Commit 32dead8a authored by Thomas Boni's avatar Thomas Boni
Browse files

Merge branch '457-new-job-create-testssl-job' into 'latest' 

Resolve "[New job] Create testssl job"

Closes #457

See merge request r2devops/hub!276
parents e326c7e1 866f2618

.spell_check/dico.txt

+127 −119
Original line number Diff line number Diff line 
# https://www.textfixer.com/tools/remove-duplicate-lines.php

acl

ACL

ANSIBLE

Ansible

ansible

api

apidoc

apiDoc

apidoc

APIs

argparse

args

arror

aspell

auths

aws

acl

ACL

backend

backends

behaviour

bitnami

bom

bulary

bundler

Bzip

cd

CD

cd

cdxgen

cfg

cfn
@@ -28,39 +31,61 @@ changelogs 
checkov

checkstyle

ChkTex

ci

ChromeDriver

Chromedriver

chromedriver

CI

ci

cli

CLIPPY

clippy

clj

CNIL

CLOUDFORMATION

CloudFormation

CMake

cmake

CMakeLists

CNIL

CODECLIMATE

codeclimate

CodeSniffer

coffeelint

CoffeeScript

Coffeescript

CONFIG

config

CPP

CPPLINT

cpplint

credscan

CSHARP

css

CSV

csv

Customise

customise

customizable

CVE

CVSS

dartanalyzer

DAST

de

decrypted

decrypting

dep

Deployer

deployer

depscan

detekt

Dev

dev

developped

DevOps

devops

Devops

devops

DevOps's

Devops's

devops's

dictionnaries

DLL

dll
@@ -73,9 +98,11 @@ DoD 
dotenv

dotnet

Doxygen

DuskTestCase

EDITORCONFIG

editorconfig

emojipedia

enkinsfile

ENV

eslint

exe
@@ -84,6 +111,8 @@ fmt 
fontawesome

Fortran

frontend

GDPR

gdpr

Github

github

GitLab
@@ -97,24 +126,39 @@ globals 
Gofmt

gofmt

Golang

golang

golangci

gosec

gradle

Gradle

gradle

Granier

gulpfile

Gzip

HADOLINT

hadolint

hardcoded

Hotjar

Hotjar's

html

HTMLHint

I/O

ide

IDL

init

IO

io

ISORT

isort

JaCoCo

Jacoco

jacoco

Javascript

jdk

javascript

JDK

Jdk

jdk

Jenkinsfile

jobdescription

jq

js

JSON
@@ -125,15 +169,18 @@ jsonschema 
jsp

JSX

jsx

Junit

JUnit

Junit

junit

JUnit's

Junit's

kaniko

kondo

kotlin

ktlint

kts

kube

kubeconfig

kubectl

KUBERNETES

Kubernetes
@@ -142,6 +189,9 @@ kubesec 
KUBEVAL

Kubeval

kubeval

Kustomize

Laravel

laravel

LaTeX

libc

LibXML
@@ -156,17 +206,24 @@ LUA 
Lua

lua

luacheck

Marp

marp

LWC

lwc

Markdownlint

markdownlint

Marp

marp

md

minify

Mkdocs

mkdocs

Montpellier

Monorepo

monorepo

MONTPELLIER

Montpellier

musl

MYPY

mypy

namespace

natively

newman

njsscan
@@ -185,9 +242,10 @@ ok 
OPENAPI

OpenAPI

openapi

opensource

OpenSSL

openssl

opensslv

opensource

os

OSS

OWASP
@@ -196,12 +254,21 @@ pdf 
perlcritic

php

PHPCS

os

OSS

OWASP

PDF

pdf

perlcritic

php

PHPCS

phpcs

PHPDoc

PHPSTAN

PHPStan

phpstan

phpunit

PHPUnit

phpunit

pipenv

Pipfile

plsql
@@ -209,11 +276,13 @@ pmd 
POWERSHELL

PowerShell

Powershell

powershell

pre

PROTOBUF

Protobuf

protolint

PSalm

pseudonymized

PSScriptAnalyzer

px

Pylint
@@ -223,17 +292,25 @@ pytest 
R2bulary

RAKU

Raku

raku

README

RetireJS

repo

RetireJS

RuboCop

rubocop

runtime

salesforce

SAS

sast

scala

SCALAFIX

scalafix

schemas

serverless

Severities

severities

SFDX

sfdx

SHA

Shellcheck

shellcheck
@@ -247,17 +324,30 @@ snakefmt 
SNAKEMAKE

Snakemake

snakemake

Sonarcloud

sonarcloud

SonarQube

Sonarqube

sql

SQLFLUFF

sqlfluff

SSL

staticcheck

styleguide

Stylelint

stylelint

subdirectories

Subdelirium

subdirectories

SPDY

subfolders

SwaggerUI

SWIFTLINT

swiftlint

tcp

Tekton

tekton

Templating

templating

TERRAFORM

Terraform

terraform
@@ -266,9 +356,20 @@ Terragrunt 
terragrunt

TERRASCAN

terrascan

TESTSSL

testssl

tflint

tfsec

TicTacToe

tictactoe

TLS

tpl

Transpiled

transpiled

Transpiler

transpiler

Transpiling

transpiling

Trivy

trivy

trivycache
@@ -279,17 +380,24 @@ ttk 
TTL

txt

TypeScript

uncheck

UI

uncheck

Unhandled

unhandled

Url

url

urls

Urls

urls

VBDOTNET

vf

VHDL

vm

Vue

vue

vulns

webserver

Wordlists

wordlists

xml

YAML

yaml
@@ -297,103 +405,3 @@ YamlLint 
Yamllint

yamllint

zaproxy
 
TicTacToe

tictactoe

Vue

vue

wordlists

Wordlists

transpiling

Transpiling

transpiler

Transpiler

transpiled

Transpiled

unhandled

Unhandled

GDPR

gdpr

io

IO

I/O

Devops's

DevOps's

devops's

JDK

jdk

Jdk

JaCoCo

Jacoco

jacoco

Laravel

laravel

DuskTestCase

dev

Dev

ChromeDriver

Chromedriver

chromedriver

JUnit's

Junit's

CSV

csv

golang

Golang

Customise

customise

monorepo

Monorepo

SonarQube

Sonarqube

CODECLIMATE

codeclimate

sonarcloud

Sonarcloud

deployer

Deployer

jobdescription

templating

Templating

auths

kubeconfig

subfolders

severities

Kustomize

namespace

kubeconfig

init

backend

backends

CLIPPY

CPP

CPPLINT

ISORT

LWC

MYPY

SCALAFIX

Scaleway

SFDX

SQLFLUFF

SWIFTLINT

VBDOTNET

clippy

cpplint

isort

lwc

mypy

phpcs

powershell

raku

scalafix

sfdx

sqlfluff

swiftlint

enkinsfile

javascript

salesforce

schemas

Jenkinsfile

Hotjar

Hotjar's

pseudonymized

de

jobs/testssl/README.md

0 → 100644
+40 −0
Original line number Diff line number Diff line 
## Objective



Tool to check SSL/TLS related vulnerabilities of an URL



## How to use it



1. Add this job URL inside the `include` list of your `.gitlab-ci.yml` file (see the [quick setup](/use-the-hub/#quick-setup)). You can specify [a fixed version](#changelog) instead of `latest`.

    ```yaml

      - remote: 'https://jobs.r2devops.io/latest/testssl.yml'

    ```

1. Set the variable `TESTSSL_URL` with the URL you want to test

1. If you need to customize the job (stage, variables, ...) 👉 check the [jobs

   customization](/use-the-hub/#jobs-customization)

1. Well done, your job is ready to work ! 😀



## Job details



* Job name: `testssl`

* Docker image:

[`drwetter/testssl.sh:3.0`](https://hub.docker.com/r/_/drwetter/testssl.sh:3.0)

* Default stage: `dynamic_tests`

* When: `always`



### Variables







| Name | Description | Default |

| ---- | ----------- | ------- |

| `TESTSSL_URL` <img width=100/> | URL to test <img width=175/>| ` ` <img width=100/>|

| `TESTSSL_OPTIONS` | List of options to pass to testssl | ` ` |

| `TESTSSL_EXPORT_HTML` | Enable HTML export | `true` |

| `TESTSSL_EXPORT_HTML_FILENAME` | Name of the HTML export | `report.html` |

| `TESTSSL_EXPORT_JSON` | Enable JSON export | `true` |

| `TESTSSL_EXPORT_JSON_FILENAME` | Name of the HTML export | `report.json` |

| `TESTSSL_PARALLEL_MODE` | By default, all mass tests are done in serial mode, you can enable parallel testing (--parallel) | `true`|

| `TESTSSL_CHECK_LOCAL_CIPHER_REMOTELY` | Checks each local cipher remotely (-e) | `true`|

| `TESTSSL_FAST` | omits some checks: using openssl for all ciphers (-e), show only first preferred cipher (--fast) | `true`|

| `TESTSSL_TLS_SSL` | Checks TLS/SSL protocols (including SPDY/HTTP2) (-p) | `true`|

| `TESTSSL_VULNERABILITY` | Test all the vulnerabilities (-U) | `true`|

jobs/testssl/job.yml

0 → 100644
+9 −0
Original line number Diff line number Diff line 
name: testssl

description: Tool to check SSL/TLS related vulnerabilities

default_stage: dynamic_tests

icon: 🔒

maintainer: coconux

license: MIT

images:

  drwetter/testssl.sh:3.0

tools:
 
 No newline at end of file

jobs/testssl/screenshots/.gitkeep

0 → 100644
+0 −0

Empty file added.

jobs/testssl/testssl.yml

0 → 100644
+72 −0
Original line number Diff line number Diff line 
stages:

  - dynamic_tests



testssl:

    image:

       name: drwetter/testssl.sh:3.0

       entrypoint: [""]

    stage: dynamic_tests

    variables:

      # Path to the script inside the docker image

      TESTSSL_PATH: "/home/testssl/testssl.sh"

      # URL to test

      TESTSSL_URL: "gitlab.com"

      # List of options to pass to testssl

      TESTSSL_OPTIONS:  ""

      # Enable HTML export

      TESTSSL_EXPORT_HTML: "true"

      # Name of the HTML export

      TESTSSL_EXPORT_HTML_FILENAME: "report.html"

      # Enable JSON export

      TESTSSL_EXPORT_JSON: "true"

      # Name of the HTML export

      TESTSSL_EXPORT_JSON_FILENAME: "report.json"

      # By default, all mass tests are done in serial mode, you can enable parallel testing (--parallel)

      TESTSSL_PARALLEL_MODE: "true"

      # Checks each local cipher remotely -e

      TESTSSL_CHECK_LOCAL_CIPHER_REMOTELY: "true"

      # Omits some checks: using openssl for all ciphers, show only first preferred cipher (-e)

      TESTSSL_FAST: "true"

      # Checks TLS/SSL protocols (including SPDY/HTTP2) (-p)

      TESTSSL_TLS_SSL: "true"

      # Test all the vulnerabilities (-U)

      TESTSSL_VULNERABILITY: "true"



    script:

      # Enable options

      - if [ "$TESTSSL_EXPORT_HTML" == "true" ]; then

      -      TESTSSL_OPTIONS=" $TESTSSL_OPTIONS --htmlfile $TESTSSL_EXPORT_HTML_FILENAME"

      - fi

      - if [ "$TESTSSL_EXPORT_JSON" == "true" ]; then

      -      TESTSSL_OPTIONS=" $TESTSSL_OPTIONS --jsonfile $TESTSSL_EXPORT_JSON_FILENAME"

      - fi

      - if [ "$TESTSSL_PARALLEL_MODE" == "true" ]; then

      -      TESTSSL_OPTIONS=" $TESTSSL_OPTIONS --parallel"

      - fi

      - if [ "$TESTSSL_CHECK_LOCAL_CIPHER_REMOTELY" == "true" ]; then

      -      TESTSSL_OPTIONS=" $TESTSSL_OPTIONS -e"

      - fi

      - if [ "$TESTSSL_TLS_SSL" == "true" ]; then

      -      TESTSSL_OPTIONS=" $TESTSSL_OPTIONS -p"

      - fi

      - if [ "$TESTSSL_VULNERABILITY" == "true" ]; then

      -      TESTSSL_OPTIONS=" $TESTSSL_OPTIONS -U"

      - fi

      - if [ "$TESTSSL_FAST" == "true" ]; then

      -      TESTSSL_OPTIONS=" $TESTSSL_OPTIONS --fast"

      - fi

      # Run the script

      - $TESTSSL_PATH $TESTSSL_OPTIONS $TESTSSL_URL





    artifacts:

      when: always

      expose_as: "Testssl report"

      paths:

        - "$TESTSSL_EXPORT_HTML_FILENAME"

        - "$TESTSSL_EXPORT_JSON_FILENAME"

        # Below path is a workaround to provide artifact exposition in MR if

        # default output value is used.

        - "report.html"

        - "report.json"