Added a HelmChart value documentation to each readme based on a template feature.

Author: rfelber

hooks/declarative-subsequent-scans/README.md

@@ -11,7 +11,7 @@ usecase: "Cascading Scans based declarative Rules."
 
 ## Deployment
 
-Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans. 
+Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans.
 
 ```bash
 helm upgrade --install dssh ./hooks/declarative-subsequent-scans/
@@ -25,7 +25,7 @@ dssh   ReadOnly   docker.io/scbexperimental/hook-declarative-subsequent-scans:la
 ```
 
 ## CascadingScan Rules
-The CascadingRules are included directly in each helm chart of the individual scanners. 
+The CascadingRules are included directly in each helm chart of the individual scanners.
 
 ```bash
 # Check your CascadingRules
@@ -113,4 +113,11 @@ pop3s-tls-scan   sslyze         non-invasive   light
 smtps-tls-scan   sslyze         non-invasive   light
 ssh-scan         ssh-scan       non-invasive   light
 zap-http         zap-baseline   non-invasive   medium
-```
+```
+
+## Chart Configuration
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| image.repository | string | `"docker.io/scbexperimental/hook-declarative-subsequent-scans"` | Hook image repository |
+| image.tag | string | `nil` |  |

hooks/declarative-subsequent-scans/README.md.gotmpl

@@ -0,0 +1,120 @@
+---
+title: "Cascading Scans"
+path: "hooks/declarative-subsequent-scans"
+category: "hook"
+type: "processing"
+state: "released"
+usecase: "Cascading Scans based declarative Rules."
+---
+
+<!-- end -->
+
+## Deployment
+
+Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans. 
+
+```bash
+helm upgrade --install dssh ./hooks/declarative-subsequent-scans/
+```
+
+### Verification
+```bash
+kubectl get ScanCompletionHooks
+NAME   TYPE       IMAGE
+dssh   ReadOnly   docker.io/scbexperimental/hook-declarative-subsequent-scans:latest
+```
+
+## CascadingScan Rules
+The CascadingRules are included directly in each helm chart of the individual scanners. 
+
+```bash
+# Check your CascadingRules
+kubectl get CascadingRules
+NAME             STARTS         INVASIVENESS   INTENSIVENESS
+https-tls-scan   sslyze         non-invasive   light
+imaps-tls-scan   sslyze         non-invasive   light
+nikto-http       nikto          non-invasive   medium
+nmap-smb         nmap           non-invasive   light
+pop3s-tls-scan   sslyze         non-invasive   light
+smtps-tls-scan   sslyze         non-invasive   light
+ssh-scan         ssh-scan       non-invasive   light
+zap-http         zap-baseline   non-invasive   medium
+```
+
+## Starting a cascading Scan
+When you start a normal Scan, no CascadingRule will be applied. To use a _CascadingRule_ the scan must be marked to allow cascading rules.
+This is implemented using kubernetes label selectors, meaning that scans mark the classes of scans which are allowed to be cascaded by the current one.
+
+### Example
+```yaml
+cat <<EOF | kubectl apply -f -
+apiVersion: "execution.experimental.securecodebox.io/v1"
+kind: Scan
+metadata:
+  name: "example.com"
+spec:
+  scanType: nmap
+  parameters:
+    - -p22,80,443
+    - example.com
+  cascades:
+    matchLabels:
+      securecodebox.io/intensive: light
+EOF
+```
+
+This Scan will use all CascadingRules which are labeled with a "light" intensity.
+You can lookup which CascadingRules this selects by running:
+
+```bash
+kubectl get CascadingRules -l "securecodebox.io/intensive=light"
+NAME             STARTS     INVASIVENESS   INTENSIVENESS
+https-tls-scan   sslyze     non-invasive   light
+imaps-tls-scan   sslyze     non-invasive   light
+nmap-smb         nmap       non-invasive   light
+pop3s-tls-scan   sslyze     non-invasive   light
+smtps-tls-scan   sslyze     non-invasive   light
+ssh-scan         ssh-scan   non-invasive   light
+```
+
+The label selectors also allow the more powerful matchExpression selectors:
+
+```yaml
+cat <<EOF | kubectl apply -f -
+apiVersion: "execution.experimental.securecodebox.io/v1"
+kind: Scan
+metadata:
+  name: "example.com"
+spec:
+  scanType: nmap
+  parameters:
+    - -p22,80,443
+    - example.com
+  cascades:
+    # Using matchExpression instead of matchLabels
+    matchExpression:
+      key: "securecodebox.io/intensive"
+      operator: In
+      # This select both light and medium intensity rules
+      values: [light, medium]
+EOF
+```
+
+This selection can be replicated in kubectl using:
+
+```bash
+kubectl get CascadingRules -l "securecodebox.io/intensive in (light,medium)"
+NAME             STARTS         INVASIVENESS   INTENSIVENESS
+https-tls-scan   sslyze         non-invasive   light
+imaps-tls-scan   sslyze         non-invasive   light
+nikto-http       nikto          non-invasive   medium
+nmap-smb         nmap           non-invasive   light
+pop3s-tls-scan   sslyze         non-invasive   light
+smtps-tls-scan   sslyze         non-invasive   light
+ssh-scan         ssh-scan       non-invasive   light
+zap-http         zap-baseline   non-invasive   medium
+```
+
+## Chart Configuration
+
+{{ template "chart.valuesTable" . }}

hooks/declarative-subsequent-scans/values.yaml

@@ -3,6 +3,8 @@
 # Declare variables to be passed into your templates.
 
 image:
+  # image.repository -- Hook image repository
   repository: docker.io/scbexperimental/hook-declarative-subsequent-scans
-  # image.tag - defaults to the charts version
+  # parserImage.tag -- Parser image tag
+  # @default -- defaults to the charts version
   tag: null

hooks/generic-webhook/README.md

@@ -11,9 +11,17 @@ usecase: "Publishes Scan Findings as WebHook."
 
 ## Deployment
 
-Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace. 
+Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace.
 
 ```bash
 helm upgrade --install gwh ./hooks/generic-webhook/ --set webhookUrl="http://example.com/my/webhook/target"
 ```
-> ✍ This documentation is currently work-in-progress. 
+> ✍ This documentation is currently work-in-progress.
+
+## Chart Configuration
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| image.repository | string | `"docker.io/scbexperimental/generic-webhook"` | Hook image repository |
+| image.tag | string | `nil` |  |
+| webhookUrl | string | `"http://example.com"` | The URL of your WebHook endpoint |

hooks/generic-webhook/README.md.gotmpl

@@ -0,0 +1,23 @@
+---
+title: "Generic WebHook"
+path: "hooks/generic-webhook"
+category: "hook"
+type: "integration"
+state: "released"
+usecase: "Publishes Scan Findings as WebHook."
+---
+
+<!-- end -->
+
+## Deployment
+
+Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace. 
+
+```bash
+helm upgrade --install gwh ./hooks/generic-webhook/ --set webhookUrl="http://example.com/my/webhook/target"
+```
+> ✍ This documentation is currently work-in-progress. 
+
+## Chart Configuration
+
+{{ template "chart.valuesTable" . }}

hooks/generic-webhook/values.yaml

@@ -2,9 +2,12 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
+# webhookUrl -- The URL of your WebHook endpoint
 webhookUrl: "http://example.com"
 
 image:
+  # image.repository -- Hook image repository
   repository: docker.io/scbexperimental/generic-webhook
-  # image.tag - defaults to the charts version
+  # parserImage.tag -- Parser image tag
+  # @default -- defaults to the charts version
   tag: null

hooks/imperative-subsequent-scans/README.md

@@ -7,4 +7,24 @@ state: "roadmap"
 usecase: "Cascading Scans based imperative Rules."
 ---
 
-> 🔧 The implementation is currently work-in-progress and still undergoing major changes. It'll be released here once it has stabilized.
+## Deployment
+
+Installing the imperative-subsequent-scans hook will add a ReadOnly Hook to your namespace.
+
+```bash
+helm upgrade --install issh ./hooks/imperative-subsequent-scans/
+```
+> ✍ This documentation is currently work-in-progress.
+
+## Chart Configuration
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| cascade.amassNmap | bool | `false` | True if you want to cascade nmap scans for each subdomain found by amass, otherwise false. |
+| cascade.nmapNikto | bool | `false` | True if you want to cascade Nikto scans for each HTTP Port found by nmap, otherwise false. |
+| cascade.nmapSmb | bool | `false` | True if you want to cascade nmap SMB scans for each SMB Port found by nmap, otherwise false. |
+| cascade.nmapSsh | bool | `false` | True if you want to cascade SSH scans for each SSH Port found by nmap, otherwise false. |
+| cascade.nmapSsl | bool | `false` | True if you want to cascade SSL scans for each HTTP Port found by nmap, otherwise false. |
+| cascade.nmapZapBaseline | bool | `false` | True if you want to cascade ZAP scans for each HTTP Port found by nmap, otherwise false. |
+| image.repository | string | `"docker.io/scbexperimental/hook-imperative-subsequent-scans"` | Hook image repository |
+| image.tag | string | `nil` |  |

hooks/imperative-subsequent-scans/README.md.gotmpl

@@ -0,0 +1,21 @@
+---
+title: "Imperative  Scans"
+path: "hooks/imperative-subsequent-scans"
+category: "hook"
+type: "integration"
+state: "roadmap"
+usecase: "Cascading Scans based imperative Rules."
+---
+
+## Deployment
+
+Installing the imperative-subsequent-scans hook will add a ReadOnly Hook to your namespace. 
+
+```bash
+helm upgrade --install issh ./hooks/imperative-subsequent-scans/ 
+```
+> ✍ This documentation is currently work-in-progress. 
+
+## Chart Configuration
+
+{{ template "chart.valuesTable" . }}

hooks/imperative-subsequent-scans/values.yaml

@@ -3,20 +3,22 @@
 # Declare variables to be passed into your templates.
 
 cascade:
-  # Cascade nmap scans for each subdomain found by amass
-  amassNmap: true
-  # Cascade nmap SMB scans for each SMB Port found by nmap
+  # cascade.amassNmap -- True if you want to cascade nmap scans for each subdomain found by amass, otherwise false.
+  amassNmap: false
+  # cascade.nmapSmb -- True if you want to cascade nmap SMB scans for each SMB Port found by nmap, otherwise false.
   nmapSmb: false
-  # Cascade SSH scans for each SSH Port found by nmap
-  nmapSsh: true
-  # Cascade SSL scans for each HTTP Port found by nmap
-  nmapSsl: true
-  # Cascade Nikto scans for each HTTP Port found by nmap
+  # cascade.nmapSsh -- True if you want to cascade SSH scans for each SSH Port found by nmap, otherwise false.
+  nmapSsh: false
+  # cascade.nmapSsl -- True if you want to cascade SSL scans for each HTTP Port found by nmap, otherwise false.
+  nmapSsl: false
+  # cascade.nmapNikto -- True if you want to cascade Nikto scans for each HTTP Port found by nmap, otherwise false.
   nmapNikto: false
-  # Cascade ZAP scans for each HTTP Port found by nmap
+  # cascade.nmapZapBaseline -- True if you want to cascade ZAP scans for each HTTP Port found by nmap, otherwise false.
   nmapZapBaseline: false
 
 image:
+  # image.repository -- Hook image repository
   repository: docker.io/scbexperimental/hook-imperative-subsequent-scans
-  # image.tag - defaults to the charts version
+  # parserImage.tag -- Parser image tag
+  # @default -- defaults to the charts version
   tag: null

hooks/persistence-elastic/README.md

@@ -14,44 +14,39 @@ The ElasticSearch persistenceProvider hook saves all findings and reports into t
 
 ## Deployment
 
-Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace. 
+Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace.
 
 ```bash
 helm upgrade --install elkh ./hooks/persistence-elastic/
 ```
 
-## Configuration
-see values.yaml
-
-```yaml
-# Define a specific index prefix
-indexPrefix: "scbv2"
-
-# Enable this when you already have an Elastic Stack running to which you want to send your results
-externalElasticStack:
-  enabled: false
-  elasticsearchAddress: "https://elasticsearch.example.com"
-  kibanaAddress: "https://kibana.example.com"
-
-# Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch
-# user and apikey are mutually exclusive, only set one!
-authentication:
-  # Link a pre-existing generic secret with `username` and `password` key / value pairs
-  userSecret: null
-  # Link a pre-existing generic secret with `id` and `key` key / value pairs
-  apiKeySecret: null
-
-# Configures included Elasticsearch subchart
-elasticsearch:
-  enabled: true
-  replicas: 1
-  minimumMasterNodes: 1
-  # image: docker.elastic.co/elasticsearch/elasticsearch-oss
-
-# Configures included Elasticsearch subchart
-kibana:
-  enabled: true
-  # image: docker.elastic.co/kibana/kibana-oss
-```
+## Chart Configuration
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| authentication | object | `{"apiKeySecret":null,"userSecret":null}` | Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch user and apikey are mutually exclusive, only set one! |
+| authentication.apiKeySecret | string | `nil` | Link a pre-existing generic secret with `id` and `key` key / value pairs |
+| authentication.userSecret | string | `nil` | Link a pre-existing generic secret with `username` and `password` key / value pairs |
+| elasticsearch | object | `{"enabled":true,"minimumMasterNodes":1,"replicas":1}` | Configures the included elasticsearch subchart (see: https://github.com/elastic/helm-charts/tree/elasticsearch) |
+| elasticsearch.enabled | bool | `true` | Enable if you want to deploy an elasticsearch service. |
+| elasticsearch.minimumMasterNodes | int | `1` | The value for discovery.zen.minimum_master_nodes. Should be set to (master_eligible_nodes / 2) + 1. Ignored in Elasticsearch versions >= 7 |
+| elasticsearch.replicas | int | `1` | Kubernetes replica count for the StatefulSet (i.e. how many pods) |
+| externalElasticStack.elasticsearchAddress | string | `"https://elasticsearch.example.com"` | The URL of the elasticsearch service to persists all findings to. |
+| externalElasticStack.enabled | bool | `false` | Enable this when you already have an Elastic Stack running to which you want to send your results |
+| externalElasticStack.kibanaAddress | string | `"https://kibana.example.com"` | The URL of the kibana service used to visualize all findings. |
+| fullnameOverride | string | `""` |  |
+| image.repository | string | `"docker.io/scbexperimental/persistence-elastic"` | Hook image repository |
+| image.tag | string | `nil` |  |
+| imagePullSecrets | list | `[]` |  |
+| indexPrefix | string | `"scbv2"` | Define a specific index prefix used for all elasticsearch indices. |
+| kibana | object | `{"enabled":true}` | Configures included Elasticsearch subchart |
+| kibana.enabled | bool | `true` | Enable if you want to deploy an kibana service (see: https://github.com/elastic/helm-charts/tree/master/kibana) |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| tolerations | list | `[]` |  |
 
 [elastic.io]: https://www.elastic.co/products/elasticsearch