
      +
      +
      4. +
    4. +

      Before pushing your code please check your java format by executing spotless check.

      +
      +
      +
      ./gradlew clean spotlessCheck
      +
      +
      +
      5. +
    +
    +
    @@ -2096,7 +2179,7 @@
    3.1.1.1.2. PROD
    3.1.1.1.3. DEV
    -Diagram +Diagram
    Figure 3. Spring profile dev and its explicit/implicit included parts
    @@ -2240,7 +2323,7 @@

    3.1.3. General configuration

    - +
    @@ -2268,7 +2351,7 @@

    3.1.3. General configuration

    Table 1. Scope 'administration'
    - +
    @@ -2290,7 +2373,7 @@

    3.1.3. General configuration

    Table 2. Scope 'anonymous'
    - +
    @@ -2322,7 +2405,7 @@

    3.1.3. General configuration

    Table 3. Scope 'checkmarx'
    - +
    @@ -2354,7 +2437,7 @@

    3.1.3. General configuration

    Table 4. Scope 'initial'
    - +
    @@ -2376,7 +2459,7 @@

    3.1.3. General configuration

    Table 5. Scope 'migration'
    - +
    @@ -2398,7 +2481,7 @@

    3.1.3. General configuration

    Table 6. Scope 'mock'
    - +
    @@ -2475,7 +2558,7 @@

    3.1.3. General configuration

    Table 7. Scope 'nessus'
    - +
    @@ -2547,7 +2630,7 @@

    3.1.3. General configuration

    Table 8. Scope 'netsparker'
    - +
    @@ -2569,7 +2652,7 @@

    3.1.3. General configuration

    Table 9. Scope 'new'
    - +
    @@ -2601,7 +2684,7 @@

    3.1.3. General configuration

    Table 10. Scope 'notification'
    - +
    @@ -2646,9 +2729,19 @@

    3.1.3. General configuration

    + + + + + + + + + +
    Table 11. Scope 'p'

    240

    Time in minutes when adapter result check will automatically time out and adapter stops execution automatically. When -1 timeout is 7200 minutes

    sechub.adapter.pds.resilience.encryption-out-of-sync.retry.max

    3

    Amount of retries done when a PDS encryption out of sync problem happens

    sechub.adapter.pds.resilience.encryption-out-of-sync.retry.wait

    2000

    Time to wait until retry is done when a PDS encryption out of sync problem happens
    - +
    @@ -2690,7 +2783,7 @@

    3.1.3. General configuration

    Table 12. Scope 's'
    - +
    @@ -2727,7 +2820,7 @@

    3.1.3. General configuration

    Table 13. Scope 'scan'
    - +
    @@ -2745,7 +2838,7 @@

    3.1.3. General configuration

    - + @@ -2760,7 +2853,7 @@

    3.1.3. General configuration

    - + @@ -2789,7 +2882,7 @@

    3.1.3. General configuration

    Table 14. Scope 'scheduler'

    sechub.config.trigger.healthcheck.enabled

    true

    When enabled each trigger will do an healtching by monitoring service. If system has too much CPU load or uses too much memory, the trigger will not execute until memory and CPU load is at normal level!

    When enabled each trigger will do an health check by monitoring service. If system has too much CPU load or uses too much memory, the trigger will not execute until memory and CPU load is at normal level!

    sechub.config.trigger.nextjob.delay

    sechub.config.trigger.nextjob.maxwaitretry

    300

    When retry mechanism is enabled by sechub.config.trigger.nextjob.retries, and a retry is necessary, this value is used to define the maximum time period in millis which will be waited before retry. Why max value? Because cluster instances seems to be created often on exact same time by kubernetes. So having here a max value will result in a randomized wait time so cluster members will do fetch operations time shifted and automatically reduce collisions!

    When retry mechanism is enabled by sechub.config.trigger.nextjob.retries, and a retry is necessary, this value is used to define the maximum time period in millis which will be waited before retry. Why max value? Because cluster instances seems to be created often on exact same time by kubernetes. So having here a max value will result in a randomized wait time: means cluster members will do fetch operations time shifted and this automatically reduces collisions!

    sechub.config.trigger.nextjob.retries
    - +
    @@ -2845,13 +2938,18 @@

    3.1.3. General configuration

    + + + + +
    Table 15. Scope 'sec'

    Maximum limit for job information list entries per page

    sechub.schedule.encryption.refresh.accept-outdated.milliseconds

    1800000

    The maximum amount of milliseconds an outdated encryption pool is still accepted in refresh phase

    sechub.server.baseurl

    Base url of SecHub server - e.g. https://sechub.example.org
    - +
    @@ -2873,7 +2971,7 @@

    3.1.3. General configuration

    Table 16. Scope 'security'
    - +
    @@ -2895,7 +2993,7 @@

    3.1.3. General configuration

    Table 17. Scope 'server'
    - +
    @@ -2982,7 +3080,7 @@

    3.1.3. General configuration

    Table 18. Scope 'storage'
    - +
    @@ -3014,7 +3112,7 @@

    3.1.3. General configuration

    Table 19. Scope 'system'
    - +
    @@ -3129,6 +3227,11 @@

    3.1.4. Scheduling definitions

    + + + + +
    Table 20. Scope 'target'

    initial delay:${sechub.config.trigger.nextjob.initialdelay:5000} fixed delay:${sechub.config.trigger.nextjob.delay:10000}

    Job scheduling is triggered by a cron job operation - default is 10 seconds to delay after last execution. For initial delay 5000 milliseconds are defined. It can be configured differently. This is useful when you need to startup a cluster. Simply change the initial delay values in to allow the cluster to startup.

    Fixed

    initial delay:${sechub.schedule.encryption.refresh.initialdelay:5000} fixed delay:${sechub.schedule.encryption.refresh.delay:300000}

    Defines the initial and also the fixed delay for the refresh interval. These values are also used for calculation of remaining run time of outdated encrytion pools (when refresh fails)
    @@ -3150,7 +3253,7 @@

    3.1.5. Configuration properties for mocked adapters

    - +
    @@ -3172,7 +3275,7 @@

    3.1.5. Configuration properties for mocked adapters

    Table 24. Scope 'abstract'
    - +
    @@ -5160,7 +5263,7 @@
    8.2.4.1. Domain messaging over
    -Sequence diagram of messaging +Sequence diagram of messaging
    @@ -7563,6 +7666,9 @@

    10.6. Auto cleanup

    To prevent full hard drives there is an option to automatically remove old data.

    +
    +

    It also cleans up old encryption settings when it comes to encryption rotation.

    +
    Table 25. Scope 'mocked'
    @@ -7817,7 +7923,7 @@
    10.9.2.1. Overview
    10.9.2.1.1. Diagram
    -Sequence diagram of messaging overview +Sequence diagram of messaging overview
    @@ -7835,6 +7941,9 @@ - + - + - + - +

    4

    download job report and traffic light

    get job status

    SUPERADMIN, USER

    4

    This step is defined at method getScanSecHubReportAsJSON in class `com.mercedesbenz.sechub.domain.scan.report.ScanReportRestController`

    This step is defined at method getJobStatus in class `com.mercedesbenz.sechub.domain.schedule.SchedulerRestController`

    4

    get job status

    download job report and traffic light

    SUPERADMIN, USER

    This step is defined at method getJobStatus in class `com.mercedesbenz.sechub.domain.schedule.SchedulerRestController`

    This step is defined at method getScanSecHubReportAsJSON in class `com.mercedesbenz.sechub.domain.scan.report.ScanReportRestController`
    @@ -10311,18 +10486,18 @@

    10.10.16. UC_015-Admin assigns user to project

    2

    -

    Assign user

    -

    SUPERADMIN

    +

    Update schedule authorization parts

    +

    2

    -

    The service will add the user to the project. If user does not have ROLE_USER it will obtain it

    -

    This step is defined at method assignUserToProject in class `com.mercedesbenz.sechub.domain.administration.project.ProjectAssignUserService`

    +

    This step is defined at method grantUserAccessToProject in class `com.mercedesbenz.sechub.domain.schedule.access.ScheduleGrantUserAccessToProjectService`

    2

    -

    Update schedule authorization parts

    - +

    Assign user

    +

    SUPERADMIN

    3

    -

    This step is defined at method grantUserAccessToProject in class `com.mercedesbenz.sechub.domain.schedule.access.ScheduleGrantUserAccessToProjectService`

    +

    The service will add the user to the project. If user does not have ROLE_USER it will obtain it

    +

    This step is defined at method assignUserToProject in class `com.mercedesbenz.sechub.domain.administration.project.ProjectAssignUserService`

    3

    @@ -10422,11 +10597,10 @@

    10.10.17. UC_016-Admin unassigns user from proje

    2

    -

    Unassign user

    -

    SUPERADMIN

    +

    Update authorization parts

    +

    2

    -

    The service will remove the user to the project. If users has no longer access to projects ROLE_USER will be removed

    -

    This step is defined at method unassignUserFromProject in class `com.mercedesbenz.sechub.domain.administration.project.ProjectUnassignUserService`

    +

    This step is defined at method revokeUserAccessFromProject in class `com.mercedesbenz.sechub.domain.schedule.access.ScheduleRevokeUserAccessFromProjectService`

    2

    @@ -10437,10 +10611,11 @@

    10.10.17. UC_016-Admin unassigns user from proje

    2

    -

    Update authorization parts

    - +

    Unassign user

    +

    SUPERADMIN

    4

    -

    This step is defined at method revokeUserAccessFromProject in class `com.mercedesbenz.sechub.domain.schedule.access.ScheduleRevokeUserAccessFromProjectService`

    +

    The service will remove the user to the project. If users has no longer access to projects ROLE_USER will be removed

    +

    This step is defined at method unassignUserFromProject in class `com.mercedesbenz.sechub.domain.administration.project.ProjectUnassignUserService`

    4

    @@ -10579,14 +10754,14 @@

    10.10.19. UC_018-Admin deletes a user

    revoke user from schedule access

    3

    -

    This step is defined at method revokeUserAccess in class `com.mercedesbenz.sechub.domain.scan.access.ScanRevokeUserAccessAtAllService`

    +

    This step is defined at method revokeUserAccess in class `com.mercedesbenz.sechub.domain.schedule.access.ScheduleRevokeUserAccessAtAllService`

    3

    revoke user from schedule access

    4

    -

    This step is defined at method revokeUserAccess in class `com.mercedesbenz.sechub.domain.schedule.access.ScheduleRevokeUserAccessAtAllService`

    +

    This step is defined at method revokeUserAccess in class `com.mercedesbenz.sechub.domain.scan.access.ScanRevokeUserAccessAtAllService`

    4

    @@ -12491,13 +12666,6 @@

    10.10.43. UC_042-Admin restarts a job (hard)

    3

    -

    Inform sechub admins when job restart was canceled

    - -

    3

    -

    This step is defined at method notify in class `com.mercedesbenz.sechub.domain.notification.superadmin.InformAdminsThatJobRestartWasCanceledService`

    - - -

    3

    Try to restart job

    3

    @@ -12508,11 +12676,18 @@

    10.10.43. UC_042-Admin restarts a job (hard)

    3

    Try to rstart job (hard)

    -

    4

    +

    3

    When job is found, a restart will be triggered. Existing batch jobs will be terminated

    This step is defined at method restartJobHard in class `com.mercedesbenz.sechub.domain.schedule.SchedulerRestartJobService`

    +

    3

    +

    Inform sechub admins when job restart was canceled

    + +

    4

    +

    This step is defined at method notify in class `com.mercedesbenz.sechub.domain.notification.superadmin.InformAdminsThatJobRestartWasCanceledService`

    + +

    4

    Inform sechub admins when job has been restarted

    @@ -12580,7 +12755,7 @@

    10.10.44. UC_043-Admin receives notification abo

    Inform sechub admins that new scheduler job has been started

    -

    This step is defined at method notify in class `com.mercedesbenz.sechub.domain.notification.superadmin.InformAdminsThatNewSchedulerInstanceHasBeenStarted`

    +

    This step is defined at method notify in class `com.mercedesbenz.sechub.domain.notification.superadmin.InformAdminsThatNewSchedulerInstanceHasBeenStartedNotificationService`

    @@ -13002,7 +13177,7 @@

    10.10.52. UC_051-Admin updates executor configur

    SUPERADMIN

    2

    Service updates existing executor configuration

    -

    This step is defined at method updateProductExecutorSetup in class `com.mercedesbenz.sechub.domain.scan.product.config.UpdateProductExecutorConfigService`

    +

    This step is defined at method updateExecutionProfile in class `com.mercedesbenz.sechub.domain.scan.product.config.UpdateProductExecutionProfileService`

    2

    @@ -13010,7 +13185,7 @@

    10.10.52. UC_051-Admin updates executor configur

    SUPERADMIN

    Service updates existing executor configuration

    -

    This step is defined at method updateExecutionProfile in class `com.mercedesbenz.sechub.domain.scan.product.config.UpdateProductExecutionProfileService`

    +

    This step is defined at method updateProductExecutorSetup in class `com.mercedesbenz.sechub.domain.scan.product.config.UpdateProductExecutorConfigService`

    @@ -14165,17 +14340,25 @@

    10.10.69. UC_068-Sechub schedule domain auto cle

    2

    Delete old data

    - +

    3

    deletes old job information

    This step is defined at method cleanup in class `com.mercedesbenz.sechub.domain.schedule.autocleanup.ScheduleAutoCleanupService`

    + +

    3

    +

    Schedule cipher pool data cleanup

    + + +

    Removes cipher pool data entries from database which are no longer used by any job

    +

    This step is defined at method cleanupCipherPoolDataIfNecessaryAndPossible in class `com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleCipherPoolCleanupService`

    +

    10.10.70. UC_069-User uploads binaries

    The binaries must be inside a valid tar file.

    @@ -14387,84 +14570,389 @@

    10.10.73. UC_072-Admin shows user details for em

    REST API documentation for usecase UC_072-Admin shows user details for email address

    -
    -

    -
    -
    -
    -
    -

    11. API

    -
    -
    -

    11.1. Rest API documentation

    -
    - - - - - -
    - - -The complete documentation about REST API is generated. If you want to change content, please search for - @UseCaseRestDoc references in source code and make necessary changes inside code! -
    -

    11.1.1. Overview

    -
    -
    11.1.1.1. Anonymous
    +

    10.10.74. UC_073-Admin starts encryption rotation

    -

    All these usecases handling anonymous access.

    +

    An administrator starts encryption rotation.

    -
    - +
    +

    Technical information

    +
    +

    You will find relevant code parts by searching for references of @com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseAdminStartsEncryptionRotation

    -
    -
    11.1.1.2. User administration
    -

    Usecases handling administration of users

    +

    Steps

    -
    -
    +
    +

    10.10.75. UC_074-Scheduler encryption pool refresh

    +
    +

    The scheduler refreshes its encryption pool data to handle new setup

    +
    +
    +

    Technical information

    +
    +
    +

    You will find relevant code parts by searching for references of @com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseScheduleEncryptionPoolRefresh

    +
    +
    +

    Steps

    +
    + +++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    NrTitleRole(s)NextDescription

    1

    Init encryption pool

    3

    Encryption pool is created on startup

    +

    This step is defined at method applicationStarted in class `com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleEncryptionService`

    1

    Encryption pool data refresh trigger

    2

    Scheduler instance will check if encryption pool is in sync with the database definitions. If not, the instance will try to create new encryption pool object and provide the new setup.

    +

    This step is defined at method triggerEncryptionSetupRefresh in class `com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleRefreshEncryptionServiceSetupTriggerService`

    2

    Refresh encryption pool

    3

    Encryption pool is refreshed (if necessary)

    +

    This step is defined at method refreshEncryptionPoolAndLatestPoolIdIfNecessary in class `com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleEncryptionService`

    3

    Update encrypted data

    Encrypted data is updated (all other cluster members)

    +

    This step is defined at method updateEncryptedDataIfNecessary in class `com.mercedesbenz.sechub.domain.schedule.job.ScheduleSecHubJobEncryptionUpdateService`

    +
    +
    +

    10.10.76. UC_075-Scheduler rotates data encryption

    +
    +

    The scheduler checks for old encrypted data and will encrypt with latest cipher

    +
    +
    +

    Technical information

    +
    +
    +

    You will find relevant code parts by searching for references of @com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseScheduleRotateDataEncryption

    +
    +
    +

    Steps

    +
    + +++++++ + + + + + + + + + + + + + + + + + + +
    NrTitleRole(s)NextDescription

    1

    Update encrypted data

    Final update of encrypted job data. Will update all SecHub jobs having a pool id which is lower than latest from encryption pool

    +

    This step is defined at method updateEncryptedDataIfNecessary in class `com.mercedesbenz.sechub.domain.schedule.job.ScheduleSecHubJobEncryptionUpdateService`

    +
    +
    +

    10.10.77. UC_076-Admin fetches encryption status

    +
    +

    An administrator fetches encryption status from all domains where encryption is used.

    +
    +
    +

    Technical information

    +
    +
    +

    You will find relevant code parts by searching for references of @com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseAdminFetchesEncryptionStatus

    +
    +
    +

    Steps

    +
    + +++++++ + + + + + + + + + + + + + + + + + + + + + + + + + +
    NrTitleRole(s)NextDescription

    1

    Rest call

    SUPERADMIN

    1

    Admin fetches encryption status from domains via REST

    +

    This step is defined at method fetchEncryptionStatus in class `com.mercedesbenz.sechub.domain.administration.encryption.EncryptionAdministrationRestController`

    1

    Service call

    Services collects encryption status from domains via event bus

    +

    This step is defined at method fetchStatus in class `com.mercedesbenz.sechub.domain.administration.encryption.AdministrationEncryptionStatusService`

    +
    +

    REST API documentation for usecase UC_076-Admin fetches encryption status

    +
    +
    +
    +

    10.10.78. UC_077-SecHub does cleanup encryption

    +
    +

    Secub does an ecnryption cleanup.

    +
    +
    +

    Inside relevant domains the encryption situation will be checked and +old encryption setup, which is no longer necessary, will be dropped.

    +
    +
    +

    For example: When encryption was done with formerly via ENV variable +SECRET_1_AES_256 and the new one setup is using SECRET_2_AES_256 and +all jobs have been migrated to the new encryption, the cipher setup +using SECRET_1_AES_256 will become obsolete and will be automatically +removed. After the remove is done, there is no longer a need to +start the server with SECRET_1_AES_256, but only with SECRET_2_AES_256 …​

    +
    +
    +

    Technical information

    +
    +
    +

    You will find relevant code parts by searching for references of @com.mercedesbenz.sechub.sharedkernel.usecases.encryption.UseCaseEncryptionCleanup

    +
    +
    +

    Steps

    +
    + +++++++ + + + + + + + + + + + + + + + + + + +
    NrTitleRole(s)NextDescription

    1

    Schedule cipher pool data cleanup

    Removes cipher pool data entries from database which are no longer used by any job

    +

    This step is defined at method cleanupCipherPoolDataIfNecessaryAndPossible in class `com.mercedesbenz.sechub.domain.schedule.encryption.ScheduleCipherPoolCleanupService`

    +
    +
    +
    +
    +
    +
    +

    11. API

    +
    +
    +

    11.1. Rest API documentation

    +
    + + + + + +
    + + +The complete documentation about REST API is generated. If you want to change content, please search for + @UseCaseRestDoc references in source code and make necessary changes inside code! +
    +
    +
    +

    11.1.1. Overview

    +
    +
    11.1.1.1. Anonymous
    +
    +

    All these usecases handling anonymous access.

    +
    +
    + +
    +
    +
    +
    11.1.1.2. User administration
    +
    +

    Usecases handling administration of users

    +
    +
    +
    -
    11.1.1.10. Other
    +
    11.1.1.10. Encryption
    +
    +

    Usecases for encryption parts

    +
    +
    + +
    +
    +
    +
    11.1.1.11. Other

    All other use cases

    @@ -14720,7 +15224,7 @@

    11.1.2. Check if the server is

    REST API for usecase UC_039-Check if the server is alive and running.

    -
    11.1.2.1. GET variant
    +
    11.1.2.1. HEAD variant

    Definition

    @@ -14743,7 +15247,7 @@
    11.1.2.1. GET variant

    Method

    -

    GET

    +

    HEAD

    Status code

    @@ -14759,7 +15263,7 @@
    11.1.2.1. GET variant
    -
    $ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X GET
    +
    $ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X HEAD
    @@ -14768,7 +15272,7 @@
    11.1.2.1. GET variant
    -
    11.1.2.2. HEAD variant
    +
    11.1.2.2. GET variant

    Definition

    @@ -14791,7 +15295,7 @@
    11.1.2.2. HEAD variant

    Method

    -

    HEAD

    +

    GET

    Status code

    @@ -14807,7 +15311,7 @@
    11.1.2.2. HEAD variant
    -
    $ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X HEAD
    +
    $ curl 'https://sechub.example.com/api/anonymous/check/alive' -i -X GET
    @@ -15522,7 +16026,7 @@

    11.1.9. Admin downloads al

    -
    $ curl 'https://sechub.example.com/api/admin/scan/download/65fc6925-ffcb-4f71-8468-01b1a5b5a65d' -i -u 'user:secret' -X GET \
+
    $ curl 'https://sechub.example.com/api/admin/scan/download/50a3de31-e207-4ac3-a6da-0f46e478d7ff' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -16687,7 +17191,7 @@

    11.1.20. Admin shows scan logs for pr

    -
    [{"sechubJobUUID":"1c24f69f-c988-4ce7-94ef-22dfac5ba3db","executedBy":"spartakus","started":"2024-07-09T13:57:03.927240632","ended":"2024-07-10T13:57:03.927258626","status":"OK"}]
    +
    [{"sechubJobUUID":"fc559da4-0535-46c7-941f-1a76d09a2ca1","executedBy":"spartakus","started":"2024-08-07T08:05:51.724664496","ended":"2024-08-08T08:05:51.724691357","status":"OK"}]
    @@ -17297,7 +17801,7 @@
    11.1.25.1. Code Scan variant
    -
    {"jobId":"2c7e0719-0c4e-4f6a-aa56-6a39e63c2fe5"}
    +
    {"jobId":"e80bc191-1fab-4e51-9c53-44b956b37b88"}
    @@ -17476,7 +17980,7 @@
    11.1.25.2. Code S
    -
    {"jobId":"e61914c5-b3b6-4af0-a9bf-748a376c2638"}
    +
    {"jobId":"278d510e-e7b2-4d07-b593-7fa77b54eef8"}
    @@ -17635,7 +18139,7 @@
    11.1.25.3. Secret scan variant
    -
    {"jobId":"75d2cfea-3690-4397-8ea7-b7a0f87123a9"}
    +
    {"jobId":"07c86999-76c1-4a12-90b7-4b97a7632579"}
    @@ -17794,7 +18298,7 @@
    11.1.25.4. License scan variant
    -
    {"jobId":"a37386d3-a808-4dcb-b68e-a7fcde86f2bd"}
    +
    {"jobId":"18b74d14-fd93-4beb-9ed0-623ba27171df"}
    @@ -17948,7 +18452,7 @@
    11.1.25.5. Infrastructure
    -
    {"jobId":"1718acea-bb09-4621-9cfd-d5337be22244"}
    +
    {"jobId":"a47a9992-6b75-46db-a77a-5590b115e8e4"}
    @@ -18117,7 +18621,7 @@
    11.1.25.6. Web scan anonymo
    -
    {"jobId":"24a520cd-a6ce-4120-addc-fdc21980de51"}
    +
    {"jobId":"ad2715a7-ed7c-49c5-9b0d-ef7b80f276c1"}
    @@ -18281,7 +18785,7 @@
    11.1.25.7. Web sc
    -
    {"jobId":"fa954d23-1920-4338-bec4-6f4eb3271427"}
    +
    {"jobId":"f4542da9-59bb-41d2-a120-39a5f14e286a"}
    @@ -18440,7 +18944,7 @@
    11
    -
    {"jobId":"603cbbb3-792e-4647-acde-a018c9672d26"}
    +
    {"jobId":"361d942a-c955-42ba-baea-41bfccfe08e3"}
    @@ -18614,7 +19118,7 @@
    11.1.25.9. Web Scan login
    -
    {"jobId":"c6f36e9c-22ce-4405-a50a-809b01ddec4a"}
    +
    {"jobId":"48c03859-a741-4e25-9ade-314a1583e45f"}
    @@ -18808,7 +19312,7 @@
    11.1.25.10. Web S
    -
    {"jobId":"e09816f7-bde7-4764-acb4-1b9e67316ba4"}
    +
    {"jobId":"046e0236-dd5f-4b07-8c57-3c45801b6c37"}
    @@ -18972,7 +19476,7 @@
    11.1.25.11. Web Scan headers
    -
    {"jobId":"515131cd-f610-43fb-b3c7-73c227dcc919"}
    +
    {"jobId":"dd1b6f6b-7a47-408d-a919-0f06c9b43200"}
    @@ -19061,7 +19565,7 @@

    11.1.26. User uploads source code

    -
    $ curl 'https://sechub.example.com/api/project/project1/job/4cdef6b6-f307-42cb-bb15-13ed84e11efc/sourcecode?checkSum=checkSumValue' -i -X POST \
+
    $ curl 'https://sechub.example.com/api/project/project1/job/d26d431f-532e-403d-8649-41840afaf02a/sourcecode?checkSum=checkSumValue' -i -X POST \
     -H 'Content-Type: multipart/form-data;charset=UTF-8' \
     -F 'file=PK  
       �<M                       test1.txtPK  ?
@@ -19158,7 +19662,7 @@ 
    11.1.27. User approves sechub job
    -
    $ curl 'https://sechub.example.com/api/project/project1/job/dd1fc660-d0e5-48aa-bedd-d8786eea7dcc/approve' -i -X PUT \
+
    $ curl 'https://sechub.example.com/api/project/project1/job/2599f5c1-4bb0-4ca2-9745-49411e356282/approve' -i -X PUT \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -19310,7 +19814,7 @@

    11.1.28. User checks sechub job state

    -
    $ curl 'https://sechub.example.com/api/project/project1/job/7c58dbab-860f-4d45-b1f9-3de1b7a8e5b5' -i -X GET \
+
    $ curl 'https://sechub.example.com/api/project/project1/job/acd54ae3-6a88-4002-85f0-c7026639380a' -i -X GET \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -19319,7 +19823,7 @@

    11.1.28. User checks sechub job state

    -
    {"jobUUID":"7c58dbab-860f-4d45-b1f9-3de1b7a8e5b5","owner":"CREATOR1","created":"","started":"2024-07-10T13:42:02.31702027","ended":"2024-07-10T13:57:02.317046408","state":"ENDED","result":"OK","trafficLight":"GREEN"}
    +
    {"jobUUID":"acd54ae3-6a88-4002-85f0-c7026639380a","owner":"CREATOR1","created":"","started":"2024-08-08T07:50:50.192109111","ended":"2024-08-08T08:05:50.192137775","state":"ENDED","result":"OK","trafficLight":"GREEN"}
    @@ -19394,7 +19898,7 @@
    11.1.29.1. JSON variant
    -
    $ curl 'https://sechub.example.com/api/project/project1/report/1452ace3-df08-4d20-8fa8-c48d219b4e98' -i -u 'user:secret' -X GET \
+
    $ curl 'https://sechub.example.com/api/project/project1/report/5e4d6d16-930d-4a32-9277-b178d2e0a033' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'Accept: application/json'
    @@ -19466,7 +19970,7 @@
    11.1.29.2. HTML variant
    -
    $ curl 'https://sechub.example.com/api/project/project1/report/d6929af5-02d1-4060-89b8-bb5a88a81917' -i -u 'user:secret' -X GET \
+
    $ curl 'https://sechub.example.com/api/project/project1/report/d2552d0b-e265-4673-ad90-e43e0f61a610' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'Accept: application/xhtml+xml'
    @@ -20024,7 +20528,7 @@

    11.1.33. User uploads binaries

    -
    $ curl 'https://sechub.example.com/api/project/project1/job/844bf46d-865c-407d-a28c-e2286a7d7a96/binaries' -i -X POST \
+
    $ curl 'https://sechub.example.com/api/project/project1/job/897847f1-3e25-44cc-a4cf-67508dbd295a/binaries' -i -X POST \
     -H 'Content-Type: multipart/form-data;charset=UTF-8' \
     -H 'x-file-size: 10240' \
     -F 'file=test1.txt                                                                                           0000664 0001750 0001750 00000000000 13353454574 012170  0                                                                                                    ustar   albert                          albert                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 ' \
@@ -20105,7 +20609,7 @@ 
    11.1.34. User downloads job re
    -
    $ curl 'https://sechub.example.com/api/project/project1/report/spdx/69ab8fa2-fe63-45ca-aafe-6efdc937b4e8' -i -u 'user:secret' -X GET \
+
    $ curl 'https://sechub.example.com/api/project/project1/report/spdx/28097c41-5d4d-4355-a509-ce22bdb69537' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -H 'Accept: application/json'
    @@ -20644,11 +21148,6 @@

    11.1.40. Admin lists all running jobs

    String

    Timestamp since when job has been started

    - -

    [].configuration

    -

    String

    -

    Configuration used for this job

    -
    @@ -20668,7 +21167,7 @@

    11.1.40. Admin lists all running jobs

    -
    [{"jobUUID":"364a395c-7439-4f84-ae4b-b26517c3fe53","projectId":"project-name","owner":"owner-userid","status":"RUNNING","since":"2024-07-10T13:57:06.714971112","configuration":"{ config data }"}]
    +
    [{"jobUUID":"1761a2a9-37a9-48e1-98e5-63e3c2785c67","projectId":"project-name","owner":"owner-userid","status":"RUNNING","since":"2024-08-08T08:05:55.044912463"}]
    @@ -20752,7 +21251,7 @@

    11.1.41. Admin cancels a job

    -
    $ curl 'https://sechub.example.com/api/admin/jobs/cancel/cb7e5145-587c-4cc3-b536-0a516788b323' -i -u 'user:secret' -X POST \
+
    $ curl 'https://sechub.example.com/api/admin/jobs/cancel/08eaf3b6-4d6e-4ad9-a7ac-7d88b4884d13' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -20841,7 +21340,7 @@

    11.1.42. Admin restarts a job

    -
    $ curl 'https://sechub.example.com/api/admin/jobs/restart/c798ca3b-4ac7-4e54-9507-e8267d591a3a' -i -u 'user:secret' -X POST \
+
    $ curl 'https://sechub.example.com/api/admin/jobs/restart/98470906-23a7-4233-8228-4e213cb5b173' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -20930,7 +21429,7 @@

    11.1.43. Admin restarts a job (hard)

    -
    $ curl 'https://sechub.example.com/api/admin/jobs/restart-hard/f96ec449-ff8e-4328-a66c-0783edd140d6' -i -u 'user:secret' -X POST \
+
    $ curl 'https://sechub.example.com/api/admin/jobs/restart-hard/c3a07e23-27f4-4a02-9313-c5e8ee6aa8f7' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -21455,7 +21954,7 @@

    11.1.48. Admin creates an execu 
    $ curl 'https://sechub.example.com/api/admin/config/executor' -i -u 'user:secret' -X POST \
     -H 'Content-Type: application/json;charset=UTF-8' \
-    -d '{"name":"PDS gosec config 1","productIdentifier":"PDS_CODESCAN","executorVersion":1,"enabled":false,"setup":{"baseURL":"https://productXYZ.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"},{"key":"example.key2","value":"Another value"}]}}'
    + -d '{"name":"PDS gosec configuration 1","productIdentifier":"PDS_CODESCAN","executorVersion":1,"enabled":false,"setup":{"baseURL":"https://productXYZ.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"},{"key":"example.key2","value":"Another value"}]}}'

    @@ -21463,7 +21962,7 @@

    11.1.48. Admin creates an execu

    -
    16d02d16-9d30-4b50-a079-0a992d5d1f8c
    +
    19a513e8-f664-43f3-ad0e-ec881c7762f7
    @@ -21547,7 +22046,7 @@

    11.1.49. Admin deletes executor co

    -
    $ curl 'https://sechub.example.com/api/admin/config/executor/f88cb1e3-caf7-4d3a-b8c1-5801c0bcad7a' -i -u 'user:secret' -X DELETE \
+
    $ curl 'https://sechub.example.com/api/admin/config/executor/22fb2f08-7b58-4d57-acbb-00f12619c6e1' -i -u 'user:secret' -X DELETE \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -21662,7 +22161,7 @@

    11.1.50. Admin fetches execut

    -
    {"executorConfigurations":[{"uuid":"85535231-46bc-4301-b5f5-37730131dec6","name":"example configuration","enabled":true}],"type":"executorConfigurationList"}
    +
    {"executorConfigurations":[{"uuid":"7d298d34-1148-4803-975d-226862654d0b","name":"example configuration","enabled":true}],"type":"executorConfigurationList"}
    @@ -21815,7 +22314,7 @@

    11.1.51. Admin fetches executor co

    -
    $ curl 'https://sechub.example.com/api/admin/config/executor/6071b1b3-4573-4ae7-a13e-e1b0fdaf149a' -i -u 'user:secret' -X GET \
+
    $ curl 'https://sechub.example.com/api/admin/config/executor/b60c002d-6882-41b7-9378-a1279f10fca9' -i -u 'user:secret' -X GET \
     -H 'Content-Type: application/json;charset=UTF-8'
    @@ -21824,7 +22323,7 @@

    11.1.51. Admin fetches executor co

    -
    {"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"}]},"executorVersion":1,"enabled":false,"uuid":"6071b1b3-4573-4ae7-a13e-e1b0fdaf149a"}
    +
    {"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value"}]},"executorVersion":1,"enabled":false,"uuid":"b60c002d-6882-41b7-9378-a1279f10fca9"}
    @@ -21972,7 +22471,7 @@

    11.1.52. Admin updates execu

    -
    $ curl 'https://sechub.example.com/api/admin/config/executor/81170e88-a5f7-4527-a19a-b9494b138f0f' -i -u 'user:secret' -X PUT \
+
    $ curl 'https://sechub.example.com/api/admin/config/executor/70e7df3d-e2c9-4416-b64e-4d93d5500933' -i -u 'user:secret' -X PUT \
     -H 'Content-Type: application/json;charset=UTF-8' \
     -d '{"name":"New name","productIdentifier":"PDS_CODESCAN","executorVersion":1,"enabled":false,"setup":{"baseURL":"https://productNew.example.com","credentials":{"user":"env:EXAMPLE_NEW_USENAME","password":"env:EXAMPLE_NEW_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value but changed. Remark: the other parameter (example.key2) has been removed by this call"}]}}'
    @@ -22316,7 +22815,7 @@

    11.1.55. Admin updates execution profil 
    $ curl 'https://sechub.example.com/api/admin/config/execution/profile/existing-profile-1' -i -u 'user:secret' -X PUT \
     -H 'Content-Type: application/json;charset=UTF-8' \
-    -d '{"description":"changed description","configurations":[{"uuid":"f016a684-830a-4c66-aa5b-1f49e85e9996","executorVersion":0,"enabled":false,"setup":{"credentials":{},"jobParameters":[]}}],"enabled":true}'
    + -d '{"description":"changed description","configurations":[{"uuid":"44742c74-0b9b-46c2-afa7-1c0e8e7f3291","executorVersion":0,"enabled":false,"setup":{"credentials":{},"jobParameters":[]}}],"enabled":true}'

    @@ -22436,7 +22935,7 @@

    11.1.56. Admin fetches execution profil

    configurations[].enabled

    Boolean

    -

    enabled state of this config

    +

    enabled state of this configuration

    configurations[].productIdentifier

    @@ -22472,7 +22971,7 @@

    11.1.56. Admin fetches execution profil

    -
    {"description":"a description","enabled":true,"configurations":[{"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value but changed. Remark: the other parameter (example.key2) has been removed by this call"}]},"executorVersion":1,"enabled":false,"uuid":"df9984fd-f307-4847-a49a-27700ee434d0"}],"projectIds":["project-1","project-2"]}
    +
    {"description":"a description","enabled":true,"configurations":[{"name":"New name","productIdentifier":"PDS_CODESCAN","setup":{"baseURL":"https://product.example.com","credentials":{"user":"env:EXAMPLE_USENAME","password":"env:EXAMPLE_PASSWORD"},"jobParameters":[{"key":"example.key1","value":"A value but changed. Remark: the other parameter (example.key2) has been removed by this call"}]},"executorVersion":1,"enabled":false,"uuid":"ce989c37-b285-4975-a802-3930530d627b"}],"projectIds":["project-1","project-2"]}
    @@ -22912,7 +23411,219 @@

    11.1.61. Admin updates auto cl

    -

    11.1.62. Admin disables job processing in scheduler

    +

    11.1.62. Admin starts encryption rotation

    + +
    +

    Definition

    +
    + + ++++ + + + + + + + + + + + + + + + + + + + + +
    Table 155. General request information
    Value

    Path

    /api/admin/encryption/rotate

    Method

    POST

    Status code

    200 OK

    +
    +

    Request headers

    +
    + ++++ + + + + + + +
    NameDescription
    +
    +

    Example

    +
    +
    +

    Curl request

    +
    +
    +
    +
    $ curl 'https://sechub.example.com/api/admin/encryption/rotate' -i -u 'user:secret' -X POST \
+    -H 'Content-Type: application/json;charset=UTF-8' \
+    -d '{
+  "algorithm" : "AES_GCM_SIV_256",
+  "passwordSourceType" : "ENVIRONMENT_VARIABLE",
+  "passwordSourceData" : "SECRET_1"
+}'
    +
    +
    +
    +

    Response body
    +(empty)

    +
    +
    +
    +

    11.1.63. Admin fetches encryption status

    + +
    +

    Definition

    +
    + + ++++ + + + + + + + + + + + + + + + + + + + + +
    Table 156. General request information
    Value

    Path

    /api/admin/encryption/status

    Method

    GET

    Status code

    200 OK

    +
    +

    Request headers

    +
    + ++++ + + + + + + +
    NameDescription
    +
    +

    Response fields

    +
    + +++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    PathTypeDescription

    type

    String

    The type description of the json content

    domains[].name

    String

    Name of the domain which will provide this encryption data elements

    domains[].data[].id

    String

    Unique identifier

    domains[].data[].algorithm

    String

    Algorithm used for encryption

    domains[].data[].passwordSource.type

    String

    Type of password source. Can be [NONE, ENVIRONMENT_VARIABLE]

    domains[].data[].passwordSource.data

    String

    Data for password source. If type is ENVIRONMENT_VARIABLE then it is the the name of the environment variable.

    domains[].data[].usage

    Object

    Map containing information about usage of this encryption

    domains[].data[].usage.*

    Number

    Key value data

    domains[].data[].created

    String

    Creation timestamp

    domains[].data[].createdFrom

    String

    User id of admin who created the encryption entry

    +
    +

    Example

    +
    +
    +

    Curl request

    +
    +
    +
    +
    $ curl 'https://sechub.example.com/api/admin/encryption/status' -i -u 'user:secret' -X GET \
+    -H 'Content-Type: application/json;charset=UTF-8'
    +
    +
    +
    +

    Response body

    +
    +
    +
    +
    {"type":"encryptionStatus","domains":[{"name":"schedule","data":[{"id":"1","algorithm":"AES_GCM_SIV_256","passwordSource":{"type":"ENVIRONMENT_VARIABLE","data":"SECRET_1"},"usage":{"job.state.cancel_requested":4,"job.state.canceled":5,"job.state.ended":6,"job.state.initializing":1,"job.state.ready_to_start":2,"job.state.started":3},"createdFrom":"admin-username","created":"2024-08-01T09:26:00"}]}]}
    +
    +
    +
    +
    +

    11.1.64. Admin disables job processing in scheduler

    @@ -22920,7 +23631,7 @@

    11.1.62. Admin disables job

    Definition

    - +@@ -22979,7 +23690,7 @@

    11.1.62. Admin disables job
    -

    11.1.63. Admin enables scheduler job processing

    +

    11.1.65. Admin enables scheduler job processing

    @@ -22987,7 +23698,7 @@

    11.1.63. Admin enables scheduler

    Definition

    Table 155. General request informationTable 157. General request information
    - +@@ -23046,7 +23757,7 @@

    11.1.63. Admin enables scheduler
    -

    11.1.64. Admin get scheduler status

    +

    11.1.66. Admin get scheduler status

    @@ -23054,7 +23765,7 @@

    11.1.64. Admin get scheduler status

    Definition

    Table 156. General request informationTable 158. General request information
    - +@@ -23113,7 +23824,7 @@

    11.1.64. Admin get scheduler status

    -

    11.1.65. Admin lists status information

    +

    11.1.67. Admin lists status information

    @@ -23121,7 +23832,7 @@

    11.1.65. Admin lists status information<

    Definition

    Table 157. General request informationTable 159. General request information
    - +@@ -23213,7 +23924,7 @@

    11.1.65. Admin lists status information<
    -

    11.1.66. Admin fetches server runtime data

    +

    11.1.68. Admin fetches server runtime data

    @@ -23221,7 +23932,7 @@

    11.1.66. Admin fetches server runtime

    Definition

    Table 158. General request informationTable 160. General request information
    - +@@ -23293,7 +24004,7 @@

    11.1.66. Admin fetches server runtime
    -

    11.1.67. User lists jobs for project

    +

    11.1.69. User lists jobs for project

    @@ -23301,7 +24012,7 @@

    11.1.67. User lists jobs for project

    Definition

    Table 159. General request informationTable 161. General request information
    - +@@ -23331,7 +24042,7 @@

    11.1.67. User lists jobs for project

    Path parameters

    Table 160. General request informationTable 162. General request information
    - +@@ -23455,7 +24166,7 @@

    11.1.67. User lists jobs for project

    -
    {"page":0,"totalPages":1,"content":[{"jobUUID":"c84c93ed-3719-4a72-8d2a-42be7efdbc5d","executedBy":"User1","created":"2024-07-10T13:40:02.462329442","started":"2024-07-10T13:42:02.462359458","ended":"2024-07-10T13:57:02.46237082","executionState":"ENDED","trafficLight":"GREEN","executionResult":"OK","metaData":{"labels":{"stage":"test"}}}]}
    +
    {"page":0,"totalPages":1,"content":[{"jobUUID":"048f9167-5b7a-41fb-a235-8e3a7e996efa","executedBy":"User1","created":"2024-08-08T07:48:50.319019742","started":"2024-08-08T07:50:50.319048296","ended":"2024-08-08T08:05:50.319059717","executionState":"ENDED","trafficLight":"GREEN","executionResult":"OK","metaData":{"labels":{"stage":"test"}}}]}
    @@ -25300,7 +26011,7 @@
    15.5.2.2.3. Profiles
    diff --git a/docs/latest/sechub-tutorials.html b/docs/latest/sechub-tutorials.html index 04b610b5b1..3d263540be 100644 --- a/docs/latest/sechub-tutorials.html +++ b/docs/latest/sechub-tutorials.html @@ -531,7 +531,7 @@
    Table 161. https://localhost:8081/api/project/{projectId}/jobsTable 163. https://localhost:8081/api/project/{projectId}/jobs
    -

    Documentation version: Server 1.10.0 - Build date: 20240710135650

    +

    Documentation version: Server 2.0.0 - Build date: 20240808080534

    @@ -1030,7 +1030,7 @@

    2.2.2. Test PDS solutio

    diff --git a/docs/latest/server-download.html b/docs/latest/server-download.html index 8a3fea04d6..32302ef294 100644 --- a/docs/latest/server-download.html +++ b/docs/latest/server-download.html @@ -1,7 +1,7 @@ - + Main Page