radix-vulnerability-scanner-api

prod
qa

radix-vulnerability-scanner-api

The for Radix Vulnerability Scanner API provides access to vulnerability scan results for applications hosted in Radix. See Radix Vulnerability Scanner for details on installation and DB Credentials (we use managed identities).

Developing

You need Go installed. Make sure GOPATH and GOROOT are properly set up.

Also needed:

• go-swagger (on a Mac, you can install it with Homebrew: brew install go-swagger)
• statik (install with go get github.com/rakyll/statik)
• gomock (GO111MODULE=on go get github.com/golang/mock/[email protected])

Clone the repo into your GOPATH and run go mod download.

Contribution

Want to contribute? Read our contributing guidelines

Generating mocks

We use gomock to generate mocks used in unit test. You need to regenerate mocks if you make changes to any of the interface types used by the application

make mocks

Running locally

Run once after cloning of the GitHub repository:

1. go mod download
2. make swagger
3. make generate-radix-api-client

Configuration This application is configured via the environment. The following environment variables can be used:

KEY                    TYPE             DEFAULT                                                          REQUIRED    DESCRIPTION
RADIX_CLUSTER_TYPE     String                                                                            true        Used to set radix-api URL, set by operator in-cluster
RADIX_ENVIRONMENT      String                                                                            true        Used to set radix-api URL, set by operator in-cluster
RADIX_CLUSTERNAME      String                                                                            true        Used to set radix-api URL, set by operator in-cluster
RADIX_DNS_ZONE         String                                                                            true        Used to set radix-api URL, set by operator in-cluster
USE_LOCAL_RADIX_API    True or False                                                                                 Set Radix API client to localhost:3002

DB_DSN                 String                                                                            true        Database DSN for connecting to the Radix Vulnerability Scanner database
TOKEN_AUDIENCE         String           6dae42f8-4368-4678-94ff-3960e28e3630                             true        OIDC token audience
TOKEN_ISSUER           String           https://sts.windows.net/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/    true        OIDC token issuer

PRETTY_PRINT           True or False    false                                                                        Enable pretty print for logs
LOG_LEVEL              String           INFO                                                                         Logging level
PORT                   String           3003                                                                         Port to run the server on
USE_PROFILER           True or False    false                                                                        Enable profiler endpoint on localhost:7070

To setup Cluster specific variables, add/remove/change variables in Makefile for the section radixconfigs and update the placeholders in radixconfig.tpl.yaml. Afterwards run make radixconfigs to update the rendered yaml files.

Note: The PR workflow will run make generate, and if anything changes it will fail (it will try to generate radixconfigs, swagger specs, mocks and clients)`.

Deployment

Radix Vulnerability Scanner API follows the standard procedure defined in how we work.

Radix Vulnerability Scanner API is installed as a Radix application in script when setting up a cluster.

Security

This is how we handle security issues