T-Sec Keenlab Security Audit Suites (KSAS) is a collection of tools for security audits at various levels, including: system baseline security audit, artifact security audit, source code security audit, and Android application security audit.

1. Required Parameters

• team_name: The team to which the analysis belongs, needs to be created in advance. Example: your-team.
• project_name: The project to which the analysis belongs, needs to be created in advance. Example: your-project.
• analysis_path: The path where the files to be analyzed are located. Example: /bin/echo.
• analysis_type: The type of analysis to create, currently supports three types, default is ArtifactPackage:
  • ArtifactPackage: Corresponds to the analysis type binAuditor, system type Package
  • ArtifactDocker: Corresponds to the analysis type binAuditor, system type Docker.
  • ArtifactAPK: Android application security audit
  • ArtifactSource: Source code security audit
• analysis_name: Analysis name/version name. Example: your-analysis-name. Must be unique
• token: Audit Suites token, available in the Audit Suites web page console in the upper right corner, username-token management-new, to obtain the token.
• website: The URL of Audit Suites, used for API requests and final report link generation. Example: https://your-url.com.

1. Optional Parameters

• description: Analysis description, default value is 'cnb plugin create'.

1. Analysis Configuration Optional Parameters

• analyze_timeout: Unpacking timeout setting, default 10 minutes
• analyze_file_type: Select the type of files to analyze (Text/Binary), default analyzes all types.
• file_skiped: Files or directories to skip. For example: /skipped/path/*, */pom.xml or */*_test.go. No files are ignored by default.
• smart_sca_enabled: Whether to enable C/C++ SCA, enabled by default.
• smart_sca_deep_scan: Whether to enable deep scanning, disabled by default, only effective when C/C++ SCA is enabled.
• unpacker_enabled: Whether to enable heuristic unpacking, enabled by default.
• extract_depth: Unpacking recursive depth, default 0 means dynamic recursion.

1. Source Code Audit Related Configuration Parameters, Optional

• source_sca_recommended: Required, whether to use analyzer recommended configuration. When this option is true, source_sca_min_file_count, source_sca_snippet_match_method, source_sca_snippet_match_rate, source_sca_snippet_match_count, source_sca_small_file_line_count are ignored.
• source_sca_min_file_count: Minimum number of files to detect a component (when the number of files hitting the same component is <= MinFileCount, the component is not detected), value range minFileCount >= 1.
• source_sca_snippet_match_method: Source code matching method.
• source_sca_snippet_match_rate: Minimum match rate (number of features hit/total number of features), value range 0 <= SnippetMatchRate <= 1 (percentage).
• source_sca_snippet_match_count: Minimum number of matching lines. Value range snippetMatchCount >= 0.
• source_sca_small_file_line_count: After removing comments, features with fewer than a certain number of lines do not participate in matching. Value range smallFileLineCount >= 1.

1. Advanced Configuration Optional Parameters

• advanced_config: Advanced configuration (JSON format). When this parameter is not empty, all analysis configuration parameters in parts 3 and 4 above are ineffective.

Upload source code to the security audit platform for detection:

# .cnb.yml
main:
  push:
  - services:
      - docker
    stages:
    # Package the source code
    - name: Package source code
      script: 
        - tar -czvf securityaudit.tar.gz ./src
    # Upload source code to the security audit platform
    - name: Security Audit
      image: tencentcom/ksas-audit-suites
      imports:
        - https://cnb.xxx.vom/xxx/your-envs.yml
      settings: 
        team_name: teamname
        project_name: projectname
        analysis_path: ./securityaudit.tar.gz
        analysis_type: ArtifactSource
        analysis_name: $CNB_BUILD_ID
        website: https://your-url
        token: $TOKEN

Upload docker image to the security audit platform for detection:

# .cnb.yml
main:
  push:
  - services:
      - docker
    stages:
    - name: docker build & push & save
      script: 
        - docker build -t security-audit:latest .
        - docker save security-audit:latest > security-audit.tar
    # Upload tar format image file to the security audit platform
    - name: Security Audit
      image: tencentcom/ksas-audit-suites
      imports:
        - https://cnb.xxx.vom/xxx/your-envs.yml
      settings: 
        team_name: teamname
        project_name: projectname
        analysis_path: ./security-audit.tar
        analysis_type: ArtifactDocker
        analysis_name: $CNB_BUILD_ID
        website: https://your-url
        token: $TOKEN