Skip to content

Instantly share code, notes, and snippets.

View ralvares's full-sized avatar
🏠
Working from home

Rodrigo Alvares ralvares

🏠
Working from home
  • My Own Repo :)
  • Dubai - AE
View GitHub Profile

Vulnerability Feed Intelligence API Documentation

Overview

The Vulnerability Feed Intelligence API provides comprehensive information about software vulnerabilities, helping organizations prioritize vulnerability management. The API leverages the Stakeholder-Specific Vulnerability Categorization (SSVC) framework to provide decisions based on exploitation, automation, exposure, and human impact.

Base URL

https://api.ssvc.me
#!/bin/bash
#Install JQ and YQ
#./get_netpol.sh | oc apply -f -
if [[ -z "${ROX_ENDPOINT}" ]]; then
echo >&2 "ROX_ENDPOINT must be set"
exit 1
fi
if [[ -z "${ROX_API_TOKEN}" ]]; then
apiVersion: platform.stackrox.io/v1alpha1
kind: SecuredCluster
metadata:
name: stackrox-secured-cluster-services
namespace: stackrox
spec:
monitoring:
openshift:
enabled: true
auditLogs:
# haproxy.cfg
defaults
mode http
log global
option httplog
option dontlognull
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
@ralvares
ralvares / central.yaml
Last active July 3, 2024 08:48
secure-cluster.yaml
apiVersion: platform.stackrox.io/v1alpha1
kind: Central
metadata:
name: stackrox-central-services
namespace: stackrox
spec:
monitoring:
openshift:
enabled: true
central:
DOCKER_CONFIG_JSON=`oc extract secret/pull-secret -n openshift-config --to=-`
oc create secret generic multiclusterhub-operator-pull-secret \
-n open-cluster-management-observability \
--from-literal=.dockerconfigjson="$DOCKER_CONFIG_JSON" \
--type=kubernetes.io/dockerconfigjson
ACCESS_KEY=""
SECRET_KEY=""
@ralvares
ralvares / generate_netpol.sh
Last active March 9, 2023 13:42
Generate Network Policies using roxctl (npguard) from running deployments.
if [ $# -eq 0 ]
then
echo "try: $0 payments-v2 frontend backend"
exit 1
fi
> netpols.yaml
for namespace in $@
do
@ralvares
ralvares / secured-cluster.yaml
Created February 17, 2023 09:17
rhacs yaml definition adding proxy configuration
apiVersion: platform.stackrox.io/v1alpha1
kind: SecuredCluster
metadata:
name: stackrox-secured-cluster-services
namespace: stackrox
spec:
admissionControl:
bypass: BreakGlassAnnotation
contactImageScanners: DoNotScanInline
listenOnCreates: true
@ralvares
ralvares / rhacs-image-puller-serviceaccount.yaml
Created February 17, 2023 09:06
Integrating RHACS scanner with the internal ocp registry
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: stackrox
name: stackrox-image-puller
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: stackrox-image-puller-clusterrolebinding
@ralvares
ralvares / disable_default_policies.sh
Created February 6, 2023 13:17
Disable all the default policies from RHACS
#!/bin/bash
if [[ -z "${ROX_ENDPOINT}" ]]; then
echo >&2 "ROX_ENDPOINT must be set"
exit 1
fi
if [[ -z "${ROX_API_TOKEN}" ]]; then
echo >&2 "ROX_API_TOKEN must be set"
exit 1