npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@raalbuquerque/backstage-plugin-scaffolder-backend-module-convisoappsec

v1.0.1

Published

The convisoappsec module for @backstage/plugin-scaffolder-backend

Downloads

3

Readme

ConvisoAppSec scalffolder actions

This is Backstage scaffolder custom action with a sample software template for ConvisoAppSec.

ConvisoAppSec is an ASPM (Application Security Posture Management) used on software development process in order to identify, correlate, and prioritize security vulnerabilities.

This module create an Backstage custom action to integrate with Conviso Graphl backend using information filled on software template form (see Template example)

For further details about ConvisoAppSec concepts, please follow documentation

Prerequisites

Installation

Run the command below from your Backstage root directory

yarn add --cwd packages/backend @backstage/integration @raalbuquerque/backstage-plugin-scaffolder-backend-module-convisoappsec

Configuration

  1. Register ConvisoAppSec actions on Backstage backend, modifying the packages/backend/src/plugins/scaffolder.ts
/* highlight-add-start */
import {
  createRouter,
  createBuiltinActions,
} from '@backstage/plugin-scaffolder-backend';
import { ScmIntegrations } from '@backstage/integration';
import { createAppSecFlowProject } from '@raalbuquerque/backstage-plugin-scaffolder-backend-module-convisoappsec';
/* highlight-add-end */

export default async function createPlugin(
  env: PluginEnvironment,
): Promise<Router> {
  // ...

  /* highlight-add-start */
  const integrations = ScmIntegrations.fromConfig(env.config);

  const builtInActions = createBuiltinActions({
    integrations,
    catalogClient,
    config: env.config,
    reader: env.reader,
  });
  /* highlight-add-end */

  /* highlight-add-next-line */
  const actions = [
    ...builtInActions,
    createAppSecFlowProject({ config: env.config }),
  ];

  return await createRouter({
    logger: env.logger,
    config: env.config,
    database: env.database,
    reader: env.reader,
    catalogClient,
    identity: env.identity,
    /* highlight-add-next-line */
    actions,
  });
}

For more informations about plugin registration, please check Backstage documentation

  1. Add ConvisoAppSec parameters to app-config-yaml, at same level to scaffolder property, for instance.

    # app-config.yaml
    /* highlight-add-start */
    conviso:
       baseUrl: ${APPSECFLOW_BASE_URL}
       x-api-key: ${APPSECFLOW_API_KEY}
       companyId: ${APPSECFLOW_COMPANY_ID}
    /* highlight-add-end */

    Warning

    You should ommit /graphql path on baseUrl parameter

    Note:

Action input and output

Once the configuration is done, all the input and output parameters can be seen reaching /create/actions route in your Backstage installation.

Template example

Finished module configuration steps, the software template can be loaded on software catalog enabling Backstage users creating their ConvisoAppSec projects

# template.yaml
apiVersion: scaffolder.backstage.io/v1beta3
kind: Template
metadata:
  name: convisoappsec-project-create
  title: Create a ConvisoAppSec project
  description: Creates a new ConvisoAppSec project and register component on software catalog
  tags:
    - conviso
    - convisoappsec
    - security
  links:
    - title: ConvisoAppSec Documentation
      url: https://docs.convisoappsec.com/
spec:
  owner: raalbuquerque
  type: service

  parameters:
    - title: Project information
      required:
        - label
        - goal
        - scope
        - typeId
        - estimatedStartDate
      properties:
        label:
          title: Project Label
          type: string
          description: Name of the project
          pattern: '^([a-zA-Z][a-zA-Z0-9]*)(-[a-zA-Z0-9]+)*$'
          ui:autofocus: true
        goal:
          title: Goal
          type: string
          description: Goal
        scope:
          title: Scope
          type: string
          description: Scope
        typeId:
          title: Type
          type: number
          description: Select the project type from list
          enum:
            - 1
            - 2
            - 3
            - 4
            - 5
            - 6
            - 7
            - 8
            - 9
            - 10
            - 11
            - 12
            - 13
            - 14
            - 15
            - 16
          enumNames:
            - penetration_test
            - code_review
            - vulnerability_assessment
            - wordpress_plugin_assessment
            - accuracy
            - internal
            - web_application_firewall
            - threat_modeling
            - security_requirements
            - consulting
            - sensei
            - armature
            - network_penetration_testing
            - web_penetration_testing
            - mobile_penetration_testing
            - reverse_engineer
        estimatedStartDate:
          title: Start Date
          type: string
          format: date
          description: Estimated date when analysis will start
          hint: Not before today
          ui:widget: date
          ui:options:
            yearsRange: ['2020', '2023']
  steps:
    - id: createConvisoAppSecProject
      name: Create AppSecFlow project
      action: convisoappsec:project:create
      input:
        label: ${{ parameters.label }}
        goal: ${{ parameters.goal }}
        scope: ${{ parameters.scope }}
        typeId: ${{ parameters.typeId }}
        estimatedStartDate: ${{ parameters.estimatedStartDate }}
        tags: ${{ parameters.tags }}
  output:
    links:
      - title: Project URL
        url: ${{ steps['createConvisoAppSecProject'].output.projectUrl }}
    text:
      - title: More information
        content: |
          **Entity URL:** ${{ steps['createConvisoAppSecProject'].output.projectPid }}

Note

The software template above just create a project on ConvisoAppSec platform. In order to create software repositories and register new entities on Backstage software catalog you should combine with others software templates actions