diff --git a/docs/docs/cloudscanner/aws.md b/docs/docs/cloudscanner/aws.md index 7fe4f6d2ff..8f4c4a5bcc 100644 --- a/docs/docs/cloudscanner/aws.md +++ b/docs/docs/cloudscanner/aws.md @@ -85,7 +85,7 @@ provider "aws" { module "deepfence-cloud-scanner_example_single-account" { source = "deepfence/cloud-scanner/aws//examples/single-account-ecs" - version = "0.6.0" + version = "0.9.0" name = "deepfence-cloud-scanner" # mgmt-console-url: deepfence.customer.com or 22.33.44.55 mgmt-console-url = "" diff --git a/docs/docs/cloudscanner/azure.md b/docs/docs/cloudscanner/azure.md index 78b0ced03d..8f24db9763 100644 --- a/docs/docs/cloudscanner/azure.md +++ b/docs/docs/cloudscanner/azure.md @@ -28,7 +28,7 @@ provider "azurerm" { module "cloud-scanner_example_single-subscription" { source = "deepfence/cloud-scanner/azure//examples/single-subscription" - version = "0.6.0" + version = "0.9.0" mgmt-console-url = " eg. XXX.XXX.XX.XXX" mgmt-console-port = "443" deepfence-key = " eg. XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" @@ -59,7 +59,7 @@ provider "azurerm" { module "cloud-scanner_example_tenant-subscriptions" { source = "deepfence/cloud-scanner/azure//examples/tenant-subscriptions" - version = "0.6.0" + version = "0.9.0" mgmt-console-url = " eg. XXX.XXX.XX.XXX" mgmt-console-port = " eg. 443" deepfence-key = " eg. XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" @@ -123,7 +123,7 @@ data "azurerm_kubernetes_cluster" "default" { module "cloud-scanner" { source = "deepfence/cloud-scanner/azure//examples/aks" - version = "0.7.0" + version = "0.9.0" name = "" mgmt-console-url = " eg. XXX.XXX.XX.XXX" deepfence-key = "" @@ -158,7 +158,7 @@ data "azurerm_kubernetes_cluster" "default" { module "test" { source = "deepfence/cloud-scanner/azure//examples/aks" - version = "0.7.0" + version = "0.9.0" name = "" mgmt-console-url = " eg. XXX.XXX.XX.XXX" deepfence-key = "" @@ -204,7 +204,7 @@ module "test" { module "infrastructure_cloud-scanner-app" { source = "deepfence/cloud-scanner/azure//modules/infrastructure/cloud-scanner-app" - version = "0.7.0" + version = "0.9.0" name = "deepfence-cloud-scanner" subscription_ids_access = [data.azurerm_subscription.current.subscription_id] } @@ -235,7 +235,7 @@ module "test" { module "infrastructure_cloud-scanner-app" { source = "deepfence/cloud-scanner/azure//modules/infrastructure/cloud-scanner-app" - version = "0.7.0" + version = "0.9.0" name = "deepfence-cloud-scanner" subscription_ids_access = [list of tenant subscriptions ids] } diff --git a/docs/docs/cloudscanner/gcp.md b/docs/docs/cloudscanner/gcp.md index 898d404810..66923ca4b3 100644 --- a/docs/docs/cloudscanner/gcp.md +++ b/docs/docs/cloudscanner/gcp.md @@ -20,7 +20,7 @@ Copy and paste the following (single project or multiple projects) into a new fi ```terraform module "cloud-scanner_example_single-project" { source = "deepfence/cloud-scanner/gcp//examples/single-project" - version = "0.6.0" + version = "0.9.0" name = "deepfence-cloud-scanner" # mgmt-console-url: deepfence.customer.com or 22.33.44.55 mgmt-console-url = "" @@ -53,7 +53,7 @@ module "cloud-scanner_example_single-project" { ```terraform module "cloud-scanner_example_multiple-projects" { source = "deepfence/cloud-scanner/gcp//examples/multi-project" - version = "0.6.0" + version = "0.9.0" name = "deepfence-cloud-scanner" # org_domain: root project name org_domain = "" @@ -128,7 +128,7 @@ data "google_container_cluster" "target_cluster" { module "cloud_scanner_example_single_project" { source = "deepfence/cloud-scanner/gcp//examples/gke" - version = "0.7.2" + version = "0.9.0" gke_host = "https://${data.google_container_cluster.target_cluster.endpoint}" gke_token = data.google_client_config.current.access_token gke_cluster_ca_certificate = base64decode(data.google_container_cluster.target_cluster.master_auth[0].cluster_ca_certificate,) @@ -164,7 +164,7 @@ data "google_container_cluster" "target_cluster" { module "cloud_scanner_example_multiple_project" { source = "deepfence/cloud-scanner/gcp//examples/gke" - version = "0.7.2" + version = "0.9.0" name = "deepfence-cloud-scanner" gke_host = "https://${data.google_container_cluster.target_cluster.endpoint}" gke_token = data.google_client_config.current.access_token @@ -214,7 +214,7 @@ module "cloud_scanner_example_multiple_project" { module "cloud_scanner_example_single_project" { source = "deepfence/cloud-scanner/gcp//examples/gce-vm" - version = "0.7.2" + version = "0.9.0" # gcp service account name name = "deepfence-cloud-scanner" # project_id example: dev1-123456 @@ -233,7 +233,7 @@ module "cloud_scanner_example_multiple_project" { module "cloud_scanner_example_multiple_project" { source = "deepfence/cloud-scanner/gcp//examples/gce-vm" - version = "0.7.2" + version = "0.9.0" # gcp service account name name = "deepfence-cloud-scanner" # project_id example: dev1-123456 @@ -277,7 +277,7 @@ module "cloud_scanner_example_multiple_project" { SUCCESS_SIGNAL_URL: "" DF_LOG_LEVEL: info SCAN_INACTIVE_THRESHOLD: "21600" - CLOUD_SCANNER_POLICY: "arn:aws:iam::aws:policy/SecurityAudit" + CLOUD_SCANNER_POLICY: "" ``` 6. Start the cloud scanner using docker compose ``` diff --git a/docs/docs/console/docker.md b/docs/docs/console/docker.md index 54bbdcb72c..2859709174 100644 --- a/docs/docs/console/docker.md +++ b/docs/docs/console/docker.md @@ -18,10 +18,10 @@ You can install the Management Console on a single Docker host or [in a dedicate The following instructions explain how to get started with a docker-based installation on a single host system: -1. Download the file [docker-compose.yml](https://github.com/deepfence/ThreatMapper/blob/release-2.3/deployment-scripts/docker-compose.yml) to the system that will host the Console +1. Download the file [docker-compose.yml](https://github.com/deepfence/ThreatMapper/blob/release-2.4/deployment-scripts/docker-compose.yml) to the system that will host the Console ```bash - wget https://github.com/deepfence/ThreatMapper/raw/release-3.0/deployment-scripts/docker-compose.yml + wget https://github.com/deepfence/ThreatMapper/raw/release-2.4/deployment-scripts/docker-compose.yml ``` 2. Execute the following command to install and start the latest build of the Console diff --git a/docs/docs/console/upgrade-from-v2.1.md b/docs/docs/console/upgrade-from-v2.1.md index 222ca96908..deab44d1fa 100644 --- a/docs/docs/console/upgrade-from-v2.1.md +++ b/docs/docs/console/upgrade-from-v2.1.md @@ -7,7 +7,7 @@ title: Upgrade from v2.1 Please choose upgrade steps by console deployment type (docker or kubernetes) ### Prerequisite -1. Download [pre-upgrade-to-v5.sh](https://github.com/deepfence/ThreatMapper/blob/release-2.3/deepfence_neo4j/pre-upgrade-to-v5.sh) script to current directory +1. Download [pre-upgrade-to-v5.sh](https://github.com/deepfence/ThreatMapper/blob/release-2.4/deepfence_neo4j/pre-upgrade-to-v5.sh) script to current directory 2. Make `pre-upgrade-to-v5.sh` executable ``` chmod +x pre-upgrade-to-v5.sh diff --git a/docs/docs/developers/deploy-console.md b/docs/docs/developers/deploy-console.md index 754cae7377..72fe545a48 100644 --- a/docs/docs/developers/deploy-console.md +++ b/docs/docs/developers/deploy-console.md @@ -14,10 +14,10 @@ You should first [build the management console](build) and push the images to a Refer to the [Docker Installation Instructions](/docs/console/docker) along with the modifications below. ::: -1. Download the file [docker-compose.yml](https://github.com/deepfence/ThreatMapper/blob/release-2.3/deployment-scripts/docker-compose.yml) to the system that will host the Console +1. Download the file [docker-compose.yml](https://github.com/deepfence/ThreatMapper/blob/release-2.4/deployment-scripts/docker-compose.yml) to the system that will host the Console ```bash - wget https://github.com/deepfence/ThreatMapper/raw/release-3.0/deployment-scripts/docker-compose.yml + wget https://github.com/deepfence/ThreatMapper/raw/release-2.4/deployment-scripts/docker-compose.yml ``` 2. Execute the following command to install and start the Console. Note the override to specify your repository `myorg`, rather than the `deepfenceio` default: diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js index cf35ec05f0..b78281c62d 100644 --- a/docs/docusaurus.config.js +++ b/docs/docusaurus.config.js @@ -42,7 +42,17 @@ const config = { lastVersion: 'current', versions: { "current": { + label: 'v2.5', + banner: 'none', + }, + "v2.4": { + label: 'v2.4', + path: 'v2.4', + banner: 'none', + }, + "v2.3": { label: 'v2.3', + path: 'v2.3', banner: 'none', }, "v2.2": { diff --git a/docs/package.json b/docs/package.json index 10bfd879d1..66db66c6b9 100644 --- a/docs/package.json +++ b/docs/package.json @@ -14,8 +14,8 @@ "write-heading-ids": "docusaurus write-heading-ids" }, "dependencies": { - "@docusaurus/core": "^3.4.0", - "@docusaurus/preset-classic": "^3.4.0", + "@docusaurus/core": "^3.6.0", + "@docusaurus/preset-classic": "^3.6.0", "@mdx-js/react": "^3.0.0", "clsx": "^2.1.0", "prism-react-renderer": "^2.1.0", @@ -24,7 +24,7 @@ "react-player": "^2.15.1" }, "devDependencies": { - "@docusaurus/module-type-aliases": "^3.4.0" + "@docusaurus/module-type-aliases": "^3.6.0" }, "browserslist": { "production": [ diff --git a/docs/versioned_docs/version-v2.3/architecture/cloudscanner.md b/docs/versioned_docs/version-v2.3/architecture/cloudscanner.md new file mode 100644 index 0000000000..86ed114a13 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/architecture/cloudscanner.md @@ -0,0 +1,40 @@ +--- +title: Cloud Scanner task +--- + +# Cloud Scanner Overview + +ThreatMapper performs Compliance Posture Scanning to: + +* Build an inventory of cloud assets, such as network security groups, storage objects, key management services. The types of assets discovered are specific to each cloud platform. +* Perform 'posture scanning', where ThreatMapper matches infrastructure configuration against a set of best-practice benchmarks, such as CIS, PCI-DSS and HIPAA. The benchmarks that are supported are specific to each cloud platform. + +ThreatMapper then summarises the results in a 'Threat Graph' visualization, to help you to prioritize compliance issues that pose the greatest risk of exploit. + +## Implementation + + * Compliance Posture Scanning for **Clouds** requires access (typically read-only) to the cloud platform APIs, and uses the Cloud Scanner task + * Compliance Posture Scanning for **Hosts** requires direct access to the host, and uses the Sensor Agent. + +### Compliance Posture Scanning for Clouds + +The ThreatMapper Console does not access the cloud platform APIs directly; there is no need to open the APIs up for remote access. Instead, you deploy a 'Cloud Scanner' task which acts as a local relay, taking instructions from the remote ThreatMapper console and performing local API calls from within your cloud infrastructure. + +Each Cloud Scanner task runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your ThreatMapper console. You can deploy as many Cloud Scanner tasks as are required by your security policy and any restrictions in place that affect API access. + +Cloud Scanner tasks are deployed using the appropriate Terraform module for each cloud, and are configured with the address and API key of your management console. They 'phone home' to your management console and take instructions on demand; they do not listen for remote connections or control. + +:::info +Refer to the Installation Documentation to [Learn how to install Cloud Scanner tasks](/docs/cloudscanner) +::: + + +### Compliance Posture Scanning for Hosts + +ThreatMapper can perform compliance posture scanning on linux hosts and Kubernetes master and worker nodes. + +Scanning is done directly, using a local [Sensor Agent](sensors) rather than by using the Cloud Scanner task employed by the cloud platform integrations. + + + + diff --git a/docs/versioned_docs/version-v2.3/architecture/console.md b/docs/versioned_docs/version-v2.3/architecture/console.md new file mode 100644 index 0000000000..eee43a4178 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/architecture/console.md @@ -0,0 +1,38 @@ +--- +title: Management Console +--- + +# The ThreatMapper Management Console + +The ThreatMapper Management Console ("Console") is a standalone application, implemented as a fleet of containers. It should be deployed on either a single docker host, or (for larger deployments) a dedicated Kubernetes cluster. The console is self-contained, and exposes an HTTPS interface for administration and API automation. + +The console allows you to: + +* Manage the users who can access the console. +* Configure Infrastructure API access and interrogate platform configurations. +* Visualize and drill down into Kubernetes clusters, virtual machines, containers and images, running processes, and network connections in near real time. +* Invoke vulnerability scans on running containers and applications and review the results, ranked by risk-of-exploit. +* Invoke compliance scans on infrastructure configuration ('agentless') and on infrastructure hosts ('agent-based'), manually or automatically when they are added to a cluster. +* Scan container registries for vulnerabilities, to review workloads before they are deployed. +* Scan image builds during the CI/CD pipeline, supporting CircleCI, Jenkins, and GitLab. +* Scan containers and host filesystems for unprotected secrets, including access tokens, keys and passwords. +* Configure integrations with external notification, SIEM and ticketing systems, including Slack, PagerDuty, Jira, Splunk, ELK, Sumo Logic, and AWS S3. +ThreatMapper supports multiple production deployments simultaneously, so that you can visualize and scan workloads across a large production estate. + +### ThreatMapper Compliance Posture Scanning + +ThreatMapper performs compliance posture scanning for cloud platforms by querying the infrastructure APIs for these platforms. + +This is achieved using a **cloud scanner** task that is deployed within each cloud instance using a terraform module. The cloud scanner is granted appropriate access to the local APIs, and operates under instruction from the remote ThreatMapper console. + +### ThreatMapper Registry Scanning + +The ThreatMapper console can scan container images at rest in a wide range of supported registries. + +This is achieved by providing appropriate credentials to the ThreatMapper console so that it can discover and download assets directly from these registries. + +### ThreatMapper Vulnerability, Secret and Local Compliance Scanning + +ThreatMapper performs vulnerability and secret scanning directly on production and non-production hosts using a **sensor agent** container. + +The sensor agent is also used for local compliance scanning (Kubernetes and Linux posture) where it has access to configuration and assets that are not exposed through an API. \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/architecture/index.md b/docs/versioned_docs/version-v2.3/architecture/index.md new file mode 100644 index 0000000000..3983602ad1 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/architecture/index.md @@ -0,0 +1,28 @@ +--- +title: ThreatMapper Architecture +--- + +# ThreatMapper Architecture + +The ThreatMapper product consists of a Management Console, and multiple Sensor Agents and Cloud Scanner tasks that are deployed within your production platform(s). + +![ThreatMapper Components](../img/threatmapper-components.jpg) + +The Management Console is deployed first. The Management console generates an API key and a URL which you will need when you install the Sensor containers and Cloud Scanner tasks. + +The Management Console is managed over TLS (port 443), used for administrative traffic (web browser and API) and for sensor traffic. You should firewall or secure access to this port so that only authorised admin users and remote production platforms are able to connect. + +# Agent-Less and Agent-Based operation + +ThreatMapper uses both agent-less and agent-based operations to discover the widest-possible range of threats and render them in 'Threat Graphs' and 'Threat Maps'. You can use either or both operations, and can configure their access to your production and non-production systems in line with your own security posture. + +| | Agent-Less (Cloud Connector) | Agent-Based (Sensor Agent) | +|----------------|----------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------| +| Implementation | Direct access to infrastructure APIs, using a secured **Cloud Connector** task, deployed local to the cloud instance | Lightweight, privileged **sensor agent** container with access to local resources on the host | +| Visibility | Cloud configuration and assets, as exposed through cloud or infrastructure API | Local assets, including filesystem, process list, local containers and pods, and kernel interfaces | +| Capability | Identifies deviation from good practice configuration ("Compliance Scanning") for cloud platforms | Identifies network flows and performs vulnerability, secret and local host (Linux/Kubernetes) compliance scanning | +| Output | Agent-less data is reported in the 'Threat Graph', which shows compliance-related issues | Agent-based data is reported in the Threat Map (for vulnerabilities, secrets etc) and Threat Graph (for compliance issues) | + + + + diff --git a/docs/versioned_docs/version-v2.3/architecture/sensors.md b/docs/versioned_docs/version-v2.3/architecture/sensors.md new file mode 100644 index 0000000000..f762d3fddb --- /dev/null +++ b/docs/versioned_docs/version-v2.3/architecture/sensors.md @@ -0,0 +1,18 @@ +--- +title: Sensor Agent +--- + +# Sensor Agent + +ThreatMapper Sensors are deployed on your production platforms, directly on each production host. They are deployed in the form of a privileged container (the 'Sensor Agent'). They communicate securely with your ThreatMapper Management Console, taking instructions to retrieve SBOMs and run scans, and forwarding telemetry data. + +The sensors support the following production platforms: + +* **Kubernetes:** The sensors are deployed as a daemonset, similar to other kubernetes services. +* **Docker:** The sensor is deployed as a docker container on each docker host. +* **Bare metal and VM-based platforms:** Sensors are deployed as a Docker container on each Linux operating system instance, using a Docker runtime. Linux instances are supported; Windows Server is not supported, although an experimental implementation is available. +* **AWS Fargate** The sensor is deployed as a daemon service alongside each serverless instance. + +:::info +Refer to the Installation Documentation to [Learn how to install Sensor Agents](/docs/sensors) +::: \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/architecture/threatgraph.md b/docs/versioned_docs/version-v2.3/architecture/threatgraph.md new file mode 100644 index 0000000000..662f361ae6 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/architecture/threatgraph.md @@ -0,0 +1,63 @@ +--- +title: The Threat Graph +--- + +# Understanding the Threat Graph + +The Threat Graph visualization provides an interactive view of your entire threat landscape. It presents the threats exposed on each node - vulnerabilities, secrets and compliance issues - and displays the connections between each based on live and recent network flows. + +| ![Threat Graph](../img/threat-graph-1.png) | +|:------------------------------------------:| +| Threat Graph | + +Nodes depict critical workloads and services that either have exploitable vulnerabilities or misconfigurations. Edges denote potential paths that attackers could take to access and exploit those issues, informed by real network data. + +The complete threat landscape is rendered as an interactive and actionable graph. The graph correlates the scan results (vulnerabilities, cloud misconfigurations, secrets) with runtime context (live network flows, security groups, live status) to contextualize and prioritize the alerts for each asset. + +## Investigating the Threat Graph landscape + +View the Cloud or Platform nodes to gain a summary of the number of significant vulnerabilities, secret and compliance issues within each cloud or platform. + +### Example: Compliance Issues + +Select a asset to view the instances of that asset. + +| ![Threat Graph - view assets](../img/threat-graph-2.png) | +|:--------------------------------------------------------:| +| Threat Graph - View Assets | + +Select an instance of that asset type to list the issues detected against instance: + +| ![Threat Graph](../img/threat-graph-3.png) | +|:--------------------------------------------:| +| Threat Graph - Investigate Compliance Issues | + +Select an issue to understand the full nature of the compliance deviation: + +| ![Threat Graph](../img/threat-graph-4.png) | +|:------------------------------------------:| +| Threat Graph - View Compliance Issue | + +You can quickly narrow down from potentially thousands of alerts to a refined and accurate set of issues and attack paths that you can fix. + +## Example: Workload Issues + +Select a runtime workload, such as a host, to list the issues detected against that asset: + +| ![Threat Graph](../img/threat-graph-2.png) | +|:------------------------------------------:| +| Threat Graph - Investigate Workload Issues | + +You can then review the issues detected against that workload. + +| ![Threat Graph](../img/threat-graph-6.png) | +|:------------------------------------------:| +| Threat Graph - View Vulnerabilities | + +If needed, you can drill down to the vulnerability specifics: + +| ![Threat Graph](../img/threat-graph-7.png) | +|:-------------------------------------------:| +| Threat Graph - View Vulnerability Specifics | + +Once again, the Threat Graph enables you to quickly narrow down from potentially thousands of alerts to a refined and accurate set of issues and attack paths that you can fix. diff --git a/docs/versioned_docs/version-v2.3/cloudscanner/aws.md b/docs/versioned_docs/version-v2.3/cloudscanner/aws.md new file mode 100644 index 0000000000..a7087c9095 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/cloudscanner/aws.md @@ -0,0 +1,390 @@ +--- +title: AWS +--- + +# Configuring Cloud Scanner for AWS + +Cloud Scanner can be deployed using one of the following: +- [ECS - CloudFormation](#cloud-scanner-on-ecs-cloudformation) +- [ECS - Terraform](#cloud-scanner-on-ecs-terraform) +- [EKS Cluster](#cloud-scanner-on-eks-cluster) +- [EC2 Instance](#cloud-scanner-on-ec2-instance) + +## Cloud Scanner on ECS (CloudFormation) + +### Organization Deployment + +Log in to the AWS management console account and open the following url link to deploy Cloud Scanner using CloudFormation in `us-east-1` region. + +[Deploy across multiple AWS accounts in AWS organization](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/organization-deployment/deepfence-cloud-scanner-org-common.template&stackName=Deepfence-Cloud-Scanner¶m_CloudScannerImage=quay.io/deepfenceio/cloud_scanner_ce:2.3.1) + +(Template URL: https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/organization-deployment/deepfence-cloud-scanner-org-common.template) + +Then, fill in the below parameters as needed: + +| ![Cloud Scanner](../img/cloud-scanner-aws-1.png) | +|:------------------------------------------------:| +| Cloud Scanner Configuration | + +:::info +Cloud Scanner Image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1 +::: + +| ![Cloud Scanner](../img/cloud-scanner-aws-2.png) | +|:------------------------------------------------:| +| Set Name | + +### Single Account Deployment + +Log in to the AWS management console account and open the following url link to deploy Cloud Scanner using CloudFormation in `us-east-1` region. + +[Deploy on a single AWS account](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/single-account-deployment/deepfence-cloud-scanner.template&stackName=Deepfence-Cloud-Scanner¶m_CloudScannerImage=quay.io/deepfenceio/cloud_scanner_ce:2.3.1) + +(Template URL: https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/single-account-deployment/deepfence-cloud-scanner.template) + +Then, fill in the below parameters as needed: + +| ![Cloud Scanner](../img/cloud-scanner-aws-1.png) | +|:------------------------------------------------:| +| Cloud Scanner Configuration | + +| ![Cloud Scanner](../img/cloud-scanner-aws-2.png) | +|:------------------------------------------------:| +| Set Name | + +#### For Deployment in Existing VPC(Optional) + +If you want to deploy Cloud Scanner in an existing VPC (say, for environment where the Deepfence Management Console can only be accessed via a private IP within the VPC), you need to fill in the following params: + +| ![Cloud Scanner](../img/cloud-scanner-aws-3.png) | +|:------------------------------------------------:| +| Choose VPC | + +#### Configure CIDR blocks(Optional) + +You may want to configure CIDR blocks to avoid collision with existing CIDR blocks: + +| ![Cloud Scanner](../img/cloud-scanner-aws-4.png) | +|:------------------------------------------------:| +| Choose CIDRs | + +## Cloud Scanner on ECS (Terraform) + +Cloud Scanner is deployed as a task within your AWS infrastructure. + +You need to configure Terraform with the appropriate resources and inputs for your particular scenario, and you will need to provide the IP address or DNS name for the ThreatMapper management console and an API key. + +### Single Account Deployment + +Copy and paste the following into a new file cloud-scanner.tf. Edit the fields: region, mgmt-console-url and deepfence-key. +```shell +provider "aws" { + # AWS region: Example: us-east-1 + region = "us-east-1" +} + +module "deepfence-cloud-scanner_example_single-account" { + source = "deepfence/cloud-scanner/aws//examples/single-account-ecs" + version = "0.6.0" + name = "deepfence-cloud-scanner" + # mgmt-console-url: deepfence.customer.com or 22.33.44.55 + mgmt-console-url = "" + mgmt-console-port = "443" + deepfence-key = "" + # AWS Account Name (Optional, for easy identification) + account_name = "" + image = "quay.io/deepfenceio/cloud_scanner_ce:2.3.1" + # Task CPU Units (Default: 4 vCPU) + cpu = "4096" + # Task Memory (Default: 8 GB) + memory = "8192" + # Task Ephemeral Storage (Default: 100 GB) + ephemeral_storage = "100" + # Task role: Must be either arn:aws:iam::aws:policy/SecurityAudit or arn:aws:iam::aws:policy/ReadOnlyAccess + task_role = "arn:aws:iam::aws:policy/SecurityAudit" + debug_logs = false + # Use existing VPC (Optional) + use_existing_vpc = false + # VPC ID (If use_existing_vpc is set to true) + existing_vpc_id = "" + # List of VPC Subnet IDs (If use_existing_vpc is set to true) + existing_vpc_subnet_ids = [] + tags = { + product = "deepfence-cloud-scanner" + } + # AWS region: Example: us-east-1 + region = "us-east-1" + ecs_vpc_region_azs = ["us-east-1a"] + # Optional: To refresh the cloud resources every hour, provide CloudTrail Trail ARNs (Management events with write-only or read-write). + # If empty, a trail with management events will be automatically chosen if available. + # e.g.: ["arn:aws:cloudtrail:us-east-1:123456789012:trail/aws-events"] + cloudtrail_trails = [] +} +``` +Ensure that the `name` parameter is set to some unique string to avoid collision with existing resource names in the account of deployment + +Then run +```shell +terraform init +terraform plan +terraform apply +``` + +For full details, refer to the GitHub repository: https://github.com/deepfence/terraform-aws-cloud-scanner/tree/main/examples/single-account-ecs + +### Organization Account Deployment + +For full details, refer to the GitHub repository: https://github.com/deepfence/terraform-aws-cloud-scanner/tree/main/examples/organizational-deploy-with-member-account-read-only-access-creation + +## Cloud Scanner on EKS Cluster + +:::info + +**Pre-requisite:** +1. Associate OIDC provider with the EKS cluster where cloud scanner is going to be deployed. + + ([refer here for aws documentation on enable-iam-roles-for-service-accounts](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html)) + +2. kubectl and helm command line tools are installed and configured to access the cluster where cloud scanner is going to be deployed + +::: + +### Single Account Cloud Scanner on EKS cluster using IRSA + +1. Create the EKS IRSA role using the terraform script [single-account-eks-iam-role](https://github.com/deepfence/cloud-scanner/tree/main/cloudformation/self-hosted/eks-iam-roles/single-account-eks-iam-role) +2. If cloudformation is preferred create the EKS IRSA role using the cloudformation template [deepfence-cloud-scanner-single-account-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/eks-iam-roles/single-account-eks-iam-role/deepfence-cloud-scanner-single-account-iam-role.template) +3. Note **namespace**, **service account name** and **iam role arn** from the output of terraform or cloudformation deployment +4. Add Deepfence cloud scanner helm repo + ``` + helm repo add cloud-scanner https://deepfence-helm-charts.s3.amazonaws.com/cloud-scanner + ``` +5. Download the helm chart values for depfence-cloud-scanner chart to file **cloud-scanner.yaml** + ``` + helm show values cloud-scanner/deepfence-cloud-scanner --version 2.3.2 > cloud-scanner.yaml + ``` +6. Update the following values in the values.yaml. Add service account annotation and service account name in **cloud-scanner.yaml** as shown in the example below + ```yaml + image: + # ThreatMapper + repository: quay.io/deepfenceio/cloud_scanner_ce + + # Format: deepfence.customer.com or 123.123.123.123 + managementConsoleUrl: "" + + # Auth: Get Deepfence api key from UI -> Settings -> User Management + deepfenceKey: + key: "" + + cloudAccount: + # AWS account ID to monitor + accountID: "" + # Account name (Optional, for easy identification. Not required in organization deployment.) + accountName: "" + + cloudProvider: "aws" + # AWS region + region: "us-east-1" + + # Policy set for Cloud Scanner in CloudFormation / terraform + # arn:aws:iam::aws:policy/ReadOnlyAccess / arn:aws:iam::aws:policy/SecurityAudit + cloudScannerPolicy: "arn:aws:iam::aws:policy/SecurityAudit" + + # Optional: AWS account ID where the helm chart is deployed, in case it is different from cloudAccount.accountID + deployedAccountID: "" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: + "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/deepfence-cloud-scanner" + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "deepfence-cloud-scanner" + ``` +7. Install the helm chart in the same *namespace* from Step 3. + ``` + helm install -f cloud-scanner.yaml cloud-scanner cloud-scanner/deepfence-cloud-scanner \ + --namespace deepfence \ + --create-namespace \ + --version 2.3.2 + ``` + +### Organization Account Cloud Scanner on EKS cluster using IRSA + +1. Create the EKS IRSA role using the cloudformation template [deepfence-cloud-scanner-organization-stackset-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/eks-iam-roles/organization-eks-iam-role/deepfence-cloud-scanner-organization-stackset-iam-role.template) +2. Note **namespace**, **service account name** and **iam role arn** from the output of cloudformation deployment +3. Add Deepfence cloud scanner helm repo + ``` + helm repo add cloud-scanner https://deepfence-helm-charts.s3.amazonaws.com/cloud-scanner + ``` +4. Download the helm chart values for depfence-cloud-scanner chart to file **cloud-scanner.yaml** + ``` + helm show values cloud-scanner/deepfence-cloud-scanner --version 2.3.2 > cloud-scanner.yaml + ``` +5. Update the following values in the values.yaml. Add service account annotation and service account name in **cloud-scanner.yaml** as shown in the example below + ```yaml + image: + # ThreatMapper + repository: quay.io/deepfenceio/cloud_scanner_ce + + # Format: deepfence.customer.com or 123.123.123.123 + managementConsoleUrl: "" + + # Auth: Get Deepfence api key from UI -> Settings -> User Management + deepfenceKey: + key: "" + + cloudAccount: + # Organization root account ID + accountID: "" + # Account name (Optional, for easy identification. Not required in organization deployment.) + accountName: "" + + cloudProvider: "aws" + # AWS region + region: "us-east-1" + + # Policy set for Cloud Scanner in CloudFormation / terraform + # arn:aws:iam::aws:policy/ReadOnlyAccess / arn:aws:iam::aws:policy/SecurityAudit + cloudScannerPolicy: "arn:aws:iam::aws:policy/SecurityAudit" + + # Optional: AWS account ID where the helm chart is deployed, in case it is different from cloudAccount.accountID + deployedAccountID: "" + + # For Organization deployment: + + # Is this organization deployment or single account deployment? + isOrganizationDeployment: true + + # Organization root account ID + # Should be same as cloudAccount.accountID + organizationAccountID: "" + + # Role name. The name should be same across all accounts in the Organization deployment. + # Role ARN example: arn:aws:iam::123456789012:role/deepfence-cloud-scanner-role + # Role name in this case is deepfence-cloud-scanner-role + roleName: "" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: + "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/deepfence-cloud-scanner" + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "deepfence-cloud-scanner" + ``` +6. Install the helm chart in the same *namespace* from Step 2. + ``` + helm install -f cloud-scanner.yaml cloud-scanner cloud-scanner/deepfence-cloud-scanner \ + --namespace deepfence \ + --create-namespace \ + --version 2.3.2 + ``` + +## Cloud Scanner on EC2 Instance + +:::info + +**Pre-requisite:** +- Install docker and docker compose on the EC2 instance([refer docker documentation for installation instructions](https://docs.docker.com/engine/install/)) +- If an existing EC2 instance is used, check if docker and docker compose plugins are installed on the EC2 instance +::: + +### Single Account Cloud Scanner on EC2 Instance using IAM Roles +1. Create the IAM role and instance profile for deepfence cloud scanner using the cloudformation script [deepfence-cloud-scanner-single-account-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/ec2/single-account-ec2-iam-role/deepfence-cloud-scanner-single-account-iam-role.template) +2. Note the instance profile from the cloudformation stack output +3. Modify the EC2 instance, add the instance profile created by cloudformation script +4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url + ``` + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml + ``` + ```bash + mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml + ``` +5. Update the account details and console details in the docker-compose.yaml + ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1 + environment: + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" + CLOUD_PROVIDER: "aws" + CLOUD_REGION: "" + CLOUD_ACCOUNT_ID: "" + DEPLOYED_ACCOUNT_ID: "" + CLOUD_ACCOUNT_NAME: "" + ORGANIZATION_DEPLOYMENT: false + CLOUD_ORGANIZATION_ID: "" + ROLE_NAME: "" + CLOUD_AUDIT_LOG_IDS: "" + HTTP_SERVER_REQUIRED: "false" + SUCCESS_SIGNAL_URL: "" + DF_LOG_LEVEL: info + SCAN_INACTIVE_THRESHOLD: "21600" + CLOUD_SCANNER_POLICY: "arn:aws:iam::aws:policy/SecurityAudit" + ``` +6. Start the cloud scanner using docker compose + ``` + docker compose up -d + ``` + +### Organization Account Cloud Scanner on EC2 Instance using IAM Roles +1. Create the IAM role and instance profile for deepfence cloud scanner using the cloudformation script [deepfence-cloud-scanner-organization-stackset-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/ec2/organization-ec2-iam-role/deepfence-cloud-scanner-organization-stackset-iam-role.template) +2. Note the instance profile from the cloudformation stack output +3. Modify the EC2 instance, add the instance profile created by cloudformation script +4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url + ``` + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml + ``` + ```bash + mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml + ``` +5. Update the organization account details and console details in the docker-compose.yaml + ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1 + environment: + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" + CLOUD_PROVIDER: "aws" + CLOUD_REGION: "" + CLOUD_ACCOUNT_ID: "" + DEPLOYED_ACCOUNT_ID: "" + CLOUD_ACCOUNT_NAME: "" + ORGANIZATION_DEPLOYMENT: true + CLOUD_ORGANIZATION_ID: "" + ROLE_NAME: "" + CLOUD_AUDIT_LOG_IDS: "" + HTTP_SERVER_REQUIRED: "false" + SUCCESS_SIGNAL_URL: "" + DF_LOG_LEVEL: info + SCAN_INACTIVE_THRESHOLD: "21600" + CLOUD_SCANNER_POLICY: "arn:aws:iam::aws:policy/SecurityAudit" + ``` +6. Start the cloud scanner using docker compose + ``` + docker compose up -d + ``` + +## What Compliance Scans are Performed? + +ThreatMapper builds on a large library of **controls** - these are specific requirements and matching tests. For example, you will find controls that correspond to best-practice configurations of access to assets, such as enabling TLS access and blocking plain-text HTTP. + +Controls are grouped into **benchmarks**. Where multiple benchmarks are available, controls may be used by several benchmarks. + +When you run a compliance scan, you can select which benchmarks you wish to measure against, and ThreatMapper will then evaluate the appropriate controls and present the results, by benchmark, once the scan has completed. + +For full information, refer to [Operations: Compliance Scanning](/docs/operations/compliance). + +:::tip Maximizing Coverage +For maximum coverage, you can use both Cloud Scanner and local Sensor Agent compliance scans together. You could scan your AWS infrastructure using Cloud Scanner, and [scan selected VMs deployed within AWS](other) using the Sensor Agent. +::: \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/cloudscanner/azure.md b/docs/versioned_docs/version-v2.3/cloudscanner/azure.md new file mode 100644 index 0000000000..d1947fba6d --- /dev/null +++ b/docs/versioned_docs/version-v2.3/cloudscanner/azure.md @@ -0,0 +1,314 @@ +--- +title: Microsoft Azure +--- + +# Configuring Cloud Scanner for Microsoft Azure + +Cloud Scanner can be deployed using one of the following: +- [Azure Container Instance](#cloud-scanner-on-azure-container-instance) +- [Azure Kubernetes Cluster](#cloud-scanner-on-aks-cluster) +- [Azure Virtual Machine](#cloud-scanner-on-azure-virtual-machine) + +## Cloud Scanner on Azure Container Instance + +You need to configure Terraform with the appropriate resources and inputs for your particular scenario, and you will need to provide the IP address or DNS name for the ThreatMapper management console and an API key. + +Copy and paste the following into a new file cloud-scanner.tf. Edit the fields: region, mgmt-console-url and deepfence-key. + +### Single Subscription + +Monitor a single Azure subscription + +```terraform +provider "azurerm" { + features {} + # Subscription ID to deploy the Azure Container Service + subscription_id = "" +} + +module "cloud-scanner_example_single-subscription" { + source = "deepfence/cloud-scanner/azure//examples/single-subscription" + version = "0.6.0" + mgmt-console-url = " eg. XXX.XXX.XX.XXX" + mgmt-console-port = "443" + deepfence-key = " eg. XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" + name = "deepfence-cloud-scanner" + image = "quay.io/deepfenceio/cloud_scanner_ce:2.3.1" + # Location name https://gist.github.com/ausfestivus/04e55c7d80229069bf3bc75870630ec8#results + location = "eastus" + # Number of CPU cores (Default: 2 vCPU) + cpu = "2" + # Memory in GB (Default: 4 GB) + memory = "4" + tags = { + product = "deepfence-cloud-scanner" + } +} +``` + +### Tenant subscriptions + +Monitor multiple subscriptions in a Tenant + +```terraform +provider "azurerm" { + features {} + # Subscription ID to deploy the Azure Container Service + subscription_id = "" +} + +module "cloud-scanner_example_tenant-subscriptions" { + source = "deepfence/cloud-scanner/azure//examples/tenant-subscriptions" + version = "0.6.0" + mgmt-console-url = " eg. XXX.XXX.XX.XXX" + mgmt-console-port = " eg. 443" + deepfence-key = " eg. XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" + name = "deepfence-cloud-scanner" + image = "quay.io/deepfenceio/cloud_scanner_ce:2.3.1" + # List of subscription ids to monitor + subscription_ids_access = ["XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"] + # Location name https://gist.github.com/ausfestivus/04e55c7d80229069bf3bc75870630ec8#results + location = "eastus" + # Number of CPU cores (Default: 4 vCPU) + cpu = "4" + # Memory in GB (Default: 8 GB) + memory = "8" + tags = { + product = "deepfence-cloud-scanner" + } +} +``` + +Ensure that the `name` parameter is set to some unique string to avoid collision with existing resource names in the subscription + +Then run +```shell +terraform init +terraform plan +terraform apply +``` + +For full details, refer to the `examples` provided in the GitHub repository: https://github.com/deepfence/terraform-azure-cloud-scanner + +## Cloud Scanner on AKS cluster + +:::info + +**Pre-requisite:** +1. AKS cluster is created, and you have access to the cluster +2. azure cli is configured and is able to access the required project where cloud scanner will be deployed + +::: + +Cloud Scanner is deployed as a pod within your AKS cluster + +You need to configure Terraform with the appropriate resources and inputs for your particular scenario, and you will need to provide the IP address or DNS name for the ThreatMapper management console and an API key. + +Copy and paste the following (single project or multiple projects) into a new file cloud-scanner.tf. Edit the fields: region, mgmt-console-url and deepfence-key. + +### Single Subscription Cloud Scanner on AKS Cluster + +```terraform +provider "azurerm" { + subscription_id = "" + features {} +} + +data "azurerm_subscription" "current" {} + +data "azurerm_kubernetes_cluster" "default" { + name = "< AKS CLUSTER NAME >" + resource_group_name = "" +} + +module "cloud-scanner" { + source = "deepfence/cloud-scanner/azure//examples/aks" + version = "0.7.0" + name = "" + mgmt-console-url = " eg. XXX.XXX.XX.XXX" + deepfence-key = "" + # ThreatMapper + cloud_scanner_image = "quay.io/deepfenceio/cloud_scanner_ce" + # ThreatStryker + # cloud_scanner_image = "quay.io/deepfenceio/cloud_scanner" + location = "< LOCATION >" + subscription_id = data.azurerm_subscription.current.subscription_id + aks_host = data.azurerm_kubernetes_cluster.default.kube_config.0.host + aks_client_key = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_key) + aks_client_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) + aks_cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) +} +``` + +### Multiple Subscription Cloud Scanner on AKS cluster + +```terraform + +provider "azurerm" { + subscription_id = "" + features {} +} + +data "azurerm_subscription" "current" {} + +data "azurerm_kubernetes_cluster" "default" { + name = "< AKS CLUSTER NAME >" + resource_group_name = "" +} + +module "test" { + source = "deepfence/cloud-scanner/azure//examples/aks" + version = "0.7.0" + name = "" + mgmt-console-url = " eg. XXX.XXX.XX.XXX" + deepfence-key = "" + # ThreatMapper + cloud_scanner_image = "quay.io/deepfenceio/cloud_scanner_ce" + # ThreatStryker + # cloud_scanner_image = "quay.io/deepfenceio/cloud_scanner" + location = "< LOCATION >" + subscription_id = data.azurerm_subscription.current.subscription_id + aks_host = data.azurerm_kubernetes_cluster.default.kube_config.0.host + aks_client_key = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_key) + aks_client_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) + aks_cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) + isOrganizationDeployment = true + deployedAccountID = data.azurerm_subscription.current.subscription_id + subscription_ids_access = [ ] +} + +``` + +## Cloud Scanner on Azure virtual machine + +:::info + +**Pre-requisite:** +1. Install docker and docker compose on the Azure virtual machine ([refer docker documentation for installation instructions](https://docs.docker.com/engine/install/)) +2. If an existing Azure virtual machine is used, check if docker and docker compose plugins are installed on the Azure virtual machine. +3. azure cli is configured and is able to access the required project where cloud scanner will be deployed + +::: + +1. Copy and paste the following (single tenant or multiple tenant) into a new file cloud-scanner.tf. Edit the fields: SUBSCRIPTION_ID and subscription_ids_access if required. + + - Single Subscription Cloud Scanner on Azure virtual machine + + ```terraform + provider "azurerm" { + subscription_id = "" + features {} + } + + data "azurerm_subscription" "current" {} + + module "infrastructure_cloud-scanner-app" { + source = "deepfence/cloud-scanner/azure//modules/infrastructure/cloud-scanner-app" + version = "0.7.0" + name = "deepfence-cloud-scanner" + subscription_ids_access = [data.azurerm_subscription.current.subscription_id] + } + + output "tenant_id" { + value = module.infrastructure_cloud-scanner-app.tenant_id + } + + output "client_id" { + value = module.infrastructure_cloud-scanner-app.client_id + } + + output "client_secret" { + value = module.infrastructure_cloud-scanner-app.client_secret + sensitive = true + } + ``` + + - Multiple Subscription Cloud Scanner on Azure virtual machine + + ```terraform + provider "azurerm" { + subscription_id = "" + features {} + } + + data "azurerm_subscription" "current" {} + + module "infrastructure_cloud-scanner-app" { + source = "deepfence/cloud-scanner/azure//modules/infrastructure/cloud-scanner-app" + version = "0.7.0" + name = "deepfence-cloud-scanner" + subscription_ids_access = [list of tenant subscriptions ids] + } + + output "tenant_id" { + value = module.infrastructure_cloud-scanner-app.tenant_id + } + + output "client_id" { + value = module.infrastructure_cloud-scanner-app.client_id + } + + output "client_secret" { + value = module.infrastructure_cloud-scanner-app.client_secret + sensitive = true + } + ``` +2. Apply the terraform script and note the output `tenant_id`, `client_id` and `client_secret`. + Please run this command to retrieve `client_secret` from terraform output. + ``` + terraform output client_secret + ``` +3. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url + ``` + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml + ``` + ```bash + mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml + ``` +4. Update the environment vars account details and console details in the docker-compose.yaml, if deploying for multi tenants cloud scanner set `ORGANIZATION_DEPLOYMENT: true` + ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1 + environment: + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" + CLOUD_PROVIDER: "azure" + CLOUD_REGION: "" + CLOUD_ACCOUNT_ID: "" + DEPLOYED_ACCOUNT_ID: "" + CLOUD_ACCOUNT_NAME: "" + ORGANIZATION_DEPLOYMENT: false + CLOUD_ORGANIZATION_ID: "" + ROLE_NAME: "" + CLOUD_AUDIT_LOG_IDS: "" + HTTP_SERVER_REQUIRED: "false" + SUCCESS_SIGNAL_URL: "" + DF_LOG_LEVEL: info + SCAN_INACTIVE_THRESHOLD: "21600" + CLOUD_SCANNER_POLICY: "" + + AZURE_TENANT_ID: "" + AZURE_REGION: "" + AZURE_CLIENT_ID: "" + AZURE_CLIENT_SECRET: "" + AZURE_SUBSCRIPTION_ID: "" + ``` +5. Start the cloud scanner using docker compose + ``` + docker compose up -d + ``` + +## What Compliance Scans are Performed? + +ThreatMapper builds on a large library of **controls** - these are specific requirements and matching tests. For example, you will find controls that correspond to best-practice configurations of access to assets, such as enabling TLS access and blocking plain-text HTTP. + +Controls are grouped into **benchmarks**. Where multiple benchmarks are available, controls may be used by several benchmarks. + +When you run a compliance scan, you can select which benchmarks you wish to measure against, and ThreatMapper will then evaluate the appropriate controls and present the results, by benchmark, once the scan has completed. + +For full information, refer to [Operations: Compliance Scanning](/docs/operations/compliance). + +:::tip Maximizing Coverage +For maximum coverage, you can use both Cloud Scanner and local Sensor Agent compliance scans together. You could scan your Azure infrastructure using Cloud Scanner, and [scan selected VMs deployed within Azure](other) using the Sensor Agent. +::: \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/cloudscanner/gcp.md b/docs/versioned_docs/version-v2.3/cloudscanner/gcp.md new file mode 100644 index 0000000000..44550a2985 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/cloudscanner/gcp.md @@ -0,0 +1,299 @@ +--- +title: Google Compute Platform +--- + +# Configuring Cloud Scanner for Google Cloud Platform + +Cloud Scanner can be deployed using one of the following: +- [GCP Cloud Run](#cloud-scanner-on-gcp-cloud-run) +- [GKE Cluster](#cloud-scanner-on-gke-cluster) +- [GCP Compute Instance](#cloud-scanner-on-gcp-compute-instance) + +## Cloud Scanner on GCP Cloud Run + +You need to configure Terraform with the appropriate resources and inputs for your particular scenario, and you will need to provide the IP address or DNS name for the ThreatMapper management console and an API key. + +Copy and paste the following (single project or multiple projects) into a new file cloud-scanner.tf. Edit the fields: region, mgmt-console-url and deepfence-key. + +### Single Project + +```terraform +module "cloud-scanner_example_single-project" { + source = "deepfence/cloud-scanner/gcp//examples/single-project" + version = "0.6.0" + name = "deepfence-cloud-scanner" + # mgmt-console-url: deepfence.customer.com or 22.33.44.55 + mgmt-console-url = "" + mgmt-console-port = "443" + deepfence-key = "" + # GCP Project Name (Optional, for easy identification) + project_name = "" + image_name = "us-east1-docker.pkg.dev/deepfenceio/deepfence/cloud_scanner_ce:2.3.1" + # project_id example: dev1-123456 + project_id = "" + # region example: asia-east1 + region = "" + # Optional for private ip console + # Name of vpc network in which the management console was deployed + vpc = "" + # Optional for private ip console + # IP CIDR range for the connector to above vpc + # Example: 11.0.0.0/28 + ip_cidr_range_svpca = "" + cpu = "2" + memory = "4096Mi" + labels = { + name = "deepfence-cloud-scanner" + } +} +``` + +### Multiple Projects (Organization Deployment) + +```terraform +module "cloud-scanner_example_multiple-projects" { + source = "deepfence/cloud-scanner/gcp//examples/multi-project" + version = "0.6.0" + name = "deepfence-cloud-scanner" + # org_domain: root project name + org_domain = "" + # mgmt-console-url: deepfence.customer.com or 22.33.44.55 + mgmt-console-url = "" + mgmt-console-port = "443" + deepfence-key = "" + image_name = "us-east1-docker.pkg.dev/deepfenceio/deepfence/cloud_scanner_ce:2.3.1" + # project_id example: dev1-123456 + project_id = "" + # region example: asia-east1 + region = "" + # Optional for private ip console + # Name of vpc network in which the management console was deployed + vpc = "" + # Optional for private ip console + # IP CIDR range for the connector to above vpc + # Example: 11.0.0.0/28 + ip_cidr_range_svpca = "" + cpu = "4" + memory = "8192Mi" + labels = { + name = "deepfence-cloud-scanner" + } +} +``` + +Ensure that the `name` parameter is set to some unique string to avoid collision with existing resource names in the project of deployment + +Then run +```shell +terraform init +terraform plan +terraform apply +``` + +To connect to a private ip console on a vpc, this deployment will create a serverless vpc connector. Specify the vpc name of console and ip_cidr_range with a mask of /28 for the connector, default is 11.0.0.0/28. +For full details, refer to the `examples` provided in the GitHub repository: https://github.com/deepfence/terraform-gcp-cloud-scanner + +Ensure that the `name` parameter is set to some unique string to avoid collision with existing resource names in the project of deployment + +## Cloud Scanner on GKE Cluster + +:::info + +**Pre-requisite:** +1. GKE cluster with workload identity enabled. + + ([refer here for gke documentation on how to enable workload identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity)) + +2. gcloud cli is configured and is able to access the required project where cloud scanner will be deployed + +::: + +Cloud Scanner is deployed as a pod within your GKE cluster + +You need to configure Terraform with the appropriate resources and inputs for your particular scenario, and you will need to provide the IP address or DNS name for the ThreatMapper management console and an API key. + +Copy and paste the following (single project or multiple projects) into a new file cloud-scanner.tf. Edit the fields: region, mgmt-console-url and deepfence-key. + +### Single Project Cloud Scanner on GKE Cluster with workload identity + +```terraform +data "google_client_config" "current" {} + +# target cluster to deploy cloud scanner +data "google_container_cluster" "target_cluster" { + name = "" + location = "" + project = "" +} + +module "cloud_scanner_example_single_project" { + source = "deepfence/cloud-scanner/gcp//examples/gke" + version = "0.7.2" + gke_host = "https://${data.google_container_cluster.target_cluster.endpoint}" + gke_token = data.google_client_config.current.access_token + gke_cluster_ca_certificate = base64decode(data.google_container_cluster.target_cluster.master_auth[0].cluster_ca_certificate,) + name = "deepfence-cloud-scanner" + # mgmt-console-url: deepfence.customer.com or 22.33.44.55 + mgmt-console-url = "" + deepfence-key = "" + image_name = "us-east1-docker.pkg.dev/deepfenceio/deepfence/cloud_scanner_ce" + image_tag = "2.3.1" + # project_id example: dev1-123456 + project_id = "" + # region example: asia-east1 + region = "" + # target gke cluster to deploy cloud scanner + cluster_name = "" + # target gke cluster location + cluster_location = "" +} +``` + +### Multiple Project Cloud Scanner on GKE Cluster with workload identity + +```terraform + +data "google_client_config" "current" {} + +# target cluster to deploy cloud scanner +data "google_container_cluster" "target_cluster" { + name = "" + location = "" + project = "" +} + +module "cloud_scanner_example_multiple_project" { + source = "deepfence/cloud-scanner/gcp//examples/gke" + version = "0.7.2" + name = "deepfence-cloud-scanner" + gke_host = "https://${data.google_container_cluster.target_cluster.endpoint}" + gke_token = data.google_client_config.current.access_token + gke_cluster_ca_certificate = base64decode(data.google_container_cluster.target_cluster.master_auth[0].cluster_ca_certificate,) + # mgmt-console-url: deepfence.customer.com or 22.33.44.55 + mgmt-console-url = "" + deepfence-key = "" + image_name = "us-east1-docker.pkg.dev/deepfenceio/deepfence/cloud_scanner_ce" + image_tag = "2.3.1" + # project_id example: dev1-123456 + project_id = "" + # region example: asia-east1 + region = "" + # target gke cluster to deploy cloud scanner + cluster_name = "" + # target gke cluster location + cluster_location = "" + isOrganizationDeployment = true + # project id where the cloud scanner is deployed + deployedAccountID = "" + # organization project id + organizationAccountID = "" +} +``` + +## Cloud Scanner on GCP Compute Instance + +:::info + +**Pre-requisite:** +1. GKE cluster with workload identity enabled. + + ([refer here for gke documentation on how to enable workload identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity)) + +2. gcloud cli is configured and is able to access the required project where cloud scanner will be deployed +3. Install docker and docker compose on the gcp compute instance([refer docker documentation for installation instructions](https://docs.docker.com/engine/install/)) +4. If an existing gcp compute instance is used, check if docker and docker compose plugins are installed on the gcp compute instance. + +::: + +1. Copy and paste the following (single project or multiple projects) into a new file cloud-scanner.tf. Edit the fields: PROJECT_ID and update service account name if required. + + - Single Project Cloud Scanner on GCP compute instance with service account + + ```terraform + data "google_client_config" "current" {} + + module "cloud_scanner_example_single_project" { + source = "deepfence/cloud-scanner/gcp//examples/gce-vm" + version = "0.7.2" + # gcp service account name + name = "deepfence-cloud-scanner" + # project_id example: dev1-123456 + project_id = "" + } + + output "service_account_email" { + value = module.cloud_scanner_example_single_project.service_account_email + } + ``` + + - Multiple Project Cloud Scanner on GCP compute instance with service account + + ```terraform + data "google_client_config" "current" {} + + module "cloud_scanner_example_multiple_project" { + source = "deepfence/cloud-scanner/gcp//examples/gce-vm" + version = "0.7.2" + # gcp service account name + name = "deepfence-cloud-scanner" + # project_id example: dev1-123456 + project_id = "" + # org mode for multiple projects + isOrganizationDeployment = true + } + + output "service_account_email" { + value = module.cloud_scanner_example_multiple_project.service_account_email + } + ``` +2. Apply the terraform script and note the service account from the output +3. Stop the gcp compute instance and update the service account in `API and identity management` select the service account create by the terraform script and select option `Allow full access to all Cloud APIs`, save the config and start the instance, if creating a new instance these options can be set while creating the instance +![gcp-vm-service-account](../img/gcp-vm-service-account.png) +4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url + ``` + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml + ``` + ```bash + mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml + ``` +5. Update the account details and console details in the docker-compose.yaml + ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1 + environment: + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" + CLOUD_PROVIDER: "gcp" + CLOUD_REGION: "" + CLOUD_ACCOUNT_ID: "" + DEPLOYED_ACCOUNT_ID: "" + CLOUD_ACCOUNT_NAME: "" + ORGANIZATION_DEPLOYMENT: false + CLOUD_ORGANIZATION_ID: "" + ROLE_NAME: "" + CLOUD_AUDIT_LOG_IDS: "" + HTTP_SERVER_REQUIRED: "false" + SUCCESS_SIGNAL_URL: "" + DF_LOG_LEVEL: info + SCAN_INACTIVE_THRESHOLD: "21600" + CLOUD_SCANNER_POLICY: "" + ``` +6. Start the cloud scanner using docker compose + ``` + docker compose up -d + ``` + +## What Compliance Scans are Performed? + +ThreatMapper builds on a large library of **controls** - these are specific requirements and matching tests. For example, you will find controls that correspond to best-practice configurations of access to assets, such as enabling TLS access and blocking plain-text HTTP. + +Controls are grouped into **benchmarks**. Where multiple benchmarks are available, controls may be used by several benchmarks. + +When you run a compliance scan, you can select which benchmarks you wish to measure against, and ThreatMapper will then evaluate the appropriate controls and present the results, by benchmark, once the scan has completed. + +For full information, refer to [Operations: Compliance Scanning](/docs/operations/compliance). + +:::tip Maximizing Coverage +For maximum coverage, you can use both Cloud Scanner and local Sensor Agent compliance scans together. You could scan your GCP infrastructure using Cloud Scanner, and [scan selected VMs deployed within GCP](other) using the Sensor Agent. +::: diff --git a/docs/versioned_docs/version-v2.3/cloudscanner/index.md b/docs/versioned_docs/version-v2.3/cloudscanner/index.md new file mode 100644 index 0000000000..e77634c98e --- /dev/null +++ b/docs/versioned_docs/version-v2.3/cloudscanner/index.md @@ -0,0 +1,23 @@ +--- +title: Preparing for Compliance Posture Scanning +--- + +# Preparing for Compliance Posture Scanning + +Cloud Compliance posture scanning uses a Compliance Scanner task which is installed in your monitored cloud instances. + +The Cloud Scanner task interacts with the local cloud APIs under the instruction of the remote management console. This architecture removes the need to open up cloud APIs to remote (over the internet) clients, where security is harder to achieve. + +## Before You Begin + +Review the architecture for compliance scanning, as described in [Architecture: Cloud Scanner task](/docs/architecture/cloudscanner). + + +## Configuring Cloud Posture Management + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/cloudscanner/other.md b/docs/versioned_docs/version-v2.3/cloudscanner/other.md new file mode 100644 index 0000000000..10558a569a --- /dev/null +++ b/docs/versioned_docs/version-v2.3/cloudscanner/other.md @@ -0,0 +1,23 @@ +--- +title: Other Platforms +--- + +# Posture Scanning on Other Platforms + +ThreatMapper can perform compliance posture scanning on linux hosts and Kubernetes master and worker nodes. + +Scanning is done directly, using a local [Sensor Agent](/docs/sensors) rather than by using the Cloud Scanner task employed by the cloud platform integrations. + +## What Compliance Scans are Performed? + + +The sensor agent has direct visibility into the configuration of the base operating system, and can detect a wide range of compliance deviations that are not visible through an API. ThreatMapper can apply general and specific compliance **benchmarks**, including PCI, HIPAA, and NIST (Kube-master and Kube-slave). These benchmarks each select from a library of **controls** that cover best practices for Linux, Docker, Kubernetes (master and slave nodes) and well-known services. + +When you run a compliance scan, you can select which benchmarks you wish to measure against, and ThreatMapper will then evaluate the appropriate controls and present the results, by benchmark, once the scan has completed. + +For full information, refer to [Operations: Compliance Scanning](/docs/operations/compliance). + + +:::tip Maximizing Coverage +For maximum coverage, you can use both Cloud Scanner and Sensor Agent compliance scans together. You could scan your cloud infrastructure using Cloud Scanner, and scan selected VMs deployed within that infrastructure using the Sensor Agent. +::: \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/console/database-export-import.md b/docs/versioned_docs/version-v2.3/console/database-export-import.md new file mode 100644 index 0000000000..51aae31a60 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/console/database-export-import.md @@ -0,0 +1,104 @@ +--- +title: Database Export and Import +--- + +## Postgres DB Export and Import + +Export PostgreSQL data from one management console and import in another console + +### Export + +Connect to old management console / database, run following commands to export + +* Step 1: Login to the host running the postgres docker instance. +* Step 2: Docker exec into the postgres instance using the below command: + + ```shell + docker exec -it deepfence-postgres /bin/bash + ``` +* Step 3: Run the backup script from inside the postgres container as follows: + + ```shell + /usr/local/bin/pg-export.sh + ``` + This will create a backup file `/data/pg_data.dump` inside the container. +* Step 4: Copy the postgres backup file created above to host or any intermediate location + +### Import + +* Step 1: Copy the backup file from intermediate location to the target machine using scp (or similar commands) +* Step 2: Login to the target machine and copy the backup file in to the running postgres container using below command: + + ```shell + docker cp pg_data.dump deepfence-postgres:/ + ``` +* Step 3: Take a bash session of the running postgres container using the below command: + + ```shell + docker exec -it deepfence-postgres /bin/bash + ``` +* Step 4: Run the restore script from inside the postgres docker instance as follows: + + ```shell + /usr/local/bin/pg-import.sh /pg_data.dump + ``` + +### Steps for Kubernetes: + +The steps for kubernetes remains similar to the above. +For Kubernetes, we will have to use `kubectl` utility to: +* Copy the file from and to the pod. +* Take a bash session of the pod + + +## Neo4J Graph Database Export and Import + +Export Neo4J data from one management console and Import data in another console + +### Export + +* Step 1: Login to the host running the neo4j docker instance. +* Step 2: Docker exec into the neo4j instance using the below command: + + ```shell + docker exec -it deepfence-neo4j /bin/bash + ``` +* Step 3: Run the backup script from inside the neo4j docker instance as follows: + + ```shell + /usr/local/bin/backup_neo4j.sh + ``` + This will create a backup file inside the container. + The name of the file will be of the format: `neo4j_backup_` + Also, the script will print the name of the file on the stdout. +* Step 4: Copy the neo4j backup file created above to host or any intermediate location + +### Import + +* Step 1: Copy the backup file from intermediate location to the target machine using scp (or similar commands) +* Step 2: Login to the target machine and copy the backup file in to the running neo4j container using below command: + + ```shell + docker cp deepfence-neo4j:/ + ``` +* Step 3: Take a bash session of the running neo4j container using the below command: + + ```shell + docker exec -it deepfence-neo4j /bin/bash + ``` +* Step 4: Run the restore script from inside the neo4j docker instance as follows: + + ```shell + /usr/local/bin/load_backup_neo4j.sh / + ``` + e.g.: + ```shell + /usr/local/bin/load_backup_neo4j.sh /neo4j_backup_2023-11-17_10-25-28 + ``` + +### Steps for Kubernetes: + +The steps for kubernetes remains similar to the above. +For Kubernetes, we will have to use `kubectl` utility to: +* Copy the file from and to the pod. +* Take a bash session of the pod diff --git a/docs/versioned_docs/version-v2.3/console/docker.md b/docs/versioned_docs/version-v2.3/console/docker.md new file mode 100644 index 0000000000..e631832ffe --- /dev/null +++ b/docs/versioned_docs/version-v2.3/console/docker.md @@ -0,0 +1,48 @@ +--- +title: Docker Installation +--- + +# Docker Installation + +:::info[Neo4j Upgrade] +Neo4j version was upgraded to v5.x (from v4.4). + +Please follow [these](upgrade-from-v2.1.md) steps before upgrading the management console version. +::: + +The quickest and easiest way to install the ThreatMapper Management Console is to use the pre-built images. These instructions use pre-built ThreatMapper containers from [DockerHub](https://hub.docker.com/u/deepfenceio). + +You can install the Management Console on a single Docker host or [in a dedicated Kubernetes cluster](kubernetes). + +## Install the ThreatMapper Management Console - Single Docker Host + +The following instructions explain how to get started with a docker-based installation on a single host system: + +1. Download the file [docker-compose.yml](https://github.com/deepfence/ThreatMapper/blob/release-2.3/deployment-scripts/docker-compose.yml) to the system that will host the Console + + ```bash + wget https://github.com/deepfence/ThreatMapper/raw/release-2.3/deployment-scripts/docker-compose.yml + ``` + +2. Execute the following command to install and start the latest build of the Console + + ```bash + docker compose up -d + ``` + +Now proceed to the [Initial Configuration](initial-configuration). + +## Uninstall the ThreatMapper Management Console + +Remove the ThreatMapper Management Console as follows: + +```bash +docker compose down +``` + +You can then prune the images and volumes if they are no longer required: + +```bash +docker image prune +docker volume prune +``` diff --git a/docs/versioned_docs/version-v2.3/console/index.md b/docs/versioned_docs/version-v2.3/console/index.md new file mode 100644 index 0000000000..a3346ce5fc --- /dev/null +++ b/docs/versioned_docs/version-v2.3/console/index.md @@ -0,0 +1,35 @@ +--- +title: Management Console +--- + +# The ThreatMapper Management Console + +The ThreatMapper Management Console ("Console") is a standalone application, implemented as a fleet of containers. It should be deployed on either a single docker host, or (for larger deployments) a dedicated Kubernetes cluster. + +## Before You Begin + +Review the architecture for the Management Console, as described in [Architecture: Management Console](/docs/architecture/console). + +Review the requirements for the Management Console, as described in [System Requirements](/docs/console/requirements). + + +## Installing the Management Console + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + item.label.includes( "Installation" ) )}/> +``` + +## Post-Installation Tasks + +```mdx-code-block + item.label.includes( "Installation" ) == false && item.label.includes( "Troubleshooting" ) == false )}/> +``` + +## Troubleshooting + +```mdx-code-block + item.label.includes( "Troubleshooting" ) == true )}/> +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/console/initial-configuration.md b/docs/versioned_docs/version-v2.3/console/initial-configuration.md new file mode 100644 index 0000000000..f5cf96810b --- /dev/null +++ b/docs/versioned_docs/version-v2.3/console/initial-configuration.md @@ -0,0 +1,118 @@ +--- +title: Initial Configuration +--- + +# Initial Configuration + +Once you have installed the Management Console, you need to register an admin user and obtain the API key needed by the ThreatMapper sensors. You can also configure the URL for the Management Console, and provide your own TLS certificates. + +:::tip +You will need the IP address for the management console: + +* On a Docker host, you can find the external, routable IP address of the host using `hostname -I`. +* On a Kubernetes host, find the external IP address of the load balancer for the `deepfence-console-router` service (`kubectl get --namespace deepfence-console svc -w deepfence-console-router`). +::: + +## Initial Configuration + +1. Open the Console in a browser (https://your-ip-address/): + + | ![Initial Login](../img/registration-1.png) | + |:-------------------------------------------:| + | Initial Login | + + You will likely encounter a warning about an invalid SSL/TLS certificate, because the console is using an internally-generated self-signed cert. You can bypass that warning. See below for how to provide your own TLS certificate. + +2. Create a new account. Once one user has been registered, additional users are added by invitation from an admin user: + + | ![Account Registration](../img/registration-2.png) | + |:--------------------------------------------------:| + | Account Registration | + + Account Registration details are private to your Management Console, and are not shared with Deepfence or other third parties. + +## Obtain the API Key + +The API key is used to authenticate remote sensor agents and cloud scanner tasks. Go to `Settings` -> `User Management` and make note of the API key; you will need it when deploying the Deepfence sensors. + +| ![API Key](../img/api-key.png) | +|:------------------------------:| +| View the API key | + +For your convenience, the console also displays the specific commands to perform a default installation of the Deepfence Sensor Agents on Docker and Kubernetes hosts, pre-filled with the API key and management console URL data: + +| ![Agent Setup](../img/agent-setup.png) | +|:--------------------------------------:| +| Agent Setup | + +| ![Agent Setup](../img/agent-setup-2.png) | +|:----------------------------------------:| +| Agent Setup for Docker | + +## Updating Threat Intel Data + +Console installations are preconfigured with threat intel data. Once the Console has started, it will update its Threat Intel feed data; this can take several minutes, and is updated daily. + +## Configuring Access to the Management Console (optional) + +By default, the Management Console is accessed by IP address (`https://ip-address/`) and uses a self-signed certificate. + +You can configure the URL used to access the Management Console, and you can provide your own TLS certificate: + +### Configuring the URL + +This is updated automatically. The URL set here is when sending password reset emails and user invite emails. + +To update manually, go to **Settings** > **Global Settings** and edit the **Deepfence Console URL**. + +### Using your own TLS certificates - Docker + +On the console machine, place the certificate and private key in `/etc/deepfence/certs` folder. Deepfence looks for the file with `.key` and `.crt` extensions on the specified location on the host: + +```bash +# Provide the SSL key and cert, for example, using OpenSSL to create a self-signed pair +sudo openssl req -x509 -newkey rsa:4096 \ + -keyout /etc/deepfence/certs/sslkey.key -out /etc/deepfence/certs/sslcert.crt \ + -days 365 -nodes + +# restart the management console to use the new TLS certificate +docker-compose -f docker-compose.yml down +docker-compose -f docker-compose.yml up -d +``` + +### Using your own TLS certificates - Kubernetes + +- To configure certificates in values file use below format +```yaml +router: + # Use custom ssl certificate for Deepfence UI + # custom certificates can be configured using two options + # existing secret or base64 encoded cert and key string + # provide one off the two options to configure custom certificates + tls: + # provide secret name which contains tls cert and key + # reference: https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets + # make sure to create secret in the same namespace as that of the console + secretName: "" + # embed given cert and key as secret and mount to router pod + # provide certificate and key in below example format + cert: |- + -----BEGIN CERTIFICATE----- + MIIFCTCCAvGgAwIBAgIUNshy8GFTjfUR7inZ1JCcN+tDuh4wDQYJKoZIhvcNAQEL + ..... + BMepE4d9+TQFcPQ/OKSlP8FB2nPKZJdM+JlXDFWqeKvbdYS4QErRLd33qUmq + -----END CERTIFICATE----- + key: |- + -----BEGIN PRIVATE KEY----- + MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDECeUraonCz/89 + ..... + bHEvWp7ugCTFhurM+lla0d+ElDO2 + -----END PRIVATE KEY----- +``` + +- If you already have a tls certificate available on cluster in the same namespace as that of the console as tls secret, then pass the name of the secret to helm chart values as shown in below example +```yaml +router: + tls: + secretName: console-tls-certs +``` diff --git a/docs/versioned_docs/version-v2.3/console/kubernetes.md b/docs/versioned_docs/version-v2.3/console/kubernetes.md new file mode 100644 index 0000000000..ed5d9e1979 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/console/kubernetes.md @@ -0,0 +1,200 @@ +--- +title: Kubernetes Installation +--- + +# Kubernetes Installation + +:::info[Neo4j Upgrade] +Neo4j version was upgraded to v5.x (from v4.4). + +Please follow [these](upgrade-from-v2.1.md) steps before upgrading the management console version. +::: + +You can install the Management Console on a [single Docker host](docker) or in a dedicated Kubernetes cluster. + + +## Prerequisites + +1. Install and configure **kubectl** and **helm** cli to access the kubernetes cluster where ThreatMapper console is installed + +2. **Configure Persistent Volume**: + + ### Cloud Managed + + If the Kubernetes cluster is hosted in a cloud provider, it is recommended to use cloud managed storage + ``` + kubectl get storageclass + ``` + | Cloud Provider | Storage Class | + |----------------|---------------------------------------------------------------------| + | AWS | gp3 (https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html) | + | GCP | standard | + + ### Self-Managed + + If using on-prem kubernetes cluster install and configure a self hostage storage provider like [openebs](https://openebs.io/docs/quickstart-guide/installation), [longhorn](https://longhorn.io/docs/1.6.2/deploy/install/), etc. + +3. **Install the metrics server** (optional) + + If the metrics server is not already installed (```kubectl get deployment metrics-server -n kube-system```), install as follows: + + ```bash + kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml + ``` + +## Install the ThreatMapper Management Console + +The following instructions explain how to install the ThreatMapper console on a Kubernetes Cluster, and configure external access to the Console. + + +1. **Add Deepfence helm charts repo** + + ```bash + helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper + helm repo update + ``` + +2. **Install the ThreatMapper Console** + + ```bash + # helm show values deepfence/deepfence-console --version 2.3.1 | less + + helm install deepfence-console deepfence/deepfence-console \ + --set global.imageTag=2.3.1 \ + --set global.storageClass=gp3 \ + --namespace deepfence-console \ + --create-namespace \ + --version 2.3.1 + ``` + + ... and wait for the pods to start up: + + ```bash + kubectl get pods --namespace deepfence-console -o wide -w + ``` + +3. To access ThreatMapper connsole install ```deepfence-router``` helm chart, this creates a `Loadbalancer` type service, the consle can be accessed over the loadbalancer created. + + To create a ingress service refer section [Deploy Router Helm Chart With Ingress Enabled](#deploy-router-helm-chart-with-ingress-enabled) + + ```bash + # helm show values deepfence/deepfence-router --version 2.3.1 + + helm install deepfence-router deepfence/deepfence-router \ + --namespace deepfence-console \ + --create-namespace \ + --version 2.3.1 + ``` + + ... and wait for the cloud platform to deploy an external load-balancer: + + ```bash + kubectl get svc -w deepfence-console-router --namespace deepfence-console + ``` + +Now proceed to the [Initial Configuration](initial-configuration). + +## Customise the Helm deployment + +### Console Helm Chart + +1. Save the helm chart values to file + + ```bash + helm show values deepfence/deepfence-console --version 2.3.1 > deepfence_console_values.yaml + ``` + + :::info + All the supported helm chart values are documentd in the `deepfence_console_values.yaml` file generated when above command is run + ::: + +2. Update the `deepfence_console_values.yaml` file as required to change the database password, resource requests, pod/service annotations etc,. + + Check instructions on [Managed Database](managed-database) section for using external database with console + +3. Use the updated values file to deploy the ThreatMapper Console + + ```bash + helm install -f deepfence_console_values.yaml deepfence-console deepfence/deepfence-console \ + --namespace deepfence-console \ + --create-namespace \ + --version 2.3.1 + ``` + +### Router Helm Chart + + +1. Save the helm chart values to file + + ```bash + helm show values deepfence/deepfence-router --version 2.3.1 > deepfence_router_values.yaml + ``` + + :::info + All the supported helm chart values are documentd in the `deepfence_router_values.yaml` file generated when above command is run + ::: + +2. Update the `deepfence_router_values.yaml` file as required to enable seperate serivce for agents access or to enable ingress + +3. Use the updated values file to deploy the ThreatMapper Console Router + + ```bash + helm install -f deepfence_router_values.yaml deepfence-router deepfence/deepfence-router \ + --namespace deepfence-console \ + --create-namespace \ + --version 2.3.1 + ``` + +### Deploy Router Helm Chart With Ingress Enabled + +1. Install the supported ingress controller service on the cluster + +2. Save the helm chart values to file + + ```bash + helm show values deepfence/deepfence-router --version 2.3.1 > deepfence_router_values.yaml + ``` + + :::info + All the supported helm chart values are documentd in the `deepfence_router_values.yaml` file generated when above command is run + ::: + +3. Update the `deepfence_router_values.yaml` file to enable ingress set `service.type=Ingress` and updated the ingress section according to the ingress cotroller installed on the cluster, below example assumes nginx ingress controller + + ```yaml + service: + name: deepfence-console-router + type: Ingress # LoadBalancer/NodePort/Ingress/ClusterIP + + # ingress configuration for console + ingress: + ## name of the ingress class for ingress provider installed on the cluster, cannot be empty + ## Example: nginx + class: nginx + ## host example: threat.example.com + host: "threatmapper.example.com" + ## annotations to customize ingress + annotations: + ## nginx ingress annotations + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: 200m + ``` + +3. Use the updated values file to deploy the ThreatMapper Console Router + + ```bash + helm install -f deepfence_router_values.yaml deepfence-router deepfence/deepfence-router \ + --namespace deepfence-console \ + --create-namespace \ + --version 2.3.1 + ``` + +## Delete the ThreatMapper Management Console + +To delete the ThreatMapper Management Console + + ```bash + helm delete deepfence-router -n deepfence-console + helm delete deepfence-console -n deepfence-console + ``` diff --git a/docs/versioned_docs/version-v2.3/console/manage-users.md b/docs/versioned_docs/version-v2.3/console/manage-users.md new file mode 100644 index 0000000000..1b763af815 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/console/manage-users.md @@ -0,0 +1,73 @@ +--- +title: Managing Users +--- + +# Managing Users + +The first Management Console user is created through the [Initial Registration](initial-configuration) process. This is a one-time process; further users must be invited to the Console by an existing Admin user. + +An admin user can invite users by two methods: + + * Generate an invitation link for a named email address, and then provide that link to the user + * Configure an email relay for the Management Console, then use the Management Console to invite users by email + +## Generate an Invitation Link + +1. Go to **Settings** > **User Management** and select **Send Invite** + +2. Enter the user's email, select the desired role, and click "Get an invite link" + +3. Copy-and-paste the invite link and share it with the user. Links are valid for a short period of time only. + + +## Invite via Email + +You should configure an Email relay first, so that invitation emails can be sent. + +1. Go to **Settings** > **Email Configuration** + +2. Select the mailer type + +### Configuring Google SMTP + +:::info +For more information, see [Set up a device or app to send email through Google Workspace](https://support.google.com/a/answer/176600?hl=en#zippy=%2Cuse-the-gmail-smtp-server). +::: + +First, provide: + + * An appropriate Google Workspace email address (one for which you can generate an App Password) + * The SMTP server and port, for example `smtp.google.com`, port `465` + +You will need to generate an **App Password**: + + * Go to [https://myaccount.google.com/apppasswords](https://myaccount.google.com/apppasswords) + * Under **Select App**, chose **Others** and enter a name, for example, "ThreatMapper" + * Click the **Generate** button. + +If the 'App Password' facility is not available, please refer to your Google Workspace administrator. + +Copy the password that has been generated, and enter it into **App Password** field. Save settings. + +### Configuring AWS SES + +:::info +For more information, see [Using Amazon Simple Email Service](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email.html). +::: + + * Provide an email address to identify the email sender + * Specify an [AWS SES Region](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/regions.html) + * Provide the Access and Secret keys (see here: [Programmatic Access](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys)) + +Save the email configuration. + +### Sending Invitations to New Users + +Go to **Settings** > **User Management** and select **Send Invite**. Provide: + + * The email address of the user to invite + * The role the user should be given + +This will send an invitation to the user with a registration link (URL). The URL is valid for 24 hours only. + + diff --git a/docs/versioned_docs/version-v2.3/console/managed-database.md b/docs/versioned_docs/version-v2.3/console/managed-database.md new file mode 100644 index 0000000000..de274cc929 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/console/managed-database.md @@ -0,0 +1,134 @@ +--- +title: Managed Database +--- + +# Managed PostgreSQL, Neo4j and File Server + +For production deployment of Deepfence Management Console, we recommend using cloud/vendor managed PostgreSQL and Neo4j services. + +## Neo4j + +Please use the following settings to configure the Neo4j AuraDB Professional / Enterprise service + +| Option | Recommended Value | +|---------|-------------------| +| Memory | 8GB | +| CPU | 2 CPU | +| Storage | 16GB | + +In `docker-compose.yml`, set the values for postgresql accordingly. +```yaml +x-service-variables: &common-creds + DEEPFENCE_NEO4J_USER: neo4j + DEEPFENCE_NEO4J_PASSWORD: + NEO4J_AUTH: neo4j/ + DEEPFENCE_NEO4J_BOLT_PORT: 7687 + DEEPFENCE_NEO4J_HOST: abcdefgh.databases.neo4j.io +``` + +## PostgreSQL + +### AWS RDS + +Please use the following settings to configure the Elasticsearch service + +| Option | Recommended Value | +|-------------------------|------------------------------------------------------| +| Engine | PostgreSQL | +| Version | 13.7-R1 or above | +| Availability | Single DB instance / Multi-AZ DB instance | +| Credentials | Set username and password | +| DB instance class | db.m6i.large / db.t3.medium or better | +| Storage type | Provisioned IOPS SSD | +| Allocated storage | >= 100 | +| Provisioned IOPS | >= 3000 | +| Public access | No (provide access only to management console nodes) | +| Database authentication | Password authentication | +| Initial database name | deepfence | + +### Docker + +In `docker-compose.yml`, set the values for postgresql accordingly. +```yaml +x-service-variables: &common-creds + DEEPFENCE_POSTGRES_USER_DB_USER: postgres + DEEPFENCE_POSTGRES_USER_DB_PASSWORD: + DEEPFENCE_POSTGRES_USER_DB_HOST: pg-db-1.aaaaaa.us-east-1.rds.amazonaws.com + DEEPFENCE_POSTGRES_USER_DB_NAME: deepfence + DEEPFENCE_POSTGRES_USER_DB_PORT: 5432 + DEEPFENCE_POSTGRES_USER_DB_SSLMODE: disable +``` + +### Kubernetes + +1. Create postgres secret and save as `deepfence_postgres_secret.yaml`. Refer `templates/deepfence-console-secrets/postgres.yaml` in the console helm chart for secret format + ```shell + kubectl create namespace deepfence-console + kubectl apply -f deepfence_postgres_secret.yaml -n deepfence-console + ``` +2. Change the values.yaml to not create postgres StatefulSet + ```yaml + postgres: + # Specifies whether a postgres database instance should be created + create: false + # if create false provide name of the existing secret + # secret format refer templates/deepfence-console-secrets/postgres.yaml + secretName: "deepfence-console-secrets-postgres" + ``` +3. Follow [these](kubernetes.md#console-helm-chart) instructions to complete the installation + +## File Server + +ThreatMapper Management Console uses a S3 compatible file server. If you wish to use S3 or other externally managed S3 compatible file server (MinIO, SeaweedFS, etc.), please follow these instructions according to the deployment method + +### Docker + +1. Change the file server URL, port and other parameters as applicable in `docker-compose.yml` + ```yaml + # public bucket with read permissions on objects for hosting vulnerability database + # S3 bucket permissions {"Version":"2012-10-17","Statement":[{"Sid":"database","Effect":"Allow","Principal":"*","Action":"s3:GetObject","Resource":["arn:aws:s3:::/database/*","arn:aws:s3:::/database"]}]} + DEEPFENCE_FILE_SERVER_DB_BUCKET: database + # private bucket to host reports, sbom, etc. + DEEPFENCE_FILE_SERVER_BUCKET: default + # If using S3 or other external file server (MinIO/SeaweedFS), set this to true + DEEPFENCE_FILE_SERVER_EXTERNAL: "true" + # set s3.amazonaws.com if using s3 buckets + DEEPFENCE_FILE_SERVER_HOST: 123.123.123.123 + DEEPFENCE_FILE_SERVER_PORT: 8080 + # uncomment to set access key if using s3 buckets + # DEEPFENCE_FILE_SERVER_USER: fileserveruser + # uncomment to set secret key if using s3 buckets + # DEEPFENCE_FILE_SERVER_PASSWORD: changeme + # set true if https + DEEPFENCE_FILE_SERVER_SECURE: "false" + # set aws s3 bucket region if using s3 buckets + DEEPFENCE_FILE_SERVER_REGION: "" + ``` +2. Remove the following service + ```yaml + deepfence-file-server: + container_name: deepfence-file-server + ``` + +### Kubernetes + +1. Create file server secret and save as `deepfence_fileserver_secret.yaml`. Refer `templates/deepfence-console-secrets/s3.yaml` or `templates/deepfence-console-secrets/fileserver.yaml` in the console helm chart for secret format + ```shell + kubectl create namespace deepfence-console + kubectl apply -f deepfence_fileserver_secret.yaml -n deepfence-console + ``` +2. Change the values.yaml to not create fileserver StatefulSet + ```yaml + fileserver: + # Specifies whether a file server instance should be created + # set this to false if using S3 + create: false + # if create false provide name of the existing secret. + # Secret format refer templates/deepfence-console-secrets/s3.yaml + secretName: "deepfence-console-secrets-fileserver" + + # Set this if external file server is used and create=false + fileServerHost: "123.123.123.123" + fileServerPort: "8080" + ``` +3. Follow [these](kubernetes.md#console-helm-chart) instructions to complete the installation \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/console/requirements.md b/docs/versioned_docs/version-v2.3/console/requirements.md new file mode 100644 index 0000000000..85b79f2244 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/console/requirements.md @@ -0,0 +1,20 @@ +--- +title: System Requirements +--- + +# System Requirements + +The Management Console may be installed on a single Docker host or in a dedicated Kubernetes cluster: + + * A Docker Host is suitable for small-scale deployments, managing up to several hundred production nodes + * A Kubernetes Cluster is suitable for small and large-scale deployments + +| Feature | Requirements (Docker) | Requirements (Kubernetes) | +|-------------------------------------------|---------------------------------------------|-------------------------------------| +| CPU: No of cores | 8 cores | 3 nodes, 4 cores each | +| RAM | 16 GB | 3 nodes, 8 GB each | +| Telemetry and data from Deepfence Sensors | Port 443 (configurable), firewalled | Port 443 (configurable), firewalled | +| Administrative and API access | Port 443 (configurable), firewalled | Port 443 (configurable), firewalled | +| Docker | *Version 20.10.18 (minimum version 18.06.0) | | + +Larger deployments, managing 250 or more production nodes, will require additional CPU and RAM resources. For enterprise-scale deployments, managing 1000+ production nodes, the ThreatMapper Console should be deployed on a Kubernetes cluster of 3 or more nodes. diff --git a/docs/versioned_docs/version-v2.3/console/troubleshooting.md b/docs/versioned_docs/version-v2.3/console/troubleshooting.md new file mode 100644 index 0000000000..06baa46b4e --- /dev/null +++ b/docs/versioned_docs/version-v2.3/console/troubleshooting.md @@ -0,0 +1,47 @@ +--- +title: Troubleshooting +--- + +## Docker configuration in Amazon Linux / RHEL +In Amazon Linux / RHEL, number of open files per container has to be configured. + +```shell +$ cat /etc/sysconfig/docker +# The max number of open files for the daemon itself, and all +# running containers. The default value of 1048576 mirrors the value +# used by the systemd service unit. +DAEMON_MAXFILES=1048576 +# Additional startup options for the Docker daemon, for example: +# OPTIONS=” — ip-forward=true — iptables=true” +# By default we limit the number of open files per container +OPTIONS=" — default-ulimit nofile=1024:4096" +``` +You can change the desired value as below. +```shell +OPTIONS=" — default-ulimit nofile=1024000:1024000" +``` +Restart Docker daemon + +## Reset Password + +If you have not configured [SES / SMTP](manage-users.md#configuring-google-smtp) and need to reset the password, please follow these steps +#### Docker +```shell +docker exec -it deepfence-server bash -c "/usr/local/bin/deepfence_server --reset-password" +``` + +#### Kubernetes + +:::note +If the helm chart name was customized, please change the deployment name accordingly +```shell +kubectl get deploy --namespace deepfence-console +``` +::: + +```shell +kubectl exec -it deploy/deepfence-console-server \ + -c server \ + --namespace deepfence-console \ + -- bash -c "/usr/local/bin/deepfence_server --reset-password" +``` diff --git a/docs/versioned_docs/version-v2.3/console/upgrade-from-v2.1.md b/docs/versioned_docs/version-v2.3/console/upgrade-from-v2.1.md new file mode 100644 index 0000000000..222ca96908 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/console/upgrade-from-v2.1.md @@ -0,0 +1,41 @@ +--- +title: Upgrade from v2.1 +--- + +## Upgrade Neo4j from 4.4 to 5.x + +Please choose upgrade steps by console deployment type (docker or kubernetes) + +### Prerequisite +1. Download [pre-upgrade-to-v5.sh](https://github.com/deepfence/ThreatMapper/blob/release-2.3/deepfence_neo4j/pre-upgrade-to-v5.sh) script to current directory +2. Make `pre-upgrade-to-v5.sh` executable + ``` + chmod +x pre-upgrade-to-v5.sh + ``` + +### Docker +1. Execute below command before upgrading to new release + ``` + docker cp pre-upgrade-to-v5.sh deepfence-neo4j:/startup + docker exec deepfence-neo4j /startup/pre-upgrade-to-v5.sh + ``` +2. Upgrade to new release, wait for scheduler to complete initial neo4j setup, then execute below command + ``` + docker exec deepfence-neo4j /startup/post-upgrade-to-v5.sh + ``` + +### Kubernetes +1. Set variable the below variables + ``` + export NAMESPACE=deepfence-console + export PODNAME=`kubectl get pods -n $NAMESPACE --no-headers -o custom-columns=":metadata.name" | grep neo4j` + ``` +2. Execute below command before upgrading to new release + ``` + kubectl cp -n $NAMESPACE pre-upgrade-to-v5.sh $PODNAME:/startup + kubectl exec -it -n $NAMESPACE $PODNAME -- /startup/pre-upgrade-to-v5.sh + ``` +3. Upgrade to new release, wait for scheduler to complete initial neo4j setup, then execute below command + ``` + kubectl exec -it -n $NAMESPACE $PODNAME -- /startup/post-upgrade-to-v5.sh + ``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/demo.md b/docs/versioned_docs/version-v2.3/demo.md new file mode 100644 index 0000000000..a5f6d59401 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/demo.md @@ -0,0 +1,15 @@ +--- +title: Quickstart Demo +--- + +# Quickstart with the Demo Sandbox + +To get a quick overview of the ThreatMapper UI and operational processes, you can access the Demo sandbox: + + * URL: https://threatmapper.deepfence.show/ + + * Username: `community@deepfence.io` + + * Password: `mzHAmWa!89zRD$KMIZ@ot4SiO` + +The credentials provide read-only access to a live ThreatMapper instance. You can explore the application topology, initiate vulnerability and other scans, review results and inspect the configuration for scanning registries and configuring notifications. diff --git a/docs/versioned_docs/version-v2.3/developers/build.md b/docs/versioned_docs/version-v2.3/developers/build.md new file mode 100644 index 0000000000..cbf7b82c01 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/developers/build.md @@ -0,0 +1,73 @@ +--- +title: Build from Source +--- + +# Build Deepfence ThreatMapper from Source + +## Prerequisites + +Build host: + * 16 Gb RAM, 4 cores to build and run the Deepfence Management Console + * Packages: build tools, `golang`, `docker`, `docker-compose` + +If necessary, enable docker for the user account that will build the Deepfence containers: + +```bash +sudo usermod -aG docker $USER # start new shell, or 'su $USER' for group change to take effect +``` + +## Building the Container Images + +```bash +git clone https://github.com/deepfence/ThreatMapper.git +cd ThreatMapper +make +``` + +The build process will create a number of container images and store these in your local Docker repository. + +## Running the Deepfence Management Console on the local machine + +```bash +cd ThreatMapper/deployment-scripts +docker-compose -f docker-compose.yml up --detach +``` + +Once started, you can point a web browser at `https://--IP-ADDRESS---/` to register a first user on the Deepfence Management Console. See [Initial Configuration](/docs/console/initial-configuration) for more information. + +To stop the Deepfence Management Console: + +```bash +docker-compose -f docker-compose.yml down +``` + +## Push the images to a remote repository + +If you plan to deploy the Management Console or Sensors (`deepfence_agent_ce` and `deepfence_cluster_agent_ce`) on another host, you should push the images to a suitable, accessible repository: + +For example, to push the images to DockerHub: + +```bash +ACC=myorg # the name of the dockerhub account +docker login -u $ACC # log in to the account + +for IMG in \ + deepfence_redis_ce \ + deepfence_postgres_ce \ + deepfence_kafka_broker_ce \ + deepfence_router_ce \ + deepfence_file_server_ce \ + deepfence_server_ce \ + deepfence_worker_ce \ + deepfence_ui_ce \ + deepfence_agent_ce \ + deepfence_cluster_agent_ce \ + deepfence_package_scanner_ce \ + deepfence_malware_scanner_ce \ + deepfence_secret_scanner_ce \ + deepfence_neo4j_ce +do + docker tag deepfenceio/$IMG $ACC/$IMG:latest + docker push $ACC/$IMG:latest +done +``` diff --git a/docs/versioned_docs/version-v2.3/developers/deploy-agent.md b/docs/versioned_docs/version-v2.3/developers/deploy-agent.md new file mode 100644 index 0000000000..2a6af11f82 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/developers/deploy-agent.md @@ -0,0 +1,70 @@ +--- +title: Deploy Sensors +--- + +# Deploy custom ThreatMapper Sensor Agents + +You should first [build the management console and agents](build) and push the images to a suitable repository. You can then adapt the standard installation instructions ([Docker](/docs/sensors/docker), [Kubernetes](/docs/sensors/kubernetes)) to refer to your custom images rather than the Deepfence-provided ones. + + +## Installing and Running the Sensor Agents on a Docker Host + +:::tip +Refer to the [Docker Installation Instructions](/docs/sensors/docker) along with the modifications below. +::: + +Execute the following command to install and start the sensors: + +```bash +ACC=myorg # the name of the dockerhub account +docker login -u $ACC # log in to the account + +docker run -dit \ + --cpus=".2" \ + --name=deepfence-agent \ + --restart on-failure \ + --pid=host \ + --net=host \ + --log-driver json-file \ + --log-opt max-size=50m \ + --privileged=true \ + -v /sys/kernel/debug:/sys/kernel/debug:rw \ + -v /var/log/fenced \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /:/fenced/mnt/host/:ro \ + -e DF_LOG_LEVEL="info" \ + -e USER_DEFINED_TAGS="" \ + -e MGMT_CONSOLE_URL="---CONSOLE-IP---" \ + -e MGMT_CONSOLE_PORT="443" \ + -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ + $ACC/deepfence_agent_ce:2.3.1 +``` + +## Installing and Running the Sensor Agents in a Kubernetes Cluster + +:::tip +Refer to the [Kubernetes Installation Instructions](/docs/sensors/kubernetes) along with the modifications below. +::: + +You can use these instructions for helm-based installations in standalone and hosted Kubernetes clusters + +```bash +helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper +helm repo update + +helm show values deepfence/deepfence-agent --version 2.3.1 > deepfence_agent_values.yaml + +# You will need to update the following values: +# image:name and image:clusterAgentImageName - change the account to point to your images +# managementConsoleUrl and deepfenceKey - specify your IP and API key value +vim deepfence_agent_values.yaml + +helm install -f deepfence_agent_values.yaml deepfence-agent deepfence/deepfence-agent \ + --namespace deepfence \ + --create-namespace \ + --version 2.3.1 +``` + +Allow a few seconds for the containers to pull and deploy in your Kubernetes environment. + +Full instructions can be found in the [Agent helm chart documentation](https://github.com/deepfence/ThreatMapper/tree/main/deployment-scripts/helm-charts/deepfence-agent). diff --git a/docs/versioned_docs/version-v2.3/developers/deploy-console.md b/docs/versioned_docs/version-v2.3/developers/deploy-console.md new file mode 100644 index 0000000000..4007eeb80a --- /dev/null +++ b/docs/versioned_docs/version-v2.3/developers/deploy-console.md @@ -0,0 +1,77 @@ +--- +title: Deploy Console +--- + +# Deploy a custom ThreatMapper Console + +You should first [build the management console](build) and push the images to a suitable repository. You can then adapt the standard installation instructions ([Docker](/docs/console/docker), [Kubernetes](/docs/console/kubernetes)) to refer to your custom images rather than the Deepfence-provided ones. + + + +## Installing and Running the Management Console on a Docker Host + +:::tip +Refer to the [Docker Installation Instructions](/docs/console/docker) along with the modifications below. +::: + +1. Download the file [docker-compose.yml](https://github.com/deepfence/ThreatMapper/blob/release-2.3/deployment-scripts/docker-compose.yml) to the system that will host the Console + + ```bash + wget https://github.com/deepfence/ThreatMapper/raw/release-2.3/deployment-scripts/docker-compose.yml + ``` + +2. Execute the following command to install and start the Console. Note the override to specify your repository `myorg`, rather than the `deepfenceio` default: + + ```bash + ACC=myorg # the name of the dockerhub account + docker login -u $ACC # log in to the account + IMAGE_REPOSITORY=$ACC docker-compose -f docker-compose.yml up --detach + ``` + +## Installing and Running the Management Console in a Kubernetes Cluster + +:::tip +Refer to the [Kubernetes Installation Instructions](/docs/console/kubernetes) along with the modifications below. +::: + +1. Prepare the cluster, installing the storage driver and metrics service + + Follow the instructions to install the OpenEBS storage and metrics server: [Installation Instructions](/docs/console/kubernetes) + + +2. Install your Management Console + + We will install the Management Console using the helm chart, but overriding the repository source for the images: + + ```bash + helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper + helm repo update + + # Create the values file + helm show values deepfence/deepfence-console --version 2.3.1 > deepfence_console_values.yaml + ``` + + Edit the `deepfence_console_values.yaml` file, replacing the `image: repository:` value to point to your repository, and making any other changes as needed. + + Install the management console: + + ```bash + helm install -f deepfence_console_values.yaml deepfence-console deepfence/deepfence-console --version 2.3.1 + ``` + + Full instructions can be found in the [Console helm chart documentation](https://github.com/deepfence/ThreatMapper/tree/main/deployment-scripts/helm-charts/deepfence-console). + +4. Optional: enable external access with the `deepfence-router` package: + + Refer to the instructions to install the [Router](https://github.com/deepfence/ThreatMapper/tree/main/deployment-scripts/helm-charts/deepfence-router), typically as follows: + + ```bash + # Create the values file + helm show values deepfence/deepfence-router --version 2.3.1 > deepfence_router_values.yaml + ``` + + Edit the `deepfence_router_values.yaml` file, replacing the `image: repository:` value to point to your repository, and making any other changes as needed. + + ```bash + helm install -f deepfence_router_values.yaml deepfence-router deepfence/deepfence-router --version 2.3.1 + ``` diff --git a/docs/versioned_docs/version-v2.3/developers/index.md b/docs/versioned_docs/version-v2.3/developers/index.md new file mode 100644 index 0000000000..00cd2ea531 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/developers/index.md @@ -0,0 +1,22 @@ +--- +title: ThreatMapper Architecture +--- + +# ThreatMapper Architecture + +:::info + +Help needed to provide architectural information for developers + +::: + +Resources: + * [How to build Deepfence ThreatMapper](build) + * [How To Use Python Sdk](https://github.com/deepfence/threatmapper-python-client/blob/main/README.md) + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/developers/python-sdk.md b/docs/versioned_docs/version-v2.3/developers/python-sdk.md new file mode 100644 index 0000000000..f884fe9348 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/developers/python-sdk.md @@ -0,0 +1,515 @@ +--- +title: How to Use Python Sdk +--- + +# threatmapper +A client library for accessing Deepfence ThreatMapper + +## How to Install + +```shell +pip install git+https://github.com/deepfence/threatmapper-python-client.git +``` + +## Usage +First, create a client: + +```python +from threatmapper import Client + +client = Client(base_url="YOUR_CONSOLE_URL") +``` + +If the endpoints you're going to hit require authentication, use `AuthenticatedClient` instead: +### Api Key +After Login Go to Settings -> User Management -> Api key + +```python +from threatmapper import AuthenticatedClient + +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="Api Key") +``` + +By default, when you're calling an HTTPS API it will attempt to verify that SSL is working correctly. Using certificate verification is highly recommended most of the time, but sometimes you may need to authenticate to a server (especially an internal server) using a custom certificate bundle. + +```python +from threatmapper import AuthenticatedClient + +client = AuthenticatedClient( + base_url="YOUR_CONSOLE_URL", + token="Api Key", + verify_ssl="/path/to/certificate_bundle.pem", +) +``` + +You can also disable certificate validation altogether, but beware that **this is a security risk**. + +```python + +from threatmapper import AuthenticatedClient + +client = AuthenticatedClient( + base_url="YOUR_CONSOLE_URL", + token="Api Key", + verify_ssl=False +) +``` + +Things to know: +1. Every path/method combo becomes a Python module with four functions: + 1. `sync`: Blocking request that returns parsed data (if successful) or `None` + 2. `sync_detailed`: Blocking request that always returns a `Request`, optionally with `parsed` set if the request was successful. + 3. `asyncio`: Like `sync` but async instead of blocking + 4. `asyncio_detailed`: Like `sync_detailed` but async instead of blocking + +2. All path/query params, and bodies become method arguments. +3. If your endpoint had any tags on it, the first tag will be used as a module name for the function (my_tag above) +4. Any endpoint which did not have a tag will be in `threatmapper.api.default` + +## Advanced customizations + +There are more settings on the generated `Client` class which let you control more runtime behavior, check out the docstring on that class for more info. You can also customize the underlying `httpx.Client` or `httpx.AsyncClient` (depending on your use-case): + +```python +from threatmapper import Client + +def log_request(request): + print(f"Request event hook: {request.method} {request.url} - Waiting for response") + +def log_response(response): + request = response.request + print(f"Response event hook: {request.method} {request.url} - Status {response.status_code}") + +client = Client( + base_url="YOUR_CONSOLE_URL", + httpx_args={"event_hooks": {"request": [log_request], "response": [log_response]}}, +) + +# Or get the underlying httpx client to modify directly with client.get_httpx_client() or client.get_async_httpx_client() +``` + +You can even set the httpx client directly, but beware that this will override any existing settings (e.g., base_url): + +```python +import httpx +from threatmapper import Client + +client = Client( + base_url="YOUR_CONSOLE_URL", +) +# Note that base_url needs to be re-set, as would any shared cookies, headers, etc. +client.set_httpx_client(httpx.Client(base_url="YOUR_CONSOLE_URL", proxies="YOUR_PROXY_URL")) +``` + +### Get Access & Refresh Token With Regular Client + +```python +import json +from threatmapper import Client +from threatmapper.models import ModelApiAuthRequest +from threatmapper.api.authentication import auth_token +from threatmapper.errors import UnexpectedStatus + +# Regular Client SSL Disabled +client = Client(base_url="YOUR_CONSOLE_URL", verify_ssl=False) +#OR +# Regular Client SSL Enabled +client = Client(base_url="YOUR_CONSOLE_URL", verify_ssl="/path/to/certificate_bundle.pem") + +def get_access_refresh_token_sync(): + try: + json_body = ModelApiAuthRequest( + api_token="YOUR_API_KEY" + ) + # If we want minified response + api_response = auth_token.sync(client=client, json_body=json_body) + print(api_response.access_token, api_response.refresh_token) + # If we want detailed response + api_response = auth_token.sync_detailed(client=client, json_body=json_body) + if api_response.status_code == 200: + json_response = json.loads(api_response.content.decode("utf-8")) + print(json_response["access_token"], json_response["refresh_token"]) + else: + raise Exception("") + except UnexpectedStatus as e: + print("Exception when calling get_access_refresh_token_sync->: %s\n" % e) +``` + +Or do the same thing with an async version: + +```python +import json +from threatmapper import Client +from threatmapper.models import ModelApiAuthRequest +from threatmapper.api.authentication import auth_token +from threatmapper.errors import UnexpectedStatus + + +# SSL Disabled +client = Client(base_url="YOUR_CONSOLE_URL", verify_ssl=False) +# OR +# SSL Enabled +client = Client(base_url="YOUR_CONSOLE_URL", verify_ssl="/path/to/certificate_bundle.pem") + +async def get_access_refresh_token_async(): + try: + json_body = ModelApiAuthRequest( + api_token="YOUR_API_KEY" + ) + # If we want minified response + api_response = await auth_token.asyncio(client=client, json_body=json_body) + print(api_response.access_token, api_response.refresh_token) + # If we want detailed response + api_response = await auth_token.asyncio_detailed(client=client, json_body=json_body) + if api_response.status_code == 200: + json_response = json.loads(api_response.content.decode("utf-8")) + print(json_response["access_token"], json_response["refresh_token"]) + else: + raise Exception("") + except UnexpectedStatus as e: + print("Exception when calling get_access_refresh_token_async-> %s\n" % e) +``` + +### Get Token Refresh With Authenticated Client SYNC + +```python +import json +from threatmapper import AuthenticatedClient +from threatmapper.api.authentication import auth_token_refresh +from threatmapper.errors import UnexpectedStatus + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +# OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", + verify_ssl="/path/to/certificate_bundle.pem") + + +def refresh_token_sync(): + try: + # If we want minified response + res = auth_token_refresh.sync(client=client) + print(res.access_token, res.refresh_token) + # If we want Detailed response + res = auth_token_refresh.sync_detailed(client=client) + if res.status_code == 200: + json_response = json.loads(res.content.decode("utf-8")) + print(json_response["access-token"], json_response["refresh-token"]) + else: + raise Exception("") + except UnexpectedStatus as e: + print("Exception when calling refresh_token_sync-> %s\n" % e) +``` + +Or do the same thing with an async version: + +```python +from threatmapper import AuthenticatedClient +from threatmapper.api.authentication import auth_token_refresh +from threatmapper.errors import UnexpectedStatus +import json + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +#OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl="/path/to/certificate_bundle.pem") + +async def refresh_token_async(): + try: + # If we want minified response + res = await auth_token_refresh.asyncio(client=client) + print(res.access_token, res.refresh_token) + # If we want Detailed response + res = await auth_token_refresh.asyncio_detailed(client=client) + if res.status_code == 200: + json_response = json.loads(res.content.decode("utf-8")) + print(json_response["access-token"], json_response["refresh-token"]) + else: + raise Exception("") + except UnexpectedStatus as e: + print("Exception when calling refresh_token_async-> %s\n" % e) +``` + +### Add Gcr Registry + +```python +from threatmapper.types import File +from threatmapper.api.registry import add_registry_gcr +from threatmapper.models import FormDataModelRegistryGCRAddReq +from threatmapper import AuthenticatedClient +from threatmapper.errors import UnexpectedStatus + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +#OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl="/path/to/certificate_bundle.pem") + +def add_gcr_registry(): + try: + name = 'Google Registry' + registry_url = 'YOUR_REGISTRY_URL' + service_account_json = File(payload=open('/path/to/json','rb'), mime_type="application/json", file_name="service.json") + multipart_data=FormDataModelRegistryGCRAddReq(name=name, registry_url=registry_url, service_account_json=service_account_json) + response = add_registry_gcr.sync(client=client, multipart_data=multipart_data) + print(response.message) + except UnexpectedStatus as e: + print("Exception when calling refresh_token_async-> %s\n" % e) + +``` + +### List Hosts + +```python +from threatmapper.api.search import search_hosts +from threatmapper.models import SearchSearchNodeReq +from threatmapper import AuthenticatedClient +from threatmapper.errors import UnexpectedStatus + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +#OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl="/path/to/certificate_bundle.pem") + +def list_hosts(): + try: + payload_dict = { + "node_filter": { + "filters": { + "compare_filter": None, + "contains_filter": { + "filter_in": { + "active": [ + True + ] + } + }, + "match_filter": { + "filter_in": None + }, + "not_contains_filter": { + "filter_in": {} + }, + "order_filter": { + "order_fields": [] + } + }, + "in_field_filter": None, + "window": { + "offset": 0, + "size": 0 + } + }, + "window": { + "offset": 0, + "size": 100 + } + } + json_body = SearchSearchNodeReq.from_dict(payload_dict) + hosts = search_hosts.sync(client=client,json_body=json_body) + agent_host_list = [] + discovered_host_list = [] + for host in hosts: + # If agent is running inside hosts + if host.agent_running: + agent_host_list.append(host.node_id) + else: + discovered_host_list.append(host.node_id) + print(agent_host_list, discovered_host_list) + except UnexpectedStatus as e: + print("Exception when calling list_hosts-> %s\n" % e) + +``` +### List Containers ASYNC + +```python +from threatmapper.api.search import search_containers +from threatmapper.models import SearchSearchNodeReq +from threatmapper import AuthenticatedClient +from threatmapper.errors import UnexpectedStatus + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +#OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl="/path/to/certificate_bundle.pem") + +async def list_containers(): + try: + payload_dict = { + "node_filter": { + "filters": { + "compare_filter": None, + "contains_filter": { + "filter_in": { + "active": [ + True + ] + } + }, + "match_filter": { + "filter_in": None + }, + "not_contains_filter": { + "filter_in": {} + }, + "order_filter": { + "order_fields": [] + } + }, + "in_field_filter": None, + "window": { + "offset": 0, + "size": 0 + } + }, + "window": { + "offset": 0, + "size": 100 + } + } + json_body = SearchSearchNodeReq.from_dict(payload_dict) + containers = await search_containers.asyncio(client=client,json_body=json_body) + for container in containers: + print(container.node_id, container.node_name) + except UnexpectedStatus as e: + print("Exception when calling list_containers-> %s\n" % e) +``` + +### Start Vulnerability Scan ASYNC + +```python +from threatmapper.api.vulnerability import start_vulnerability_scan +from threatmapper.api.search import search_hosts +from threatmapper.models import ModelVulnerabilityScanTriggerReq, SearchSearchNodeReq, ModelScanTriggerResp +from threatmapper import AuthenticatedClient +from threatmapper.errors import UnexpectedStatus +from typing import List + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +#OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl="/path/to/certificate_bundle.pem") + + +def node_config() -> List: + try: + payload_dict = { + "node_filter": { + "filters": { + "compare_filter": None, + "contains_filter": { + "filter_in": { + "active": [ + True + ] + } + }, + "match_filter": { + "filter_in": None + }, + "not_contains_filter": { + "filter_in": {} + }, + "order_filter": { + "order_fields": [] + } + }, + "in_field_filter": None, + "window": { + "offset": 0, + "size": 0 + } + }, + "window": { + "offset": 0, + "size": 100 + } + } + json_body = SearchSearchNodeReq.from_dict(payload_dict) + hosts = search_hosts.sync(client=client,json_body=json_body) + host_list = [] + for host in hosts: + host_list.append({"node_id":host.node_id, "node_type": "host"}) + return host_list + except UnexpectedStatus as e: + print("Exception when calling node_config-> %s\n" % e) + +async def start_vulnerability_scan_on_hosts(): + try: + node_ids = node_config() + payload_dict = { + "filters": { + "cloud_account_scan_filter": { + "filter_in": None + }, + "container_scan_filter": { + "filter_in": None + }, + "host_scan_filter": { + "filter_in": None + }, + "image_scan_filter": { + "filter_in": None + }, + "kubernetes_cluster_scan_filter": { + "filter_in": None + } + }, + "node_ids": node_ids, + "scan_config": [ + { + "language": "base" + }, + { + "language": "java" + }, + { + "language": "javascript" + }, + { + "language": "rust" + }, + { + "language": "golang" + }, + { + "language": "ruby" + }, + { + "language": "python" + }, + { + "language": "php" + }, + { + "language": "dotnet" + } + ] + } + json_body = ModelVulnerabilityScanTriggerReq.from_dict(payload_dict) + response: ModelScanTriggerResp = await start_vulnerability_scan.asyncio(client=client,json_body=json_body) + print(response.scan_ids, response.bulk_scan_id) + except UnexpectedStatus as e: + print("Exception when calling start_vulnerability_scan_on_hosts-> %s\n" % e) +``` + + + +## Building / publishing this package +This project uses [Poetry](https://python-poetry.org/) to manage dependencies and packaging. Here are the basics: +1. Update the metadata in pyproject.toml (e.g. authors, version) +2. If you're using a private repository, configure it with Poetry + 1. `poetry config repositories. ` + 2. `poetry config http-basic. ` +3. Publish the client with `poetry publish --build -r ` or, if for public PyPI, just `poetry publish --build` + +If you want to install this client into another project without publishing it (e.g. for development) then: +1. If that project **is using Poetry**, you can simply do `poetry add ` from that project +2. If that project is not using Poetry: + 1. Build a wheel with `poetry build -f wheel` + 2. Install that wheel from the other project `pip install ` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/img/agent-setup-2.png b/docs/versioned_docs/version-v2.3/img/agent-setup-2.png new file mode 100644 index 0000000000..ab3ea175c7 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/agent-setup-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/agent-setup.png b/docs/versioned_docs/version-v2.3/img/agent-setup.png new file mode 100644 index 0000000000..ba3b26b6f3 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/agent-setup.png differ diff --git a/docs/versioned_docs/version-v2.3/img/api-key.png b/docs/versioned_docs/version-v2.3/img/api-key.png new file mode 100644 index 0000000000..fd8ebb3123 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/api-key.png differ diff --git a/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-1.png b/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-1.png new file mode 100644 index 0000000000..5f31330aae Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-2.png b/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-2.png new file mode 100644 index 0000000000..d31e4eb55d Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-3.png b/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-3.png new file mode 100644 index 0000000000..4e839ca69e Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-4.png b/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-4.png new file mode 100644 index 0000000000..7b4f250ebf Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/cloud-scanner-aws-4.png differ diff --git a/docs/versioned_docs/version-v2.3/img/compliance-scan-1.png b/docs/versioned_docs/version-v2.3/img/compliance-scan-1.png new file mode 100644 index 0000000000..d703f6ae78 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/compliance-scan-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/compliance-scan-2.png b/docs/versioned_docs/version-v2.3/img/compliance-scan-2.png new file mode 100644 index 0000000000..a96aaae3e5 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/compliance-scan-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/compliance-scan-3.png b/docs/versioned_docs/version-v2.3/img/compliance-scan-3.png new file mode 100644 index 0000000000..de66541864 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/compliance-scan-3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/compliance-scan-4.png b/docs/versioned_docs/version-v2.3/img/compliance-scan-4.png new file mode 100644 index 0000000000..8c295148e1 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/compliance-scan-4.png differ diff --git a/docs/versioned_docs/version-v2.3/img/diagnostic-logs.png b/docs/versioned_docs/version-v2.3/img/diagnostic-logs.png new file mode 100644 index 0000000000..5a144ab9e8 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/diagnostic-logs.png differ diff --git a/docs/versioned_docs/version-v2.3/img/fargate-task-1.png b/docs/versioned_docs/version-v2.3/img/fargate-task-1.png new file mode 100644 index 0000000000..f54997bdb2 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/fargate-task-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/fargate-task-2.png b/docs/versioned_docs/version-v2.3/img/fargate-task-2.png new file mode 100644 index 0000000000..30475dbb7b Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/fargate-task-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/fargate-task-3.png b/docs/versioned_docs/version-v2.3/img/fargate-task-3.png new file mode 100644 index 0000000000..cacb70eb2a Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/fargate-task-3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/fargate-task-4.png b/docs/versioned_docs/version-v2.3/img/fargate-task-4.png new file mode 100644 index 0000000000..36267cacd6 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/fargate-task-4.png differ diff --git a/docs/versioned_docs/version-v2.3/img/fargate-task-5.png b/docs/versioned_docs/version-v2.3/img/fargate-task-5.png new file mode 100644 index 0000000000..84f265c6d7 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/fargate-task-5.png differ diff --git a/docs/versioned_docs/version-v2.3/img/fargate-task-6.png b/docs/versioned_docs/version-v2.3/img/fargate-task-6.png new file mode 100644 index 0000000000..47696b642d Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/fargate-task-6.png differ diff --git a/docs/versioned_docs/version-v2.3/img/fargate-task-7.png b/docs/versioned_docs/version-v2.3/img/fargate-task-7.png new file mode 100644 index 0000000000..9fa1c1e9db Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/fargate-task-7.png differ diff --git a/docs/versioned_docs/version-v2.3/img/gcp-vm-service-account.png b/docs/versioned_docs/version-v2.3/img/gcp-vm-service-account.png new file mode 100644 index 0000000000..234b228bb8 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/gcp-vm-service-account.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-elasticsearch.png b/docs/versioned_docs/version-v2.3/img/integrations-elasticsearch.png new file mode 100644 index 0000000000..6b9b2b012c Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-elasticsearch.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-email.png b/docs/versioned_docs/version-v2.3/img/integrations-email.png new file mode 100644 index 0000000000..6412291180 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-email.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-http-endpoint.png b/docs/versioned_docs/version-v2.3/img/integrations-http-endpoint.png new file mode 100644 index 0000000000..08024084d0 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-http-endpoint.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-jira-1.png b/docs/versioned_docs/version-v2.3/img/integrations-jira-1.png new file mode 100644 index 0000000000..cad80d91e8 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-jira-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-jira-2.png b/docs/versioned_docs/version-v2.3/img/integrations-jira-2.png new file mode 100644 index 0000000000..d155ebd3a7 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-jira-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-jira-3.png b/docs/versioned_docs/version-v2.3/img/integrations-jira-3.png new file mode 100644 index 0000000000..82a59d16e6 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-jira-3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-jira-4.png b/docs/versioned_docs/version-v2.3/img/integrations-jira-4.png new file mode 100644 index 0000000000..59733cb5f2 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-jira-4.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-pager-duty-1.png b/docs/versioned_docs/version-v2.3/img/integrations-pager-duty-1.png new file mode 100644 index 0000000000..eefd3bd03c Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-pager-duty-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-pager-duty-2.jpg b/docs/versioned_docs/version-v2.3/img/integrations-pager-duty-2.jpg new file mode 100644 index 0000000000..a0592be6bf Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-pager-duty-2.jpg differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-pager-duty-3.png b/docs/versioned_docs/version-v2.3/img/integrations-pager-duty-3.png new file mode 100644 index 0000000000..137c3361d2 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-pager-duty-3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-s3.png b/docs/versioned_docs/version-v2.3/img/integrations-s3.png new file mode 100644 index 0000000000..72026d511f Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-s3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-slack-1.jpeg b/docs/versioned_docs/version-v2.3/img/integrations-slack-1.jpeg new file mode 100644 index 0000000000..4495ebad6e Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-slack-1.jpeg differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-slack-2.jpeg b/docs/versioned_docs/version-v2.3/img/integrations-slack-2.jpeg new file mode 100644 index 0000000000..1babd3fce7 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-slack-2.jpeg differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-slack-3.jpeg b/docs/versioned_docs/version-v2.3/img/integrations-slack-3.jpeg new file mode 100644 index 0000000000..fa0c59a109 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-slack-3.jpeg differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-slack.png b/docs/versioned_docs/version-v2.3/img/integrations-slack.png new file mode 100644 index 0000000000..2865087c12 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-slack.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-13.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-13.png new file mode 100644 index 0000000000..6fe21ec191 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-13.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-14.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-14.png new file mode 100644 index 0000000000..73c75917a2 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-14.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-15.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-15.png new file mode 100644 index 0000000000..8d479dcc77 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-15.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-16.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-16.png new file mode 100644 index 0000000000..dc74b8859e Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-16.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-17.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-17.png new file mode 100644 index 0000000000..6edc373b1b Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-17.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-18.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-18.png new file mode 100644 index 0000000000..804e7f104f Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-18.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-19.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-19.png new file mode 100644 index 0000000000..aab610c1f2 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-19.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-20.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-20.png new file mode 100644 index 0000000000..ce219d99a9 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-20.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-21.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-21.png new file mode 100644 index 0000000000..51b3e4ec00 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-21.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-22.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-22.png new file mode 100644 index 0000000000..f18ba09063 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-22.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-23.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-23.png new file mode 100644 index 0000000000..e9a275ed5c Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-23.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-24.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-24.png new file mode 100644 index 0000000000..9b58ccd295 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-24.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-splunk-25.png b/docs/versioned_docs/version-v2.3/img/integrations-splunk-25.png new file mode 100644 index 0000000000..8739279905 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-splunk-25.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-1.jpeg b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-1.jpeg new file mode 100644 index 0000000000..f3d60eae7f Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-1.jpeg differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-2.jpeg b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-2.jpeg new file mode 100644 index 0000000000..efed3d0678 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-2.jpeg differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-3.jpeg b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-3.jpeg new file mode 100644 index 0000000000..5f0d63c479 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-3.jpeg differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-4.jpeg b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-4.jpeg new file mode 100644 index 0000000000..ee0dfe410e Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-4.jpeg differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-5.jpeg b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-5.jpeg new file mode 100644 index 0000000000..878ddb3892 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-5.jpeg differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-6.jpeg b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-6.jpeg new file mode 100644 index 0000000000..a0a3167961 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-sumo-logic-6.jpeg differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-teams-1.png b/docs/versioned_docs/version-v2.3/img/integrations-teams-1.png new file mode 100644 index 0000000000..c11fbcad94 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-teams-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-teams-2.png b/docs/versioned_docs/version-v2.3/img/integrations-teams-2.png new file mode 100644 index 0000000000..65e41c1dda Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-teams-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-teams-3.png b/docs/versioned_docs/version-v2.3/img/integrations-teams-3.png new file mode 100644 index 0000000000..e413e1e911 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-teams-3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-threatrx-1.png b/docs/versioned_docs/version-v2.3/img/integrations-threatrx-1.png new file mode 100644 index 0000000000..7774c858ba Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-threatrx-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-threatrx-2.png b/docs/versioned_docs/version-v2.3/img/integrations-threatrx-2.png new file mode 100644 index 0000000000..b69f46b60e Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-threatrx-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-threatrx-3.png b/docs/versioned_docs/version-v2.3/img/integrations-threatrx-3.png new file mode 100644 index 0000000000..94e30823c1 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-threatrx-3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-threatrx-4.png b/docs/versioned_docs/version-v2.3/img/integrations-threatrx-4.png new file mode 100644 index 0000000000..3b40d02139 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-threatrx-4.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations-threatrx-5.png b/docs/versioned_docs/version-v2.3/img/integrations-threatrx-5.png new file mode 100644 index 0000000000..e33b4d5553 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations-threatrx-5.png differ diff --git a/docs/versioned_docs/version-v2.3/img/integrations.png b/docs/versioned_docs/version-v2.3/img/integrations.png new file mode 100644 index 0000000000..e257ef7a36 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/integrations.png differ diff --git a/docs/versioned_docs/version-v2.3/img/malware-scans-1.png b/docs/versioned_docs/version-v2.3/img/malware-scans-1.png new file mode 100644 index 0000000000..e51ead20e2 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/malware-scans-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registration-1.png b/docs/versioned_docs/version-v2.3/img/registration-1.png new file mode 100644 index 0000000000..7dd8bd80bb Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registration-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registration-2.png b/docs/versioned_docs/version-v2.3/img/registration-2.png new file mode 100644 index 0000000000..89630d4e0b Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registration-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registry-1.png b/docs/versioned_docs/version-v2.3/img/registry-1.png new file mode 100644 index 0000000000..86045e1565 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registry-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registry-2.png b/docs/versioned_docs/version-v2.3/img/registry-2.png new file mode 100644 index 0000000000..6cffc608bf Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registry-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registry-3.png b/docs/versioned_docs/version-v2.3/img/registry-3.png new file mode 100644 index 0000000000..49354f001c Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registry-3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registry-ecr-1.png b/docs/versioned_docs/version-v2.3/img/registry-ecr-1.png new file mode 100644 index 0000000000..9b6c6bd0f7 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registry-ecr-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registry-ecr-2.png b/docs/versioned_docs/version-v2.3/img/registry-ecr-2.png new file mode 100644 index 0000000000..6306d4f52b Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registry-ecr-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registry-ecr-3.png b/docs/versioned_docs/version-v2.3/img/registry-ecr-3.png new file mode 100644 index 0000000000..d1f4cabebc Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registry-ecr-3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registry-ecr-4.png b/docs/versioned_docs/version-v2.3/img/registry-ecr-4.png new file mode 100644 index 0000000000..8d9768a237 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registry-ecr-4.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registry-ecr-5.png b/docs/versioned_docs/version-v2.3/img/registry-ecr-5.png new file mode 100644 index 0000000000..a9191af56e Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registry-ecr-5.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registry-ecr-6.png b/docs/versioned_docs/version-v2.3/img/registry-ecr-6.png new file mode 100644 index 0000000000..c7b2d566c7 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registry-ecr-6.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registry-ecr-7.png b/docs/versioned_docs/version-v2.3/img/registry-ecr-7.png new file mode 100644 index 0000000000..7cb1f432fc Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registry-ecr-7.png differ diff --git a/docs/versioned_docs/version-v2.3/img/registry-ecr-8.png b/docs/versioned_docs/version-v2.3/img/registry-ecr-8.png new file mode 100644 index 0000000000..7a7185235f Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/registry-ecr-8.png differ diff --git a/docs/versioned_docs/version-v2.3/img/reports-1.png b/docs/versioned_docs/version-v2.3/img/reports-1.png new file mode 100644 index 0000000000..56ad62b6e5 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/reports-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/reports-2.png b/docs/versioned_docs/version-v2.3/img/reports-2.png new file mode 100644 index 0000000000..70ea60ac8c Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/reports-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/reports-pdf-2.png b/docs/versioned_docs/version-v2.3/img/reports-pdf-2.png new file mode 100644 index 0000000000..bdf7cb7a8f Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/reports-pdf-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/reports-pdf-3.png b/docs/versioned_docs/version-v2.3/img/reports-pdf-3.png new file mode 100644 index 0000000000..a9bcc2e0d2 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/reports-pdf-3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/reports-xlsx-1.png b/docs/versioned_docs/version-v2.3/img/reports-xlsx-1.png new file mode 100644 index 0000000000..5e947776df Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/reports-xlsx-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/sbom-1.png b/docs/versioned_docs/version-v2.3/img/sbom-1.png new file mode 100644 index 0000000000..5216120698 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/sbom-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/sbom-2.png b/docs/versioned_docs/version-v2.3/img/sbom-2.png new file mode 100644 index 0000000000..cbf7583376 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/sbom-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/scan-1.png b/docs/versioned_docs/version-v2.3/img/scan-1.png new file mode 100644 index 0000000000..ab8982900d Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/scan-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/scan-2.png b/docs/versioned_docs/version-v2.3/img/scan-2.png new file mode 100644 index 0000000000..275c43ce4d Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/scan-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/scheduled-jobs.png b/docs/versioned_docs/version-v2.3/img/scheduled-jobs.png new file mode 100644 index 0000000000..fef7452620 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/scheduled-jobs.png differ diff --git a/docs/versioned_docs/version-v2.3/img/secret-scan-1.png b/docs/versioned_docs/version-v2.3/img/secret-scan-1.png new file mode 100644 index 0000000000..19f29dd3c5 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/secret-scan-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/secret-scan-2.png b/docs/versioned_docs/version-v2.3/img/secret-scan-2.png new file mode 100644 index 0000000000..0142c5dd3d Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/secret-scan-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/threat-graph-1.png b/docs/versioned_docs/version-v2.3/img/threat-graph-1.png new file mode 100644 index 0000000000..7d7657221e Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/threat-graph-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/threat-graph-2.png b/docs/versioned_docs/version-v2.3/img/threat-graph-2.png new file mode 100644 index 0000000000..537335b376 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/threat-graph-2.png differ diff --git a/docs/versioned_docs/version-v2.3/img/threat-graph-3.png b/docs/versioned_docs/version-v2.3/img/threat-graph-3.png new file mode 100644 index 0000000000..344011e2eb Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/threat-graph-3.png differ diff --git a/docs/versioned_docs/version-v2.3/img/threat-graph-4.png b/docs/versioned_docs/version-v2.3/img/threat-graph-4.png new file mode 100644 index 0000000000..c79b9b8422 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/threat-graph-4.png differ diff --git a/docs/versioned_docs/version-v2.3/img/threat-graph-6.png b/docs/versioned_docs/version-v2.3/img/threat-graph-6.png new file mode 100644 index 0000000000..f36f61c5dd Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/threat-graph-6.png differ diff --git a/docs/versioned_docs/version-v2.3/img/threat-graph-7.png b/docs/versioned_docs/version-v2.3/img/threat-graph-7.png new file mode 100644 index 0000000000..47ce4f7b69 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/threat-graph-7.png differ diff --git a/docs/versioned_docs/version-v2.3/img/threatmapper-components.jpg b/docs/versioned_docs/version-v2.3/img/threatmapper-components.jpg new file mode 100644 index 0000000000..d181c2230f Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/threatmapper-components.jpg differ diff --git a/docs/versioned_docs/version-v2.3/img/threatmapper-overview.jpg b/docs/versioned_docs/version-v2.3/img/threatmapper-overview.jpg new file mode 100644 index 0000000000..6146b8ae03 Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/threatmapper-overview.jpg differ diff --git a/docs/versioned_docs/version-v2.3/img/vulnerability-scan-1.png b/docs/versioned_docs/version-v2.3/img/vulnerability-scan-1.png new file mode 100644 index 0000000000..bf913105ed Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/vulnerability-scan-1.png differ diff --git a/docs/versioned_docs/version-v2.3/img/vulnerability-scan-3.png b/docs/versioned_docs/version-v2.3/img/vulnerability-scan-3.png new file mode 100644 index 0000000000..bdc1504f0d Binary files /dev/null and b/docs/versioned_docs/version-v2.3/img/vulnerability-scan-3.png differ diff --git a/docs/versioned_docs/version-v2.3/index.md b/docs/versioned_docs/version-v2.3/index.md new file mode 100644 index 0000000000..b44c82e885 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/index.md @@ -0,0 +1,56 @@ +--- +title: Introduction to ThreatMapper +--- +import ReactPlayer from 'react-player' + +# ThreatMapper + +## Introducing Deepfence ThreatMapper + +Deepfence ThreatMapper hunts for hidden threats in your production platforms, and ranks these threats based on their risk-of-exploit. You can then prioritize the issues that present the greatest risk to the security of your applications. + +[//]: # () + +### Extends Security into Production + +Your 'Shift Left' initiatives enable you to deliver secure applications to production. ThreatMapper picks up once your applications have been deployed to production. + + +| ![ThreatMapper Overview](img/threatmapper-overview.jpg) | +|:---------------------------------------------------------------:| +| ThreatMapper Overview - Development, Pre-Deployment, Production | + +#### Discover: + +* **Discover Running Workloads:** ThreatMapper scans your platforms and identifies pods, containers, applications, and infrastructure. Use ThreatMapper to discover the topology of your applications and attack surface. +* **Discover Cloud and Infrastructure Assets:** ThreatMapper queries platform APIs to map assets and their interrelationships, and calculate a topology graph. + +#### Find Threats: + +* **Discover Vulnerabilities:** ThreatMapper generates runtime SBOMs (Software Bill of Materials) of dependencies from running pods and containers, serverless apps, applications, and operating systems. ThreatMapper matches these SBOMs against multiple vulnerability feeds to identify vulnerable components. +* **Discover Exposed Secrets:** Unprotected keys, tokens and passwords can provide malicious actors with opportunities to spread control and exploit nearby or remote systems. +* **Discover Configuration and Compliance Weaknesses:** ThreatMapper evaluates infrastructure configuration against multiple compliance benchmarks (CIS, PCI-DSS, HIPAA and others) to find weaknesses and mis-configurations that could pose a threat. + +#### Actionable Information: + +* **Rank Threats by Risk-of-Exploit:** ThreatMapper ranks the discovered threats using CVSS and other severity scores, exploit method and their proximity to attack surface, in order to identify which issues pose the greatest risk of exploit + + +## What makes up the ThreatMapper product? + +Deepfence ThreatMapper consists of the ThreatMapper Management Console, and a series of ThreatMapper Sensors: + +The console uses **infrastructure APIs** to scan your production and non-production platforms and detect configuration errors and compliance weaknesses. +The console also takes data from **sensor agents** to calculate the topology of your applications, generate SBOMs to find vulnerabilities. + +Infrastructure APIs are handled using **Cloud Scanner** tasks which reside within each platform and access the local cloud APIs. + +On-host data is provided by ThreatMapper sensor agents. These are deployed against each production host, and they forward SBOMs and telemetry securely to your dedicated console. + +| ![ThreatMapper Components](img/threatmapper-components.jpg) | +|:-----------------------------------------------------------:| +| ThreatMapper Components | + +## Learn More + +Read on to discover more about the architecture, installation and operation of Deepfence ThreatMapper. diff --git a/docs/versioned_docs/version-v2.3/installation.md b/docs/versioned_docs/version-v2.3/installation.md new file mode 100644 index 0000000000..17e3f4313b --- /dev/null +++ b/docs/versioned_docs/version-v2.3/installation.md @@ -0,0 +1,18 @@ +--- +title: Installing ThreatMapper +--- + +# Installing ThreatMapper + +The ThreatMapper product consists of a Management Console, and multiple Sensor Agents and Cloud Scanner tasks that are deployed within your production platform(s). + +![ThreatMapper Components](img/threatmapper-components.jpg) + +The Management Console is deployed first. The Management console generates an API key and a URL which you will need when you install the Cloud Scanner tasks and Sensor Agents. + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` diff --git a/docs/versioned_docs/version-v2.3/integrations/elasticsearch.md b/docs/versioned_docs/version-v2.3/integrations/elasticsearch.md new file mode 100644 index 0000000000..36c2f21fa4 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/elasticsearch.md @@ -0,0 +1,18 @@ +--- +title: Elasticsearch +--- + +# Elasticsearch + +*Forward Notifications to Elasticsearch* + +![Elasticsearch Integration Page](../img/integrations-elasticsearch.png) + +### Configuration +1. Enter Elasticsearch endpoint url. (Example: http://10.108.0.2:9200) +2. Enter Elasticsearch index name. +3. Enter Elasticsearch doc type if version is 5.x. If version is 6 and above, enter `_doc` as doc type. +4. If authentication is enabled for the Elasticsearch instance, set the auth header. +5. If username is `demo` and password is `p@55w0rd`, generate basic auth header by running `echo -n '{username}:{password}' | base64` or generate online at https://www.base64encode.net +6. Enter auth header value as `Basic dXNlcm5hbWU6cGFzc3dvcmQ=`. If authorization is not enabled, leave it empty. +7. Choose the resource that has to be sent to Elasticsearch and click subscribe button to save. diff --git a/docs/versioned_docs/version-v2.3/integrations/email.md b/docs/versioned_docs/version-v2.3/integrations/email.md new file mode 100644 index 0000000000..d97a8745c2 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/email.md @@ -0,0 +1,15 @@ +--- +title: Email +--- + +# Email + +*Forward Notifications to Email* + +![Email Integration Page](../img/integrations-email.png) + +### In this integration you will be getting all information to your email for the selected resources accordingly to your interval selected + +1. Enter your email address to see notifications +2. Choose your resources +3. Click on subscribe button diff --git a/docs/versioned_docs/version-v2.3/integrations/http-endpoint.md b/docs/versioned_docs/version-v2.3/integrations/http-endpoint.md new file mode 100644 index 0000000000..bab17a1611 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/http-endpoint.md @@ -0,0 +1,13 @@ +--- +title: HTTP Endpoint +--- + +# HTTP Endpoint + +*Forward notifications to http endpoint* + +![HttpEndPoint Integration Page](../img/integrations-http-endpoint.png) + +Example http endpoint: http://10.3.16.2:8080 + +Optionally authentication http header value can be set, if the api server requires authentication. diff --git a/docs/versioned_docs/version-v2.3/integrations/index.md b/docs/versioned_docs/version-v2.3/integrations/index.md new file mode 100644 index 0000000000..38927d15bc --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/index.md @@ -0,0 +1,34 @@ +--- +title: Integrations +--- + +# Integrations + +You can integrate ThreatMapper with a variety of notification services. Any time a new vulnerability is detected (for example, during [CI](/docs/operations/scanning-ci) or an [automated scan](/docs/operations/scanning)), ThreatMapper will submit the details to the configured notification services. + +| ![Integrations](../img/integrations.png) | +|:----------------------------------------------:| +| Example Integrations supported by ThreatMapper | + +## Configuring Notification Services + +Configure the notification services you require in the ThreatMapper console: + + +| ![Integrations - Slack](../img/integrations-slack.png) | +|:------------------------------------------------------:| +| Integrations - Slack (example) | + + +The following notification services are among those supported by ThreatMapper: + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + +Check out the **Integrations** pages in the Management Console for a full list. + + diff --git a/docs/versioned_docs/version-v2.3/integrations/jira.md b/docs/versioned_docs/version-v2.3/integrations/jira.md new file mode 100644 index 0000000000..04b8e480ff --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/jira.md @@ -0,0 +1,31 @@ +--- +title: JIRA +--- + +# ThreatMapper and JIRA + +ThreatMapper can be configured to raise JIRA tickets for vulnerabilities and secrets. The minimum supported version of JIRA is 7.13. + +## To Configure JIRA Integration +For authentication either password of a user account or an api token can be used. + +[https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) + +To generate an api token: + +1. Click settings icon and navigate to **Atlassian account settings** + + ![JIRA](../img/integrations-jira-1.png) + +2. Once you navigate there, click **security tab**: + + ![JIRA](../img/integrations-jira-2.png) + +3. Click **Create API Token** button, set label and create: + + ![JIRA](../img/integrations-jira-3.png) + +4. On the Threatmapper Jira integrations page enter the jira site url, username, api token. + The JIRA project key is the prefix of the issue numbers , e.g. issue "JRA-123" has "JRA" as project key + Enter the type of ticket you would want ThreatMapper to create (Task / Bug etc.): + ![JIRA](../img/integrations-jira-4.png) diff --git a/docs/versioned_docs/version-v2.3/integrations/microsoft-teams.md b/docs/versioned_docs/version-v2.3/integrations/microsoft-teams.md new file mode 100644 index 0000000000..2ef1d99a8e --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/microsoft-teams.md @@ -0,0 +1,25 @@ +--- +title: Microsoft Teams +--- + +# ThreatMapper and Microsoft Teams + +ThreatMapper raises notifications to Microsoft Teams using Microsoft Teams webhooks. + +## To Configure Microsoft Teams Integration + +1. Open the channel in which you want to add the webhook and select ••• More options from the top navigation bar. +2. Select Connectors from the dropdown menu: + + ![Microsoft Teams](../img/integrations-teams-1.png) + +3. Search for Incoming Webhook and select Add. +4. Select Configure, provide a name, and upload an image for your webhook if necessary: + + ![Microsoft Teams](../img/integrations-teams-2.png) + +5. Copy and save the unique webhook URL present in the dialog window. The URL maps to the channel and you can use it to send information to Teams. Select Done: + + ![Microsoft Teams](../img/integrations-teams-3.png) + +6. Paste the webhook URL and the corresponding channel name into Deepfence Microsoft Teams integration page. diff --git a/docs/versioned_docs/version-v2.3/integrations/pagerduty.md b/docs/versioned_docs/version-v2.3/integrations/pagerduty.md new file mode 100644 index 0000000000..564ecc37ec --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/pagerduty.md @@ -0,0 +1,22 @@ +--- +title: PagerDuty +--- + +# ThreatMapper and PagerDuty + +ThreatMapper raises notifications to PagerDuty using the PagerDuty API (v1 or v2). + +## To Configure PagerDuty Integration + +1. In the PagerDuty console, navigate to **Configuration** > **Services**. If you are creating a new service for your integration, click Add New Service. If you are adding your integration to an existing service, click the name of the service you want to add the integration to, go to the Integrations tab, then click New Integration as shown in the image below. + + ![Pager Duty](../img/integrations-pager-duty-1.png) + +2. Next, create a new integration by selecting the appropriate API version as shown in the image below. + + ![Pager Duty](../img/integrations-pager-duty-2.jpg) + +3. Finally, return to the ThreatMapper management console. Enter the "integration key" of the new integration and subscribe to the vulnerabilities on PagerDuty as shown below: + + ![Pager Duty](../img/integrations-pager-duty-3.png) + diff --git a/docs/versioned_docs/version-v2.3/integrations/reports.md b/docs/versioned_docs/version-v2.3/integrations/reports.md new file mode 100644 index 0000000000..4f03103810 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/reports.md @@ -0,0 +1,23 @@ +--- +title: Reports +--- + +# Reports + +Download Reports in XLSX and PDF formats + +1. Select the resource to download along with node type (host/container/image) and optionally node filters and choose + + ![Reports](../img/reports-1.png) + +2. Click on the download link once it is ready + + ![Reports](../img/reports-2.png) + +### Sample reports + +![xlsx Integration Page](../img/reports-xlsx-1.png) + +![PDF Integration Page](../img/reports-pdf-2.png) + +![PDF Integration Page](../img/reports-pdf-3.png) diff --git a/docs/versioned_docs/version-v2.3/integrations/s3.md b/docs/versioned_docs/version-v2.3/integrations/s3.md new file mode 100644 index 0000000000..9ee33bd214 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/s3.md @@ -0,0 +1,18 @@ +--- +title: S3 +--- + +# S3 + +### Archiving to S3 + +![S3 Integration Page](../img/integrations-s3.png) + +Archive selected resources to your AWS S3 bucket into selected folder [format of the file will be .json] + +1. Type your S3 bucket name (bucket should be created before this) +2. Set S3 folder name that will be created inside the bucket if not present +3. Provide your access key and secret access key provided by amazon +4. Select region +5. Choose resources +6. Click Add button diff --git a/docs/versioned_docs/version-v2.3/integrations/slack.md b/docs/versioned_docs/version-v2.3/integrations/slack.md new file mode 100644 index 0000000000..862c0b4916 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/slack.md @@ -0,0 +1,25 @@ +--- +title: Slack +--- + +# ThreatMapper and Slack + +ThreatMapper raises notifications to Slack Workspaces using Slack webhooks. + +## To Configure Slack Integration + +1. Navigate to https://[YourWorkspace].slack.com/apps and search for “Incoming Webhooks“ app from Slack: + + ![Slack](../img/integrations-slack-1.jpeg) + +2. Click on “Add to Slack” where you will be asked to choose a channel: + + ![Slack](../img/integrations-slack-2.jpeg) + +3. Locate the webhook URL: + + ![Slack](../img/integrations-slack-3.jpeg) + +4. Paste the webhook URL and the corresponding channel name into Deepfence Slack integration page. + + ![Slack](../img/integrations-slack.png) \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/integrations/splunk.md b/docs/versioned_docs/version-v2.3/integrations/splunk.md new file mode 100644 index 0000000000..7c1e959e30 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/splunk.md @@ -0,0 +1,32 @@ +--- +title: Splunk +--- + +# ThreatMapper and Splunk + +ThreatMapper sends notifications to Splunk using HTTP Event Collector. + +## To Configure Splunk Integration + +1. Log in to splunk cloud platform and click "Add data" + ![Splunk](../img/integrations-splunk-13.png) + ![Splunk](../img/integrations-splunk-14.png) + +2. Choose HTTP Event Collector + ![Splunk](../img/integrations-splunk-15.png) + ![Splunk](../img/integrations-splunk-16.png) + ![Splunk](../img/integrations-splunk-17.png) + ![Splunk](../img/integrations-splunk-18.png) + ![Splunk](../img/integrations-splunk-19.png) + ![Splunk](../img/integrations-splunk-20.png) + ![Splunk](../img/integrations-splunk-21.png) + ![Splunk](../img/integrations-splunk-22.png) + +3. Copy endpoint URL and the generated token: https://SPLUNK_CLOUD_URL:8088/services/collector/event + +4. Configure Splunk integration in the Integrations page + ![Splunk](../img/integrations-splunk-23.png) + ![Splunk](../img/integrations-splunk-24.png) + +5. You can search for scan results now in Splunk + ![Splunk](../img/integrations-splunk-25.png) diff --git a/docs/versioned_docs/version-v2.3/integrations/sumo-logic.md b/docs/versioned_docs/version-v2.3/integrations/sumo-logic.md new file mode 100644 index 0000000000..bb52064d66 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/sumo-logic.md @@ -0,0 +1,33 @@ +--- +title: Sumo Logic +--- + +# ThreatMapper and Sumo Logic + +ThreatMapper raises notifications to Sumo Logic using Sumo Logic collectors. + +## To Configure Sumo Logic Integration + +1. Under “Manage data”, navigate to “Collection” + + ![Sumo Logic](../img/integrations-sumo-logic-1.jpeg) + +2. Click on “Add Collector” and select “Hosted Collector” + + ![Sumo Logic](../img/integrations-sumo-logic-2.jpeg) + +3. Fill in the details and save the new collector + + ![Sumo Logic](../img/integrations-sumo-logic-3.jpeg) + +4. Choose to add “Source” to the newly created collector and choose “HTTP Logs & Metrics” + + ![Sumo Logic](../img/integrations-sumo-logic-4.jpeg) + +5. Fill in the Source details and click save + + ![Sumo Logic](../img/integrations-sumo-logic-5.jpeg) + +6. Paste the URL displayed on to Deepfence Sumo Logic integration page + + ![Sumo Logic](../img/integrations-sumo-logic-6.jpeg) diff --git a/docs/versioned_docs/version-v2.3/integrations/threatrx.md b/docs/versioned_docs/version-v2.3/integrations/threatrx.md new file mode 100644 index 0000000000..70b7b13656 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/integrations/threatrx.md @@ -0,0 +1,41 @@ +--- +title: ThreatRx +--- + +# ThreatRx + +ThreatRx is LLM-assisted remediation for cloud misconfigurations (CSPM scans), vulnerabilities, malwares and secrets. + +Following LLM integrations are available: +- OpenAI +- Amazon Bedrock + +For more details, please visit Deepfence blog here: +- https://www.deepfence.io/blog/deepfence-revolutionizes-cloud-security-with-ai-powered-remediation-introducing-threatrx-part-1 +- https://www.deepfence.io/blog/deepfence-revolutionizes-cloud-security-with-ai-powered-remediation-introducing-threatrx-part-2 + +## To Configure OpenAI + +1. Create an API key here: https://platform.openai.com/api-keys + + ![OpenAI](../img/integrations-threatrx-1.png) + +2. In the integrations page, select **ThreatRx** and click **OpenAI** to create a new integration. Choose the OpenAI model, enter the API key and click save. + + ![OpenAI](../img/integrations-threatrx-2.png) + +3. Navigate to cloud posture scan results or vulnerability scan results and click **ThreatRx** button on the scan result side panel to get the remediation steps. + + ![OpenAI](../img/integrations-threatrx-3.png) + +## To Configure Amazon Bedrock + +1. Enable any text/chat model in Amazon Bedrock. + + ![Amazon Bedrock](../img/integrations-threatrx-4.png) + +2. In the integrations page, select **ThreatRx** and click **Amazon Bedrock** to create a new integration. Choose the Amazon Bedrock model, enter the access key and secret key and click save. Alternatively, if the console has write permission to Amazon Bedrock via instance IAM role, you can choose to add the models automatically. + + ![Amazon Bedrock](../img/integrations-threatrx-5.png) + +3. Navigate to cloud posture scan results or vulnerability scan results and click **ThreatRx** button on the scan result side panel to get the remediation steps. diff --git a/docs/versioned_docs/version-v2.3/kubernetes-scanner/index.md b/docs/versioned_docs/version-v2.3/kubernetes-scanner/index.md new file mode 100644 index 0000000000..99b9099db7 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/kubernetes-scanner/index.md @@ -0,0 +1,13 @@ +--- +title: Kubernetes Compliance Scanner +--- + +# Deepfence Kubernetes Scanner + +Kubernetes Compliance posture scanning is installed to monitored kubernetes clusters. + +NSA & CISA Cybersecurity Technical Report describes the complexities of securely managing Kubernetes an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized applications. + +## Configuring Kubernetes Scanner + +Deepfence Kubernetes Scanner is installed with agent sensors. Follow the documentation [here](/docs/sensors/kubernetes) to install Deepfence agent sensors in the kubernetes cluster. \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/operations/compliance.md b/docs/versioned_docs/version-v2.3/operations/compliance.md new file mode 100644 index 0000000000..8ac6e10575 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/operations/compliance.md @@ -0,0 +1,80 @@ +--- +title: Compliance Posture Scanning +--- + +# Compliance Posture Scanning + +Once the ThreatMapper management console has been deployed, and you have configured one or more targets for compliance posture scanning, you can then scan those targets against various compliance benchmarks. + +ThreatMapper measures the level of compliance, and presents the overall compliance picture as a 'Threat Graph'. The Threat Graph shows how the platforms are exposed, the routes that an attacker may take to exploit the exposure. + + +## Understanding Compliance Scanning + +### Controls + +Compliance Posture scanning builds on a large library of **controls** - these are specific requirements and matching tests. For example, for AWS you will find controls that correspond to best-practice configurations of S3 buckets, such as enabling TLS access and blocking plain-text HTTP. For a Linux host, you will find controls relating to the configuration of the system clock. + +### Benchmarks + +Controls are grouped into **benchmarks**. Benchmarks are formal standards of compliance defined by industry bodies; they may represent best practice such as CIS, or they may represent specific industry requirements such as HIPAA or PCI DSS. + +Benchmarks are an important tool for demonstrating compliance when facing an audit by an industry body. They also represent best practice for a range of scenarios, and should be run regularly as pre-production and in-production tests to identify serious configuration errors that may result in exposure to exploit. + +You can test individual benchmarks, or you can combine a test (scan) to include several benchmarks. Where controls are used by multiple benchmarks, ThreatMapper will only run them once and apply the result to each benchmark. + +The benchmarks available vary by cloud provider: + +| Benchmark | AWS | Azure | GCP | Kubernetes Host | Linux Host | +|---------------------------|-----|-------|-----|-----------------|------------| +| CIS | Y | Y | Y | | | +| GDPR | Y | | | Y | Y | +| HIPAA | Y | Y | Y | Y | Y | +| PCI-DSS | Y | Y | Y | Y | Y | +| SOC-2 | Y | | | | | +| NIST | Y | Y | Y | Y | Y | +| AWS Foundational Security | Y | | | | | + +## Start a Scan + +Begin on the **Posture** page in the ThreatMapper console. + +Select a cloud instance that you have [configured previously](/docs/cloudscanner/). You may have several instances of a given cloud type: + +| ![Cloud Compliance Scan - Select](../img/compliance-scan-1.png) | +|:---------------------------------------------------------------:| +| Select a Cloud | + +| ![Cloud Compliance Scan - Select](../img/compliance-scan-2.png) | +|:---------------------------------------------------------------:| +| Select target for Cloud Compliance Scan | + +If you want to scan a host (Linux host or Kubernetes master or slave node), ensure that the [threatmapper sensor](/docs/sensors) is deployed on that host. + +Select the compliance benchmarks you wish to run on the target cloud instance or host: + +| ![Cloud Compliance Scan - Chose Benchmark](../img/compliance-scan-3.png) | +|:------------------------------------------------------------------------:| +| Select benchmarks for Compliance Scan | + +You can preview the controls that will be run for each benchmark, and you can select an action to mask (or unmask) specific controls. + +Click **Start Scan** once you have completed your selection. The Cloud Connector or Sensor Agent will then perform the scan and in due course, will submit the results to your ThreatMapper console. + +## Inspecting Scan Results + +When scans complete, they are reported on the **Posture** page in the ThreatMapper console. + +Select the appropriate cloud instance and choose to view the results or review the inventory. + +### View Scan Results + +ThreatMapper presents the recent scan results, filtered by benchmark, with a broad 'compliance score' for each. The compliance score is the percentage of "OK (pass)" and "Info (manual verification required)" results. + +Select an individual scan run (result), and optionally filter the results by service (e.g. IAM, CloudWatch) and/or status. + +| ![Cloud Compliance Scan - View Results](../img/compliance-scan-4.png) | +|:---------------------------------------------------------------------:| +| View the Results for a Compliance Scan | + +If you judge that a result is not applicable in your specific circumstances, you can mask that result out. That result will not be reported in subsequent scans. diff --git a/docs/versioned_docs/version-v2.3/operations/index.md b/docs/versioned_docs/version-v2.3/operations/index.md new file mode 100644 index 0000000000..7d2eb30114 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/operations/index.md @@ -0,0 +1,14 @@ +--- +title: Using Deepfence ThreatMapper +--- + +# Using Deepfence ThreatMapper + +Deepfence ThreatMapper supports a range of security-related use cases: + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/operations/sboms.md b/docs/versioned_docs/version-v2.3/operations/sboms.md new file mode 100644 index 0000000000..3cb8abb202 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/operations/sboms.md @@ -0,0 +1,25 @@ +--- +title: Generating SBOMs +--- + +# Generating SBOMs + +As part of the vulnerability scanning process, the ThreatMapper sensor interrogates the running workloads and hosts and generates a runtime SBOM (Software Bill of Materials) for each target. This runtime SBOM is forwarded to the Management Console for vulnerability matching. + +## Why generate SBOMs at runtime? + +Not all production workloads go through a formal supply-chain analysis process during CI (continuous integration), and workloads can be patched and updated during runtime. Often, the SBOM coverage is far from complete and risks being out-of-date to the runtime state. + +ThreatMapper caches runtime SBOMs for scanned workloads, and makes these available for inspection through the UI and API. The runtime SBOM enumerates all the packages and software items deployed in the workload, which may drift from the at-build-time SBOM. + +## Inspecting and Extracting the runtime-generated SBOM + +SBOMs are associated with vulnerability scans. + +Navigate to the **Vulnerabilities** > **View All Scans** results page, and locate the scan for which you would like to obtain the SBOM: + +![Vulnerability Scan results](../img/sbom-1.png) + +You can page through the SBOM results, or download the results as a detailed JSON file: + +![Software Bill of Materials](../img/sbom-2.png) diff --git a/docs/versioned_docs/version-v2.3/operations/scanning-ci.md b/docs/versioned_docs/version-v2.3/operations/scanning-ci.md new file mode 100644 index 0000000000..ae857338bf --- /dev/null +++ b/docs/versioned_docs/version-v2.3/operations/scanning-ci.md @@ -0,0 +1,20 @@ +--- +title: Scanning in CI +--- + +# Scanning in CI-CD + +You can use ThreatMapper to scan artifacts in a CI (Continuous Integration) pipeline. If a vulnerability is detected and the CI build is blocked, ThreatMapper will submit the details to the configured notification services. + +## Configuring CI Scanning + +The ThreatMapper CI action supports several CI pipelines, including CircleCI, GitLab and Jenkins. It blocks a build if the number of CVE violations exceeds a user-defined threshold, or if the total CVE score exceeds a threshold, and notifications are submitted to the configured management console. + +If a build is not blocked, ThreatMapper silently allows it to proceed. + +For configuration details, refer to the appropriate [CI/CD Integrations](https://github.com/deepfence/ThreatMapper/tree/main/ci-cd-integrations), including: + + * [CircleCI](https://github.com/deepfence/ThreatMapper/tree/main/ci-cd-integrations/circleci) + * [GitHub Actions](https://github.com/deepfence/ThreatMapper/tree/main/ci-cd-integrations/github-actions) + * [GitLab](https://github.com/deepfence/ThreatMapper/tree/main/ci-cd-integrations/gitlab) + * [Jenkins](https://github.com/deepfence/ThreatMapper/tree/main/ci-cd-integrations/jenkins) diff --git a/docs/versioned_docs/version-v2.3/operations/scanning.md b/docs/versioned_docs/version-v2.3/operations/scanning.md new file mode 100644 index 0000000000..397fd4891b --- /dev/null +++ b/docs/versioned_docs/version-v2.3/operations/scanning.md @@ -0,0 +1,75 @@ +--- +title: Scanning Production Workloads +--- + +# Scanning Production Workloads + +Once the ThreatMapper Management Console has been deployed and Sensor Agents have been deployed to your production platforms, the Management Console will begin to discover the workloads and infrastructure in your production platforms. + +The Management Console will also begin to initialize its cache of Threat Feeds. + + +## Running the First Scan + +The first thing you may want to do is to start a Vulnerability scan of some of your production workloads: + +1. Using the Topology view, select a workload or infrastructure component to scan. For example, you can select a Kubernetes hosts or a running container: + * ThreatMapper excludes some resources from the Scan. It will not scan system containers, and some resources are placeholders for the elements in the topology graph + * Click the 'Actions' button for the selected node and then click 'Start Vulnerability Scan' + + ![Vulnerability Scan - select an object](../img/scan-1.png) + + +2. Chose what you would like to scan: + * ThreatMapper scans the base operating system, and optionally runs language scans on the object. + + ![Vulnerability Scan - choose what to scan](../img/scan-2.png) + +3. Start the scan: + * The ThreatMapper Sensor will inspect the local environment, identifying objects that are scannable (such as containers and language installs). The agent unpacks running containers to inspect each layer. + * The agent then generates a runtime SBOM of installed packages for each object and forwards this to the Management Console. The Management Console then matches these SBOMs against the Threat Feeds it has cached. + +4. Wait for the results: + * The scan is queued and executed. Any vulnerability alerts are notified using the configured Notification Integrations. + * Once the scan completes, the results can be viewed on the **Vulnerabilities** pane in the Management Console. + +## Understanding the Results + +The **Vulnerabilities** pane displays two reports: + +1. A combined, summary report of the **Most Exploitable Vulnerabilities** +2. A full log of each **Vulnerability Scan** + +### Vulnerability Scan + +Begin with the **Vulnerability Scan**; you'll see the results of the scan you started previously. ThreatMapper reports on hosts, containers and other types of assets it finds on the scanned objects. + +![Vulnerability Scan - results](../img/vulnerability-scan-1.png) + +It's not uncommon to see hundreds or even thousands of potential vulnerabilities across a series of hosts and workloads. Typically, the large majority of these vulnerabilities are of no practical concern; they require local access, cannot be used to raise privileges, are not in any accessible code path, etc. The CVSS [score](https://nvd.nist.gov/vuln-metrics/cvss) and [vector](https://www.first.org/cvss/calculator/3.0) give a measure of the risk a vulnerability poses, but don't factor in the context of your application. + +### Most Exploitable Vulnerabilities + +The **Most Exploitable Vulnerabilities** report combines all vulnerability scan data with the topology of the application to present a list of the most serious vulnerabilities that have the greatest potential to be exploited. + +![Vulnerability Scan - most exploitable vulnerabilities](../img/vulnerability-scan-3.png) + +ThreatMapper combines the CVSS and other data with the learned topology of the application, the workloads which are currently running, and the possible paths that attack traffic might take. ThreatMapper combines this measure with the CVSS score and vector to give a single vulnerability score (from 0-10) that ranks vulnerabilities by their risk and potential severity of exploit. + +The **Top Attack Paths** on the vulnerability page presents a quick visualisation of the most direct way to exploit the top vulnerabilities. + +## Secrets Scans + +ThreatMapper (from release 1.3.0) can also perform Secret Scans on containers and production filesystems. These scans interrogate the target filesystems, looking for possible unprotected secrets, and use a database of over 140 different token, key and password types. + +![Secrets Scans](../img/secret-scan-1.png) + +False positives and deliberately-included secrets are inevitable with the scans, so it is worth inspecting the results and 'masking' ones you are prepared to accept: + +![Secrets Scans](../img/secret-scan-2.png) + +## Malware Scans + +ThreatMapper (from release 1.4.0) can also perform Malware Scans on containers and production filesystems. These scans use Yara rules to match for malware in the target filesystems. + +![Malware Scans](../img/malware-scans-1.png) \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/operations/support.md b/docs/versioned_docs/version-v2.3/operations/support.md new file mode 100644 index 0000000000..55f5d45b7f --- /dev/null +++ b/docs/versioned_docs/version-v2.3/operations/support.md @@ -0,0 +1,26 @@ +--- +title: Support and Diagnostics +--- + +# Support and Diagnostics + +## Getting Logs + +You can download recent log files from the management console, and from each sensor agent on each managed host. + + * Access the Management Console + * Go to **Settings** > **Diagnosis** + * Download the diagnostic logs from the management console, or from a selected sensor agent instance + + ![Diagnosis](../img/diagnostic-logs.png) + + +## Getting Support + +Please join the [ThreatMapper community slack channel](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ). + +## Found a bug or security issue? + +For possible security issues, please refer to the [ThreatMapper Security policy](https://github.com/deepfence/ThreatMapper/blob/main/SECURITY.md). + +For bug reports, contributions and roadmap suggestions, please refer to the [ThreatMapper Contributing Policy](https://github.com/deepfence/ThreatMapper/blob/main/CONTRIBUTING.md). diff --git a/docs/versioned_docs/version-v2.3/registries/aws-ecr.md b/docs/versioned_docs/version-v2.3/registries/aws-ecr.md new file mode 100644 index 0000000000..4388505c24 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/registries/aws-ecr.md @@ -0,0 +1,98 @@ +--- +title: AWS ECR +--- + +# AWS ECR + +You can add your private and public ECR repositories to ThreatMapper to scan for vulnerabilities, secrets and malwares. + +## Adding ECR repository + +1. Select `ECR` registry type from the registries section. + + ![Supported Registries](../img/registry-1.png) +2. Click on **Add Registry** button to get the following form: + + ![ECR Add Registry Form](../img/registry-ecr-1.png) +3. Enter `Registry Name` for reference later. Then, enter the other details as per the deployment. + 1. [Using Credentials (AWS Access Key and Secret Key)](#using-credentials) + 2. [Using AWS IAM Role](#using-aws-iam-role) + 3. [Using AWS IAM Role (with Cross-Account ECR Registry)](#using-aws-iam-role-with-cross-account-ecr-registry) + +### Using Credentials + +4. Fill in the credentials(`AWS Access Key`, `AWS Secret Key`) for the user with access to the ECR registry. +5. For private registry, fill in the `AWS Region` where the registry is located. Else, for public registry, toggle `Public Registry`. + + ![ECR Add Registry Using Credentials Form](../img/registry-ecr-2.png) + +### Using AWS IAM Role + +The Deepfence Console needs to be deployed on AWS EC2 instance in the same AWS account as the ECR registry and the EC2 instance needs to be assigned an IAM role with the correct permissions + +4. The IAM role to be assigned to the Deepfence Console EC2 instance can be deployed using CloudFormation with [deepfence-ecr-role-setup.template](https://deepfence-public.s3.amazonaws.com/ecr/deepfence-ecr-role-setup.template). + 1. [Link to create IAM role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/ecr/deepfence-ecr-role-setup.template&stackName=Deepfence-ECR-Read-Only-Role). Change region, if required. Once completed, go to `Outputs` tab and copy the value of `InstanceProfileARN` + + ![ECR IAM Role ARN](../img/registry-ecr-5.png) + 2. Assign the instance profile to the EC2 instance on which the Deepfence Console is hosted. + + ![EC2 Instance Role Assignment](../img/registry-ecr-6.png) +5. For private registry, fill in the `AWS Region` where the registry is located. Else, for public registry, toggle `Public Registry`. +6. Leave the `AWS Account ID` and `Target Account Role ARN` fields blank as they are only used for the cross-account scenario below. + + ![ECR Add Registry Using IAM Role Form](../img/registry-ecr-3.png) + +### Using AWS IAM Role (with Cross-Account ECR Registry) + +If a user has an ECR registry in one AWS account and Deepfence Console is deployed in another AWS account, the user needs to set up cross-account ECR registry access as per the following steps: + +4. Create a role in the target ECR registry account which has required pull permissions. This can be deployed using CloudFormation with [deepfence-cross-acc-ecr-role-setup.template](https://deepfence-public.s3.amazonaws.com/cross-account-ecr/deepfence-ecr-role-setup.template) + 1. [Link to create role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cross-account-ecr/deepfence-ecr-role-setup.template&stackName=Deepfence-ECR-Cross-Account-Read-Only-Role). Change region, if required. Once completed, go to `Outputs` tab and copy the value of `RoleARN` + + ![ECR Cross Account Role ARN](../img/registry-ecr-7.png) +5. Create a role in the account where Deepfence Console is deployed to assume the role created in the step above. This can be achieved using CloudFormation with [deepfence-console-account-setup.template](https://deepfence-public.s3.amazonaws.com/cross-account-ecr/deepfence-console-account-setup.template). + 1. [Link to create cross-account instance role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cross-account-ecr/deepfence-console-account-setup.template&stackName=Deepfence-Cross-Account-ECR-Access-Role). Paste the `RoleARN` copied from above step into `ECRAccessRole` box. + + ![ECR Cross Account Role ARN](../img/registry-ecr-8.png) + 2. Once completed, go to `Outputs` tab and copy the value of `InstanceProfileARN`. + + ![ECR IAM Role ARN](../img/registry-ecr-5.png) + +6. Assign the instance profile role ARN created above to the Deepfence Console EC2 instance. + + ![EC2 Instance Role Assignment](../img/registry-ecr-6.png) +7. For private registry, fill in the `AWS Region` where the registry is located. Else, for public registry, toggle `Public Registry`. +8. Fill the account id of the target account where registry is located in the `AWS Account ID` field. In the `Target Account Role ARN` field, paste the value of the `RoleARN` from the above steps. + + ![ECR Add Cross Account Registry Using IAM Role Form](../img/registry-ecr-4.png) + +## Adding ECR repository - Kubernetes + +If Deepfence console is deployed in EKS, please follow these steps to configure IAM role which will be assigned to Kubernetes service account. + +:::info + +**Pre-requisite:** +1. Associate OIDC provider with the EKS cluster where Deepfence management console is going to be deployed. + + ([refer here for aws documentation on enable-iam-roles-for-service-accounts](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html)) + +2. kubectl and helm command line tools are installed and configured to access the cluster where Deepfence management console is going to be deployed + +::: + +1. Create the EKS IRSA role using the cloudformation template [deepfence-ecr-registry-role-for-eks](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/ecr/deepfence-ecr-role-eks.template) +2. Note **namespace**, **service account name** and **iam role arn** from the output of terraform or cloudformation deployment +3. Follow the instructions [here](/docs/console/kubernetes#console-helm-chart) to download the `values.yaml` from Console helm chart for customization. +4. Edit the `values.yaml` and set the ServiceAccount + ```yaml + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: + "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/deepfence-ecr-role" + # Service account name + name: "deepfence-console" + ``` +5. For ECR configuration, please refer the instructions [above](#adding-ecr-repository) \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/registries/index.md b/docs/versioned_docs/version-v2.3/registries/index.md new file mode 100644 index 0000000000..7b80d47669 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/registries/index.md @@ -0,0 +1,28 @@ +--- +title: Scanning Registries +--- + +# Scanning Registries + +You can scan for vulnerabilities in images stored in AWS ECR, Azure Container Registry, Google Cloud Container Registry, Docker Hub, Docker Self-Hosted Private Registry, Quay, Harbor, Gitlab and JFrog from the registry scanning dashboard. + +![Supported Registries](../img/registry-1.png) + +## Add Registries + +Select the appropriate registry type, and **+ Add Registry**. The credentials for each registry depends on the registry type; for example, to connect to a DockerHub Registry, use the following details: + +![DockerHub](../img/registry-2.png) + +ThreatMapper will index the artifacts in the Registry. You can scan them manually, and you can define a periodic schedule to scan. Results can be found on the **Vulnerabilities** report, and will be raised through any configured notifications. + +![Scan Results](../img/registry-3.png) + +More detailed instructions are as follows: + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/sensors/aws-ecs.md b/docs/versioned_docs/version-v2.3/sensors/aws-ecs.md new file mode 100644 index 0000000000..79568ba97f --- /dev/null +++ b/docs/versioned_docs/version-v2.3/sensors/aws-ecs.md @@ -0,0 +1,220 @@ +--- +title: AWS ECS (EC2 Provider) +--- + +# AWS ECS (EC2 Provider) + +*Deployed as a daemon service using a task definition* + +In AWS ECS, the ThreatMapper sensors are deployed as a daemon service using task definition. + +# Prerequisites + +Make sure you have the following information: +- Management console URL/IP, later referred as `` +- Deepfence API key, later referred as `` (This key can be found from the management console, in the settings > User > API Key) + +# Installing on AWS ECS (EC2 Provider) + +1. Create a new role (e.g.: `deepfence-agent-role`) +- Go to the IAM dashboard from AWS Console +- Go to Access management > roles +- Select "Create Role", +- Select "Custom trust policy" +- Paste the following: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} +``` + +Then continue: + +- Search in the "Permissions policies" for "Task" > Select the following policy: `AmazonECSTaskExecutionRolePolicy` +- Click "Next", name the role `deepfence-agent-role`, then "Create role" +- Search for your newly created roles + +Then create the new policy. + +3. Create new task definition for deepfence agent +- Use Old ECS Experience (old UI) +- Go to the "Elastic Container Service" dashboard from AWS console +- In the top left corner, disable new UI to use the legacy UI. +- Go to "Task Definitions" +- Select "Create new Task Definition" +- Select EC2, then "Next step" +- Provide a name to your task definition (e.g. `deepfence-agent-ec2-task`) +- Select the Task role and execution role (e.g. `deepfence-agent-role`) +- At the bottom, select "Configure via JSON" +- Copy and paste the following JSON configuration: (Replace `` and `` with actual values) + +:::info +Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.3.1-multiarch` is supported in amd64 and arm64/v8 architectures. +::: + +```json +{ + "ipcMode": null, + "containerDefinitions": [ + { + "dnsSearchDomains": [], + "environmentFiles": null, + "logConfiguration": null, + "entryPoint": [], + "portMappings": [], + "command": [], + "linuxParameters": null, + "cpu": 0, + "environment": [ + { + "name": "DEEPFENCE_KEY", + "value": "" + }, + { + "name": "MGMT_CONSOLE_URL", + "value": "" + }, + { + "name": "DF_LOG_LEVEL", + "value": "info" + }, + { + "name": "USER_DEFINED_TAGS", + "value": "" + } + ], + "resourceRequirements": null, + "ulimits": null, + "dnsServers": [], + "mountPoints": [ + { + "readOnly": true, + "containerPath": "/fenced/mnt/host", + "sourceVolume": "Host" + }, + { + "readOnly": false, + "containerPath": "/sys/kernel/debug", + "sourceVolume": "SysKernelDebug" + }, + { + "readOnly": false, + "containerPath": "/var/run/docker.sock", + "sourceVolume": "DockerSock" + }, + { + "readOnly": false, + "containerPath": "/var/log/fenced", + "sourceVolume": "VarLogFenced" + } + ], + "workingDirectory": null, + "secrets": null, + "dockerSecurityOptions": [], + "memory": null, + "memoryReservation": null, + "volumesFrom": [], + "stopTimeout": null, + "image": "quay.io/deepfenceio/deepfence_agent_ce:2.3.1", + "startTimeout": null, + "firelensConfiguration": null, + "dependsOn": null, + "disableNetworking": null, + "interactive": null, + "healthCheck": null, + "essential": true, + "links": [], + "hostname": null, + "extraHosts": null, + "pseudoTerminal": null, + "user": null, + "readonlyRootFilesystem": null, + "dockerLabels": {}, + "systemControls": [], + "privileged": true, + "name": "deepfence" + } + ], + "placementConstraints": [], + "memory": "2048", + "family": "deepfence-agent-ec2-provider", + "pidMode": null, + "requiresCompatibilities": [ + "EC2" + ], + "networkMode": "host", + "runtimePlatform": { + "operatingSystemFamily": "LINUX", + "cpuArchitecture": "X86_64" + }, + "cpu": "512", + "inferenceAccelerators": null, + "proxyConfiguration": null, + "volumes": [ + { + "fsxWindowsFileServerVolumeConfiguration": null, + "efsVolumeConfiguration": null, + "name": "SysKernelDebug", + "host": { + "sourcePath": "/sys/kernel/debug" + }, + "dockerVolumeConfiguration": null + }, + { + "fsxWindowsFileServerVolumeConfiguration": null, + "efsVolumeConfiguration": null, + "name": "DockerSock", + "host": { + "sourcePath": "/var/run/docker.sock" + }, + "dockerVolumeConfiguration": null + }, + { + "fsxWindowsFileServerVolumeConfiguration": null, + "efsVolumeConfiguration": null, + "name": "VarLogFenced", + "host": { + "sourcePath": null + }, + "dockerVolumeConfiguration": null + }, + { + "fsxWindowsFileServerVolumeConfiguration": null, + "efsVolumeConfiguration": null, + "name": "Host", + "host": { + "sourcePath": "/" + }, + "dockerVolumeConfiguration": null + } + ] +} +``` +- Select the container "deepfence" and select `Auto-configure CloudWatch Logs` for `Log configuration` +- Then create the new task definition. + +5. Create a new service to execute the Task and deploy the agent +- Use Old ECS Experience (old UI) +- Go to the "Elastic Container Service" dashboard from the AWS console +- Go to "Task definitions" +- Select previously created task definition +- Select "Actions" > "Create service" +- Select Launch type: `EC2` +- Choose the ECS cluster to deploy +- Provide a name to your service (e.g. `deepfence-agent-ec2-service`) +- Set `Service Type` as `DAEMON` +- Create the service + +6. Monitor the service creation and check if the task is in running state. It can take a couple of minutes + +7. If the task is running, you should see the agent appearing in your console, well done! diff --git a/docs/versioned_docs/version-v2.3/sensors/aws-fargate.md b/docs/versioned_docs/version-v2.3/sensors/aws-fargate.md new file mode 100644 index 0000000000..1bbc69244e --- /dev/null +++ b/docs/versioned_docs/version-v2.3/sensors/aws-fargate.md @@ -0,0 +1,401 @@ +--- +title: AWS Fargate +--- + +# AWS Fargate + +_Deployed as a sidecar container using a task definition_ + +In AWS Fargate, the ThreatMapper agents are deployed as a sidecar container using a task definition. + +The ThreatMapper management console is installed separately outside the fargate and the installation procedure is the same as before. + +:::note +Currently supported base operating systems of containers are Amazon Linux, Ubuntu, Debian, CentOS and RHEL +::: + +:::note +Please note the agent image "quay.io/deepfenceio/deepfence_agent_ce:2.3.1-fargate" is different from other deployment methods. +::: + +## Installing on AWS Fargate + +1. Set up AWS ECS by following the steps outlined here: [Set up to use AWS ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html) + +2. Refer [Prerequisites](./aws-fargate.md#prerequisites) for the actions performed in this step. + + You'll need to perform the following steps: + + 1. Create an _AWS ECS task execution IAM role_. + 1. Create a secret to store Deepfence Key. + 1. Create policies (either managed or inlined policy) allowing access to your stored secrets and attach the created policies to the task IAM role. You also need to attach the _AmazonECSTaskExecutionRolePolicy_ to the IAM role to run AWS ECS tasks. + +3. Click on the task definition on the side panel to create a new task definition. Select "AWS Fargate" as launch type + + Use the following steps outlined below in **"Fargate Task definition And Deployment"** instructions to deploy the fargate agent. + + You can configure the task definition either through JSON or using the AWS UI. + +4. Deploy your application on your cluster. + +## Create New Task Definition in Fargate + +### Create Task Definition + +Click Create new Task Definition and select "AWS Fargate" as launch type. + +| ![New Fargate task](../img/fargate-task-1.png) | +| :--------------------------------------------: | +| _New Fargate Task_ | + +### Set Task Parameters + +Edit the _Task Definition Name_, _Task Role_ and _Task Execution Role etc_. as required. For the _Task Role_ and _Task Execution Role_, you have to use the role created in _IAM role creation step_ earlier. Specify _Task memory_ and _Task CPU_ according to your Requirements. + +| ![Update task definition and create agent container](../img/fargate-task-2.png) | +| :-----------------------------------------------------------------------------: | +| _Update task definition and create agent container_ | + +### Add the Deepfence Agent Sidecar Container + +Click on the _Add Container_ button to create a standard container for the ThreatMapper agent. Set image as _**quay.io/deepfenceio/deepfence_agent_ce:2.3.1-fargate**_ + +In the environment section, **DO NOT** mark it as essential. + +You need to note down the name of the agent container (_deepfence-agent_ in our example), which you will have to specify in _Volumes From_ section in application container task definition section later. + +Finally, click the _Add_ button to create the deepfence agent container: + +| ![Create the Agent Container inside the Task Definition](../img/fargate-task-3.png) | +| :---------------------------------------------------------------------------------: | +| _Create the Sidecar Agent Container inside the Task Definition_ | + +### Add the Main Container to your Application + +Click on the _Add Container_ button to create a new container for your application by following the additional steps outlined below. If you have more than one application container, you will have to repeat these steps for each container. + +#### Configure Environment Variables for Fargate Application Container + +The following environment variables are required for the ThreatMapper agent: + +- **DEEPFENCE_KEY**: API key available in the management console UI(can be stored as a secret and later referred in environment using valuesFrom) +- **MGMT_CONSOLE_URL**: IP address of Management Console +- **DF_SERVERLESS**: Set to _true_ for serverless instances +- **MGMT_CONSOLE_URL_SCHEMA**: Set to _http_ or _https_ depending on the schema used for management console +- **MGMT_CONSOLE_PORT**: Set to _80_ or _443_ depending on the port used for management console + +| ![Configuring Environment Variables for Fargate Application Container](../img/fargate-task-7.png) | +| :-----------------------------------------------------------------------------------------------: | +| _Configuring Environment Variables for Fargate Application Container_ | + +If you are using json to configure your task definitions, you can use the following part in the appropriate container section of task definition json after copying the appropriate IP address and API Key. + +``` +"environment": [ + { + "name": "DEEPFENCE_KEY", + "value": "" + }, + { + "name": "MGMT_CONSOLE_URL", + "value": "" + }, + { + "name": "DF_SERVERLESS", + "value": "true" + }, + { + "name": "DF_LOG_LEVEL", + "value": "info" + }, + { + "name": "USER_DEFINED_TAGS", + "value": "" + }, + { + "name": "DF_INSTALL_DIR", + "value": "/path/to/custom/install/dir" + }, + { + "name": "MGMT_CONSOLE_URL_SCHEMA", + "value": "https" + }, + { + "name": "MGMT_CONSOLE_PORT", + "value": "443" + } +] +``` + +#### Configure Storage + +Scroll down to **Storage** Section and click **Add Volume from**. In the **Container** dropdown select your application container and in **Source container** dropdown select the agent container to allow read/write from deepfence agent volume. Leave the _Read only_ button **unchecked** as shown below. + +| ![Configure VolumesFrom Setting text](../img/fargate-task-4.png) | +| :--------------------------------------------------------------: | +| _Configure VolumesFrom Setting_ | + +If you are using json to configure your task definitions, you can copy the following settings to the appropriate container section of the json after changing the Container name: + +``` +"volumesFrom": [ + { + "sourceContainer": "deepfence-agent", + "readOnly": false + } +], +``` + +Finally, click the Create button to create the task definition for the deployment. + +### Configure Correct Startup + +Now that deepfence agent is available in the fargate instance, you need to invoke agent and application entrypoints to start the application with Deepfence enabled. This can be done in two ways: + +#### Edit the Entry Point for the container + +There are two ways to achieve this: + +**Change the Entrypoint**: For this, you need to provide the ThreatMapper entrypoint and the Application entrypoint and arguments, as a comma delimited list in the **Entry point** field: + +| ![Invoking agent by changing the Entrypoint](../img/fargate-task-5.png) | +| :---------------------------------------------------------------------: | +| _Method (1a): Invoking agent by changing the Entrypoint_ | + +If you are using json to configure your task definitions, then you can specify the entrypoint and/or command as follows using appropriate quoting: + +``` +"entryPoint": [ + "/deepfence/usr/local/bin/deepfence-entry-point-scratch.sh", + "customer-entry-point.sh", + "param1", + "param2" +] +``` + +**Change the Entrypoint and Command**: Alternatively, you can provide the ThreatMapper entrypoint in the **Entry point** field and the Application entrypoint and arguments in the **Command** field as shown below: + +| ![Invoking agent by changing the Entrypoint and Command field](../img/fargate-task-6.png) | +| :---------------------------------------------------------------------------------------: | +| _Method (1b): Invoking agent by changing the Entrypoint and Command field_ | + +If you are using json to configure your task definitions, then you can specify the entrypoint and/or command as follows using appropriate quoting: + +``` +"entryPoint": [ + "/deepfence/usr/local/bin/deepfence-entry-point-scratch.sh" +], +"command": [ + "customer-entry-point.sh", + "param1", + "param2" +] +``` + +## Prerequisites + +Make sure you have the following information: + +- Management console URL/IP, later referred as `` +- Deepfence API key, later referred as `` (This key can be found from the management console, in the settings > User > API Key) + +1. Add secret for Deepfence API key + - Go to the secret manager dashboard from the AWS Console + - Select "Store a new secret" + - Select "Other type of secret" + - Select "Plaintext" and paste the following: + ```json + { + "deepfence_api_key": "" + } + ``` + +Create the secret and store the ARN. We will refer to it as `` + +:::caution +Be careful with the double quotes, sometimes the AWS UI transforms them into a special character that is not recognized as valid JSON. +::: + +2. Create a new role (e.g.: `deepfence-agent-role`) + - Go to the IAM dashboard from AWS Console + - Go to Access management > roles + - Select "Create Role", + - Select "Custom trust policy" + - Paste the following: + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + } + ``` + +Then continue: + + - Search in the "Permissions policies" for "Task" > Select the following policy: `AmazonECSTaskExecutionRolePolicy` + - Again search in the "Permissions policies" for "Task" > Select the following policy: `CloudWatchLogsFullAccess` + - Click "Next", name the role `deepfence-agent-role`, then "Create role" + - Store the Role ARN. We will refer to it as `` + - Search for your newly created role + - Click on it (`deepfence-agent-role` in our example) + - Select "Add permissions" > "Create inline policy" and add: + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "secretsmanager:GetSecretValue" + ], + "Resource": [ + "" + ] + } + ] + } + ``` + + - If you are using a custom KMS key for your secrets and not using the default key, you will also need to add the KMS key permissions to your inline policy: + + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "kms:Decrypt", + "secretsmanager:GetSecretValue" + ], + "Resource": [ + "", + "" + ] + } + ] + } + ``` + +Then create the new policy. + +## Sample fargate task definition json with deepfence-agent sidecar + +```json +{ + "requiresCompatibilities": ["FARGATE"], + "inferenceAccelerators": [], + "containerDefinitions": [ + { + "name": "python", + "image": "python:latest", + "cpu": 0, + "portMappings": [ + { + "name": "python-8000-tcp", + "containerPort": 8000, + "hostPort": 8000, + "protocol": "tcp" + } + ], + "essential": true, + "entryPoint": [ + "/deepfence/usr/local/bin/deepfence-entry-point-scratch.sh" + ], + "command": ["python3", "-m", "http.server"], + "environment": [ + { + "name": "MGMT_CONSOLE_URL", + "value": "" + }, + { + "name": "DF_SERVERLESS", + "value": "true" + }, + { + "name": "DF_LOG_LEVEL", + "value": "info" + }, + { + "name": "USER_DEFINED_TAGS", + "value": "" + }, + { + "name": "DF_INSTALL_DIR", + "value": "/usr/local/bin" + }, + { + "name": "MGMT_CONSOLE_URL_SCHEMA", + "value": "https" + }, + { + "name": "MGMT_CONSOLE_PORT", + "value": "443" + } + ], + "mountPoints": [], + "volumesFrom": [ + { + "sourceContainer": "deepfence-agent", + "readOnly": false + } + ], + "secrets": [ + { + "name": "DEEPFENCE_KEY", + "valueFrom": ":deepfence_api_key::" + } + ], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/test-doc-python", + "awslogs-region": "us-west-2", + "awslogs-stream-prefix": "ecs" + } + } + }, + { + "name": "deepfence-agent", + "image": "quay.io/deepfenceio/deepfence_agent_ce:2.3.1-fargate", + "repositoryCredentials": {}, + "cpu": 0, + "portMappings": [], + "essential": false, + "environment": [], + "mountPoints": [], + "volumesFrom": [], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/test-doc-python", + "awslogs-region": "us-west-2", + "awslogs-stream-prefix": "ecs" + } + } + } + ], + "volumes": [], + "networkMode": "awsvpc", + "memory": "4096", + "cpu": "2048", + "family": "test-doc-python", + "executionRoleArn": "", + "taskRoleArn": "", + "runtimePlatform": { + "cpuArchitecture": "X86_64", + "operatingSystemFamily": "LINUX" + }, + "tags": [], + "placementConstraints": [] +} +``` diff --git a/docs/versioned_docs/version-v2.3/sensors/docker.md b/docs/versioned_docs/version-v2.3/sensors/docker.md new file mode 100644 index 0000000000..b34dc5d84a --- /dev/null +++ b/docs/versioned_docs/version-v2.3/sensors/docker.md @@ -0,0 +1,113 @@ +--- +title: Docker +--- + +# Docker + +On a Linux-based Docker host, the ThreatMapper agents are deployed as a lightweight container. + +Install a docker runtime on the Linux host. Refer to the [Prerequisites for the Sensor Agents](/docs/architecture#threatmapper-sensor-containers) for minimum supported platforms. + +For Windows Server hosts, experimental support exists, but it is not suitable for production use. + +## Installation of ThreatMapper Sensors + +Install and start the latest release of the deepfence sensor. Run the following command to start the sensor on the host, replacing the `CONSOLE_URL` and `DEEPFENCE_KEY` values: + +:::info +Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.3.1-multiarch` is supported in amd64 and arm64/v8 architectures. +::: + +### Docker + +```bash +docker run -dit \ + --cpus=".2" \ + --name=deepfence-agent \ + --restart on-failure \ + --pid=host \ + --net=host \ + --log-driver json-file \ + --log-opt max-size=50m \ + --privileged=true \ + -v /sys/kernel/debug:/sys/kernel/debug:rw \ + -v /var/log/fenced \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /:/fenced/mnt/host/:ro \ + -e DF_LOG_LEVEL="info" \ + -e USER_DEFINED_TAGS="" \ + -e MGMT_CONSOLE_URL="---CONSOLE-IP---" \ + -e MGMT_CONSOLE_PORT="443" \ + -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ + quay.io/deepfenceio/deepfence_agent_ce:2.3.1 +``` + +### Podman + +Podman system service (API service) should be running before deploying the sensor (https://docs.podman.io/en/latest/markdown/podman-system-service.1.html) + +```bash +sudo podman run -dit \ + --cpus=".2" \ + --name=deepfence-agent \ + --restart on-failure \ + --pid=host \ + --net=host \ + --log-driver json-file \ + --log-opt max-size=50m \ + --privileged=true \ + -v /sys/kernel/debug:/sys/kernel/debug:rw \ + -v /var/log/fenced \ + -v /run/podman/podman.sock:/run/podman/podman.sock \ + -v /run/systemd/:/run/systemd/ \ + -v /:/fenced/mnt/host/:ro \ + -e DF_LOG_LEVEL="info" \ + -e USER_DEFINED_TAGS="" \ + -e MGMT_CONSOLE_URL="---CONSOLE-IP---" \ + -e MGMT_CONSOLE_PORT="443" \ + -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ + quay.io/deepfenceio/deepfence_agent_ce:2.3.1 +``` + +:::tip +Optionally the sensor container can be further tagged using ```USER_DEFINED_TAGS=""``` in the above command. Tags should be comma separated, for example, ```"dev,front-end"```. +::: + + +## Upgrade the ThreatMapper Sensors + +To upgrade a sensor install, stop the existing sensor and start the new version. + +## Using a Proxy Server with Docker + +If ThreatMapper management console is accessed through a proxy server, add the proxy server details to the docker configuration. + +Edit the file: `~/.docker/config.json`, and add the following content. Remember to change the proxy server ip address from 111.111.111.111 to your proxy server ip: + +```json +{ + "auths": { + "https://index.docker.io/v1/": { + "auth": "" + } + }, + "HttpHeaders": { + "User-Agent": "Docker-Client/19.03.1 (linux)" + }, + "proxies": { + "default": { + "httpProxy": "http://111.111.111.111:8006", + "httpsProxy": "http://111.111.111.111:8006", + "noProxy": "localhost,127.0.0.1" + } + } +} +``` + +Restart the docker daemon: + +```bash +sudo systemctl restart docker +``` + +ThreatMapper agent VMs do not require any changes for proxy server. diff --git a/docs/versioned_docs/version-v2.3/sensors/index.md b/docs/versioned_docs/version-v2.3/sensors/index.md new file mode 100644 index 0000000000..caf097ea49 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/sensors/index.md @@ -0,0 +1,49 @@ +--- +title: Installing ThreatMapper Sensors +--- + +# The Role of ThreatMapper Sensors + +Your production workloads are managed using ThreatMapper Sensors. The ThreatMapper Sensors are implemented as lightweight, privileged containers which monitor activity, discover workloads and retrieve manifests. They communicate with the ThreatMapper Management Console over TLS, using the URL and API key. + +A single ThreatMapper Console can manage multiple workload types, and on-premise and cloud deployments simultaneously. + +## Before You Begin + +Before you install the Sensors, obtain the Management Console URL and API key as described in the [Initial Configuration](/docs/console/initial-configuration). + +You should take care to install the sensor version that matches your Management Console version, as compatibility across versions is not guaranteed. + +Review the architecture for the Sensor Agent, as described in [Architecture: Sensor Agent](/docs/architecture/sensors). + +## System Requirements + +ThreatMapper performs detailed scanning of resources using sensor agents that are deployed with the target infrastructure. + +Sensor containers can be deployed directly to Kubernetes or Fargate, or can be deployed on a Docker environment. If you wish to monitor a Linux-based virtual machine or bare-metal production server, you should install a docker runtime within the host Linux operating system: + +| Feature | Requirements | +|----------------------|----------------------------------------------------------------------------| +| CPU: No of cores | 0.2 units of 1 core | +| RAM | 200 MB to 1 GB | +| Linux kernel version | >= 4.4 | +| Connectivity | Access to Deepfence Management Console IP address, port 443 (configurable) | + +For Windows Server hosts, experimental support exists, but it is not suitable for production use. + +## Installing the ThreatMapper Sensors + +For your convenience, the ThreatMapper management console provides the default installation commands to install the agent on a docker host or in a kubernetes cluster: + +| ![Agent Setup](../img/agent-setup-2.png) | +|:----------------------------------------:| +| Default Agent Setup (URL and Key masked) | + +More detailed instructions are as follows: + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/sensors/kubernetes.md b/docs/versioned_docs/version-v2.3/sensors/kubernetes.md new file mode 100644 index 0000000000..9be0ced5c8 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/sensors/kubernetes.md @@ -0,0 +1,90 @@ +--- +title: Kubernetes +--- + +# Kubernetes + +In Kubernetes, the ThreatMapper sensors are deployed as a daemonset in the Kubernetes cluster, using a helm chart. + +:::info +The `deepfence-console` helm chart by default runs agent and cluster-agent pods. The `deepfence-agent` helm chart need not be installed in the cluster where console helm chart is deployed. +::: + +## Quick Installation of ThreatMapper Sensors + +Install and start the latest release of the deepfence sensor. Replace `x.x.x.x` with the IP address of the Management Console and `73f6f3d0-9931-4b31-8967-fd6adf475f80` with the API key. + +### Identify container runtime +If container runtime is unknown, please follow [these](#identify-container-runtime-1) instructions. + +:::info +`clusterName` is the name / identifier of the cluster. It should be different for different kubernetes clusters. Example: prod-cluster-1, test-cluster. +::: + +:::info +Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.3.1-multiarch` is supported in amd64 and arm64/v8 architectures. +::: + +### Deploy deepfence-agent helm chart +```bash +helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper +helm repo update + +# helm show readme deepfence/deepfence-agent --version 2.3.1 | less +# helm show values deepfence/deepfence-agent --version 2.3.1 | less + +helm install deepfence-agent deepfence/deepfence-agent \ + --set managementConsoleUrl=x.x.x.x \ + --set deepfenceKey=73f6f3d0-9931-4b31-8967-fd6adf475f80 \ + --set global.imageTag=2.3.1 \ + --set clusterName="prod-cluster" \ + --set mountContainerRuntimeSocket.containerdSock=true \ + --set mountContainerRuntimeSocket.dockerSock=false \ + --set mountContainerRuntimeSocket.crioSock=false \ + --set mountContainerRuntimeSocket.podmanSock=false \ + --set mountContainerRuntimeSocket.containerdSockPath="/run/containerd/containerd.sock" \ + --set logLevel="info" \ + --namespace deepfence \ + --create-namespace \ + --version 2.3.1 +``` + +## Fine-tune the Helm deployment + +```bash +helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper +helm repo update + +helm show values deepfence/deepfence-agent --version 2.3.1 > deepfence_agent_values.yaml + +# You will need to update the following values: +# managementConsoleUrl and deepfenceKey - specify your URL/IP and API key value +# You may wish to update other values, including: +# image:name and image:clusterAgentImageName - change to point to custom images +# containerdSock - set to false if agent fails to start on some Kubernetes platforms e.g. Minikube +vim deepfence_agent_values.yaml + +helm install -f deepfence_agent_values.yaml deepfence-agent deepfence/deepfence-agent \ + --namespace deepfence \ + --create-namespace \ + --version 2.3.1 +``` + +## Delete the ThreatMapper Sensor + +```bash +helm delete deepfence-agent -n deepfence +``` + +## Identify container runtime +- To get container runtime in the k8s cluster, run the following command +```shell +kubectl get nodes -o=custom-columns=NAME:.metadata.name,Runtime:.status.nodeInfo.containerRuntimeVersion +``` +- To get container runtime socket path in the k8s cluster, run the following commands and search for `--container-runtime-endpoint` or `containerd` +```shell +kubectl apply -f https://deepfence-public.s3.amazonaws.com/kubernetes/deepfence-cluster-config-job.yaml +kubectl wait --for=condition=complete --timeout=30s job/deepfence-cluster-config +kubectl logs $(kubectl get pod -l job-name=deepfence-cluster-config -o jsonpath="{.items[0].metadata.name}") +kubectl delete -f https://deepfence-public.s3.amazonaws.com/kubernetes/deepfence-cluster-config-job.yaml +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/sensors/linux-host.md b/docs/versioned_docs/version-v2.3/sensors/linux-host.md new file mode 100644 index 0000000000..7595d005a7 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/sensors/linux-host.md @@ -0,0 +1,188 @@ +--- +title: Linux Host +--- + +# Linux Host + +On a Linux-based bare-metal or virtual machine workload, the ThreatMapper sensor agents are deployed as a linux binary. + +## ThreatMapper Sensor Agents + +Install a docker runtime on the Linux host. Refer to the [Prerequisites for the Sensor Agents](/docs/architecture#threatmapper-sensor-containers) for minimum supported platforms. + +* Copy the following shell script and save as `install_deepfence.sh` +```bash +#!/bin/bash + +# MGMT_CONSOLE_URL: Example: threatmapper.customer.com or 65.65.65.65 +export MGMT_CONSOLE_URL="${MGMT_CONSOLE_URL}" +export DEEPFENCE_KEY="${DEEPFENCE_KEY}" + +if [[ -z "$MGMT_CONSOLE_URL" ]]; then + echo "env MGMT_CONSOLE_URL is not set" + exit 1 +fi + +if [[ -z "$DEEPFENCE_KEY" ]]; then + echo "env DEEPFENCE_KEY is not set" + exit 1 +fi + +export MGMT_CONSOLE_PORT="443" +export MGMT_CONSOLE_URL_SCHEMA="https" +export DF_HOSTNAME="$(hostname)" +export DF_LOG_LEVEL="info" + +MANAGEMENT_CONSOLE_URL="$MGMT_CONSOLE_URL_SCHEMA://$MGMT_CONSOLE_URL:$MGMT_CONSOLE_PORT" + +OS_ID=$(grep -oP '(?<=^ID=).+' /etc/os-release | tr -d '"') +if [[ "$OS_ID" == "amzn" || "$OS_ID" == "centos" ]]; then + # Do necessary installs for Amazon Linux + yum -y install logrotate jq curl + if [[ "$?" != "0" ]]; then + echo "Failed to install logrotate" + exit 1 + fi +else + # Do necessary installs for Ubuntu + apt-get -y install logrotate jq curl + if [[ "$?" != "0" ]]; then + echo "Failed to install logrotate" + exit 1 + fi +fi + +access_token_response=$(curl -m 5 -s -k "$MANAGEMENT_CONSOLE_URL/deepfence/auth/token" \ + --header 'Content-Type: application/json' \ + --data "{\"api_token\": \"$DEEPFENCE_KEY\"}") +if [[ $access_token_response == "" ]]; then + echo "Failed to connect to the management console" + exit 1 +fi + +access_token=$(jq -r '.access_token' <<< "$access_token_response") +if [[ $access_token == "" || $access_token == "null" ]]; then + echo "Failed to authenticate" + echo "$access_token_response" + exit 1 +fi + +download_url_response=$(curl -m 5 -s -k "$MANAGEMENT_CONSOLE_URL/deepfence/agent-deployment/binary/download-url" \ + --header "Authorization: Bearer $access_token") +if [[ $download_url_response == "" ]]; then + echo "Failed to get agent binary download url" + exit 1 +fi + +start_agent_script_download_url=$(jq -r '.start_agent_script_download_url' <<< "$download_url_response") +if [[ $start_agent_script_download_url == "" ]]; then + echo "Failed to get agent binary download url" + echo "$download_url_response" + exit 1 +fi + +cat << EOF > uninstall_deepfence.sh +#!/bin/bash + +systemctl stop deepfence-agent.service +systemctl disable deepfence-agent.service +rm -f /etc/systemd/system/deepfence-agent.service +rm -rf /opt/deepfence +EOF + +echo "Uninstalling existing Deepfence agent installation, if any" +chmod +x uninstall_deepfence.sh +bash uninstall_deepfence.sh + +if [[ ! -d "/opt/deepfence" ]]; then + mkdir -p /opt/deepfence /opt/deepfence/var/log/ +fi + +architecture="" +case $(uname -m) in + i386) architecture="386" ;; + i686) architecture="386" ;; + x86_64) architecture="amd64" ;; + arm) dpkg --print-architecture | grep -q "arm64" && architecture="arm64" || architecture="arm" ;; + aarch64) architecture="arm64" ;; +esac + +echo "Detected architecture: $architecture" + +agent_binary_download_url=$(jq -r --arg architecture "agent_binary_${architecture}_download_url" '.[$architecture]' <<< "$download_url_response") +agent_binary_filename=$(basename "$agent_binary_download_url") +agent_binary_filename=$(cut -f1 -d"?" <<< "$agent_binary_filename") + +if [[ $agent_binary_download_url == "" || $agent_binary_filename == "" ]]; then + echo "Failed to get agent binary download url" + echo "$download_url_response" + exit 1 +fi + +echo "Downloading agent binary from $agent_binary_download_url to /opt/deepfence/$agent_binary_filename" +curl -k -o "/opt/deepfence/$agent_binary_filename" "$agent_binary_download_url" + +curl -k -o /opt/deepfence/start_deepfence_agent.sh "$start_agent_script_download_url" +chmod +x "/opt/deepfence/start_deepfence_agent.sh" + +tar -xzf "/opt/deepfence/$agent_binary_filename" -C /opt/deepfence/ + +echo "MGMT_CONSOLE_URL: $MGMT_CONSOLE_URL" +echo "MGMT_CONSOLE_PORT: $MGMT_CONSOLE_PORT" +echo "DF_HOSTNAME: $DF_HOSTNAME" + +echo "Installing Deepfence agent as daemon service" + +cat << EOF > /etc/systemd/system/deepfence-agent.service +[Unit] +Description=Deepfence Agent Service +After=network.target + +[Service] +Environment="MGMT_CONSOLE_URL=$MGMT_CONSOLE_URL" +Environment="DEEPFENCE_KEY=$DEEPFENCE_KEY" +Environment="MGMT_CONSOLE_PORT=$MGMT_CONSOLE_PORT" +Environment="MGMT_CONSOLE_URL_SCHEMA=$MGMT_CONSOLE_URL_SCHEMA" +Environment="DF_HOSTNAME=$(hostname)" +Environment="DF_LOG_LEVEL=$DF_LOG_LEVEL" + +User=root +Group=root +Restart=on-failure +Type=forking +ExecStart=/opt/deepfence/start_deepfence_agent.sh +WorkingDirectory=/opt/deepfence + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload +systemctl enable deepfence-agent.service +systemctl start deepfence-agent.service +systemctl status deepfence-agent.service +``` + +* Set management console URL and Deepfence key. You can find the Deepfence API key under + `Setting>User Management>API Key` +* You can run this script as following +```bash +sudo bash install_deepfence.sh +``` + +## Logs + +To get the service logs, run the following command +```shell +sudo journalctl -u deepfence-agent.service +``` + +## Uninstall + +To uninstall deepfence agent, run the following commands +```shell +sudo systemctl stop deepfence-agent.service +sudo systemctl disable deepfence-agent.service +sudo rm -f /etc/systemd/system/deepfence-agent.service +sudo rm -rf /opt/deepfence +``` diff --git a/docs/versioned_docs/version-v2.3/tips/automating-scans.md b/docs/versioned_docs/version-v2.3/tips/automating-scans.md new file mode 100644 index 0000000000..e76db5a0e2 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/tips/automating-scans.md @@ -0,0 +1,50 @@ +--- +title: Automating Scans +--- + +# Automating Scans + +## Why should you Automate Production Scans? + +Vulnerabilities may be introduced into your production platforms at any point. And change to application dependencies of infrastructure may introduce new vulnerabilities. Changes in the application topology, such as promoting a service from internal dev traffic to external Internet traffic, can change ThreatMapper's risk-of-exploit score for a vulnerability. + +Most significantly, new vulnerabilities can be discovered in existing components at any time. A component that passed all vulnerability scans when it was deployed may still contain issues that are discovered weeks, months or years afterwards. + +ThreatMapper can scan your production platforms periodically, using the most up-to-date threat feeds at each time. This enables ThreatMapper to catch changes in application components and topology, and to find recently-disclosed vulnerabilities in components that are already deployed. + + +## Automating ThreatMapper + +The results of automated scans are added to the **Vulnerability Scans** report, and can be raised through any configured [Notification](/docs/integrations) method. + +ThreatMapper presents a series of APIs that you can use to enumerate nodes and run scans: + +* [https://deepfence.github.io/deepfence_runtime_api/](https://deepfence.github.io/deepfence_runtime_api/) + + +### Scanning Workloads before Deployment + +ThreatMapper can be invoked during the build process for a workload, commonly referred to as CI (Continuous Integration). For more information, check out the (Scanning in the CI Pipeline)[Scan-CI] documentation. + +ThreatMapper can scan registries, looking for vulnerabilities in containers. Scans can be invoked manually, or can run periodically against the registry. For more information, check out the (Scanning Registries)[Scanning Registries] documentation. + +### Use Case: Periodically Running Scans ("cron") + +#### UI +Schedule is set by default in ThreatMapper to scan all containers and hosts once a week. They can be enabled if needed. + +![Scheduled Jobs](../img/scheduled-jobs.png) + +#### API +A good example for API-driven automation - you can create a script that enumerates your infrastructure and workloads, and then scans on-demand. + + +### Use Case: Scanning Nodes before Deployment + +You can use ThreatMapper to scan new nodes as they are added to the infrastructure, and can prevent these nodes from becoming active if they fail the scan: + * Instance is started by elastic platform e.g. AWS + * Instance contains ThreatMapper agent as a component + * When instance starts, agent self-registers with management console. + * Management console notices a new instance has been added and schedules a scan (using streaming API - details to be documented) + * Once the scan has completed, if it is deemed to have failed (admin defines pass or fail criteria), the management console can delete the new node (using preconfigured credentials) + diff --git a/docs/versioned_docs/version-v2.3/tips/debugging.md b/docs/versioned_docs/version-v2.3/tips/debugging.md new file mode 100644 index 0000000000..b38800b328 --- /dev/null +++ b/docs/versioned_docs/version-v2.3/tips/debugging.md @@ -0,0 +1,27 @@ +--- +title: Debugging +--- + +# Diagnostics logs +Deepfence Management console provides a way to download the logs for the console or from the specific agent on host or kubernetes cluster or cloud scanner. For steps to download agent logs from console UI refer [Support and Diagnostics](../operations/support.md) + +# Agent Log Locations + +- **General Log Locations** + - `/var/log/supervisor` - bootstrapper logs, this is the daemon which manages all the plugins used in the agent + - `/var/log/deepfenced` - logs of plugins managed by bootstrapper like `package-scanner`, `secret-scanner`, etc., + - `/var/log/fenced` - all the data collected by the plugins are written here before its pushed to deepfence console + +- Linux Binary Agent + - In case of linux binary agent prefix `/opt/deepfence` to **General Log Locations** + +- AWS Fargate Agent + - In case of AWS Fargate agent prefix `DF_INSTALL_DIR` to **General Log Locations** + +- Cloud Scanner + - prefix `/home/deepfence` if deployed as ECS task or AWS Fargate or GCP Cloud Run container to **General Log Locations** + - prefix `/data/home/deepfence` if deployed as docker container or kubernetes pod to **General Log Locations** + +# Vulnerability scan failures +- Check agent `package_scanner.log` file for errors this file can be located in the directory `/var/log/deepfenced` +- If there are no errors on agent and sbom generation was successful, then check the deepfence-worker logs for issue in sbom scan on console \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.3/tips/sensor-agent-not-start.md b/docs/versioned_docs/version-v2.3/tips/sensor-agent-not-start.md new file mode 100644 index 0000000000..82971df45e --- /dev/null +++ b/docs/versioned_docs/version-v2.3/tips/sensor-agent-not-start.md @@ -0,0 +1,39 @@ +--- +title: Sensor Agent does not start +--- + +# Sensor Agent does not start + + +## When using Minikube (possibly other platforms), the deepfence-agent does not start + +Running `kubectl get pods -n deepfence` gives output similar to: + +``` +NAME READY STATUS RESTARTS AGE +deepfence-agent-8lxng 0/1 ContainerCreating 0 3m14s +deepfence-cluster-agent-d86cd4df8-c4fz2 1/1 Running 0 3m14s +``` + +Running `kubectl describe pod -n deepfence deepfence-agent-8lxng` reveals: + +``` + Warning FailedMount 30s (x8 over 3m14s) kubelet MountVolume.SetUp failed for volume "containerd-sock" : hostPath type check failed: /run/containerd/containerd.sock is not a socket file +``` + +**Solution:** edit `deepfence_agent_values.yaml` and set `containerdSock` to be `"false"`. Redeploy the agent using: + +```bash +helm delete deepfence-agent -n deepfence + +helm show values deepfence/deepfence-agent --version 2.3.1 > deepfence_agent_values.yaml + +# You will need to update the following values: +# containerdSock - set to "false" +vim deepfence_agent_values.yaml + +helm install -f deepfence_agent_values.yaml deepfence-agent deepfence/deepfence-agent \ + --namespace deepfence \ + --create-namespace \ + --version 2.3.1 +``` diff --git a/docs/versioned_docs/version-v2.4/architecture/cloudscanner.md b/docs/versioned_docs/version-v2.4/architecture/cloudscanner.md new file mode 100644 index 0000000000..86ed114a13 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/architecture/cloudscanner.md @@ -0,0 +1,40 @@ +--- +title: Cloud Scanner task +--- + +# Cloud Scanner Overview + +ThreatMapper performs Compliance Posture Scanning to: + +* Build an inventory of cloud assets, such as network security groups, storage objects, key management services. The types of assets discovered are specific to each cloud platform. +* Perform 'posture scanning', where ThreatMapper matches infrastructure configuration against a set of best-practice benchmarks, such as CIS, PCI-DSS and HIPAA. The benchmarks that are supported are specific to each cloud platform. + +ThreatMapper then summarises the results in a 'Threat Graph' visualization, to help you to prioritize compliance issues that pose the greatest risk of exploit. + +## Implementation + + * Compliance Posture Scanning for **Clouds** requires access (typically read-only) to the cloud platform APIs, and uses the Cloud Scanner task + * Compliance Posture Scanning for **Hosts** requires direct access to the host, and uses the Sensor Agent. + +### Compliance Posture Scanning for Clouds + +The ThreatMapper Console does not access the cloud platform APIs directly; there is no need to open the APIs up for remote access. Instead, you deploy a 'Cloud Scanner' task which acts as a local relay, taking instructions from the remote ThreatMapper console and performing local API calls from within your cloud infrastructure. + +Each Cloud Scanner task runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your ThreatMapper console. You can deploy as many Cloud Scanner tasks as are required by your security policy and any restrictions in place that affect API access. + +Cloud Scanner tasks are deployed using the appropriate Terraform module for each cloud, and are configured with the address and API key of your management console. They 'phone home' to your management console and take instructions on demand; they do not listen for remote connections or control. + +:::info +Refer to the Installation Documentation to [Learn how to install Cloud Scanner tasks](/docs/cloudscanner) +::: + + +### Compliance Posture Scanning for Hosts + +ThreatMapper can perform compliance posture scanning on linux hosts and Kubernetes master and worker nodes. + +Scanning is done directly, using a local [Sensor Agent](sensors) rather than by using the Cloud Scanner task employed by the cloud platform integrations. + + + + diff --git a/docs/versioned_docs/version-v2.4/architecture/console.md b/docs/versioned_docs/version-v2.4/architecture/console.md new file mode 100644 index 0000000000..eee43a4178 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/architecture/console.md @@ -0,0 +1,38 @@ +--- +title: Management Console +--- + +# The ThreatMapper Management Console + +The ThreatMapper Management Console ("Console") is a standalone application, implemented as a fleet of containers. It should be deployed on either a single docker host, or (for larger deployments) a dedicated Kubernetes cluster. The console is self-contained, and exposes an HTTPS interface for administration and API automation. + +The console allows you to: + +* Manage the users who can access the console. +* Configure Infrastructure API access and interrogate platform configurations. +* Visualize and drill down into Kubernetes clusters, virtual machines, containers and images, running processes, and network connections in near real time. +* Invoke vulnerability scans on running containers and applications and review the results, ranked by risk-of-exploit. +* Invoke compliance scans on infrastructure configuration ('agentless') and on infrastructure hosts ('agent-based'), manually or automatically when they are added to a cluster. +* Scan container registries for vulnerabilities, to review workloads before they are deployed. +* Scan image builds during the CI/CD pipeline, supporting CircleCI, Jenkins, and GitLab. +* Scan containers and host filesystems for unprotected secrets, including access tokens, keys and passwords. +* Configure integrations with external notification, SIEM and ticketing systems, including Slack, PagerDuty, Jira, Splunk, ELK, Sumo Logic, and AWS S3. +ThreatMapper supports multiple production deployments simultaneously, so that you can visualize and scan workloads across a large production estate. + +### ThreatMapper Compliance Posture Scanning + +ThreatMapper performs compliance posture scanning for cloud platforms by querying the infrastructure APIs for these platforms. + +This is achieved using a **cloud scanner** task that is deployed within each cloud instance using a terraform module. The cloud scanner is granted appropriate access to the local APIs, and operates under instruction from the remote ThreatMapper console. + +### ThreatMapper Registry Scanning + +The ThreatMapper console can scan container images at rest in a wide range of supported registries. + +This is achieved by providing appropriate credentials to the ThreatMapper console so that it can discover and download assets directly from these registries. + +### ThreatMapper Vulnerability, Secret and Local Compliance Scanning + +ThreatMapper performs vulnerability and secret scanning directly on production and non-production hosts using a **sensor agent** container. + +The sensor agent is also used for local compliance scanning (Kubernetes and Linux posture) where it has access to configuration and assets that are not exposed through an API. \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/architecture/index.md b/docs/versioned_docs/version-v2.4/architecture/index.md new file mode 100644 index 0000000000..3983602ad1 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/architecture/index.md @@ -0,0 +1,28 @@ +--- +title: ThreatMapper Architecture +--- + +# ThreatMapper Architecture + +The ThreatMapper product consists of a Management Console, and multiple Sensor Agents and Cloud Scanner tasks that are deployed within your production platform(s). + +![ThreatMapper Components](../img/threatmapper-components.jpg) + +The Management Console is deployed first. The Management console generates an API key and a URL which you will need when you install the Sensor containers and Cloud Scanner tasks. + +The Management Console is managed over TLS (port 443), used for administrative traffic (web browser and API) and for sensor traffic. You should firewall or secure access to this port so that only authorised admin users and remote production platforms are able to connect. + +# Agent-Less and Agent-Based operation + +ThreatMapper uses both agent-less and agent-based operations to discover the widest-possible range of threats and render them in 'Threat Graphs' and 'Threat Maps'. You can use either or both operations, and can configure their access to your production and non-production systems in line with your own security posture. + +| | Agent-Less (Cloud Connector) | Agent-Based (Sensor Agent) | +|----------------|----------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------| +| Implementation | Direct access to infrastructure APIs, using a secured **Cloud Connector** task, deployed local to the cloud instance | Lightweight, privileged **sensor agent** container with access to local resources on the host | +| Visibility | Cloud configuration and assets, as exposed through cloud or infrastructure API | Local assets, including filesystem, process list, local containers and pods, and kernel interfaces | +| Capability | Identifies deviation from good practice configuration ("Compliance Scanning") for cloud platforms | Identifies network flows and performs vulnerability, secret and local host (Linux/Kubernetes) compliance scanning | +| Output | Agent-less data is reported in the 'Threat Graph', which shows compliance-related issues | Agent-based data is reported in the Threat Map (for vulnerabilities, secrets etc) and Threat Graph (for compliance issues) | + + + + diff --git a/docs/versioned_docs/version-v2.4/architecture/sensors.md b/docs/versioned_docs/version-v2.4/architecture/sensors.md new file mode 100644 index 0000000000..f762d3fddb --- /dev/null +++ b/docs/versioned_docs/version-v2.4/architecture/sensors.md @@ -0,0 +1,18 @@ +--- +title: Sensor Agent +--- + +# Sensor Agent + +ThreatMapper Sensors are deployed on your production platforms, directly on each production host. They are deployed in the form of a privileged container (the 'Sensor Agent'). They communicate securely with your ThreatMapper Management Console, taking instructions to retrieve SBOMs and run scans, and forwarding telemetry data. + +The sensors support the following production platforms: + +* **Kubernetes:** The sensors are deployed as a daemonset, similar to other kubernetes services. +* **Docker:** The sensor is deployed as a docker container on each docker host. +* **Bare metal and VM-based platforms:** Sensors are deployed as a Docker container on each Linux operating system instance, using a Docker runtime. Linux instances are supported; Windows Server is not supported, although an experimental implementation is available. +* **AWS Fargate** The sensor is deployed as a daemon service alongside each serverless instance. + +:::info +Refer to the Installation Documentation to [Learn how to install Sensor Agents](/docs/sensors) +::: \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/architecture/threatgraph.md b/docs/versioned_docs/version-v2.4/architecture/threatgraph.md new file mode 100644 index 0000000000..662f361ae6 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/architecture/threatgraph.md @@ -0,0 +1,63 @@ +--- +title: The Threat Graph +--- + +# Understanding the Threat Graph + +The Threat Graph visualization provides an interactive view of your entire threat landscape. It presents the threats exposed on each node - vulnerabilities, secrets and compliance issues - and displays the connections between each based on live and recent network flows. + +| ![Threat Graph](../img/threat-graph-1.png) | +|:------------------------------------------:| +| Threat Graph | + +Nodes depict critical workloads and services that either have exploitable vulnerabilities or misconfigurations. Edges denote potential paths that attackers could take to access and exploit those issues, informed by real network data. + +The complete threat landscape is rendered as an interactive and actionable graph. The graph correlates the scan results (vulnerabilities, cloud misconfigurations, secrets) with runtime context (live network flows, security groups, live status) to contextualize and prioritize the alerts for each asset. + +## Investigating the Threat Graph landscape + +View the Cloud or Platform nodes to gain a summary of the number of significant vulnerabilities, secret and compliance issues within each cloud or platform. + +### Example: Compliance Issues + +Select a asset to view the instances of that asset. + +| ![Threat Graph - view assets](../img/threat-graph-2.png) | +|:--------------------------------------------------------:| +| Threat Graph - View Assets | + +Select an instance of that asset type to list the issues detected against instance: + +| ![Threat Graph](../img/threat-graph-3.png) | +|:--------------------------------------------:| +| Threat Graph - Investigate Compliance Issues | + +Select an issue to understand the full nature of the compliance deviation: + +| ![Threat Graph](../img/threat-graph-4.png) | +|:------------------------------------------:| +| Threat Graph - View Compliance Issue | + +You can quickly narrow down from potentially thousands of alerts to a refined and accurate set of issues and attack paths that you can fix. + +## Example: Workload Issues + +Select a runtime workload, such as a host, to list the issues detected against that asset: + +| ![Threat Graph](../img/threat-graph-2.png) | +|:------------------------------------------:| +| Threat Graph - Investigate Workload Issues | + +You can then review the issues detected against that workload. + +| ![Threat Graph](../img/threat-graph-6.png) | +|:------------------------------------------:| +| Threat Graph - View Vulnerabilities | + +If needed, you can drill down to the vulnerability specifics: + +| ![Threat Graph](../img/threat-graph-7.png) | +|:-------------------------------------------:| +| Threat Graph - View Vulnerability Specifics | + +Once again, the Threat Graph enables you to quickly narrow down from potentially thousands of alerts to a refined and accurate set of issues and attack paths that you can fix. diff --git a/docs/versioned_docs/version-v2.4/cloudscanner/aws.md b/docs/versioned_docs/version-v2.4/cloudscanner/aws.md new file mode 100644 index 0000000000..410b847149 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/cloudscanner/aws.md @@ -0,0 +1,390 @@ +--- +title: AWS +--- + +# Configuring Cloud Scanner for AWS + +Cloud Scanner can be deployed using one of the following: +- [ECS - CloudFormation](#cloud-scanner-on-ecs-cloudformation) +- [ECS - Terraform](#cloud-scanner-on-ecs-terraform) +- [EKS Cluster](#cloud-scanner-on-eks-cluster) +- [EC2 Instance](#cloud-scanner-on-ec2-instance) + +## Cloud Scanner on ECS (CloudFormation) + +### Organization Deployment + +Log in to the AWS management console account and open the following url link to deploy Cloud Scanner using CloudFormation in `us-east-1` region. + +[Deploy across multiple AWS accounts in AWS organization](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/organization-deployment/deepfence-cloud-scanner-org-common.template&stackName=Deepfence-Cloud-Scanner¶m_CloudScannerImage=quay.io/deepfenceio/cloud_scanner_ce:2.4.0) + +(Template URL: https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/organization-deployment/deepfence-cloud-scanner-org-common.template) + +Then, fill in the below parameters as needed: + +| ![Cloud Scanner](../img/cloud-scanner-aws-1.png) | +|:------------------------------------------------:| +| Cloud Scanner Configuration | + +:::info +Cloud Scanner Image: quay.io/deepfenceio/cloud_scanner_ce:2.4.0 +::: + +| ![Cloud Scanner](../img/cloud-scanner-aws-2.png) | +|:------------------------------------------------:| +| Set Name | + +### Single Account Deployment + +Log in to the AWS management console account and open the following url link to deploy Cloud Scanner using CloudFormation in `us-east-1` region. + +[Deploy on a single AWS account](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/single-account-deployment/deepfence-cloud-scanner.template&stackName=Deepfence-Cloud-Scanner¶m_CloudScannerImage=quay.io/deepfenceio/cloud_scanner_ce:2.4.0) + +(Template URL: https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/single-account-deployment/deepfence-cloud-scanner.template) + +Then, fill in the below parameters as needed: + +| ![Cloud Scanner](../img/cloud-scanner-aws-1.png) | +|:------------------------------------------------:| +| Cloud Scanner Configuration | + +| ![Cloud Scanner](../img/cloud-scanner-aws-2.png) | +|:------------------------------------------------:| +| Set Name | + +#### For Deployment in Existing VPC(Optional) + +If you want to deploy Cloud Scanner in an existing VPC (say, for environment where the Deepfence Management Console can only be accessed via a private IP within the VPC), you need to fill in the following params: + +| ![Cloud Scanner](../img/cloud-scanner-aws-3.png) | +|:------------------------------------------------:| +| Choose VPC | + +#### Configure CIDR blocks(Optional) + +You may want to configure CIDR blocks to avoid collision with existing CIDR blocks: + +| ![Cloud Scanner](../img/cloud-scanner-aws-4.png) | +|:------------------------------------------------:| +| Choose CIDRs | + +## Cloud Scanner on ECS (Terraform) + +Cloud Scanner is deployed as a task within your AWS infrastructure. + +You need to configure Terraform with the appropriate resources and inputs for your particular scenario, and you will need to provide the IP address or DNS name for the ThreatMapper management console and an API key. + +### Single Account Deployment + +Copy and paste the following into a new file cloud-scanner.tf. Edit the fields: region, mgmt-console-url and deepfence-key. +```shell +provider "aws" { + # AWS region: Example: us-east-1 + region = "us-east-1" +} + +module "deepfence-cloud-scanner_example_single-account" { + source = "deepfence/cloud-scanner/aws//examples/single-account-ecs" + version = "0.8.0" + name = "deepfence-cloud-scanner" + # mgmt-console-url: deepfence.customer.com or 22.33.44.55 + mgmt-console-url = "" + mgmt-console-port = "443" + deepfence-key = "" + # AWS Account Name (Optional, for easy identification) + account_name = "" + image = "quay.io/deepfenceio/cloud_scanner_ce:2.4.0" + # Task CPU Units (Default: 4 vCPU) + cpu = "4096" + # Task Memory (Default: 8 GB) + memory = "8192" + # Task Ephemeral Storage (Default: 100 GB) + ephemeral_storage = "100" + # Task role: Must be either arn:aws:iam::aws:policy/SecurityAudit or arn:aws:iam::aws:policy/ReadOnlyAccess + task_role = "arn:aws:iam::aws:policy/SecurityAudit" + debug_logs = false + # Use existing VPC (Optional) + use_existing_vpc = false + # VPC ID (If use_existing_vpc is set to true) + existing_vpc_id = "" + # List of VPC Subnet IDs (If use_existing_vpc is set to true) + existing_vpc_subnet_ids = [] + tags = { + product = "deepfence-cloud-scanner" + } + # AWS region: Example: us-east-1 + region = "us-east-1" + ecs_vpc_region_azs = ["us-east-1a"] + # Optional: To refresh the cloud resources every hour, provide CloudTrail Trail ARNs (Management events with write-only or read-write). + # If empty, a trail with management events will be automatically chosen if available. + # e.g.: ["arn:aws:cloudtrail:us-east-1:123456789012:trail/aws-events"] + cloudtrail_trails = [] +} +``` +Ensure that the `name` parameter is set to some unique string to avoid collision with existing resource names in the account of deployment + +Then run +```shell +terraform init +terraform plan +terraform apply +``` + +For full details, refer to the GitHub repository: https://github.com/deepfence/terraform-aws-cloud-scanner/tree/main/examples/single-account-ecs + +### Organization Account Deployment + +For full details, refer to the GitHub repository: https://github.com/deepfence/terraform-aws-cloud-scanner/tree/main/examples/organizational-deploy-with-member-account-read-only-access-creation + +## Cloud Scanner on EKS Cluster + +:::info + +**Pre-requisite:** +1. Associate OIDC provider with the EKS cluster where cloud scanner is going to be deployed. + + ([refer here for aws documentation on enable-iam-roles-for-service-accounts](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html)) + +2. kubectl and helm command line tools are installed and configured to access the cluster where cloud scanner is going to be deployed + +::: + +### Single Account Cloud Scanner on EKS cluster using IRSA + +1. Create the EKS IRSA role using the terraform script [single-account-eks-iam-role](https://github.com/deepfence/cloud-scanner/tree/main/cloudformation/self-hosted/eks-iam-roles/single-account-eks-iam-role) +2. If cloudformation is preferred create the EKS IRSA role using the cloudformation template [deepfence-cloud-scanner-single-account-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/eks-iam-roles/single-account-eks-iam-role/deepfence-cloud-scanner-single-account-iam-role.template) +3. Note **namespace**, **service account name** and **iam role arn** from the output of terraform or cloudformation deployment +4. Add Deepfence cloud scanner helm repo + ``` + helm repo add cloud-scanner https://deepfence-helm-charts.s3.amazonaws.com/cloud-scanner + ``` +5. Download the helm chart values for depfence-cloud-scanner chart to file **cloud-scanner.yaml** + ``` + helm show values cloud-scanner/deepfence-cloud-scanner --version 2.4.0 > cloud-scanner.yaml + ``` +6. Update the following values in the values.yaml. Add service account annotation and service account name in **cloud-scanner.yaml** as shown in the example below + ```yaml + image: + # ThreatMapper + repository: quay.io/deepfenceio/cloud_scanner_ce + + # Format: deepfence.customer.com or 123.123.123.123 + managementConsoleUrl: "" + + # Auth: Get Deepfence api key from UI -> Settings -> User Management + deepfenceKey: + key: "" + + cloudAccount: + # AWS account ID to monitor + accountID: "" + # Account name (Optional, for easy identification. Not required in organization deployment.) + accountName: "" + + cloudProvider: "aws" + # AWS region + region: "us-east-1" + + # Policy set for Cloud Scanner in CloudFormation / terraform + # arn:aws:iam::aws:policy/ReadOnlyAccess / arn:aws:iam::aws:policy/SecurityAudit + cloudScannerPolicy: "arn:aws:iam::aws:policy/SecurityAudit" + + # Optional: AWS account ID where the helm chart is deployed, in case it is different from cloudAccount.accountID + deployedAccountID: "" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: + "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/deepfence-cloud-scanner" + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "deepfence-cloud-scanner" + ``` +7. Install the helm chart in the same *namespace* from Step 3. + ``` + helm install -f cloud-scanner.yaml cloud-scanner cloud-scanner/deepfence-cloud-scanner \ + --namespace deepfence \ + --create-namespace \ + --version 2.4.0 + ``` + +### Organization Account Cloud Scanner on EKS cluster using IRSA + +1. Create the EKS IRSA role using the cloudformation template [deepfence-cloud-scanner-organization-stackset-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/eks-iam-roles/organization-eks-iam-role/deepfence-cloud-scanner-organization-stackset-iam-role.template) +2. Note **namespace**, **service account name** and **iam role arn** from the output of cloudformation deployment +3. Add Deepfence cloud scanner helm repo + ``` + helm repo add cloud-scanner https://deepfence-helm-charts.s3.amazonaws.com/cloud-scanner + ``` +4. Download the helm chart values for depfence-cloud-scanner chart to file **cloud-scanner.yaml** + ``` + helm show values cloud-scanner/deepfence-cloud-scanner --version 2.4.0 > cloud-scanner.yaml + ``` +5. Update the following values in the values.yaml. Add service account annotation and service account name in **cloud-scanner.yaml** as shown in the example below + ```yaml + image: + # ThreatMapper + repository: quay.io/deepfenceio/cloud_scanner_ce + + # Format: deepfence.customer.com or 123.123.123.123 + managementConsoleUrl: "" + + # Auth: Get Deepfence api key from UI -> Settings -> User Management + deepfenceKey: + key: "" + + cloudAccount: + # Organization root account ID + accountID: "" + # Account name (Optional, for easy identification. Not required in organization deployment.) + accountName: "" + + cloudProvider: "aws" + # AWS region + region: "us-east-1" + + # Policy set for Cloud Scanner in CloudFormation / terraform + # arn:aws:iam::aws:policy/ReadOnlyAccess / arn:aws:iam::aws:policy/SecurityAudit + cloudScannerPolicy: "arn:aws:iam::aws:policy/SecurityAudit" + + # Optional: AWS account ID where the helm chart is deployed, in case it is different from cloudAccount.accountID + deployedAccountID: "" + + # For Organization deployment: + + # Is this organization deployment or single account deployment? + isOrganizationDeployment: true + + # Organization root account ID + # Should be same as cloudAccount.accountID + organizationAccountID: "" + + # Role name. The name should be same across all accounts in the Organization deployment. + # Role ARN example: arn:aws:iam::123456789012:role/deepfence-cloud-scanner-role + # Role name in this case is deepfence-cloud-scanner-role + roleName: "" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: + "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/deepfence-cloud-scanner" + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "deepfence-cloud-scanner" + ``` +6. Install the helm chart in the same *namespace* from Step 2. + ``` + helm install -f cloud-scanner.yaml cloud-scanner cloud-scanner/deepfence-cloud-scanner \ + --namespace deepfence \ + --create-namespace \ + --version 2.4.0 + ``` + +## Cloud Scanner on EC2 Instance + +:::info + +**Pre-requisite:** +- Install docker and docker compose on the EC2 instance([refer docker documentation for installation instructions](https://docs.docker.com/engine/install/)) +- If an existing EC2 instance is used, check if docker and docker compose plugins are installed on the EC2 instance +::: + +### Single Account Cloud Scanner on EC2 Instance using IAM Roles +1. Create the IAM role and instance profile for deepfence cloud scanner using the cloudformation script [deepfence-cloud-scanner-single-account-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/ec2/single-account-ec2-iam-role/deepfence-cloud-scanner-single-account-iam-role.template) +2. Note the instance profile from the cloudformation stack output +3. Modify the EC2 instance, add the instance profile created by cloudformation script +4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url + ``` + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.4/docker-compose.yaml + ``` + ```bash + mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.4/docker-compose.yaml + ``` +5. Update the account details and console details in the docker-compose.yaml + ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.4.0 + environment: + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" + CLOUD_PROVIDER: "aws" + CLOUD_REGION: "" + CLOUD_ACCOUNT_ID: "" + DEPLOYED_ACCOUNT_ID: "" + CLOUD_ACCOUNT_NAME: "" + ORGANIZATION_DEPLOYMENT: false + CLOUD_ORGANIZATION_ID: "" + ROLE_NAME: "" + CLOUD_AUDIT_LOG_IDS: "" + HTTP_SERVER_REQUIRED: "false" + SUCCESS_SIGNAL_URL: "" + DF_LOG_LEVEL: info + SCAN_INACTIVE_THRESHOLD: "21600" + CLOUD_SCANNER_POLICY: "arn:aws:iam::aws:policy/SecurityAudit" + ``` +6. Start the cloud scanner using docker compose + ``` + docker compose up -d + ``` + +### Organization Account Cloud Scanner on EC2 Instance using IAM Roles +1. Create the IAM role and instance profile for deepfence cloud scanner using the cloudformation script [deepfence-cloud-scanner-organization-stackset-iam-role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cloud-scanner/self-hosted/ec2/organization-ec2-iam-role/deepfence-cloud-scanner-organization-stackset-iam-role.template) +2. Note the instance profile from the cloudformation stack output +3. Modify the EC2 instance, add the instance profile created by cloudformation script +4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url + ``` + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.4/docker-compose.yaml + ``` + ```bash + mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.4/docker-compose.yaml + ``` +5. Update the organization account details and console details in the docker-compose.yaml + ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.4.0 + environment: + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" + CLOUD_PROVIDER: "aws" + CLOUD_REGION: "" + CLOUD_ACCOUNT_ID: "" + DEPLOYED_ACCOUNT_ID: "" + CLOUD_ACCOUNT_NAME: "" + ORGANIZATION_DEPLOYMENT: true + CLOUD_ORGANIZATION_ID: "" + ROLE_NAME: "" + CLOUD_AUDIT_LOG_IDS: "" + HTTP_SERVER_REQUIRED: "false" + SUCCESS_SIGNAL_URL: "" + DF_LOG_LEVEL: info + SCAN_INACTIVE_THRESHOLD: "21600" + CLOUD_SCANNER_POLICY: "arn:aws:iam::aws:policy/SecurityAudit" + ``` +6. Start the cloud scanner using docker compose + ``` + docker compose up -d + ``` + +## What Compliance Scans are Performed? + +ThreatMapper builds on a large library of **controls** - these are specific requirements and matching tests. For example, you will find controls that correspond to best-practice configurations of access to assets, such as enabling TLS access and blocking plain-text HTTP. + +Controls are grouped into **benchmarks**. Where multiple benchmarks are available, controls may be used by several benchmarks. + +When you run a compliance scan, you can select which benchmarks you wish to measure against, and ThreatMapper will then evaluate the appropriate controls and present the results, by benchmark, once the scan has completed. + +For full information, refer to [Operations: Compliance Scanning](/docs/operations/compliance). + +:::tip Maximizing Coverage +For maximum coverage, you can use both Cloud Scanner and local Sensor Agent compliance scans together. You could scan your AWS infrastructure using Cloud Scanner, and [scan selected VMs deployed within AWS](other) using the Sensor Agent. +::: \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/cloudscanner/azure.md b/docs/versioned_docs/version-v2.4/cloudscanner/azure.md new file mode 100644 index 0000000000..73113649ab --- /dev/null +++ b/docs/versioned_docs/version-v2.4/cloudscanner/azure.md @@ -0,0 +1,314 @@ +--- +title: Microsoft Azure +--- + +# Configuring Cloud Scanner for Microsoft Azure + +Cloud Scanner can be deployed using one of the following: +- [Azure Container Instance](#cloud-scanner-on-azure-container-instance) +- [Azure Kubernetes Cluster](#cloud-scanner-on-aks-cluster) +- [Azure Virtual Machine](#cloud-scanner-on-azure-virtual-machine) + +## Cloud Scanner on Azure Container Instance + +You need to configure Terraform with the appropriate resources and inputs for your particular scenario, and you will need to provide the IP address or DNS name for the ThreatMapper management console and an API key. + +Copy and paste the following into a new file cloud-scanner.tf. Edit the fields: region, mgmt-console-url and deepfence-key. + +### Single Subscription + +Monitor a single Azure subscription + +```terraform +provider "azurerm" { + features {} + # Subscription ID to deploy the Azure Container Service + subscription_id = "" +} + +module "cloud-scanner_example_single-subscription" { + source = "deepfence/cloud-scanner/azure//examples/single-subscription" + version = "0.8.0" + mgmt-console-url = " eg. XXX.XXX.XX.XXX" + mgmt-console-port = "443" + deepfence-key = " eg. XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" + name = "deepfence-cloud-scanner" + image = "quay.io/deepfenceio/cloud_scanner_ce:2.4.0" + # Location name https://gist.github.com/ausfestivus/04e55c7d80229069bf3bc75870630ec8#results + location = "eastus" + # Number of CPU cores (Default: 2 vCPU) + cpu = "2" + # Memory in GB (Default: 4 GB) + memory = "4" + tags = { + product = "deepfence-cloud-scanner" + } +} +``` + +### Tenant subscriptions + +Monitor multiple subscriptions in a Tenant + +```terraform +provider "azurerm" { + features {} + # Subscription ID to deploy the Azure Container Service + subscription_id = "" +} + +module "cloud-scanner_example_tenant-subscriptions" { + source = "deepfence/cloud-scanner/azure//examples/tenant-subscriptions" + version = "0.8.0" + mgmt-console-url = " eg. XXX.XXX.XX.XXX" + mgmt-console-port = " eg. 443" + deepfence-key = " eg. XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" + name = "deepfence-cloud-scanner" + image = "quay.io/deepfenceio/cloud_scanner_ce:2.4.0" + # List of subscription ids to monitor + subscription_ids_access = ["XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"] + # Location name https://gist.github.com/ausfestivus/04e55c7d80229069bf3bc75870630ec8#results + location = "eastus" + # Number of CPU cores (Default: 4 vCPU) + cpu = "4" + # Memory in GB (Default: 8 GB) + memory = "8" + tags = { + product = "deepfence-cloud-scanner" + } +} +``` + +Ensure that the `name` parameter is set to some unique string to avoid collision with existing resource names in the subscription + +Then run +```shell +terraform init +terraform plan +terraform apply +``` + +For full details, refer to the `examples` provided in the GitHub repository: https://github.com/deepfence/terraform-azure-cloud-scanner + +## Cloud Scanner on AKS cluster + +:::info + +**Pre-requisite:** +1. AKS cluster is created, and you have access to the cluster +2. azure cli is configured and is able to access the required project where cloud scanner will be deployed + +::: + +Cloud Scanner is deployed as a pod within your AKS cluster + +You need to configure Terraform with the appropriate resources and inputs for your particular scenario, and you will need to provide the IP address or DNS name for the ThreatMapper management console and an API key. + +Copy and paste the following (single project or multiple projects) into a new file cloud-scanner.tf. Edit the fields: region, mgmt-console-url and deepfence-key. + +### Single Subscription Cloud Scanner on AKS Cluster + +```terraform +provider "azurerm" { + subscription_id = "" + features {} +} + +data "azurerm_subscription" "current" {} + +data "azurerm_kubernetes_cluster" "default" { + name = "< AKS CLUSTER NAME >" + resource_group_name = "" +} + +module "cloud-scanner" { + source = "deepfence/cloud-scanner/azure//examples/aks" + version = "0.8.0" + name = "" + mgmt-console-url = " eg. XXX.XXX.XX.XXX" + deepfence-key = "" + # ThreatMapper + cloud_scanner_image = "quay.io/deepfenceio/cloud_scanner_ce" + # ThreatStryker + # cloud_scanner_image = "quay.io/deepfenceio/cloud_scanner" + location = "< LOCATION >" + subscription_id = data.azurerm_subscription.current.subscription_id + aks_host = data.azurerm_kubernetes_cluster.default.kube_config.0.host + aks_client_key = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_key) + aks_client_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) + aks_cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) +} +``` + +### Multiple Subscription Cloud Scanner on AKS cluster + +```terraform + +provider "azurerm" { + subscription_id = "" + features {} +} + +data "azurerm_subscription" "current" {} + +data "azurerm_kubernetes_cluster" "default" { + name = "< AKS CLUSTER NAME >" + resource_group_name = "" +} + +module "test" { + source = "deepfence/cloud-scanner/azure//examples/aks" + version = "0.8.0" + name = "" + mgmt-console-url = " eg. XXX.XXX.XX.XXX" + deepfence-key = "" + # ThreatMapper + cloud_scanner_image = "quay.io/deepfenceio/cloud_scanner_ce" + # ThreatStryker + # cloud_scanner_image = "quay.io/deepfenceio/cloud_scanner" + location = "< LOCATION >" + subscription_id = data.azurerm_subscription.current.subscription_id + aks_host = data.azurerm_kubernetes_cluster.default.kube_config.0.host + aks_client_key = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_key) + aks_client_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) + aks_cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) + isOrganizationDeployment = true + deployedAccountID = data.azurerm_subscription.current.subscription_id + subscription_ids_access = [ ] +} + +``` + +## Cloud Scanner on Azure virtual machine + +:::info + +**Pre-requisite:** +1. Install docker and docker compose on the Azure virtual machine ([refer docker documentation for installation instructions](https://docs.docker.com/engine/install/)) +2. If an existing Azure virtual machine is used, check if docker and docker compose plugins are installed on the Azure virtual machine. +3. azure cli is configured and is able to access the required project where cloud scanner will be deployed + +::: + +1. Copy and paste the following (single tenant or multiple tenant) into a new file cloud-scanner.tf. Edit the fields: SUBSCRIPTION_ID and subscription_ids_access if required. + + - Single Subscription Cloud Scanner on Azure virtual machine + + ```terraform + provider "azurerm" { + subscription_id = "" + features {} + } + + data "azurerm_subscription" "current" {} + + module "infrastructure_cloud-scanner-app" { + source = "deepfence/cloud-scanner/azure//modules/infrastructure/cloud-scanner-app" + version = "0.8.0" + name = "deepfence-cloud-scanner" + subscription_ids_access = [data.azurerm_subscription.current.subscription_id] + } + + output "tenant_id" { + value = module.infrastructure_cloud-scanner-app.tenant_id + } + + output "client_id" { + value = module.infrastructure_cloud-scanner-app.client_id + } + + output "client_secret" { + value = module.infrastructure_cloud-scanner-app.client_secret + sensitive = true + } + ``` + + - Multiple Subscription Cloud Scanner on Azure virtual machine + + ```terraform + provider "azurerm" { + subscription_id = "" + features {} + } + + data "azurerm_subscription" "current" {} + + module "infrastructure_cloud-scanner-app" { + source = "deepfence/cloud-scanner/azure//modules/infrastructure/cloud-scanner-app" + version = "0.8.0" + name = "deepfence-cloud-scanner" + subscription_ids_access = [list of tenant subscriptions ids] + } + + output "tenant_id" { + value = module.infrastructure_cloud-scanner-app.tenant_id + } + + output "client_id" { + value = module.infrastructure_cloud-scanner-app.client_id + } + + output "client_secret" { + value = module.infrastructure_cloud-scanner-app.client_secret + sensitive = true + } + ``` +2. Apply the terraform script and note the output `tenant_id`, `client_id` and `client_secret`. + Please run this command to retrieve `client_secret` from terraform output. + ``` + terraform output client_secret + ``` +3. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url + ``` + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.4/docker-compose.yaml + ``` + ```bash + mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.4/docker-compose.yaml + ``` +4. Update the environment vars account details and console details in the docker-compose.yaml, if deploying for multi tenants cloud scanner set `ORGANIZATION_DEPLOYMENT: true` + ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.4.0 + environment: + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" + CLOUD_PROVIDER: "azure" + CLOUD_REGION: "" + CLOUD_ACCOUNT_ID: "" + DEPLOYED_ACCOUNT_ID: "" + CLOUD_ACCOUNT_NAME: "" + ORGANIZATION_DEPLOYMENT: false + CLOUD_ORGANIZATION_ID: "" + ROLE_NAME: "" + CLOUD_AUDIT_LOG_IDS: "" + HTTP_SERVER_REQUIRED: "false" + SUCCESS_SIGNAL_URL: "" + DF_LOG_LEVEL: info + SCAN_INACTIVE_THRESHOLD: "21600" + CLOUD_SCANNER_POLICY: "" + + AZURE_TENANT_ID: "" + AZURE_REGION: "" + AZURE_CLIENT_ID: "" + AZURE_CLIENT_SECRET: "" + AZURE_SUBSCRIPTION_ID: "" + ``` +5. Start the cloud scanner using docker compose + ``` + docker compose up -d + ``` + +## What Compliance Scans are Performed? + +ThreatMapper builds on a large library of **controls** - these are specific requirements and matching tests. For example, you will find controls that correspond to best-practice configurations of access to assets, such as enabling TLS access and blocking plain-text HTTP. + +Controls are grouped into **benchmarks**. Where multiple benchmarks are available, controls may be used by several benchmarks. + +When you run a compliance scan, you can select which benchmarks you wish to measure against, and ThreatMapper will then evaluate the appropriate controls and present the results, by benchmark, once the scan has completed. + +For full information, refer to [Operations: Compliance Scanning](/docs/operations/compliance). + +:::tip Maximizing Coverage +For maximum coverage, you can use both Cloud Scanner and local Sensor Agent compliance scans together. You could scan your Azure infrastructure using Cloud Scanner, and [scan selected VMs deployed within Azure](other) using the Sensor Agent. +::: \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/cloudscanner/gcp.md b/docs/versioned_docs/version-v2.4/cloudscanner/gcp.md new file mode 100644 index 0000000000..cc69544d79 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/cloudscanner/gcp.md @@ -0,0 +1,299 @@ +--- +title: Google Compute Platform +--- + +# Configuring Cloud Scanner for Google Cloud Platform + +Cloud Scanner can be deployed using one of the following: +- [GCP Cloud Run](#cloud-scanner-on-gcp-cloud-run) +- [GKE Cluster](#cloud-scanner-on-gke-cluster) +- [GCP Compute Instance](#cloud-scanner-on-gcp-compute-instance) + +## Cloud Scanner on GCP Cloud Run + +You need to configure Terraform with the appropriate resources and inputs for your particular scenario, and you will need to provide the IP address or DNS name for the ThreatMapper management console and an API key. + +Copy and paste the following (single project or multiple projects) into a new file cloud-scanner.tf. Edit the fields: region, mgmt-console-url and deepfence-key. + +### Single Project + +```terraform +module "cloud-scanner_example_single-project" { + source = "deepfence/cloud-scanner/gcp//examples/single-project" + version = "0.8.0" + name = "deepfence-cloud-scanner" + # mgmt-console-url: deepfence.customer.com or 22.33.44.55 + mgmt-console-url = "" + mgmt-console-port = "443" + deepfence-key = "" + # GCP Project Name (Optional, for easy identification) + project_name = "" + image_name = "us-east1-docker.pkg.dev/deepfenceio/deepfence/cloud_scanner_ce:2.4.0" + # project_id example: dev1-123456 + project_id = "" + # region example: asia-east1 + region = "" + # Optional for private ip console + # Name of vpc network in which the management console was deployed + vpc = "" + # Optional for private ip console + # IP CIDR range for the connector to above vpc + # Example: 11.0.0.0/28 + ip_cidr_range_svpca = "" + cpu = "2" + memory = "4096Mi" + labels = { + name = "deepfence-cloud-scanner" + } +} +``` + +### Multiple Projects (Organization Deployment) + +```terraform +module "cloud-scanner_example_multiple-projects" { + source = "deepfence/cloud-scanner/gcp//examples/multi-project" + version = "0.8.0" + name = "deepfence-cloud-scanner" + # org_domain: root project name + org_domain = "" + # mgmt-console-url: deepfence.customer.com or 22.33.44.55 + mgmt-console-url = "" + mgmt-console-port = "443" + deepfence-key = "" + image_name = "us-east1-docker.pkg.dev/deepfenceio/deepfence/cloud_scanner_ce:2.4.0" + # project_id example: dev1-123456 + project_id = "" + # region example: asia-east1 + region = "" + # Optional for private ip console + # Name of vpc network in which the management console was deployed + vpc = "" + # Optional for private ip console + # IP CIDR range for the connector to above vpc + # Example: 11.0.0.0/28 + ip_cidr_range_svpca = "" + cpu = "4" + memory = "8192Mi" + labels = { + name = "deepfence-cloud-scanner" + } +} +``` + +Ensure that the `name` parameter is set to some unique string to avoid collision with existing resource names in the project of deployment + +Then run +```shell +terraform init +terraform plan +terraform apply +``` + +To connect to a private ip console on a vpc, this deployment will create a serverless vpc connector. Specify the vpc name of console and ip_cidr_range with a mask of /28 for the connector, default is 11.0.0.0/28. +For full details, refer to the `examples` provided in the GitHub repository: https://github.com/deepfence/terraform-gcp-cloud-scanner + +Ensure that the `name` parameter is set to some unique string to avoid collision with existing resource names in the project of deployment + +## Cloud Scanner on GKE Cluster + +:::info + +**Pre-requisite:** +1. GKE cluster with workload identity enabled. + + ([refer here for gke documentation on how to enable workload identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity)) + +2. gcloud cli is configured and is able to access the required project where cloud scanner will be deployed + +::: + +Cloud Scanner is deployed as a pod within your GKE cluster + +You need to configure Terraform with the appropriate resources and inputs for your particular scenario, and you will need to provide the IP address or DNS name for the ThreatMapper management console and an API key. + +Copy and paste the following (single project or multiple projects) into a new file cloud-scanner.tf. Edit the fields: region, mgmt-console-url and deepfence-key. + +### Single Project Cloud Scanner on GKE Cluster with workload identity + +```terraform +data "google_client_config" "current" {} + +# target cluster to deploy cloud scanner +data "google_container_cluster" "target_cluster" { + name = "" + location = "" + project = "" +} + +module "cloud_scanner_example_single_project" { + source = "deepfence/cloud-scanner/gcp//examples/gke" + version = "0.8.0" + gke_host = "https://${data.google_container_cluster.target_cluster.endpoint}" + gke_token = data.google_client_config.current.access_token + gke_cluster_ca_certificate = base64decode(data.google_container_cluster.target_cluster.master_auth[0].cluster_ca_certificate,) + name = "deepfence-cloud-scanner" + # mgmt-console-url: deepfence.customer.com or 22.33.44.55 + mgmt-console-url = "" + deepfence-key = "" + image_name = "us-east1-docker.pkg.dev/deepfenceio/deepfence/cloud_scanner_ce" + image_tag = "2.4.0" + # project_id example: dev1-123456 + project_id = "" + # region example: asia-east1 + region = "" + # target gke cluster to deploy cloud scanner + cluster_name = "" + # target gke cluster location + cluster_location = "" +} +``` + +### Multiple Project Cloud Scanner on GKE Cluster with workload identity + +```terraform + +data "google_client_config" "current" {} + +# target cluster to deploy cloud scanner +data "google_container_cluster" "target_cluster" { + name = "" + location = "" + project = "" +} + +module "cloud_scanner_example_multiple_project" { + source = "deepfence/cloud-scanner/gcp//examples/gke" + version = "0.8.0" + name = "deepfence-cloud-scanner" + gke_host = "https://${data.google_container_cluster.target_cluster.endpoint}" + gke_token = data.google_client_config.current.access_token + gke_cluster_ca_certificate = base64decode(data.google_container_cluster.target_cluster.master_auth[0].cluster_ca_certificate,) + # mgmt-console-url: deepfence.customer.com or 22.33.44.55 + mgmt-console-url = "" + deepfence-key = "" + image_name = "us-east1-docker.pkg.dev/deepfenceio/deepfence/cloud_scanner_ce" + image_tag = "2.4.0" + # project_id example: dev1-123456 + project_id = "" + # region example: asia-east1 + region = "" + # target gke cluster to deploy cloud scanner + cluster_name = "" + # target gke cluster location + cluster_location = "" + isOrganizationDeployment = true + # project id where the cloud scanner is deployed + deployedAccountID = "" + # organization project id + organizationAccountID = "" +} +``` + +## Cloud Scanner on GCP Compute Instance + +:::info + +**Pre-requisite:** +1. GKE cluster with workload identity enabled. + + ([refer here for gke documentation on how to enable workload identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity)) + +2. gcloud cli is configured and is able to access the required project where cloud scanner will be deployed +3. Install docker and docker compose on the gcp compute instance([refer docker documentation for installation instructions](https://docs.docker.com/engine/install/)) +4. If an existing gcp compute instance is used, check if docker and docker compose plugins are installed on the gcp compute instance. + +::: + +1. Copy and paste the following (single project or multiple projects) into a new file cloud-scanner.tf. Edit the fields: PROJECT_ID and update service account name if required. + + - Single Project Cloud Scanner on GCP compute instance with service account + + ```terraform + data "google_client_config" "current" {} + + module "cloud_scanner_example_single_project" { + source = "deepfence/cloud-scanner/gcp//examples/gce-vm" + version = "0.8.0" + # gcp service account name + name = "deepfence-cloud-scanner" + # project_id example: dev1-123456 + project_id = "" + } + + output "service_account_email" { + value = module.cloud_scanner_example_single_project.service_account_email + } + ``` + + - Multiple Project Cloud Scanner on GCP compute instance with service account + + ```terraform + data "google_client_config" "current" {} + + module "cloud_scanner_example_multiple_project" { + source = "deepfence/cloud-scanner/gcp//examples/gce-vm" + version = "0.8.0" + # gcp service account name + name = "deepfence-cloud-scanner" + # project_id example: dev1-123456 + project_id = "" + # org mode for multiple projects + isOrganizationDeployment = true + } + + output "service_account_email" { + value = module.cloud_scanner_example_multiple_project.service_account_email + } + ``` +2. Apply the terraform script and note the service account from the output +3. Stop the gcp compute instance and update the service account in `API and identity management` select the service account create by the terraform script and select option `Allow full access to all Cloud APIs`, save the config and start the instance, if creating a new instance these options can be set while creating the instance +![gcp-vm-service-account](../img/gcp-vm-service-account.png) +4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url + ``` + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.4/docker-compose.yaml + ``` + ```bash + mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.4/docker-compose.yaml + ``` +5. Update the account details and console details in the docker-compose.yaml + ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.4.0 + environment: + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" + CLOUD_PROVIDER: "gcp" + CLOUD_REGION: "" + CLOUD_ACCOUNT_ID: "" + DEPLOYED_ACCOUNT_ID: "" + CLOUD_ACCOUNT_NAME: "" + ORGANIZATION_DEPLOYMENT: false + CLOUD_ORGANIZATION_ID: "" + ROLE_NAME: "" + CLOUD_AUDIT_LOG_IDS: "" + HTTP_SERVER_REQUIRED: "false" + SUCCESS_SIGNAL_URL: "" + DF_LOG_LEVEL: info + SCAN_INACTIVE_THRESHOLD: "21600" + CLOUD_SCANNER_POLICY: "" + ``` +6. Start the cloud scanner using docker compose + ``` + docker compose up -d + ``` + +## What Compliance Scans are Performed? + +ThreatMapper builds on a large library of **controls** - these are specific requirements and matching tests. For example, you will find controls that correspond to best-practice configurations of access to assets, such as enabling TLS access and blocking plain-text HTTP. + +Controls are grouped into **benchmarks**. Where multiple benchmarks are available, controls may be used by several benchmarks. + +When you run a compliance scan, you can select which benchmarks you wish to measure against, and ThreatMapper will then evaluate the appropriate controls and present the results, by benchmark, once the scan has completed. + +For full information, refer to [Operations: Compliance Scanning](/docs/operations/compliance). + +:::tip Maximizing Coverage +For maximum coverage, you can use both Cloud Scanner and local Sensor Agent compliance scans together. You could scan your GCP infrastructure using Cloud Scanner, and [scan selected VMs deployed within GCP](other) using the Sensor Agent. +::: diff --git a/docs/versioned_docs/version-v2.4/cloudscanner/index.md b/docs/versioned_docs/version-v2.4/cloudscanner/index.md new file mode 100644 index 0000000000..e77634c98e --- /dev/null +++ b/docs/versioned_docs/version-v2.4/cloudscanner/index.md @@ -0,0 +1,23 @@ +--- +title: Preparing for Compliance Posture Scanning +--- + +# Preparing for Compliance Posture Scanning + +Cloud Compliance posture scanning uses a Compliance Scanner task which is installed in your monitored cloud instances. + +The Cloud Scanner task interacts with the local cloud APIs under the instruction of the remote management console. This architecture removes the need to open up cloud APIs to remote (over the internet) clients, where security is harder to achieve. + +## Before You Begin + +Review the architecture for compliance scanning, as described in [Architecture: Cloud Scanner task](/docs/architecture/cloudscanner). + + +## Configuring Cloud Posture Management + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/cloudscanner/other.md b/docs/versioned_docs/version-v2.4/cloudscanner/other.md new file mode 100644 index 0000000000..10558a569a --- /dev/null +++ b/docs/versioned_docs/version-v2.4/cloudscanner/other.md @@ -0,0 +1,23 @@ +--- +title: Other Platforms +--- + +# Posture Scanning on Other Platforms + +ThreatMapper can perform compliance posture scanning on linux hosts and Kubernetes master and worker nodes. + +Scanning is done directly, using a local [Sensor Agent](/docs/sensors) rather than by using the Cloud Scanner task employed by the cloud platform integrations. + +## What Compliance Scans are Performed? + + +The sensor agent has direct visibility into the configuration of the base operating system, and can detect a wide range of compliance deviations that are not visible through an API. ThreatMapper can apply general and specific compliance **benchmarks**, including PCI, HIPAA, and NIST (Kube-master and Kube-slave). These benchmarks each select from a library of **controls** that cover best practices for Linux, Docker, Kubernetes (master and slave nodes) and well-known services. + +When you run a compliance scan, you can select which benchmarks you wish to measure against, and ThreatMapper will then evaluate the appropriate controls and present the results, by benchmark, once the scan has completed. + +For full information, refer to [Operations: Compliance Scanning](/docs/operations/compliance). + + +:::tip Maximizing Coverage +For maximum coverage, you can use both Cloud Scanner and Sensor Agent compliance scans together. You could scan your cloud infrastructure using Cloud Scanner, and scan selected VMs deployed within that infrastructure using the Sensor Agent. +::: \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/console/database-export-import.md b/docs/versioned_docs/version-v2.4/console/database-export-import.md new file mode 100644 index 0000000000..51aae31a60 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/console/database-export-import.md @@ -0,0 +1,104 @@ +--- +title: Database Export and Import +--- + +## Postgres DB Export and Import + +Export PostgreSQL data from one management console and import in another console + +### Export + +Connect to old management console / database, run following commands to export + +* Step 1: Login to the host running the postgres docker instance. +* Step 2: Docker exec into the postgres instance using the below command: + + ```shell + docker exec -it deepfence-postgres /bin/bash + ``` +* Step 3: Run the backup script from inside the postgres container as follows: + + ```shell + /usr/local/bin/pg-export.sh + ``` + This will create a backup file `/data/pg_data.dump` inside the container. +* Step 4: Copy the postgres backup file created above to host or any intermediate location + +### Import + +* Step 1: Copy the backup file from intermediate location to the target machine using scp (or similar commands) +* Step 2: Login to the target machine and copy the backup file in to the running postgres container using below command: + + ```shell + docker cp pg_data.dump deepfence-postgres:/ + ``` +* Step 3: Take a bash session of the running postgres container using the below command: + + ```shell + docker exec -it deepfence-postgres /bin/bash + ``` +* Step 4: Run the restore script from inside the postgres docker instance as follows: + + ```shell + /usr/local/bin/pg-import.sh /pg_data.dump + ``` + +### Steps for Kubernetes: + +The steps for kubernetes remains similar to the above. +For Kubernetes, we will have to use `kubectl` utility to: +* Copy the file from and to the pod. +* Take a bash session of the pod + + +## Neo4J Graph Database Export and Import + +Export Neo4J data from one management console and Import data in another console + +### Export + +* Step 1: Login to the host running the neo4j docker instance. +* Step 2: Docker exec into the neo4j instance using the below command: + + ```shell + docker exec -it deepfence-neo4j /bin/bash + ``` +* Step 3: Run the backup script from inside the neo4j docker instance as follows: + + ```shell + /usr/local/bin/backup_neo4j.sh + ``` + This will create a backup file inside the container. + The name of the file will be of the format: `neo4j_backup_` + Also, the script will print the name of the file on the stdout. +* Step 4: Copy the neo4j backup file created above to host or any intermediate location + +### Import + +* Step 1: Copy the backup file from intermediate location to the target machine using scp (or similar commands) +* Step 2: Login to the target machine and copy the backup file in to the running neo4j container using below command: + + ```shell + docker cp deepfence-neo4j:/ + ``` +* Step 3: Take a bash session of the running neo4j container using the below command: + + ```shell + docker exec -it deepfence-neo4j /bin/bash + ``` +* Step 4: Run the restore script from inside the neo4j docker instance as follows: + + ```shell + /usr/local/bin/load_backup_neo4j.sh / + ``` + e.g.: + ```shell + /usr/local/bin/load_backup_neo4j.sh /neo4j_backup_2023-11-17_10-25-28 + ``` + +### Steps for Kubernetes: + +The steps for kubernetes remains similar to the above. +For Kubernetes, we will have to use `kubectl` utility to: +* Copy the file from and to the pod. +* Take a bash session of the pod diff --git a/docs/versioned_docs/version-v2.4/console/docker.md b/docs/versioned_docs/version-v2.4/console/docker.md new file mode 100644 index 0000000000..2859709174 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/console/docker.md @@ -0,0 +1,48 @@ +--- +title: Docker Installation +--- + +# Docker Installation + +:::info[Neo4j Upgrade] +Neo4j version was upgraded to v5.x (from v4.4). + +Please follow [these](upgrade-from-v2.1.md) steps before upgrading the management console version. +::: + +The quickest and easiest way to install the ThreatMapper Management Console is to use the pre-built images. These instructions use pre-built ThreatMapper containers from [DockerHub](https://hub.docker.com/u/deepfenceio). + +You can install the Management Console on a single Docker host or [in a dedicated Kubernetes cluster](kubernetes). + +## Install the ThreatMapper Management Console - Single Docker Host + +The following instructions explain how to get started with a docker-based installation on a single host system: + +1. Download the file [docker-compose.yml](https://github.com/deepfence/ThreatMapper/blob/release-2.4/deployment-scripts/docker-compose.yml) to the system that will host the Console + + ```bash + wget https://github.com/deepfence/ThreatMapper/raw/release-2.4/deployment-scripts/docker-compose.yml + ``` + +2. Execute the following command to install and start the latest build of the Console + + ```bash + docker compose up -d + ``` + +Now proceed to the [Initial Configuration](initial-configuration). + +## Uninstall the ThreatMapper Management Console + +Remove the ThreatMapper Management Console as follows: + +```bash +docker compose down +``` + +You can then prune the images and volumes if they are no longer required: + +```bash +docker image prune +docker volume prune +``` diff --git a/docs/versioned_docs/version-v2.4/console/index.md b/docs/versioned_docs/version-v2.4/console/index.md new file mode 100644 index 0000000000..a3346ce5fc --- /dev/null +++ b/docs/versioned_docs/version-v2.4/console/index.md @@ -0,0 +1,35 @@ +--- +title: Management Console +--- + +# The ThreatMapper Management Console + +The ThreatMapper Management Console ("Console") is a standalone application, implemented as a fleet of containers. It should be deployed on either a single docker host, or (for larger deployments) a dedicated Kubernetes cluster. + +## Before You Begin + +Review the architecture for the Management Console, as described in [Architecture: Management Console](/docs/architecture/console). + +Review the requirements for the Management Console, as described in [System Requirements](/docs/console/requirements). + + +## Installing the Management Console + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + item.label.includes( "Installation" ) )}/> +``` + +## Post-Installation Tasks + +```mdx-code-block + item.label.includes( "Installation" ) == false && item.label.includes( "Troubleshooting" ) == false )}/> +``` + +## Troubleshooting + +```mdx-code-block + item.label.includes( "Troubleshooting" ) == true )}/> +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/console/initial-configuration.md b/docs/versioned_docs/version-v2.4/console/initial-configuration.md new file mode 100644 index 0000000000..f5cf96810b --- /dev/null +++ b/docs/versioned_docs/version-v2.4/console/initial-configuration.md @@ -0,0 +1,118 @@ +--- +title: Initial Configuration +--- + +# Initial Configuration + +Once you have installed the Management Console, you need to register an admin user and obtain the API key needed by the ThreatMapper sensors. You can also configure the URL for the Management Console, and provide your own TLS certificates. + +:::tip +You will need the IP address for the management console: + +* On a Docker host, you can find the external, routable IP address of the host using `hostname -I`. +* On a Kubernetes host, find the external IP address of the load balancer for the `deepfence-console-router` service (`kubectl get --namespace deepfence-console svc -w deepfence-console-router`). +::: + +## Initial Configuration + +1. Open the Console in a browser (https://your-ip-address/): + + | ![Initial Login](../img/registration-1.png) | + |:-------------------------------------------:| + | Initial Login | + + You will likely encounter a warning about an invalid SSL/TLS certificate, because the console is using an internally-generated self-signed cert. You can bypass that warning. See below for how to provide your own TLS certificate. + +2. Create a new account. Once one user has been registered, additional users are added by invitation from an admin user: + + | ![Account Registration](../img/registration-2.png) | + |:--------------------------------------------------:| + | Account Registration | + + Account Registration details are private to your Management Console, and are not shared with Deepfence or other third parties. + +## Obtain the API Key + +The API key is used to authenticate remote sensor agents and cloud scanner tasks. Go to `Settings` -> `User Management` and make note of the API key; you will need it when deploying the Deepfence sensors. + +| ![API Key](../img/api-key.png) | +|:------------------------------:| +| View the API key | + +For your convenience, the console also displays the specific commands to perform a default installation of the Deepfence Sensor Agents on Docker and Kubernetes hosts, pre-filled with the API key and management console URL data: + +| ![Agent Setup](../img/agent-setup.png) | +|:--------------------------------------:| +| Agent Setup | + +| ![Agent Setup](../img/agent-setup-2.png) | +|:----------------------------------------:| +| Agent Setup for Docker | + +## Updating Threat Intel Data + +Console installations are preconfigured with threat intel data. Once the Console has started, it will update its Threat Intel feed data; this can take several minutes, and is updated daily. + +## Configuring Access to the Management Console (optional) + +By default, the Management Console is accessed by IP address (`https://ip-address/`) and uses a self-signed certificate. + +You can configure the URL used to access the Management Console, and you can provide your own TLS certificate: + +### Configuring the URL + +This is updated automatically. The URL set here is when sending password reset emails and user invite emails. + +To update manually, go to **Settings** > **Global Settings** and edit the **Deepfence Console URL**. + +### Using your own TLS certificates - Docker + +On the console machine, place the certificate and private key in `/etc/deepfence/certs` folder. Deepfence looks for the file with `.key` and `.crt` extensions on the specified location on the host: + +```bash +# Provide the SSL key and cert, for example, using OpenSSL to create a self-signed pair +sudo openssl req -x509 -newkey rsa:4096 \ + -keyout /etc/deepfence/certs/sslkey.key -out /etc/deepfence/certs/sslcert.crt \ + -days 365 -nodes + +# restart the management console to use the new TLS certificate +docker-compose -f docker-compose.yml down +docker-compose -f docker-compose.yml up -d +``` + +### Using your own TLS certificates - Kubernetes + +- To configure certificates in values file use below format +```yaml +router: + # Use custom ssl certificate for Deepfence UI + # custom certificates can be configured using two options + # existing secret or base64 encoded cert and key string + # provide one off the two options to configure custom certificates + tls: + # provide secret name which contains tls cert and key + # reference: https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets + # make sure to create secret in the same namespace as that of the console + secretName: "" + # embed given cert and key as secret and mount to router pod + # provide certificate and key in below example format + cert: |- + -----BEGIN CERTIFICATE----- + MIIFCTCCAvGgAwIBAgIUNshy8GFTjfUR7inZ1JCcN+tDuh4wDQYJKoZIhvcNAQEL + ..... + BMepE4d9+TQFcPQ/OKSlP8FB2nPKZJdM+JlXDFWqeKvbdYS4QErRLd33qUmq + -----END CERTIFICATE----- + key: |- + -----BEGIN PRIVATE KEY----- + MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDECeUraonCz/89 + ..... + bHEvWp7ugCTFhurM+lla0d+ElDO2 + -----END PRIVATE KEY----- +``` + +- If you already have a tls certificate available on cluster in the same namespace as that of the console as tls secret, then pass the name of the secret to helm chart values as shown in below example +```yaml +router: + tls: + secretName: console-tls-certs +``` diff --git a/docs/versioned_docs/version-v2.4/console/kubernetes.md b/docs/versioned_docs/version-v2.4/console/kubernetes.md new file mode 100644 index 0000000000..35c02e465e --- /dev/null +++ b/docs/versioned_docs/version-v2.4/console/kubernetes.md @@ -0,0 +1,200 @@ +--- +title: Kubernetes Installation +--- + +# Kubernetes Installation + +:::info[Neo4j Upgrade] +Neo4j version was upgraded to v5.x (from v4.4). + +Please follow [these](upgrade-from-v2.1.md) steps before upgrading the management console version. +::: + +You can install the Management Console on a [single Docker host](docker) or in a dedicated Kubernetes cluster. + + +## Prerequisites + +1. Install and configure **kubectl** and **helm** cli to access the kubernetes cluster where ThreatMapper console is installed + +2. **Configure Persistent Volume**: + + ### Cloud Managed + + If the Kubernetes cluster is hosted in a cloud provider, it is recommended to use cloud managed storage + ``` + kubectl get storageclass + ``` + | Cloud Provider | Storage Class | + |----------------|---------------------------------------------------------------------| + | AWS | gp3 (https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html) | + | GCP | standard | + + ### Self-Managed + + If using on-prem kubernetes cluster install and configure a self hostage storage provider like [openebs](https://openebs.io/docs/quickstart-guide/installation), [longhorn](https://longhorn.io/docs/1.6.2/deploy/install/), etc. + +3. **Install the metrics server** (optional) + + If the metrics server is not already installed (```kubectl get deployment metrics-server -n kube-system```), install as follows: + + ```bash + kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml + ``` + +## Install the ThreatMapper Management Console + +The following instructions explain how to install the ThreatMapper console on a Kubernetes Cluster, and configure external access to the Console. + + +1. **Add Deepfence helm charts repo** + + ```bash + helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper + helm repo update + ``` + +2. **Install the ThreatMapper Console** + + ```bash + # helm show values deepfence/deepfence-console --version 2.4.1 | less + + helm install deepfence-console deepfence/deepfence-console \ + --set global.imageTag=2.4.0 \ + --set global.storageClass=gp3 \ + --namespace deepfence-console \ + --create-namespace \ + --version 2.4.1 + ``` + + ... and wait for the pods to start up: + + ```bash + kubectl get pods --namespace deepfence-console -o wide -w + ``` + +3. To access ThreatMapper connsole install ```deepfence-router``` helm chart, this creates a `Loadbalancer` type service, the consle can be accessed over the loadbalancer created. + + To create a ingress service refer section [Deploy Router Helm Chart With Ingress Enabled](#deploy-router-helm-chart-with-ingress-enabled) + + ```bash + # helm show values deepfence/deepfence-router --version 2.4.0 + + helm install deepfence-router deepfence/deepfence-router \ + --namespace deepfence-console \ + --create-namespace \ + --version 2.4.0 + ``` + + ... and wait for the cloud platform to deploy an external load-balancer: + + ```bash + kubectl get svc -w deepfence-console-router --namespace deepfence-console + ``` + +Now proceed to the [Initial Configuration](initial-configuration). + +## Customise the Helm deployment + +### Console Helm Chart + +1. Save the helm chart values to file + + ```bash + helm show values deepfence/deepfence-console --version 2.4.1 > deepfence_console_values.yaml + ``` + + :::info + All the supported helm chart values are documentd in the `deepfence_console_values.yaml` file generated when above command is run + ::: + +2. Update the `deepfence_console_values.yaml` file as required to change the database password, resource requests, pod/service annotations etc,. + + Check instructions on [Managed Database](managed-database) section for using external database with console + +3. Use the updated values file to deploy the ThreatMapper Console + + ```bash + helm install -f deepfence_console_values.yaml deepfence-console deepfence/deepfence-console \ + --namespace deepfence-console \ + --create-namespace \ + --version 2.4.1 + ``` + +### Router Helm Chart + + +1. Save the helm chart values to file + + ```bash + helm show values deepfence/deepfence-router --version 2.4.0 > deepfence_router_values.yaml + ``` + + :::info + All the supported helm chart values are documentd in the `deepfence_router_values.yaml` file generated when above command is run + ::: + +2. Update the `deepfence_router_values.yaml` file as required to enable seperate serivce for agents access or to enable ingress + +3. Use the updated values file to deploy the ThreatMapper Console Router + + ```bash + helm install -f deepfence_router_values.yaml deepfence-router deepfence/deepfence-router \ + --namespace deepfence-console \ + --create-namespace \ + --version 2.4.0 + ``` + +### Deploy Router Helm Chart With Ingress Enabled + +1. Install the supported ingress controller service on the cluster + +2. Save the helm chart values to file + + ```bash + helm show values deepfence/deepfence-router --version 2.4.0 > deepfence_router_values.yaml + ``` + + :::info + All the supported helm chart values are documentd in the `deepfence_router_values.yaml` file generated when above command is run + ::: + +3. Update the `deepfence_router_values.yaml` file to enable ingress set `service.type=Ingress` and updated the ingress section according to the ingress cotroller installed on the cluster, below example assumes nginx ingress controller + + ```yaml + service: + name: deepfence-console-router + type: Ingress # LoadBalancer/NodePort/Ingress/ClusterIP + + # ingress configuration for console + ingress: + ## name of the ingress class for ingress provider installed on the cluster, cannot be empty + ## Example: nginx + class: nginx + ## host example: threat.example.com + host: "threatmapper.example.com" + ## annotations to customize ingress + annotations: + ## nginx ingress annotations + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: 200m + ``` + +3. Use the updated values file to deploy the ThreatMapper Console Router + + ```bash + helm install -f deepfence_router_values.yaml deepfence-router deepfence/deepfence-router \ + --namespace deepfence-console \ + --create-namespace \ + --version 2.4.0 + ``` + +## Delete the ThreatMapper Management Console + +To delete the ThreatMapper Management Console + + ```bash + helm delete deepfence-router -n deepfence-console + helm delete deepfence-console -n deepfence-console + ``` diff --git a/docs/versioned_docs/version-v2.4/console/manage-users.md b/docs/versioned_docs/version-v2.4/console/manage-users.md new file mode 100644 index 0000000000..1b763af815 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/console/manage-users.md @@ -0,0 +1,73 @@ +--- +title: Managing Users +--- + +# Managing Users + +The first Management Console user is created through the [Initial Registration](initial-configuration) process. This is a one-time process; further users must be invited to the Console by an existing Admin user. + +An admin user can invite users by two methods: + + * Generate an invitation link for a named email address, and then provide that link to the user + * Configure an email relay for the Management Console, then use the Management Console to invite users by email + +## Generate an Invitation Link + +1. Go to **Settings** > **User Management** and select **Send Invite** + +2. Enter the user's email, select the desired role, and click "Get an invite link" + +3. Copy-and-paste the invite link and share it with the user. Links are valid for a short period of time only. + + +## Invite via Email + +You should configure an Email relay first, so that invitation emails can be sent. + +1. Go to **Settings** > **Email Configuration** + +2. Select the mailer type + +### Configuring Google SMTP + +:::info +For more information, see [Set up a device or app to send email through Google Workspace](https://support.google.com/a/answer/176600?hl=en#zippy=%2Cuse-the-gmail-smtp-server). +::: + +First, provide: + + * An appropriate Google Workspace email address (one for which you can generate an App Password) + * The SMTP server and port, for example `smtp.google.com`, port `465` + +You will need to generate an **App Password**: + + * Go to [https://myaccount.google.com/apppasswords](https://myaccount.google.com/apppasswords) + * Under **Select App**, chose **Others** and enter a name, for example, "ThreatMapper" + * Click the **Generate** button. + +If the 'App Password' facility is not available, please refer to your Google Workspace administrator. + +Copy the password that has been generated, and enter it into **App Password** field. Save settings. + +### Configuring AWS SES + +:::info +For more information, see [Using Amazon Simple Email Service](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email.html). +::: + + * Provide an email address to identify the email sender + * Specify an [AWS SES Region](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/regions.html) + * Provide the Access and Secret keys (see here: [Programmatic Access](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys)) + +Save the email configuration. + +### Sending Invitations to New Users + +Go to **Settings** > **User Management** and select **Send Invite**. Provide: + + * The email address of the user to invite + * The role the user should be given + +This will send an invitation to the user with a registration link (URL). The URL is valid for 24 hours only. + + diff --git a/docs/versioned_docs/version-v2.4/console/managed-database.md b/docs/versioned_docs/version-v2.4/console/managed-database.md new file mode 100644 index 0000000000..de274cc929 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/console/managed-database.md @@ -0,0 +1,134 @@ +--- +title: Managed Database +--- + +# Managed PostgreSQL, Neo4j and File Server + +For production deployment of Deepfence Management Console, we recommend using cloud/vendor managed PostgreSQL and Neo4j services. + +## Neo4j + +Please use the following settings to configure the Neo4j AuraDB Professional / Enterprise service + +| Option | Recommended Value | +|---------|-------------------| +| Memory | 8GB | +| CPU | 2 CPU | +| Storage | 16GB | + +In `docker-compose.yml`, set the values for postgresql accordingly. +```yaml +x-service-variables: &common-creds + DEEPFENCE_NEO4J_USER: neo4j + DEEPFENCE_NEO4J_PASSWORD: + NEO4J_AUTH: neo4j/ + DEEPFENCE_NEO4J_BOLT_PORT: 7687 + DEEPFENCE_NEO4J_HOST: abcdefgh.databases.neo4j.io +``` + +## PostgreSQL + +### AWS RDS + +Please use the following settings to configure the Elasticsearch service + +| Option | Recommended Value | +|-------------------------|------------------------------------------------------| +| Engine | PostgreSQL | +| Version | 13.7-R1 or above | +| Availability | Single DB instance / Multi-AZ DB instance | +| Credentials | Set username and password | +| DB instance class | db.m6i.large / db.t3.medium or better | +| Storage type | Provisioned IOPS SSD | +| Allocated storage | >= 100 | +| Provisioned IOPS | >= 3000 | +| Public access | No (provide access only to management console nodes) | +| Database authentication | Password authentication | +| Initial database name | deepfence | + +### Docker + +In `docker-compose.yml`, set the values for postgresql accordingly. +```yaml +x-service-variables: &common-creds + DEEPFENCE_POSTGRES_USER_DB_USER: postgres + DEEPFENCE_POSTGRES_USER_DB_PASSWORD: + DEEPFENCE_POSTGRES_USER_DB_HOST: pg-db-1.aaaaaa.us-east-1.rds.amazonaws.com + DEEPFENCE_POSTGRES_USER_DB_NAME: deepfence + DEEPFENCE_POSTGRES_USER_DB_PORT: 5432 + DEEPFENCE_POSTGRES_USER_DB_SSLMODE: disable +``` + +### Kubernetes + +1. Create postgres secret and save as `deepfence_postgres_secret.yaml`. Refer `templates/deepfence-console-secrets/postgres.yaml` in the console helm chart for secret format + ```shell + kubectl create namespace deepfence-console + kubectl apply -f deepfence_postgres_secret.yaml -n deepfence-console + ``` +2. Change the values.yaml to not create postgres StatefulSet + ```yaml + postgres: + # Specifies whether a postgres database instance should be created + create: false + # if create false provide name of the existing secret + # secret format refer templates/deepfence-console-secrets/postgres.yaml + secretName: "deepfence-console-secrets-postgres" + ``` +3. Follow [these](kubernetes.md#console-helm-chart) instructions to complete the installation + +## File Server + +ThreatMapper Management Console uses a S3 compatible file server. If you wish to use S3 or other externally managed S3 compatible file server (MinIO, SeaweedFS, etc.), please follow these instructions according to the deployment method + +### Docker + +1. Change the file server URL, port and other parameters as applicable in `docker-compose.yml` + ```yaml + # public bucket with read permissions on objects for hosting vulnerability database + # S3 bucket permissions {"Version":"2012-10-17","Statement":[{"Sid":"database","Effect":"Allow","Principal":"*","Action":"s3:GetObject","Resource":["arn:aws:s3:::/database/*","arn:aws:s3:::/database"]}]} + DEEPFENCE_FILE_SERVER_DB_BUCKET: database + # private bucket to host reports, sbom, etc. + DEEPFENCE_FILE_SERVER_BUCKET: default + # If using S3 or other external file server (MinIO/SeaweedFS), set this to true + DEEPFENCE_FILE_SERVER_EXTERNAL: "true" + # set s3.amazonaws.com if using s3 buckets + DEEPFENCE_FILE_SERVER_HOST: 123.123.123.123 + DEEPFENCE_FILE_SERVER_PORT: 8080 + # uncomment to set access key if using s3 buckets + # DEEPFENCE_FILE_SERVER_USER: fileserveruser + # uncomment to set secret key if using s3 buckets + # DEEPFENCE_FILE_SERVER_PASSWORD: changeme + # set true if https + DEEPFENCE_FILE_SERVER_SECURE: "false" + # set aws s3 bucket region if using s3 buckets + DEEPFENCE_FILE_SERVER_REGION: "" + ``` +2. Remove the following service + ```yaml + deepfence-file-server: + container_name: deepfence-file-server + ``` + +### Kubernetes + +1. Create file server secret and save as `deepfence_fileserver_secret.yaml`. Refer `templates/deepfence-console-secrets/s3.yaml` or `templates/deepfence-console-secrets/fileserver.yaml` in the console helm chart for secret format + ```shell + kubectl create namespace deepfence-console + kubectl apply -f deepfence_fileserver_secret.yaml -n deepfence-console + ``` +2. Change the values.yaml to not create fileserver StatefulSet + ```yaml + fileserver: + # Specifies whether a file server instance should be created + # set this to false if using S3 + create: false + # if create false provide name of the existing secret. + # Secret format refer templates/deepfence-console-secrets/s3.yaml + secretName: "deepfence-console-secrets-fileserver" + + # Set this if external file server is used and create=false + fileServerHost: "123.123.123.123" + fileServerPort: "8080" + ``` +3. Follow [these](kubernetes.md#console-helm-chart) instructions to complete the installation \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/console/requirements.md b/docs/versioned_docs/version-v2.4/console/requirements.md new file mode 100644 index 0000000000..85b79f2244 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/console/requirements.md @@ -0,0 +1,20 @@ +--- +title: System Requirements +--- + +# System Requirements + +The Management Console may be installed on a single Docker host or in a dedicated Kubernetes cluster: + + * A Docker Host is suitable for small-scale deployments, managing up to several hundred production nodes + * A Kubernetes Cluster is suitable for small and large-scale deployments + +| Feature | Requirements (Docker) | Requirements (Kubernetes) | +|-------------------------------------------|---------------------------------------------|-------------------------------------| +| CPU: No of cores | 8 cores | 3 nodes, 4 cores each | +| RAM | 16 GB | 3 nodes, 8 GB each | +| Telemetry and data from Deepfence Sensors | Port 443 (configurable), firewalled | Port 443 (configurable), firewalled | +| Administrative and API access | Port 443 (configurable), firewalled | Port 443 (configurable), firewalled | +| Docker | *Version 20.10.18 (minimum version 18.06.0) | | + +Larger deployments, managing 250 or more production nodes, will require additional CPU and RAM resources. For enterprise-scale deployments, managing 1000+ production nodes, the ThreatMapper Console should be deployed on a Kubernetes cluster of 3 or more nodes. diff --git a/docs/versioned_docs/version-v2.4/console/troubleshooting.md b/docs/versioned_docs/version-v2.4/console/troubleshooting.md new file mode 100644 index 0000000000..06baa46b4e --- /dev/null +++ b/docs/versioned_docs/version-v2.4/console/troubleshooting.md @@ -0,0 +1,47 @@ +--- +title: Troubleshooting +--- + +## Docker configuration in Amazon Linux / RHEL +In Amazon Linux / RHEL, number of open files per container has to be configured. + +```shell +$ cat /etc/sysconfig/docker +# The max number of open files for the daemon itself, and all +# running containers. The default value of 1048576 mirrors the value +# used by the systemd service unit. +DAEMON_MAXFILES=1048576 +# Additional startup options for the Docker daemon, for example: +# OPTIONS=” — ip-forward=true — iptables=true” +# By default we limit the number of open files per container +OPTIONS=" — default-ulimit nofile=1024:4096" +``` +You can change the desired value as below. +```shell +OPTIONS=" — default-ulimit nofile=1024000:1024000" +``` +Restart Docker daemon + +## Reset Password + +If you have not configured [SES / SMTP](manage-users.md#configuring-google-smtp) and need to reset the password, please follow these steps +#### Docker +```shell +docker exec -it deepfence-server bash -c "/usr/local/bin/deepfence_server --reset-password" +``` + +#### Kubernetes + +:::note +If the helm chart name was customized, please change the deployment name accordingly +```shell +kubectl get deploy --namespace deepfence-console +``` +::: + +```shell +kubectl exec -it deploy/deepfence-console-server \ + -c server \ + --namespace deepfence-console \ + -- bash -c "/usr/local/bin/deepfence_server --reset-password" +``` diff --git a/docs/versioned_docs/version-v2.4/console/upgrade-from-v2.1.md b/docs/versioned_docs/version-v2.4/console/upgrade-from-v2.1.md new file mode 100644 index 0000000000..deab44d1fa --- /dev/null +++ b/docs/versioned_docs/version-v2.4/console/upgrade-from-v2.1.md @@ -0,0 +1,41 @@ +--- +title: Upgrade from v2.1 +--- + +## Upgrade Neo4j from 4.4 to 5.x + +Please choose upgrade steps by console deployment type (docker or kubernetes) + +### Prerequisite +1. Download [pre-upgrade-to-v5.sh](https://github.com/deepfence/ThreatMapper/blob/release-2.4/deepfence_neo4j/pre-upgrade-to-v5.sh) script to current directory +2. Make `pre-upgrade-to-v5.sh` executable + ``` + chmod +x pre-upgrade-to-v5.sh + ``` + +### Docker +1. Execute below command before upgrading to new release + ``` + docker cp pre-upgrade-to-v5.sh deepfence-neo4j:/startup + docker exec deepfence-neo4j /startup/pre-upgrade-to-v5.sh + ``` +2. Upgrade to new release, wait for scheduler to complete initial neo4j setup, then execute below command + ``` + docker exec deepfence-neo4j /startup/post-upgrade-to-v5.sh + ``` + +### Kubernetes +1. Set variable the below variables + ``` + export NAMESPACE=deepfence-console + export PODNAME=`kubectl get pods -n $NAMESPACE --no-headers -o custom-columns=":metadata.name" | grep neo4j` + ``` +2. Execute below command before upgrading to new release + ``` + kubectl cp -n $NAMESPACE pre-upgrade-to-v5.sh $PODNAME:/startup + kubectl exec -it -n $NAMESPACE $PODNAME -- /startup/pre-upgrade-to-v5.sh + ``` +3. Upgrade to new release, wait for scheduler to complete initial neo4j setup, then execute below command + ``` + kubectl exec -it -n $NAMESPACE $PODNAME -- /startup/post-upgrade-to-v5.sh + ``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/demo.md b/docs/versioned_docs/version-v2.4/demo.md new file mode 100644 index 0000000000..a5f6d59401 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/demo.md @@ -0,0 +1,15 @@ +--- +title: Quickstart Demo +--- + +# Quickstart with the Demo Sandbox + +To get a quick overview of the ThreatMapper UI and operational processes, you can access the Demo sandbox: + + * URL: https://threatmapper.deepfence.show/ + + * Username: `community@deepfence.io` + + * Password: `mzHAmWa!89zRD$KMIZ@ot4SiO` + +The credentials provide read-only access to a live ThreatMapper instance. You can explore the application topology, initiate vulnerability and other scans, review results and inspect the configuration for scanning registries and configuring notifications. diff --git a/docs/versioned_docs/version-v2.4/developers/build.md b/docs/versioned_docs/version-v2.4/developers/build.md new file mode 100644 index 0000000000..cbf7b82c01 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/developers/build.md @@ -0,0 +1,73 @@ +--- +title: Build from Source +--- + +# Build Deepfence ThreatMapper from Source + +## Prerequisites + +Build host: + * 16 Gb RAM, 4 cores to build and run the Deepfence Management Console + * Packages: build tools, `golang`, `docker`, `docker-compose` + +If necessary, enable docker for the user account that will build the Deepfence containers: + +```bash +sudo usermod -aG docker $USER # start new shell, or 'su $USER' for group change to take effect +``` + +## Building the Container Images + +```bash +git clone https://github.com/deepfence/ThreatMapper.git +cd ThreatMapper +make +``` + +The build process will create a number of container images and store these in your local Docker repository. + +## Running the Deepfence Management Console on the local machine + +```bash +cd ThreatMapper/deployment-scripts +docker-compose -f docker-compose.yml up --detach +``` + +Once started, you can point a web browser at `https://--IP-ADDRESS---/` to register a first user on the Deepfence Management Console. See [Initial Configuration](/docs/console/initial-configuration) for more information. + +To stop the Deepfence Management Console: + +```bash +docker-compose -f docker-compose.yml down +``` + +## Push the images to a remote repository + +If you plan to deploy the Management Console or Sensors (`deepfence_agent_ce` and `deepfence_cluster_agent_ce`) on another host, you should push the images to a suitable, accessible repository: + +For example, to push the images to DockerHub: + +```bash +ACC=myorg # the name of the dockerhub account +docker login -u $ACC # log in to the account + +for IMG in \ + deepfence_redis_ce \ + deepfence_postgres_ce \ + deepfence_kafka_broker_ce \ + deepfence_router_ce \ + deepfence_file_server_ce \ + deepfence_server_ce \ + deepfence_worker_ce \ + deepfence_ui_ce \ + deepfence_agent_ce \ + deepfence_cluster_agent_ce \ + deepfence_package_scanner_ce \ + deepfence_malware_scanner_ce \ + deepfence_secret_scanner_ce \ + deepfence_neo4j_ce +do + docker tag deepfenceio/$IMG $ACC/$IMG:latest + docker push $ACC/$IMG:latest +done +``` diff --git a/docs/versioned_docs/version-v2.4/developers/deploy-agent.md b/docs/versioned_docs/version-v2.4/developers/deploy-agent.md new file mode 100644 index 0000000000..9f786d3616 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/developers/deploy-agent.md @@ -0,0 +1,73 @@ +--- +title: Deploy Sensors +--- + +# Deploy custom ThreatMapper Sensor Agents + +You should first [build the management console and agents](build) and push the images to a suitable repository. You can then adapt the standard installation instructions ([Docker](/docs/sensors/docker), [Kubernetes](/docs/sensors/kubernetes)) to refer to your custom images rather than the Deepfence-provided ones. + + +## Installing and Running the Sensor Agents on a Docker Host + +:::tip +Refer to the [Docker Installation Instructions](/docs/sensors/docker) along with the modifications below. +::: + +Execute the following command to install and start the sensors: + +```bash +ACC=myorg # the name of the dockerhub account +docker login -u $ACC # log in to the account + +docker run -dit \ + --cpus=".2" \ + --name=deepfence-agent \ + --restart on-failure \ + --pid=host \ + --net=host \ + --log-driver json-file \ + --log-opt max-size=50m \ + --privileged=true \ + -v /sys/kernel/debug:/sys/kernel/debug:rw \ + -v /var/log/fenced \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /:/fenced/mnt/host/:ro \ + -e DF_LOG_LEVEL="info" \ + -e USER_DEFINED_TAGS="" \ + -e MGMT_CONSOLE_URL="---CONSOLE-IP---" \ + -e MGMT_CONSOLE_PORT="443" \ + -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ + -e http_proxy="" \ + -e https_proxy="" \ + -e no_proxy="" \ + $ACC/deepfence_agent_ce:2.4.0 +``` + +## Installing and Running the Sensor Agents in a Kubernetes Cluster + +:::tip +Refer to the [Kubernetes Installation Instructions](/docs/sensors/kubernetes) along with the modifications below. +::: + +You can use these instructions for helm-based installations in standalone and hosted Kubernetes clusters + +```bash +helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper +helm repo update + +helm show values deepfence/deepfence-agent --version 2.4.0 > deepfence_agent_values.yaml + +# You will need to update the following values: +# image:name and image:clusterAgentImageName - change the account to point to your images +# managementConsoleUrl and deepfenceKey - specify your IP and API key value +vim deepfence_agent_values.yaml + +helm install -f deepfence_agent_values.yaml deepfence-agent deepfence/deepfence-agent \ + --namespace deepfence \ + --create-namespace \ + --version 2.4.0 +``` + +Allow a few seconds for the containers to pull and deploy in your Kubernetes environment. + +Full instructions can be found in the [Agent helm chart documentation](https://github.com/deepfence/ThreatMapper/tree/main/deployment-scripts/helm-charts/deepfence-agent). diff --git a/docs/versioned_docs/version-v2.4/developers/deploy-console.md b/docs/versioned_docs/version-v2.4/developers/deploy-console.md new file mode 100644 index 0000000000..d8a74eb519 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/developers/deploy-console.md @@ -0,0 +1,77 @@ +--- +title: Deploy Console +--- + +# Deploy a custom ThreatMapper Console + +You should first [build the management console](build) and push the images to a suitable repository. You can then adapt the standard installation instructions ([Docker](/docs/console/docker), [Kubernetes](/docs/console/kubernetes)) to refer to your custom images rather than the Deepfence-provided ones. + + + +## Installing and Running the Management Console on a Docker Host + +:::tip +Refer to the [Docker Installation Instructions](/docs/console/docker) along with the modifications below. +::: + +1. Download the file [docker-compose.yml](https://github.com/deepfence/ThreatMapper/blob/release-2.4/deployment-scripts/docker-compose.yml) to the system that will host the Console + + ```bash + wget https://github.com/deepfence/ThreatMapper/raw/release-2.4/deployment-scripts/docker-compose.yml + ``` + +2. Execute the following command to install and start the Console. Note the override to specify your repository `myorg`, rather than the `deepfenceio` default: + + ```bash + ACC=myorg # the name of the dockerhub account + docker login -u $ACC # log in to the account + IMAGE_REPOSITORY=$ACC docker-compose -f docker-compose.yml up --detach + ``` + +## Installing and Running the Management Console in a Kubernetes Cluster + +:::tip +Refer to the [Kubernetes Installation Instructions](/docs/console/kubernetes) along with the modifications below. +::: + +1. Prepare the cluster, installing the storage driver and metrics service + + Follow the instructions to install the OpenEBS storage and metrics server: [Installation Instructions](/docs/console/kubernetes) + + +2. Install your Management Console + + We will install the Management Console using the helm chart, but overriding the repository source for the images: + + ```bash + helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper + helm repo update + + # Create the values file + helm show values deepfence/deepfence-console --version 2.4.1 > deepfence_console_values.yaml + ``` + + Edit the `deepfence_console_values.yaml` file, replacing the `image: repository:` value to point to your repository, and making any other changes as needed. + + Install the management console: + + ```bash + helm install -f deepfence_console_values.yaml deepfence-console deepfence/deepfence-console --version 2.4.1 + ``` + + Full instructions can be found in the [Console helm chart documentation](https://github.com/deepfence/ThreatMapper/tree/main/deployment-scripts/helm-charts/deepfence-console). + +4. Optional: enable external access with the `deepfence-router` package: + + Refer to the instructions to install the [Router](https://github.com/deepfence/ThreatMapper/tree/main/deployment-scripts/helm-charts/deepfence-router), typically as follows: + + ```bash + # Create the values file + helm show values deepfence/deepfence-router --version 2.4.0 > deepfence_router_values.yaml + ``` + + Edit the `deepfence_router_values.yaml` file, replacing the `image: repository:` value to point to your repository, and making any other changes as needed. + + ```bash + helm install -f deepfence_router_values.yaml deepfence-router deepfence/deepfence-router --version 2.4.0 + ``` diff --git a/docs/versioned_docs/version-v2.4/developers/index.md b/docs/versioned_docs/version-v2.4/developers/index.md new file mode 100644 index 0000000000..00cd2ea531 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/developers/index.md @@ -0,0 +1,22 @@ +--- +title: ThreatMapper Architecture +--- + +# ThreatMapper Architecture + +:::info + +Help needed to provide architectural information for developers + +::: + +Resources: + * [How to build Deepfence ThreatMapper](build) + * [How To Use Python Sdk](https://github.com/deepfence/threatmapper-python-client/blob/main/README.md) + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/developers/python-sdk.md b/docs/versioned_docs/version-v2.4/developers/python-sdk.md new file mode 100644 index 0000000000..f884fe9348 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/developers/python-sdk.md @@ -0,0 +1,515 @@ +--- +title: How to Use Python Sdk +--- + +# threatmapper +A client library for accessing Deepfence ThreatMapper + +## How to Install + +```shell +pip install git+https://github.com/deepfence/threatmapper-python-client.git +``` + +## Usage +First, create a client: + +```python +from threatmapper import Client + +client = Client(base_url="YOUR_CONSOLE_URL") +``` + +If the endpoints you're going to hit require authentication, use `AuthenticatedClient` instead: +### Api Key +After Login Go to Settings -> User Management -> Api key + +```python +from threatmapper import AuthenticatedClient + +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="Api Key") +``` + +By default, when you're calling an HTTPS API it will attempt to verify that SSL is working correctly. Using certificate verification is highly recommended most of the time, but sometimes you may need to authenticate to a server (especially an internal server) using a custom certificate bundle. + +```python +from threatmapper import AuthenticatedClient + +client = AuthenticatedClient( + base_url="YOUR_CONSOLE_URL", + token="Api Key", + verify_ssl="/path/to/certificate_bundle.pem", +) +``` + +You can also disable certificate validation altogether, but beware that **this is a security risk**. + +```python + +from threatmapper import AuthenticatedClient + +client = AuthenticatedClient( + base_url="YOUR_CONSOLE_URL", + token="Api Key", + verify_ssl=False +) +``` + +Things to know: +1. Every path/method combo becomes a Python module with four functions: + 1. `sync`: Blocking request that returns parsed data (if successful) or `None` + 2. `sync_detailed`: Blocking request that always returns a `Request`, optionally with `parsed` set if the request was successful. + 3. `asyncio`: Like `sync` but async instead of blocking + 4. `asyncio_detailed`: Like `sync_detailed` but async instead of blocking + +2. All path/query params, and bodies become method arguments. +3. If your endpoint had any tags on it, the first tag will be used as a module name for the function (my_tag above) +4. Any endpoint which did not have a tag will be in `threatmapper.api.default` + +## Advanced customizations + +There are more settings on the generated `Client` class which let you control more runtime behavior, check out the docstring on that class for more info. You can also customize the underlying `httpx.Client` or `httpx.AsyncClient` (depending on your use-case): + +```python +from threatmapper import Client + +def log_request(request): + print(f"Request event hook: {request.method} {request.url} - Waiting for response") + +def log_response(response): + request = response.request + print(f"Response event hook: {request.method} {request.url} - Status {response.status_code}") + +client = Client( + base_url="YOUR_CONSOLE_URL", + httpx_args={"event_hooks": {"request": [log_request], "response": [log_response]}}, +) + +# Or get the underlying httpx client to modify directly with client.get_httpx_client() or client.get_async_httpx_client() +``` + +You can even set the httpx client directly, but beware that this will override any existing settings (e.g., base_url): + +```python +import httpx +from threatmapper import Client + +client = Client( + base_url="YOUR_CONSOLE_URL", +) +# Note that base_url needs to be re-set, as would any shared cookies, headers, etc. +client.set_httpx_client(httpx.Client(base_url="YOUR_CONSOLE_URL", proxies="YOUR_PROXY_URL")) +``` + +### Get Access & Refresh Token With Regular Client + +```python +import json +from threatmapper import Client +from threatmapper.models import ModelApiAuthRequest +from threatmapper.api.authentication import auth_token +from threatmapper.errors import UnexpectedStatus + +# Regular Client SSL Disabled +client = Client(base_url="YOUR_CONSOLE_URL", verify_ssl=False) +#OR +# Regular Client SSL Enabled +client = Client(base_url="YOUR_CONSOLE_URL", verify_ssl="/path/to/certificate_bundle.pem") + +def get_access_refresh_token_sync(): + try: + json_body = ModelApiAuthRequest( + api_token="YOUR_API_KEY" + ) + # If we want minified response + api_response = auth_token.sync(client=client, json_body=json_body) + print(api_response.access_token, api_response.refresh_token) + # If we want detailed response + api_response = auth_token.sync_detailed(client=client, json_body=json_body) + if api_response.status_code == 200: + json_response = json.loads(api_response.content.decode("utf-8")) + print(json_response["access_token"], json_response["refresh_token"]) + else: + raise Exception("") + except UnexpectedStatus as e: + print("Exception when calling get_access_refresh_token_sync->: %s\n" % e) +``` + +Or do the same thing with an async version: + +```python +import json +from threatmapper import Client +from threatmapper.models import ModelApiAuthRequest +from threatmapper.api.authentication import auth_token +from threatmapper.errors import UnexpectedStatus + + +# SSL Disabled +client = Client(base_url="YOUR_CONSOLE_URL", verify_ssl=False) +# OR +# SSL Enabled +client = Client(base_url="YOUR_CONSOLE_URL", verify_ssl="/path/to/certificate_bundle.pem") + +async def get_access_refresh_token_async(): + try: + json_body = ModelApiAuthRequest( + api_token="YOUR_API_KEY" + ) + # If we want minified response + api_response = await auth_token.asyncio(client=client, json_body=json_body) + print(api_response.access_token, api_response.refresh_token) + # If we want detailed response + api_response = await auth_token.asyncio_detailed(client=client, json_body=json_body) + if api_response.status_code == 200: + json_response = json.loads(api_response.content.decode("utf-8")) + print(json_response["access_token"], json_response["refresh_token"]) + else: + raise Exception("") + except UnexpectedStatus as e: + print("Exception when calling get_access_refresh_token_async-> %s\n" % e) +``` + +### Get Token Refresh With Authenticated Client SYNC + +```python +import json +from threatmapper import AuthenticatedClient +from threatmapper.api.authentication import auth_token_refresh +from threatmapper.errors import UnexpectedStatus + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +# OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", + verify_ssl="/path/to/certificate_bundle.pem") + + +def refresh_token_sync(): + try: + # If we want minified response + res = auth_token_refresh.sync(client=client) + print(res.access_token, res.refresh_token) + # If we want Detailed response + res = auth_token_refresh.sync_detailed(client=client) + if res.status_code == 200: + json_response = json.loads(res.content.decode("utf-8")) + print(json_response["access-token"], json_response["refresh-token"]) + else: + raise Exception("") + except UnexpectedStatus as e: + print("Exception when calling refresh_token_sync-> %s\n" % e) +``` + +Or do the same thing with an async version: + +```python +from threatmapper import AuthenticatedClient +from threatmapper.api.authentication import auth_token_refresh +from threatmapper.errors import UnexpectedStatus +import json + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +#OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl="/path/to/certificate_bundle.pem") + +async def refresh_token_async(): + try: + # If we want minified response + res = await auth_token_refresh.asyncio(client=client) + print(res.access_token, res.refresh_token) + # If we want Detailed response + res = await auth_token_refresh.asyncio_detailed(client=client) + if res.status_code == 200: + json_response = json.loads(res.content.decode("utf-8")) + print(json_response["access-token"], json_response["refresh-token"]) + else: + raise Exception("") + except UnexpectedStatus as e: + print("Exception when calling refresh_token_async-> %s\n" % e) +``` + +### Add Gcr Registry + +```python +from threatmapper.types import File +from threatmapper.api.registry import add_registry_gcr +from threatmapper.models import FormDataModelRegistryGCRAddReq +from threatmapper import AuthenticatedClient +from threatmapper.errors import UnexpectedStatus + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +#OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl="/path/to/certificate_bundle.pem") + +def add_gcr_registry(): + try: + name = 'Google Registry' + registry_url = 'YOUR_REGISTRY_URL' + service_account_json = File(payload=open('/path/to/json','rb'), mime_type="application/json", file_name="service.json") + multipart_data=FormDataModelRegistryGCRAddReq(name=name, registry_url=registry_url, service_account_json=service_account_json) + response = add_registry_gcr.sync(client=client, multipart_data=multipart_data) + print(response.message) + except UnexpectedStatus as e: + print("Exception when calling refresh_token_async-> %s\n" % e) + +``` + +### List Hosts + +```python +from threatmapper.api.search import search_hosts +from threatmapper.models import SearchSearchNodeReq +from threatmapper import AuthenticatedClient +from threatmapper.errors import UnexpectedStatus + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +#OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl="/path/to/certificate_bundle.pem") + +def list_hosts(): + try: + payload_dict = { + "node_filter": { + "filters": { + "compare_filter": None, + "contains_filter": { + "filter_in": { + "active": [ + True + ] + } + }, + "match_filter": { + "filter_in": None + }, + "not_contains_filter": { + "filter_in": {} + }, + "order_filter": { + "order_fields": [] + } + }, + "in_field_filter": None, + "window": { + "offset": 0, + "size": 0 + } + }, + "window": { + "offset": 0, + "size": 100 + } + } + json_body = SearchSearchNodeReq.from_dict(payload_dict) + hosts = search_hosts.sync(client=client,json_body=json_body) + agent_host_list = [] + discovered_host_list = [] + for host in hosts: + # If agent is running inside hosts + if host.agent_running: + agent_host_list.append(host.node_id) + else: + discovered_host_list.append(host.node_id) + print(agent_host_list, discovered_host_list) + except UnexpectedStatus as e: + print("Exception when calling list_hosts-> %s\n" % e) + +``` +### List Containers ASYNC + +```python +from threatmapper.api.search import search_containers +from threatmapper.models import SearchSearchNodeReq +from threatmapper import AuthenticatedClient +from threatmapper.errors import UnexpectedStatus + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +#OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl="/path/to/certificate_bundle.pem") + +async def list_containers(): + try: + payload_dict = { + "node_filter": { + "filters": { + "compare_filter": None, + "contains_filter": { + "filter_in": { + "active": [ + True + ] + } + }, + "match_filter": { + "filter_in": None + }, + "not_contains_filter": { + "filter_in": {} + }, + "order_filter": { + "order_fields": [] + } + }, + "in_field_filter": None, + "window": { + "offset": 0, + "size": 0 + } + }, + "window": { + "offset": 0, + "size": 100 + } + } + json_body = SearchSearchNodeReq.from_dict(payload_dict) + containers = await search_containers.asyncio(client=client,json_body=json_body) + for container in containers: + print(container.node_id, container.node_name) + except UnexpectedStatus as e: + print("Exception when calling list_containers-> %s\n" % e) +``` + +### Start Vulnerability Scan ASYNC + +```python +from threatmapper.api.vulnerability import start_vulnerability_scan +from threatmapper.api.search import search_hosts +from threatmapper.models import ModelVulnerabilityScanTriggerReq, SearchSearchNodeReq, ModelScanTriggerResp +from threatmapper import AuthenticatedClient +from threatmapper.errors import UnexpectedStatus +from typing import List + +# Authenticated Client SSL Disabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl=False) +#OR +# Authenticated Client SSL Enabled +client = AuthenticatedClient(base_url="YOUR_CONSOLE_URL", token="YOUR_REFRESH_TOKEN", verify_ssl="/path/to/certificate_bundle.pem") + + +def node_config() -> List: + try: + payload_dict = { + "node_filter": { + "filters": { + "compare_filter": None, + "contains_filter": { + "filter_in": { + "active": [ + True + ] + } + }, + "match_filter": { + "filter_in": None + }, + "not_contains_filter": { + "filter_in": {} + }, + "order_filter": { + "order_fields": [] + } + }, + "in_field_filter": None, + "window": { + "offset": 0, + "size": 0 + } + }, + "window": { + "offset": 0, + "size": 100 + } + } + json_body = SearchSearchNodeReq.from_dict(payload_dict) + hosts = search_hosts.sync(client=client,json_body=json_body) + host_list = [] + for host in hosts: + host_list.append({"node_id":host.node_id, "node_type": "host"}) + return host_list + except UnexpectedStatus as e: + print("Exception when calling node_config-> %s\n" % e) + +async def start_vulnerability_scan_on_hosts(): + try: + node_ids = node_config() + payload_dict = { + "filters": { + "cloud_account_scan_filter": { + "filter_in": None + }, + "container_scan_filter": { + "filter_in": None + }, + "host_scan_filter": { + "filter_in": None + }, + "image_scan_filter": { + "filter_in": None + }, + "kubernetes_cluster_scan_filter": { + "filter_in": None + } + }, + "node_ids": node_ids, + "scan_config": [ + { + "language": "base" + }, + { + "language": "java" + }, + { + "language": "javascript" + }, + { + "language": "rust" + }, + { + "language": "golang" + }, + { + "language": "ruby" + }, + { + "language": "python" + }, + { + "language": "php" + }, + { + "language": "dotnet" + } + ] + } + json_body = ModelVulnerabilityScanTriggerReq.from_dict(payload_dict) + response: ModelScanTriggerResp = await start_vulnerability_scan.asyncio(client=client,json_body=json_body) + print(response.scan_ids, response.bulk_scan_id) + except UnexpectedStatus as e: + print("Exception when calling start_vulnerability_scan_on_hosts-> %s\n" % e) +``` + + + +## Building / publishing this package +This project uses [Poetry](https://python-poetry.org/) to manage dependencies and packaging. Here are the basics: +1. Update the metadata in pyproject.toml (e.g. authors, version) +2. If you're using a private repository, configure it with Poetry + 1. `poetry config repositories. ` + 2. `poetry config http-basic. ` +3. Publish the client with `poetry publish --build -r ` or, if for public PyPI, just `poetry publish --build` + +If you want to install this client into another project without publishing it (e.g. for development) then: +1. If that project **is using Poetry**, you can simply do `poetry add ` from that project +2. If that project is not using Poetry: + 1. Build a wheel with `poetry build -f wheel` + 2. Install that wheel from the other project `pip install ` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/img/agent-setup-2.png b/docs/versioned_docs/version-v2.4/img/agent-setup-2.png new file mode 100644 index 0000000000..ab3ea175c7 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/agent-setup-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/agent-setup.png b/docs/versioned_docs/version-v2.4/img/agent-setup.png new file mode 100644 index 0000000000..ba3b26b6f3 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/agent-setup.png differ diff --git a/docs/versioned_docs/version-v2.4/img/api-key.png b/docs/versioned_docs/version-v2.4/img/api-key.png new file mode 100644 index 0000000000..fd8ebb3123 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/api-key.png differ diff --git a/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-1.png b/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-1.png new file mode 100644 index 0000000000..5f31330aae Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-2.png b/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-2.png new file mode 100644 index 0000000000..d31e4eb55d Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-3.png b/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-3.png new file mode 100644 index 0000000000..4e839ca69e Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-4.png b/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-4.png new file mode 100644 index 0000000000..7b4f250ebf Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/cloud-scanner-aws-4.png differ diff --git a/docs/versioned_docs/version-v2.4/img/compliance-scan-1.png b/docs/versioned_docs/version-v2.4/img/compliance-scan-1.png new file mode 100644 index 0000000000..d703f6ae78 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/compliance-scan-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/compliance-scan-2.png b/docs/versioned_docs/version-v2.4/img/compliance-scan-2.png new file mode 100644 index 0000000000..a96aaae3e5 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/compliance-scan-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/compliance-scan-3.png b/docs/versioned_docs/version-v2.4/img/compliance-scan-3.png new file mode 100644 index 0000000000..de66541864 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/compliance-scan-3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/compliance-scan-4.png b/docs/versioned_docs/version-v2.4/img/compliance-scan-4.png new file mode 100644 index 0000000000..8c295148e1 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/compliance-scan-4.png differ diff --git a/docs/versioned_docs/version-v2.4/img/diagnostic-logs.png b/docs/versioned_docs/version-v2.4/img/diagnostic-logs.png new file mode 100644 index 0000000000..5a144ab9e8 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/diagnostic-logs.png differ diff --git a/docs/versioned_docs/version-v2.4/img/fargate-task-1.png b/docs/versioned_docs/version-v2.4/img/fargate-task-1.png new file mode 100644 index 0000000000..f54997bdb2 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/fargate-task-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/fargate-task-2.png b/docs/versioned_docs/version-v2.4/img/fargate-task-2.png new file mode 100644 index 0000000000..30475dbb7b Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/fargate-task-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/fargate-task-3.png b/docs/versioned_docs/version-v2.4/img/fargate-task-3.png new file mode 100644 index 0000000000..b8e985fd16 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/fargate-task-3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/fargate-task-4.png b/docs/versioned_docs/version-v2.4/img/fargate-task-4.png new file mode 100644 index 0000000000..36267cacd6 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/fargate-task-4.png differ diff --git a/docs/versioned_docs/version-v2.4/img/fargate-task-5.png b/docs/versioned_docs/version-v2.4/img/fargate-task-5.png new file mode 100644 index 0000000000..84f265c6d7 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/fargate-task-5.png differ diff --git a/docs/versioned_docs/version-v2.4/img/fargate-task-6.png b/docs/versioned_docs/version-v2.4/img/fargate-task-6.png new file mode 100644 index 0000000000..47696b642d Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/fargate-task-6.png differ diff --git a/docs/versioned_docs/version-v2.4/img/fargate-task-7.png b/docs/versioned_docs/version-v2.4/img/fargate-task-7.png new file mode 100644 index 0000000000..9fa1c1e9db Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/fargate-task-7.png differ diff --git a/docs/versioned_docs/version-v2.4/img/gcp-vm-service-account.png b/docs/versioned_docs/version-v2.4/img/gcp-vm-service-account.png new file mode 100644 index 0000000000..234b228bb8 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/gcp-vm-service-account.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-elasticsearch.png b/docs/versioned_docs/version-v2.4/img/integrations-elasticsearch.png new file mode 100644 index 0000000000..6b9b2b012c Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-elasticsearch.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-email.png b/docs/versioned_docs/version-v2.4/img/integrations-email.png new file mode 100644 index 0000000000..6412291180 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-email.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-http-endpoint.png b/docs/versioned_docs/version-v2.4/img/integrations-http-endpoint.png new file mode 100644 index 0000000000..08024084d0 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-http-endpoint.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-jira-1.png b/docs/versioned_docs/version-v2.4/img/integrations-jira-1.png new file mode 100644 index 0000000000..cad80d91e8 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-jira-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-jira-2.png b/docs/versioned_docs/version-v2.4/img/integrations-jira-2.png new file mode 100644 index 0000000000..d155ebd3a7 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-jira-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-jira-3.png b/docs/versioned_docs/version-v2.4/img/integrations-jira-3.png new file mode 100644 index 0000000000..82a59d16e6 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-jira-3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-jira-4.png b/docs/versioned_docs/version-v2.4/img/integrations-jira-4.png new file mode 100644 index 0000000000..59733cb5f2 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-jira-4.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-pager-duty-1.png b/docs/versioned_docs/version-v2.4/img/integrations-pager-duty-1.png new file mode 100644 index 0000000000..eefd3bd03c Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-pager-duty-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-pager-duty-2.jpg b/docs/versioned_docs/version-v2.4/img/integrations-pager-duty-2.jpg new file mode 100644 index 0000000000..a0592be6bf Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-pager-duty-2.jpg differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-pager-duty-3.png b/docs/versioned_docs/version-v2.4/img/integrations-pager-duty-3.png new file mode 100644 index 0000000000..137c3361d2 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-pager-duty-3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-s3.png b/docs/versioned_docs/version-v2.4/img/integrations-s3.png new file mode 100644 index 0000000000..72026d511f Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-s3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-slack-1.jpeg b/docs/versioned_docs/version-v2.4/img/integrations-slack-1.jpeg new file mode 100644 index 0000000000..4495ebad6e Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-slack-1.jpeg differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-slack-2.jpeg b/docs/versioned_docs/version-v2.4/img/integrations-slack-2.jpeg new file mode 100644 index 0000000000..1babd3fce7 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-slack-2.jpeg differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-slack-3.jpeg b/docs/versioned_docs/version-v2.4/img/integrations-slack-3.jpeg new file mode 100644 index 0000000000..fa0c59a109 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-slack-3.jpeg differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-slack.png b/docs/versioned_docs/version-v2.4/img/integrations-slack.png new file mode 100644 index 0000000000..2865087c12 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-slack.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-13.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-13.png new file mode 100644 index 0000000000..6fe21ec191 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-13.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-14.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-14.png new file mode 100644 index 0000000000..73c75917a2 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-14.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-15.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-15.png new file mode 100644 index 0000000000..8d479dcc77 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-15.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-16.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-16.png new file mode 100644 index 0000000000..dc74b8859e Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-16.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-17.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-17.png new file mode 100644 index 0000000000..6edc373b1b Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-17.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-18.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-18.png new file mode 100644 index 0000000000..804e7f104f Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-18.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-19.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-19.png new file mode 100644 index 0000000000..aab610c1f2 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-19.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-20.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-20.png new file mode 100644 index 0000000000..ce219d99a9 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-20.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-21.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-21.png new file mode 100644 index 0000000000..51b3e4ec00 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-21.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-22.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-22.png new file mode 100644 index 0000000000..f18ba09063 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-22.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-23.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-23.png new file mode 100644 index 0000000000..e9a275ed5c Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-23.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-24.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-24.png new file mode 100644 index 0000000000..9b58ccd295 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-24.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-splunk-25.png b/docs/versioned_docs/version-v2.4/img/integrations-splunk-25.png new file mode 100644 index 0000000000..8739279905 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-splunk-25.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-1.jpeg b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-1.jpeg new file mode 100644 index 0000000000..f3d60eae7f Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-1.jpeg differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-2.jpeg b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-2.jpeg new file mode 100644 index 0000000000..efed3d0678 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-2.jpeg differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-3.jpeg b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-3.jpeg new file mode 100644 index 0000000000..5f0d63c479 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-3.jpeg differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-4.jpeg b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-4.jpeg new file mode 100644 index 0000000000..ee0dfe410e Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-4.jpeg differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-5.jpeg b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-5.jpeg new file mode 100644 index 0000000000..878ddb3892 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-5.jpeg differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-6.jpeg b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-6.jpeg new file mode 100644 index 0000000000..a0a3167961 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-sumo-logic-6.jpeg differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-teams-1.png b/docs/versioned_docs/version-v2.4/img/integrations-teams-1.png new file mode 100644 index 0000000000..c11fbcad94 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-teams-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-teams-2.png b/docs/versioned_docs/version-v2.4/img/integrations-teams-2.png new file mode 100644 index 0000000000..65e41c1dda Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-teams-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-teams-3.png b/docs/versioned_docs/version-v2.4/img/integrations-teams-3.png new file mode 100644 index 0000000000..e413e1e911 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-teams-3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-threatrx-1.png b/docs/versioned_docs/version-v2.4/img/integrations-threatrx-1.png new file mode 100644 index 0000000000..7774c858ba Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-threatrx-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-threatrx-2.png b/docs/versioned_docs/version-v2.4/img/integrations-threatrx-2.png new file mode 100644 index 0000000000..b69f46b60e Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-threatrx-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-threatrx-3.png b/docs/versioned_docs/version-v2.4/img/integrations-threatrx-3.png new file mode 100644 index 0000000000..94e30823c1 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-threatrx-3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-threatrx-4.png b/docs/versioned_docs/version-v2.4/img/integrations-threatrx-4.png new file mode 100644 index 0000000000..3b40d02139 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-threatrx-4.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations-threatrx-5.png b/docs/versioned_docs/version-v2.4/img/integrations-threatrx-5.png new file mode 100644 index 0000000000..e33b4d5553 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations-threatrx-5.png differ diff --git a/docs/versioned_docs/version-v2.4/img/integrations.png b/docs/versioned_docs/version-v2.4/img/integrations.png new file mode 100644 index 0000000000..e257ef7a36 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/integrations.png differ diff --git a/docs/versioned_docs/version-v2.4/img/malware-scans-1.png b/docs/versioned_docs/version-v2.4/img/malware-scans-1.png new file mode 100644 index 0000000000..e51ead20e2 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/malware-scans-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registration-1.png b/docs/versioned_docs/version-v2.4/img/registration-1.png new file mode 100644 index 0000000000..7dd8bd80bb Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registration-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registration-2.png b/docs/versioned_docs/version-v2.4/img/registration-2.png new file mode 100644 index 0000000000..89630d4e0b Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registration-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registry-1.png b/docs/versioned_docs/version-v2.4/img/registry-1.png new file mode 100644 index 0000000000..86045e1565 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registry-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registry-2.png b/docs/versioned_docs/version-v2.4/img/registry-2.png new file mode 100644 index 0000000000..6cffc608bf Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registry-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registry-3.png b/docs/versioned_docs/version-v2.4/img/registry-3.png new file mode 100644 index 0000000000..49354f001c Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registry-3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registry-ecr-1.png b/docs/versioned_docs/version-v2.4/img/registry-ecr-1.png new file mode 100644 index 0000000000..9b6c6bd0f7 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registry-ecr-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registry-ecr-2.png b/docs/versioned_docs/version-v2.4/img/registry-ecr-2.png new file mode 100644 index 0000000000..6306d4f52b Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registry-ecr-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registry-ecr-3.png b/docs/versioned_docs/version-v2.4/img/registry-ecr-3.png new file mode 100644 index 0000000000..d1f4cabebc Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registry-ecr-3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registry-ecr-4.png b/docs/versioned_docs/version-v2.4/img/registry-ecr-4.png new file mode 100644 index 0000000000..8d9768a237 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registry-ecr-4.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registry-ecr-5.png b/docs/versioned_docs/version-v2.4/img/registry-ecr-5.png new file mode 100644 index 0000000000..a9191af56e Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registry-ecr-5.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registry-ecr-6.png b/docs/versioned_docs/version-v2.4/img/registry-ecr-6.png new file mode 100644 index 0000000000..c7b2d566c7 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registry-ecr-6.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registry-ecr-7.png b/docs/versioned_docs/version-v2.4/img/registry-ecr-7.png new file mode 100644 index 0000000000..7cb1f432fc Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registry-ecr-7.png differ diff --git a/docs/versioned_docs/version-v2.4/img/registry-ecr-8.png b/docs/versioned_docs/version-v2.4/img/registry-ecr-8.png new file mode 100644 index 0000000000..7a7185235f Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/registry-ecr-8.png differ diff --git a/docs/versioned_docs/version-v2.4/img/reports-1.png b/docs/versioned_docs/version-v2.4/img/reports-1.png new file mode 100644 index 0000000000..56ad62b6e5 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/reports-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/reports-2.png b/docs/versioned_docs/version-v2.4/img/reports-2.png new file mode 100644 index 0000000000..70ea60ac8c Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/reports-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/reports-pdf-2.png b/docs/versioned_docs/version-v2.4/img/reports-pdf-2.png new file mode 100644 index 0000000000..bdf7cb7a8f Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/reports-pdf-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/reports-pdf-3.png b/docs/versioned_docs/version-v2.4/img/reports-pdf-3.png new file mode 100644 index 0000000000..a9bcc2e0d2 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/reports-pdf-3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/reports-xlsx-1.png b/docs/versioned_docs/version-v2.4/img/reports-xlsx-1.png new file mode 100644 index 0000000000..5e947776df Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/reports-xlsx-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/sbom-1.png b/docs/versioned_docs/version-v2.4/img/sbom-1.png new file mode 100644 index 0000000000..5216120698 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/sbom-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/sbom-2.png b/docs/versioned_docs/version-v2.4/img/sbom-2.png new file mode 100644 index 0000000000..cbf7583376 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/sbom-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/scan-1.png b/docs/versioned_docs/version-v2.4/img/scan-1.png new file mode 100644 index 0000000000..ab8982900d Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/scan-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/scan-2.png b/docs/versioned_docs/version-v2.4/img/scan-2.png new file mode 100644 index 0000000000..275c43ce4d Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/scan-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/scheduled-jobs.png b/docs/versioned_docs/version-v2.4/img/scheduled-jobs.png new file mode 100644 index 0000000000..fef7452620 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/scheduled-jobs.png differ diff --git a/docs/versioned_docs/version-v2.4/img/secret-scan-1.png b/docs/versioned_docs/version-v2.4/img/secret-scan-1.png new file mode 100644 index 0000000000..19f29dd3c5 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/secret-scan-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/secret-scan-2.png b/docs/versioned_docs/version-v2.4/img/secret-scan-2.png new file mode 100644 index 0000000000..0142c5dd3d Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/secret-scan-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/threat-graph-1.png b/docs/versioned_docs/version-v2.4/img/threat-graph-1.png new file mode 100644 index 0000000000..7d7657221e Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/threat-graph-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/threat-graph-2.png b/docs/versioned_docs/version-v2.4/img/threat-graph-2.png new file mode 100644 index 0000000000..537335b376 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/threat-graph-2.png differ diff --git a/docs/versioned_docs/version-v2.4/img/threat-graph-3.png b/docs/versioned_docs/version-v2.4/img/threat-graph-3.png new file mode 100644 index 0000000000..344011e2eb Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/threat-graph-3.png differ diff --git a/docs/versioned_docs/version-v2.4/img/threat-graph-4.png b/docs/versioned_docs/version-v2.4/img/threat-graph-4.png new file mode 100644 index 0000000000..c79b9b8422 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/threat-graph-4.png differ diff --git a/docs/versioned_docs/version-v2.4/img/threat-graph-6.png b/docs/versioned_docs/version-v2.4/img/threat-graph-6.png new file mode 100644 index 0000000000..f36f61c5dd Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/threat-graph-6.png differ diff --git a/docs/versioned_docs/version-v2.4/img/threat-graph-7.png b/docs/versioned_docs/version-v2.4/img/threat-graph-7.png new file mode 100644 index 0000000000..47ce4f7b69 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/threat-graph-7.png differ diff --git a/docs/versioned_docs/version-v2.4/img/threatmapper-components.jpg b/docs/versioned_docs/version-v2.4/img/threatmapper-components.jpg new file mode 100644 index 0000000000..d181c2230f Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/threatmapper-components.jpg differ diff --git a/docs/versioned_docs/version-v2.4/img/threatmapper-overview.jpg b/docs/versioned_docs/version-v2.4/img/threatmapper-overview.jpg new file mode 100644 index 0000000000..6146b8ae03 Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/threatmapper-overview.jpg differ diff --git a/docs/versioned_docs/version-v2.4/img/vulnerability-scan-1.png b/docs/versioned_docs/version-v2.4/img/vulnerability-scan-1.png new file mode 100644 index 0000000000..bf913105ed Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/vulnerability-scan-1.png differ diff --git a/docs/versioned_docs/version-v2.4/img/vulnerability-scan-3.png b/docs/versioned_docs/version-v2.4/img/vulnerability-scan-3.png new file mode 100644 index 0000000000..bdc1504f0d Binary files /dev/null and b/docs/versioned_docs/version-v2.4/img/vulnerability-scan-3.png differ diff --git a/docs/versioned_docs/version-v2.4/index.md b/docs/versioned_docs/version-v2.4/index.md new file mode 100644 index 0000000000..b44c82e885 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/index.md @@ -0,0 +1,56 @@ +--- +title: Introduction to ThreatMapper +--- +import ReactPlayer from 'react-player' + +# ThreatMapper + +## Introducing Deepfence ThreatMapper + +Deepfence ThreatMapper hunts for hidden threats in your production platforms, and ranks these threats based on their risk-of-exploit. You can then prioritize the issues that present the greatest risk to the security of your applications. + +[//]: # () + +### Extends Security into Production + +Your 'Shift Left' initiatives enable you to deliver secure applications to production. ThreatMapper picks up once your applications have been deployed to production. + + +| ![ThreatMapper Overview](img/threatmapper-overview.jpg) | +|:---------------------------------------------------------------:| +| ThreatMapper Overview - Development, Pre-Deployment, Production | + +#### Discover: + +* **Discover Running Workloads:** ThreatMapper scans your platforms and identifies pods, containers, applications, and infrastructure. Use ThreatMapper to discover the topology of your applications and attack surface. +* **Discover Cloud and Infrastructure Assets:** ThreatMapper queries platform APIs to map assets and their interrelationships, and calculate a topology graph. + +#### Find Threats: + +* **Discover Vulnerabilities:** ThreatMapper generates runtime SBOMs (Software Bill of Materials) of dependencies from running pods and containers, serverless apps, applications, and operating systems. ThreatMapper matches these SBOMs against multiple vulnerability feeds to identify vulnerable components. +* **Discover Exposed Secrets:** Unprotected keys, tokens and passwords can provide malicious actors with opportunities to spread control and exploit nearby or remote systems. +* **Discover Configuration and Compliance Weaknesses:** ThreatMapper evaluates infrastructure configuration against multiple compliance benchmarks (CIS, PCI-DSS, HIPAA and others) to find weaknesses and mis-configurations that could pose a threat. + +#### Actionable Information: + +* **Rank Threats by Risk-of-Exploit:** ThreatMapper ranks the discovered threats using CVSS and other severity scores, exploit method and their proximity to attack surface, in order to identify which issues pose the greatest risk of exploit + + +## What makes up the ThreatMapper product? + +Deepfence ThreatMapper consists of the ThreatMapper Management Console, and a series of ThreatMapper Sensors: + +The console uses **infrastructure APIs** to scan your production and non-production platforms and detect configuration errors and compliance weaknesses. +The console also takes data from **sensor agents** to calculate the topology of your applications, generate SBOMs to find vulnerabilities. + +Infrastructure APIs are handled using **Cloud Scanner** tasks which reside within each platform and access the local cloud APIs. + +On-host data is provided by ThreatMapper sensor agents. These are deployed against each production host, and they forward SBOMs and telemetry securely to your dedicated console. + +| ![ThreatMapper Components](img/threatmapper-components.jpg) | +|:-----------------------------------------------------------:| +| ThreatMapper Components | + +## Learn More + +Read on to discover more about the architecture, installation and operation of Deepfence ThreatMapper. diff --git a/docs/versioned_docs/version-v2.4/installation.md b/docs/versioned_docs/version-v2.4/installation.md new file mode 100644 index 0000000000..17e3f4313b --- /dev/null +++ b/docs/versioned_docs/version-v2.4/installation.md @@ -0,0 +1,18 @@ +--- +title: Installing ThreatMapper +--- + +# Installing ThreatMapper + +The ThreatMapper product consists of a Management Console, and multiple Sensor Agents and Cloud Scanner tasks that are deployed within your production platform(s). + +![ThreatMapper Components](img/threatmapper-components.jpg) + +The Management Console is deployed first. The Management console generates an API key and a URL which you will need when you install the Cloud Scanner tasks and Sensor Agents. + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` diff --git a/docs/versioned_docs/version-v2.4/integrations/elasticsearch.md b/docs/versioned_docs/version-v2.4/integrations/elasticsearch.md new file mode 100644 index 0000000000..36c2f21fa4 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/elasticsearch.md @@ -0,0 +1,18 @@ +--- +title: Elasticsearch +--- + +# Elasticsearch + +*Forward Notifications to Elasticsearch* + +![Elasticsearch Integration Page](../img/integrations-elasticsearch.png) + +### Configuration +1. Enter Elasticsearch endpoint url. (Example: http://10.108.0.2:9200) +2. Enter Elasticsearch index name. +3. Enter Elasticsearch doc type if version is 5.x. If version is 6 and above, enter `_doc` as doc type. +4. If authentication is enabled for the Elasticsearch instance, set the auth header. +5. If username is `demo` and password is `p@55w0rd`, generate basic auth header by running `echo -n '{username}:{password}' | base64` or generate online at https://www.base64encode.net +6. Enter auth header value as `Basic dXNlcm5hbWU6cGFzc3dvcmQ=`. If authorization is not enabled, leave it empty. +7. Choose the resource that has to be sent to Elasticsearch and click subscribe button to save. diff --git a/docs/versioned_docs/version-v2.4/integrations/email.md b/docs/versioned_docs/version-v2.4/integrations/email.md new file mode 100644 index 0000000000..d97a8745c2 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/email.md @@ -0,0 +1,15 @@ +--- +title: Email +--- + +# Email + +*Forward Notifications to Email* + +![Email Integration Page](../img/integrations-email.png) + +### In this integration you will be getting all information to your email for the selected resources accordingly to your interval selected + +1. Enter your email address to see notifications +2. Choose your resources +3. Click on subscribe button diff --git a/docs/versioned_docs/version-v2.4/integrations/http-endpoint.md b/docs/versioned_docs/version-v2.4/integrations/http-endpoint.md new file mode 100644 index 0000000000..bab17a1611 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/http-endpoint.md @@ -0,0 +1,13 @@ +--- +title: HTTP Endpoint +--- + +# HTTP Endpoint + +*Forward notifications to http endpoint* + +![HttpEndPoint Integration Page](../img/integrations-http-endpoint.png) + +Example http endpoint: http://10.3.16.2:8080 + +Optionally authentication http header value can be set, if the api server requires authentication. diff --git a/docs/versioned_docs/version-v2.4/integrations/index.md b/docs/versioned_docs/version-v2.4/integrations/index.md new file mode 100644 index 0000000000..38927d15bc --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/index.md @@ -0,0 +1,34 @@ +--- +title: Integrations +--- + +# Integrations + +You can integrate ThreatMapper with a variety of notification services. Any time a new vulnerability is detected (for example, during [CI](/docs/operations/scanning-ci) or an [automated scan](/docs/operations/scanning)), ThreatMapper will submit the details to the configured notification services. + +| ![Integrations](../img/integrations.png) | +|:----------------------------------------------:| +| Example Integrations supported by ThreatMapper | + +## Configuring Notification Services + +Configure the notification services you require in the ThreatMapper console: + + +| ![Integrations - Slack](../img/integrations-slack.png) | +|:------------------------------------------------------:| +| Integrations - Slack (example) | + + +The following notification services are among those supported by ThreatMapper: + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` + +Check out the **Integrations** pages in the Management Console for a full list. + + diff --git a/docs/versioned_docs/version-v2.4/integrations/jira.md b/docs/versioned_docs/version-v2.4/integrations/jira.md new file mode 100644 index 0000000000..04b8e480ff --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/jira.md @@ -0,0 +1,31 @@ +--- +title: JIRA +--- + +# ThreatMapper and JIRA + +ThreatMapper can be configured to raise JIRA tickets for vulnerabilities and secrets. The minimum supported version of JIRA is 7.13. + +## To Configure JIRA Integration +For authentication either password of a user account or an api token can be used. + +[https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) + +To generate an api token: + +1. Click settings icon and navigate to **Atlassian account settings** + + ![JIRA](../img/integrations-jira-1.png) + +2. Once you navigate there, click **security tab**: + + ![JIRA](../img/integrations-jira-2.png) + +3. Click **Create API Token** button, set label and create: + + ![JIRA](../img/integrations-jira-3.png) + +4. On the Threatmapper Jira integrations page enter the jira site url, username, api token. + The JIRA project key is the prefix of the issue numbers , e.g. issue "JRA-123" has "JRA" as project key + Enter the type of ticket you would want ThreatMapper to create (Task / Bug etc.): + ![JIRA](../img/integrations-jira-4.png) diff --git a/docs/versioned_docs/version-v2.4/integrations/microsoft-teams.md b/docs/versioned_docs/version-v2.4/integrations/microsoft-teams.md new file mode 100644 index 0000000000..2ef1d99a8e --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/microsoft-teams.md @@ -0,0 +1,25 @@ +--- +title: Microsoft Teams +--- + +# ThreatMapper and Microsoft Teams + +ThreatMapper raises notifications to Microsoft Teams using Microsoft Teams webhooks. + +## To Configure Microsoft Teams Integration + +1. Open the channel in which you want to add the webhook and select ••• More options from the top navigation bar. +2. Select Connectors from the dropdown menu: + + ![Microsoft Teams](../img/integrations-teams-1.png) + +3. Search for Incoming Webhook and select Add. +4. Select Configure, provide a name, and upload an image for your webhook if necessary: + + ![Microsoft Teams](../img/integrations-teams-2.png) + +5. Copy and save the unique webhook URL present in the dialog window. The URL maps to the channel and you can use it to send information to Teams. Select Done: + + ![Microsoft Teams](../img/integrations-teams-3.png) + +6. Paste the webhook URL and the corresponding channel name into Deepfence Microsoft Teams integration page. diff --git a/docs/versioned_docs/version-v2.4/integrations/pagerduty.md b/docs/versioned_docs/version-v2.4/integrations/pagerduty.md new file mode 100644 index 0000000000..564ecc37ec --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/pagerduty.md @@ -0,0 +1,22 @@ +--- +title: PagerDuty +--- + +# ThreatMapper and PagerDuty + +ThreatMapper raises notifications to PagerDuty using the PagerDuty API (v1 or v2). + +## To Configure PagerDuty Integration + +1. In the PagerDuty console, navigate to **Configuration** > **Services**. If you are creating a new service for your integration, click Add New Service. If you are adding your integration to an existing service, click the name of the service you want to add the integration to, go to the Integrations tab, then click New Integration as shown in the image below. + + ![Pager Duty](../img/integrations-pager-duty-1.png) + +2. Next, create a new integration by selecting the appropriate API version as shown in the image below. + + ![Pager Duty](../img/integrations-pager-duty-2.jpg) + +3. Finally, return to the ThreatMapper management console. Enter the "integration key" of the new integration and subscribe to the vulnerabilities on PagerDuty as shown below: + + ![Pager Duty](../img/integrations-pager-duty-3.png) + diff --git a/docs/versioned_docs/version-v2.4/integrations/reports.md b/docs/versioned_docs/version-v2.4/integrations/reports.md new file mode 100644 index 0000000000..4f03103810 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/reports.md @@ -0,0 +1,23 @@ +--- +title: Reports +--- + +# Reports + +Download Reports in XLSX and PDF formats + +1. Select the resource to download along with node type (host/container/image) and optionally node filters and choose + + ![Reports](../img/reports-1.png) + +2. Click on the download link once it is ready + + ![Reports](../img/reports-2.png) + +### Sample reports + +![xlsx Integration Page](../img/reports-xlsx-1.png) + +![PDF Integration Page](../img/reports-pdf-2.png) + +![PDF Integration Page](../img/reports-pdf-3.png) diff --git a/docs/versioned_docs/version-v2.4/integrations/s3.md b/docs/versioned_docs/version-v2.4/integrations/s3.md new file mode 100644 index 0000000000..9ee33bd214 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/s3.md @@ -0,0 +1,18 @@ +--- +title: S3 +--- + +# S3 + +### Archiving to S3 + +![S3 Integration Page](../img/integrations-s3.png) + +Archive selected resources to your AWS S3 bucket into selected folder [format of the file will be .json] + +1. Type your S3 bucket name (bucket should be created before this) +2. Set S3 folder name that will be created inside the bucket if not present +3. Provide your access key and secret access key provided by amazon +4. Select region +5. Choose resources +6. Click Add button diff --git a/docs/versioned_docs/version-v2.4/integrations/slack.md b/docs/versioned_docs/version-v2.4/integrations/slack.md new file mode 100644 index 0000000000..862c0b4916 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/slack.md @@ -0,0 +1,25 @@ +--- +title: Slack +--- + +# ThreatMapper and Slack + +ThreatMapper raises notifications to Slack Workspaces using Slack webhooks. + +## To Configure Slack Integration + +1. Navigate to https://[YourWorkspace].slack.com/apps and search for “Incoming Webhooks“ app from Slack: + + ![Slack](../img/integrations-slack-1.jpeg) + +2. Click on “Add to Slack” where you will be asked to choose a channel: + + ![Slack](../img/integrations-slack-2.jpeg) + +3. Locate the webhook URL: + + ![Slack](../img/integrations-slack-3.jpeg) + +4. Paste the webhook URL and the corresponding channel name into Deepfence Slack integration page. + + ![Slack](../img/integrations-slack.png) \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/integrations/splunk.md b/docs/versioned_docs/version-v2.4/integrations/splunk.md new file mode 100644 index 0000000000..7c1e959e30 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/splunk.md @@ -0,0 +1,32 @@ +--- +title: Splunk +--- + +# ThreatMapper and Splunk + +ThreatMapper sends notifications to Splunk using HTTP Event Collector. + +## To Configure Splunk Integration + +1. Log in to splunk cloud platform and click "Add data" + ![Splunk](../img/integrations-splunk-13.png) + ![Splunk](../img/integrations-splunk-14.png) + +2. Choose HTTP Event Collector + ![Splunk](../img/integrations-splunk-15.png) + ![Splunk](../img/integrations-splunk-16.png) + ![Splunk](../img/integrations-splunk-17.png) + ![Splunk](../img/integrations-splunk-18.png) + ![Splunk](../img/integrations-splunk-19.png) + ![Splunk](../img/integrations-splunk-20.png) + ![Splunk](../img/integrations-splunk-21.png) + ![Splunk](../img/integrations-splunk-22.png) + +3. Copy endpoint URL and the generated token: https://SPLUNK_CLOUD_URL:8088/services/collector/event + +4. Configure Splunk integration in the Integrations page + ![Splunk](../img/integrations-splunk-23.png) + ![Splunk](../img/integrations-splunk-24.png) + +5. You can search for scan results now in Splunk + ![Splunk](../img/integrations-splunk-25.png) diff --git a/docs/versioned_docs/version-v2.4/integrations/sumo-logic.md b/docs/versioned_docs/version-v2.4/integrations/sumo-logic.md new file mode 100644 index 0000000000..bb52064d66 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/sumo-logic.md @@ -0,0 +1,33 @@ +--- +title: Sumo Logic +--- + +# ThreatMapper and Sumo Logic + +ThreatMapper raises notifications to Sumo Logic using Sumo Logic collectors. + +## To Configure Sumo Logic Integration + +1. Under “Manage data”, navigate to “Collection” + + ![Sumo Logic](../img/integrations-sumo-logic-1.jpeg) + +2. Click on “Add Collector” and select “Hosted Collector” + + ![Sumo Logic](../img/integrations-sumo-logic-2.jpeg) + +3. Fill in the details and save the new collector + + ![Sumo Logic](../img/integrations-sumo-logic-3.jpeg) + +4. Choose to add “Source” to the newly created collector and choose “HTTP Logs & Metrics” + + ![Sumo Logic](../img/integrations-sumo-logic-4.jpeg) + +5. Fill in the Source details and click save + + ![Sumo Logic](../img/integrations-sumo-logic-5.jpeg) + +6. Paste the URL displayed on to Deepfence Sumo Logic integration page + + ![Sumo Logic](../img/integrations-sumo-logic-6.jpeg) diff --git a/docs/versioned_docs/version-v2.4/integrations/threatrx.md b/docs/versioned_docs/version-v2.4/integrations/threatrx.md new file mode 100644 index 0000000000..70b7b13656 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/integrations/threatrx.md @@ -0,0 +1,41 @@ +--- +title: ThreatRx +--- + +# ThreatRx + +ThreatRx is LLM-assisted remediation for cloud misconfigurations (CSPM scans), vulnerabilities, malwares and secrets. + +Following LLM integrations are available: +- OpenAI +- Amazon Bedrock + +For more details, please visit Deepfence blog here: +- https://www.deepfence.io/blog/deepfence-revolutionizes-cloud-security-with-ai-powered-remediation-introducing-threatrx-part-1 +- https://www.deepfence.io/blog/deepfence-revolutionizes-cloud-security-with-ai-powered-remediation-introducing-threatrx-part-2 + +## To Configure OpenAI + +1. Create an API key here: https://platform.openai.com/api-keys + + ![OpenAI](../img/integrations-threatrx-1.png) + +2. In the integrations page, select **ThreatRx** and click **OpenAI** to create a new integration. Choose the OpenAI model, enter the API key and click save. + + ![OpenAI](../img/integrations-threatrx-2.png) + +3. Navigate to cloud posture scan results or vulnerability scan results and click **ThreatRx** button on the scan result side panel to get the remediation steps. + + ![OpenAI](../img/integrations-threatrx-3.png) + +## To Configure Amazon Bedrock + +1. Enable any text/chat model in Amazon Bedrock. + + ![Amazon Bedrock](../img/integrations-threatrx-4.png) + +2. In the integrations page, select **ThreatRx** and click **Amazon Bedrock** to create a new integration. Choose the Amazon Bedrock model, enter the access key and secret key and click save. Alternatively, if the console has write permission to Amazon Bedrock via instance IAM role, you can choose to add the models automatically. + + ![Amazon Bedrock](../img/integrations-threatrx-5.png) + +3. Navigate to cloud posture scan results or vulnerability scan results and click **ThreatRx** button on the scan result side panel to get the remediation steps. diff --git a/docs/versioned_docs/version-v2.4/kubernetes-scanner/index.md b/docs/versioned_docs/version-v2.4/kubernetes-scanner/index.md new file mode 100644 index 0000000000..99b9099db7 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/kubernetes-scanner/index.md @@ -0,0 +1,13 @@ +--- +title: Kubernetes Compliance Scanner +--- + +# Deepfence Kubernetes Scanner + +Kubernetes Compliance posture scanning is installed to monitored kubernetes clusters. + +NSA & CISA Cybersecurity Technical Report describes the complexities of securely managing Kubernetes an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized applications. + +## Configuring Kubernetes Scanner + +Deepfence Kubernetes Scanner is installed with agent sensors. Follow the documentation [here](/docs/sensors/kubernetes) to install Deepfence agent sensors in the kubernetes cluster. \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/operations/compliance.md b/docs/versioned_docs/version-v2.4/operations/compliance.md new file mode 100644 index 0000000000..8ac6e10575 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/operations/compliance.md @@ -0,0 +1,80 @@ +--- +title: Compliance Posture Scanning +--- + +# Compliance Posture Scanning + +Once the ThreatMapper management console has been deployed, and you have configured one or more targets for compliance posture scanning, you can then scan those targets against various compliance benchmarks. + +ThreatMapper measures the level of compliance, and presents the overall compliance picture as a 'Threat Graph'. The Threat Graph shows how the platforms are exposed, the routes that an attacker may take to exploit the exposure. + + +## Understanding Compliance Scanning + +### Controls + +Compliance Posture scanning builds on a large library of **controls** - these are specific requirements and matching tests. For example, for AWS you will find controls that correspond to best-practice configurations of S3 buckets, such as enabling TLS access and blocking plain-text HTTP. For a Linux host, you will find controls relating to the configuration of the system clock. + +### Benchmarks + +Controls are grouped into **benchmarks**. Benchmarks are formal standards of compliance defined by industry bodies; they may represent best practice such as CIS, or they may represent specific industry requirements such as HIPAA or PCI DSS. + +Benchmarks are an important tool for demonstrating compliance when facing an audit by an industry body. They also represent best practice for a range of scenarios, and should be run regularly as pre-production and in-production tests to identify serious configuration errors that may result in exposure to exploit. + +You can test individual benchmarks, or you can combine a test (scan) to include several benchmarks. Where controls are used by multiple benchmarks, ThreatMapper will only run them once and apply the result to each benchmark. + +The benchmarks available vary by cloud provider: + +| Benchmark | AWS | Azure | GCP | Kubernetes Host | Linux Host | +|---------------------------|-----|-------|-----|-----------------|------------| +| CIS | Y | Y | Y | | | +| GDPR | Y | | | Y | Y | +| HIPAA | Y | Y | Y | Y | Y | +| PCI-DSS | Y | Y | Y | Y | Y | +| SOC-2 | Y | | | | | +| NIST | Y | Y | Y | Y | Y | +| AWS Foundational Security | Y | | | | | + +## Start a Scan + +Begin on the **Posture** page in the ThreatMapper console. + +Select a cloud instance that you have [configured previously](/docs/cloudscanner/). You may have several instances of a given cloud type: + +| ![Cloud Compliance Scan - Select](../img/compliance-scan-1.png) | +|:---------------------------------------------------------------:| +| Select a Cloud | + +| ![Cloud Compliance Scan - Select](../img/compliance-scan-2.png) | +|:---------------------------------------------------------------:| +| Select target for Cloud Compliance Scan | + +If you want to scan a host (Linux host or Kubernetes master or slave node), ensure that the [threatmapper sensor](/docs/sensors) is deployed on that host. + +Select the compliance benchmarks you wish to run on the target cloud instance or host: + +| ![Cloud Compliance Scan - Chose Benchmark](../img/compliance-scan-3.png) | +|:------------------------------------------------------------------------:| +| Select benchmarks for Compliance Scan | + +You can preview the controls that will be run for each benchmark, and you can select an action to mask (or unmask) specific controls. + +Click **Start Scan** once you have completed your selection. The Cloud Connector or Sensor Agent will then perform the scan and in due course, will submit the results to your ThreatMapper console. + +## Inspecting Scan Results + +When scans complete, they are reported on the **Posture** page in the ThreatMapper console. + +Select the appropriate cloud instance and choose to view the results or review the inventory. + +### View Scan Results + +ThreatMapper presents the recent scan results, filtered by benchmark, with a broad 'compliance score' for each. The compliance score is the percentage of "OK (pass)" and "Info (manual verification required)" results. + +Select an individual scan run (result), and optionally filter the results by service (e.g. IAM, CloudWatch) and/or status. + +| ![Cloud Compliance Scan - View Results](../img/compliance-scan-4.png) | +|:---------------------------------------------------------------------:| +| View the Results for a Compliance Scan | + +If you judge that a result is not applicable in your specific circumstances, you can mask that result out. That result will not be reported in subsequent scans. diff --git a/docs/versioned_docs/version-v2.4/operations/index.md b/docs/versioned_docs/version-v2.4/operations/index.md new file mode 100644 index 0000000000..7d2eb30114 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/operations/index.md @@ -0,0 +1,14 @@ +--- +title: Using Deepfence ThreatMapper +--- + +# Using Deepfence ThreatMapper + +Deepfence ThreatMapper supports a range of security-related use cases: + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/operations/sboms.md b/docs/versioned_docs/version-v2.4/operations/sboms.md new file mode 100644 index 0000000000..3cb8abb202 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/operations/sboms.md @@ -0,0 +1,25 @@ +--- +title: Generating SBOMs +--- + +# Generating SBOMs + +As part of the vulnerability scanning process, the ThreatMapper sensor interrogates the running workloads and hosts and generates a runtime SBOM (Software Bill of Materials) for each target. This runtime SBOM is forwarded to the Management Console for vulnerability matching. + +## Why generate SBOMs at runtime? + +Not all production workloads go through a formal supply-chain analysis process during CI (continuous integration), and workloads can be patched and updated during runtime. Often, the SBOM coverage is far from complete and risks being out-of-date to the runtime state. + +ThreatMapper caches runtime SBOMs for scanned workloads, and makes these available for inspection through the UI and API. The runtime SBOM enumerates all the packages and software items deployed in the workload, which may drift from the at-build-time SBOM. + +## Inspecting and Extracting the runtime-generated SBOM + +SBOMs are associated with vulnerability scans. + +Navigate to the **Vulnerabilities** > **View All Scans** results page, and locate the scan for which you would like to obtain the SBOM: + +![Vulnerability Scan results](../img/sbom-1.png) + +You can page through the SBOM results, or download the results as a detailed JSON file: + +![Software Bill of Materials](../img/sbom-2.png) diff --git a/docs/versioned_docs/version-v2.4/operations/scanning-ci.md b/docs/versioned_docs/version-v2.4/operations/scanning-ci.md new file mode 100644 index 0000000000..ae857338bf --- /dev/null +++ b/docs/versioned_docs/version-v2.4/operations/scanning-ci.md @@ -0,0 +1,20 @@ +--- +title: Scanning in CI +--- + +# Scanning in CI-CD + +You can use ThreatMapper to scan artifacts in a CI (Continuous Integration) pipeline. If a vulnerability is detected and the CI build is blocked, ThreatMapper will submit the details to the configured notification services. + +## Configuring CI Scanning + +The ThreatMapper CI action supports several CI pipelines, including CircleCI, GitLab and Jenkins. It blocks a build if the number of CVE violations exceeds a user-defined threshold, or if the total CVE score exceeds a threshold, and notifications are submitted to the configured management console. + +If a build is not blocked, ThreatMapper silently allows it to proceed. + +For configuration details, refer to the appropriate [CI/CD Integrations](https://github.com/deepfence/ThreatMapper/tree/main/ci-cd-integrations), including: + + * [CircleCI](https://github.com/deepfence/ThreatMapper/tree/main/ci-cd-integrations/circleci) + * [GitHub Actions](https://github.com/deepfence/ThreatMapper/tree/main/ci-cd-integrations/github-actions) + * [GitLab](https://github.com/deepfence/ThreatMapper/tree/main/ci-cd-integrations/gitlab) + * [Jenkins](https://github.com/deepfence/ThreatMapper/tree/main/ci-cd-integrations/jenkins) diff --git a/docs/versioned_docs/version-v2.4/operations/scanning.md b/docs/versioned_docs/version-v2.4/operations/scanning.md new file mode 100644 index 0000000000..397fd4891b --- /dev/null +++ b/docs/versioned_docs/version-v2.4/operations/scanning.md @@ -0,0 +1,75 @@ +--- +title: Scanning Production Workloads +--- + +# Scanning Production Workloads + +Once the ThreatMapper Management Console has been deployed and Sensor Agents have been deployed to your production platforms, the Management Console will begin to discover the workloads and infrastructure in your production platforms. + +The Management Console will also begin to initialize its cache of Threat Feeds. + + +## Running the First Scan + +The first thing you may want to do is to start a Vulnerability scan of some of your production workloads: + +1. Using the Topology view, select a workload or infrastructure component to scan. For example, you can select a Kubernetes hosts or a running container: + * ThreatMapper excludes some resources from the Scan. It will not scan system containers, and some resources are placeholders for the elements in the topology graph + * Click the 'Actions' button for the selected node and then click 'Start Vulnerability Scan' + + ![Vulnerability Scan - select an object](../img/scan-1.png) + + +2. Chose what you would like to scan: + * ThreatMapper scans the base operating system, and optionally runs language scans on the object. + + ![Vulnerability Scan - choose what to scan](../img/scan-2.png) + +3. Start the scan: + * The ThreatMapper Sensor will inspect the local environment, identifying objects that are scannable (such as containers and language installs). The agent unpacks running containers to inspect each layer. + * The agent then generates a runtime SBOM of installed packages for each object and forwards this to the Management Console. The Management Console then matches these SBOMs against the Threat Feeds it has cached. + +4. Wait for the results: + * The scan is queued and executed. Any vulnerability alerts are notified using the configured Notification Integrations. + * Once the scan completes, the results can be viewed on the **Vulnerabilities** pane in the Management Console. + +## Understanding the Results + +The **Vulnerabilities** pane displays two reports: + +1. A combined, summary report of the **Most Exploitable Vulnerabilities** +2. A full log of each **Vulnerability Scan** + +### Vulnerability Scan + +Begin with the **Vulnerability Scan**; you'll see the results of the scan you started previously. ThreatMapper reports on hosts, containers and other types of assets it finds on the scanned objects. + +![Vulnerability Scan - results](../img/vulnerability-scan-1.png) + +It's not uncommon to see hundreds or even thousands of potential vulnerabilities across a series of hosts and workloads. Typically, the large majority of these vulnerabilities are of no practical concern; they require local access, cannot be used to raise privileges, are not in any accessible code path, etc. The CVSS [score](https://nvd.nist.gov/vuln-metrics/cvss) and [vector](https://www.first.org/cvss/calculator/3.0) give a measure of the risk a vulnerability poses, but don't factor in the context of your application. + +### Most Exploitable Vulnerabilities + +The **Most Exploitable Vulnerabilities** report combines all vulnerability scan data with the topology of the application to present a list of the most serious vulnerabilities that have the greatest potential to be exploited. + +![Vulnerability Scan - most exploitable vulnerabilities](../img/vulnerability-scan-3.png) + +ThreatMapper combines the CVSS and other data with the learned topology of the application, the workloads which are currently running, and the possible paths that attack traffic might take. ThreatMapper combines this measure with the CVSS score and vector to give a single vulnerability score (from 0-10) that ranks vulnerabilities by their risk and potential severity of exploit. + +The **Top Attack Paths** on the vulnerability page presents a quick visualisation of the most direct way to exploit the top vulnerabilities. + +## Secrets Scans + +ThreatMapper (from release 1.3.0) can also perform Secret Scans on containers and production filesystems. These scans interrogate the target filesystems, looking for possible unprotected secrets, and use a database of over 140 different token, key and password types. + +![Secrets Scans](../img/secret-scan-1.png) + +False positives and deliberately-included secrets are inevitable with the scans, so it is worth inspecting the results and 'masking' ones you are prepared to accept: + +![Secrets Scans](../img/secret-scan-2.png) + +## Malware Scans + +ThreatMapper (from release 1.4.0) can also perform Malware Scans on containers and production filesystems. These scans use Yara rules to match for malware in the target filesystems. + +![Malware Scans](../img/malware-scans-1.png) \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/operations/support.md b/docs/versioned_docs/version-v2.4/operations/support.md new file mode 100644 index 0000000000..55f5d45b7f --- /dev/null +++ b/docs/versioned_docs/version-v2.4/operations/support.md @@ -0,0 +1,26 @@ +--- +title: Support and Diagnostics +--- + +# Support and Diagnostics + +## Getting Logs + +You can download recent log files from the management console, and from each sensor agent on each managed host. + + * Access the Management Console + * Go to **Settings** > **Diagnosis** + * Download the diagnostic logs from the management console, or from a selected sensor agent instance + + ![Diagnosis](../img/diagnostic-logs.png) + + +## Getting Support + +Please join the [ThreatMapper community slack channel](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ). + +## Found a bug or security issue? + +For possible security issues, please refer to the [ThreatMapper Security policy](https://github.com/deepfence/ThreatMapper/blob/main/SECURITY.md). + +For bug reports, contributions and roadmap suggestions, please refer to the [ThreatMapper Contributing Policy](https://github.com/deepfence/ThreatMapper/blob/main/CONTRIBUTING.md). diff --git a/docs/versioned_docs/version-v2.4/registries/aws-ecr.md b/docs/versioned_docs/version-v2.4/registries/aws-ecr.md new file mode 100644 index 0000000000..4388505c24 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/registries/aws-ecr.md @@ -0,0 +1,98 @@ +--- +title: AWS ECR +--- + +# AWS ECR + +You can add your private and public ECR repositories to ThreatMapper to scan for vulnerabilities, secrets and malwares. + +## Adding ECR repository + +1. Select `ECR` registry type from the registries section. + + ![Supported Registries](../img/registry-1.png) +2. Click on **Add Registry** button to get the following form: + + ![ECR Add Registry Form](../img/registry-ecr-1.png) +3. Enter `Registry Name` for reference later. Then, enter the other details as per the deployment. + 1. [Using Credentials (AWS Access Key and Secret Key)](#using-credentials) + 2. [Using AWS IAM Role](#using-aws-iam-role) + 3. [Using AWS IAM Role (with Cross-Account ECR Registry)](#using-aws-iam-role-with-cross-account-ecr-registry) + +### Using Credentials + +4. Fill in the credentials(`AWS Access Key`, `AWS Secret Key`) for the user with access to the ECR registry. +5. For private registry, fill in the `AWS Region` where the registry is located. Else, for public registry, toggle `Public Registry`. + + ![ECR Add Registry Using Credentials Form](../img/registry-ecr-2.png) + +### Using AWS IAM Role + +The Deepfence Console needs to be deployed on AWS EC2 instance in the same AWS account as the ECR registry and the EC2 instance needs to be assigned an IAM role with the correct permissions + +4. The IAM role to be assigned to the Deepfence Console EC2 instance can be deployed using CloudFormation with [deepfence-ecr-role-setup.template](https://deepfence-public.s3.amazonaws.com/ecr/deepfence-ecr-role-setup.template). + 1. [Link to create IAM role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/ecr/deepfence-ecr-role-setup.template&stackName=Deepfence-ECR-Read-Only-Role). Change region, if required. Once completed, go to `Outputs` tab and copy the value of `InstanceProfileARN` + + ![ECR IAM Role ARN](../img/registry-ecr-5.png) + 2. Assign the instance profile to the EC2 instance on which the Deepfence Console is hosted. + + ![EC2 Instance Role Assignment](../img/registry-ecr-6.png) +5. For private registry, fill in the `AWS Region` where the registry is located. Else, for public registry, toggle `Public Registry`. +6. Leave the `AWS Account ID` and `Target Account Role ARN` fields blank as they are only used for the cross-account scenario below. + + ![ECR Add Registry Using IAM Role Form](../img/registry-ecr-3.png) + +### Using AWS IAM Role (with Cross-Account ECR Registry) + +If a user has an ECR registry in one AWS account and Deepfence Console is deployed in another AWS account, the user needs to set up cross-account ECR registry access as per the following steps: + +4. Create a role in the target ECR registry account which has required pull permissions. This can be deployed using CloudFormation with [deepfence-cross-acc-ecr-role-setup.template](https://deepfence-public.s3.amazonaws.com/cross-account-ecr/deepfence-ecr-role-setup.template) + 1. [Link to create role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cross-account-ecr/deepfence-ecr-role-setup.template&stackName=Deepfence-ECR-Cross-Account-Read-Only-Role). Change region, if required. Once completed, go to `Outputs` tab and copy the value of `RoleARN` + + ![ECR Cross Account Role ARN](../img/registry-ecr-7.png) +5. Create a role in the account where Deepfence Console is deployed to assume the role created in the step above. This can be achieved using CloudFormation with [deepfence-console-account-setup.template](https://deepfence-public.s3.amazonaws.com/cross-account-ecr/deepfence-console-account-setup.template). + 1. [Link to create cross-account instance role](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/cross-account-ecr/deepfence-console-account-setup.template&stackName=Deepfence-Cross-Account-ECR-Access-Role). Paste the `RoleARN` copied from above step into `ECRAccessRole` box. + + ![ECR Cross Account Role ARN](../img/registry-ecr-8.png) + 2. Once completed, go to `Outputs` tab and copy the value of `InstanceProfileARN`. + + ![ECR IAM Role ARN](../img/registry-ecr-5.png) + +6. Assign the instance profile role ARN created above to the Deepfence Console EC2 instance. + + ![EC2 Instance Role Assignment](../img/registry-ecr-6.png) +7. For private registry, fill in the `AWS Region` where the registry is located. Else, for public registry, toggle `Public Registry`. +8. Fill the account id of the target account where registry is located in the `AWS Account ID` field. In the `Target Account Role ARN` field, paste the value of the `RoleARN` from the above steps. + + ![ECR Add Cross Account Registry Using IAM Role Form](../img/registry-ecr-4.png) + +## Adding ECR repository - Kubernetes + +If Deepfence console is deployed in EKS, please follow these steps to configure IAM role which will be assigned to Kubernetes service account. + +:::info + +**Pre-requisite:** +1. Associate OIDC provider with the EKS cluster where Deepfence management console is going to be deployed. + + ([refer here for aws documentation on enable-iam-roles-for-service-accounts](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html)) + +2. kubectl and helm command line tools are installed and configured to access the cluster where Deepfence management console is going to be deployed + +::: + +1. Create the EKS IRSA role using the cloudformation template [deepfence-ecr-registry-role-for-eks](https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://deepfence-public.s3.amazonaws.com/ecr/deepfence-ecr-role-eks.template) +2. Note **namespace**, **service account name** and **iam role arn** from the output of terraform or cloudformation deployment +3. Follow the instructions [here](/docs/console/kubernetes#console-helm-chart) to download the `values.yaml` from Console helm chart for customization. +4. Edit the `values.yaml` and set the ServiceAccount + ```yaml + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: + "eks.amazonaws.com/role-arn": "arn:aws:iam::123456789012:role/deepfence-ecr-role" + # Service account name + name: "deepfence-console" + ``` +5. For ECR configuration, please refer the instructions [above](#adding-ecr-repository) \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/registries/index.md b/docs/versioned_docs/version-v2.4/registries/index.md new file mode 100644 index 0000000000..7b80d47669 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/registries/index.md @@ -0,0 +1,28 @@ +--- +title: Scanning Registries +--- + +# Scanning Registries + +You can scan for vulnerabilities in images stored in AWS ECR, Azure Container Registry, Google Cloud Container Registry, Docker Hub, Docker Self-Hosted Private Registry, Quay, Harbor, Gitlab and JFrog from the registry scanning dashboard. + +![Supported Registries](../img/registry-1.png) + +## Add Registries + +Select the appropriate registry type, and **+ Add Registry**. The credentials for each registry depends on the registry type; for example, to connect to a DockerHub Registry, use the following details: + +![DockerHub](../img/registry-2.png) + +ThreatMapper will index the artifacts in the Registry. You can scan them manually, and you can define a periodic schedule to scan. Results can be found on the **Vulnerabilities** report, and will be raised through any configured notifications. + +![Scan Results](../img/registry-3.png) + +More detailed instructions are as follows: + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/sensors/aws-ecs.md b/docs/versioned_docs/version-v2.4/sensors/aws-ecs.md new file mode 100644 index 0000000000..482a435751 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/sensors/aws-ecs.md @@ -0,0 +1,220 @@ +--- +title: AWS ECS (EC2 Provider) +--- + +# AWS ECS (EC2 Provider) + +*Deployed as a daemon service using a task definition* + +In AWS ECS, the ThreatMapper sensors are deployed as a daemon service using task definition. + +# Prerequisites + +Make sure you have the following information: +- Management console URL/IP, later referred as `` +- Deepfence API key, later referred as `` (This key can be found from the management console, in the settings > User > API Key) + +# Installing on AWS ECS (EC2 Provider) + +1. Create a new role (e.g.: `deepfence-agent-role`) +- Go to the IAM dashboard from AWS Console +- Go to Access management > roles +- Select "Create Role", +- Select "Custom trust policy" +- Paste the following: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} +``` + +Then continue: + +- Search in the "Permissions policies" for "Task" > Select the following policy: `AmazonECSTaskExecutionRolePolicy` +- Click "Next", name the role `deepfence-agent-role`, then "Create role" +- Search for your newly created roles + +Then create the new policy. + +3. Create new task definition for deepfence agent +- Use Old ECS Experience (old UI) +- Go to the "Elastic Container Service" dashboard from AWS console +- In the top left corner, disable new UI to use the legacy UI. +- Go to "Task Definitions" +- Select "Create new Task Definition" +- Select EC2, then "Next step" +- Provide a name to your task definition (e.g. `deepfence-agent-ec2-task`) +- Select the Task role and execution role (e.g. `deepfence-agent-role`) +- At the bottom, select "Configure via JSON" +- Copy and paste the following JSON configuration: (Replace `` and `` with actual values) + +:::info +Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.4.0-multiarch` is supported in amd64 and arm64/v8 architectures. +::: + +```json +{ + "ipcMode": null, + "containerDefinitions": [ + { + "dnsSearchDomains": [], + "environmentFiles": null, + "logConfiguration": null, + "entryPoint": [], + "portMappings": [], + "command": [], + "linuxParameters": null, + "cpu": 0, + "environment": [ + { + "name": "DEEPFENCE_KEY", + "value": "" + }, + { + "name": "MGMT_CONSOLE_URL", + "value": "" + }, + { + "name": "DF_LOG_LEVEL", + "value": "info" + }, + { + "name": "USER_DEFINED_TAGS", + "value": "" + } + ], + "resourceRequirements": null, + "ulimits": null, + "dnsServers": [], + "mountPoints": [ + { + "readOnly": true, + "containerPath": "/fenced/mnt/host", + "sourceVolume": "Host" + }, + { + "readOnly": false, + "containerPath": "/sys/kernel/debug", + "sourceVolume": "SysKernelDebug" + }, + { + "readOnly": false, + "containerPath": "/var/run/docker.sock", + "sourceVolume": "DockerSock" + }, + { + "readOnly": false, + "containerPath": "/var/log/fenced", + "sourceVolume": "VarLogFenced" + } + ], + "workingDirectory": null, + "secrets": null, + "dockerSecurityOptions": [], + "memory": null, + "memoryReservation": null, + "volumesFrom": [], + "stopTimeout": null, + "image": "quay.io/deepfenceio/deepfence_agent_ce:2.4.0", + "startTimeout": null, + "firelensConfiguration": null, + "dependsOn": null, + "disableNetworking": null, + "interactive": null, + "healthCheck": null, + "essential": true, + "links": [], + "hostname": null, + "extraHosts": null, + "pseudoTerminal": null, + "user": null, + "readonlyRootFilesystem": null, + "dockerLabels": {}, + "systemControls": [], + "privileged": true, + "name": "deepfence" + } + ], + "placementConstraints": [], + "memory": "2048", + "family": "deepfence-agent-ec2-provider", + "pidMode": null, + "requiresCompatibilities": [ + "EC2" + ], + "networkMode": "host", + "runtimePlatform": { + "operatingSystemFamily": "LINUX", + "cpuArchitecture": "X86_64" + }, + "cpu": "512", + "inferenceAccelerators": null, + "proxyConfiguration": null, + "volumes": [ + { + "fsxWindowsFileServerVolumeConfiguration": null, + "efsVolumeConfiguration": null, + "name": "SysKernelDebug", + "host": { + "sourcePath": "/sys/kernel/debug" + }, + "dockerVolumeConfiguration": null + }, + { + "fsxWindowsFileServerVolumeConfiguration": null, + "efsVolumeConfiguration": null, + "name": "DockerSock", + "host": { + "sourcePath": "/var/run/docker.sock" + }, + "dockerVolumeConfiguration": null + }, + { + "fsxWindowsFileServerVolumeConfiguration": null, + "efsVolumeConfiguration": null, + "name": "VarLogFenced", + "host": { + "sourcePath": null + }, + "dockerVolumeConfiguration": null + }, + { + "fsxWindowsFileServerVolumeConfiguration": null, + "efsVolumeConfiguration": null, + "name": "Host", + "host": { + "sourcePath": "/" + }, + "dockerVolumeConfiguration": null + } + ] +} +``` +- Select the container "deepfence" and select `Auto-configure CloudWatch Logs` for `Log configuration` +- Then create the new task definition. + +5. Create a new service to execute the Task and deploy the agent +- Use Old ECS Experience (old UI) +- Go to the "Elastic Container Service" dashboard from the AWS console +- Go to "Task definitions" +- Select previously created task definition +- Select "Actions" > "Create service" +- Select Launch type: `EC2` +- Choose the ECS cluster to deploy +- Provide a name to your service (e.g. `deepfence-agent-ec2-service`) +- Set `Service Type` as `DAEMON` +- Create the service + +6. Monitor the service creation and check if the task is in running state. It can take a couple of minutes + +7. If the task is running, you should see the agent appearing in your console, well done! diff --git a/docs/versioned_docs/version-v2.4/sensors/aws-fargate.md b/docs/versioned_docs/version-v2.4/sensors/aws-fargate.md new file mode 100644 index 0000000000..28018380a6 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/sensors/aws-fargate.md @@ -0,0 +1,412 @@ +--- +title: AWS Fargate +--- + +# AWS Fargate + +_Deployed as a sidecar container using a task definition_ + +In AWS Fargate, the ThreatMapper agents are deployed as a sidecar container using a task definition. + +The ThreatMapper management console is installed separately outside the fargate and the installation procedure is the same as before. + +:::note +Currently supported base operating systems of containers are Amazon Linux, Ubuntu, Debian, CentOS and RHEL +::: + +:::note +Please note the agent image "quay.io/deepfenceio/deepfence_agent_ce:2.4.0-fargate" is different from other deployment methods. +::: + +## Installing on AWS Fargate + +1. Set up AWS ECS by following the steps outlined here: [Set up to use AWS ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/get-set-up-for-amazon-ecs.html) + +2. Refer [Prerequisites](./aws-fargate.md#prerequisites) for the actions performed in this step. + + You'll need to perform the following steps: + + 1. Create an _AWS ECS task execution IAM role_. + 1. Create a secret to store Deepfence Key. + 1. Create policies (either managed or inlined policy) allowing access to your stored secrets and attach the created policies to the task IAM role. You also need to attach the _AmazonECSTaskExecutionRolePolicy_ to the IAM role to run AWS ECS tasks. + +3. Click on the task definition on the side panel to create a new task definition. Select "AWS Fargate" as launch type + + Use the following steps outlined below in **"Fargate Task definition And Deployment"** instructions to deploy the fargate agent. + + You can configure the task definition either through JSON or using the AWS UI. + +4. Deploy your application on your cluster. + +## Create New Task Definition in Fargate + +### Create Task Definition + +Click Create new Task Definition and select "AWS Fargate" as launch type. + +| ![New Fargate task](../img/fargate-task-1.png) | +| :--------------------------------------------: | +| _New Fargate Task_ | + +### Set Task Parameters + +Edit the _Task Definition Name_, _Task Role_ and _Task Execution Role etc_. as required. For the _Task Role_ and _Task Execution Role_, you have to use the role created in _IAM role creation step_ earlier. Specify _Task memory_ and _Task CPU_ according to your Requirements. + +| ![Update task definition and create agent container](../img/fargate-task-2.png) | +| :-----------------------------------------------------------------------------: | +| _Update task definition and create agent container_ | + +### Add the Deepfence Agent Sidecar Container + +Click on the _Add Container_ button to create a standard container for the ThreatMapper agent. Set image as _**quay.io/deepfenceio/deepfence_agent_ce:2.4.0-fargate**_ + +In the environment section, **DO NOT** mark it as essential. + +You need to note down the name of the agent container (_deepfence-agent_ in our example), which you will have to specify in _Volumes From_ section in application container task definition section later. + +Finally, click the _Add_ button to create the deepfence agent container: + +| ![Create the Agent Container inside the Task Definition](../img/fargate-task-3.png) | +| :---------------------------------------------------------------------------------: | +| _Create the Sidecar Agent Container inside the Task Definition_ | + +### Add the Main Container to your Application + +Click on the _Add Container_ button to create a new container for your application by following the additional steps outlined below. If you have more than one application container, you will have to repeat these steps for each container. + +#### Configure Environment Variables for Fargate Application Container + +The following environment variables are required for the ThreatMapper agent: + +- **DEEPFENCE_KEY**: API key available in the management console UI(can be stored as a secret and later referred in environment using valuesFrom) +- **MGMT_CONSOLE_URL**: IP address of Management Console +- **DF_SERVERLESS**: Set to _true_ for serverless instances +- **MGMT_CONSOLE_URL_SCHEMA**: Set to _http_ or _https_ depending on the schema used for management console +- **MGMT_CONSOLE_PORT**: Set to _80_ or _443_ depending on the port used for management console + +| ![Configuring Environment Variables for Fargate Application Container](../img/fargate-task-7.png) | +| :-----------------------------------------------------------------------------------------------: | +| _Configuring Environment Variables for Fargate Application Container_ | + +If you are using json to configure your task definitions, you can use the following part in the appropriate container section of task definition json after copying the appropriate IP address and API Key. + +``` +"environment": [ + { + "name": "DEEPFENCE_KEY", + "value": "" + }, + { + "name": "MGMT_CONSOLE_URL", + "value": "" + }, + { + "name": "DF_SERVERLESS", + "value": "true" + }, + { + "name": "DF_LOG_LEVEL", + "value": "info" + }, + { + "name": "USER_DEFINED_TAGS", + "value": "" + }, + { + "name": "DF_INSTALL_DIR", + "value": "/deepfence" + }, + { + "name": "MGMT_CONSOLE_URL_SCHEMA", + "value": "https" + }, + { + "name": "MGMT_CONSOLE_PORT", + "value": "443" + } +] +``` + +#### Configure Storage + +Scroll down to **Storage** Section and click **Add Volume from**. In the **Container** dropdown select your application container and in **Source container** dropdown select the agent container to allow read/write from deepfence agent volume. Leave the _Read only_ button **unchecked** as shown below. + +| ![Configure VolumesFrom Setting text](../img/fargate-task-4.png) | +| :--------------------------------------------------------------: | +| _Configure VolumesFrom Setting_ | + +If you are using json to configure your task definitions, you can copy the following settings to the appropriate container section of the json after changing the Container name: + +``` +"volumesFrom": [ + { + "sourceContainer": "deepfence-agent", + "readOnly": false + } +], +``` + +Finally, click the Create button to create the task definition for the deployment. + +### Configure Correct Startup + +Now that deepfence agent is available in the fargate instance, you need to invoke agent and application entrypoints to start the application with Deepfence enabled. This can be done in two ways: + +#### Edit the Entry Point for the container + +There are two ways to achieve this: + +**Change the Entrypoint**: For this, you need to provide the ThreatMapper entrypoint and the Application entrypoint and arguments, as a comma delimited list in the **Entry point** field: + +| ![Invoking agent by changing the Entrypoint](../img/fargate-task-5.png) | +| :---------------------------------------------------------------------: | +| _Method (1a): Invoking agent by changing the Entrypoint_ | + +If you are using json to configure your task definitions, then you can specify the entrypoint and/or command as follows using appropriate quoting: + +``` +"entryPoint": [ + "/deepfence/usr/local/bin/deepfence-entry-point-scratch.sh", + "customer-entry-point.sh", + "param1", + "param2" +] +``` + +**Change the Entrypoint and Command**: Alternatively, you can provide the ThreatMapper entrypoint in the **Entry point** field and the Application entrypoint and arguments in the **Command** field as shown below: + +| ![Invoking agent by changing the Entrypoint and Command field](../img/fargate-task-6.png) | +| :---------------------------------------------------------------------------------------: | +| _Method (1b): Invoking agent by changing the Entrypoint and Command field_ | + +If you are using json to configure your task definitions, then you can specify the entrypoint and/or command as follows using appropriate quoting: + +``` +"entryPoint": [ + "/deepfence/usr/local/bin/deepfence-entry-point-scratch.sh" +], +"command": [ + "customer-entry-point.sh", + "param1", + "param2" +] +``` + +## Prerequisites + +Make sure you have the following information: + +- Management console URL/IP, later referred as `` +- Deepfence API key, later referred as `` (This key can be found from the management console, in the settings > User > API Key) + +1. Add secret for Deepfence API key + - Go to the secret manager dashboard from the AWS Console + - Select "Store a new secret" + - Select "Other type of secret" + - Select "Plaintext" and paste the following: + ```json + { + "deepfence_api_key": "" + } + ``` + +Create the secret and store the ARN. We will refer to it as `` + +:::caution +Be careful with the double quotes, sometimes the AWS UI transforms them into a special character that is not recognized as valid JSON. +::: + +2. Create a new role (e.g.: `deepfence-agent-role`) + - Go to the IAM dashboard from AWS Console + - Go to Access management > roles + - Select "Create Role", + - Select "Custom trust policy" + - Paste the following: + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + } + ``` + +Then continue: + + - Search in the "Permissions policies" for "Task" > Select the following policy: `AmazonECSTaskExecutionRolePolicy` + - Again search in the "Permissions policies" for "Task" > Select the following policy: `CloudWatchLogsFullAccess` + - Click "Next", name the role `deepfence-agent-role`, then "Create role" + - Store the Role ARN. We will refer to it as `` + - Search for your newly created role + - Click on it (`deepfence-agent-role` in our example) + - Select "Add permissions" > "Create inline policy" and add: + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "secretsmanager:GetSecretValue" + ], + "Resource": [ + "" + ] + } + ] + } + ``` + + - If you are using a custom KMS key for your secrets and not using the default key, you will also need to add the KMS key permissions to your inline policy: + + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "kms:Decrypt", + "secretsmanager:GetSecretValue" + ], + "Resource": [ + "", + "" + ] + } + ] + } + ``` + +Then create the new policy. + +## Sample fargate task definition json with deepfence-agent sidecar + +```json +{ + "requiresCompatibilities": ["FARGATE"], + "inferenceAccelerators": [], + "containerDefinitions": [ + { + "name": "python", + "image": "python:latest", + "cpu": 0, + "portMappings": [ + { + "name": "python-8000-tcp", + "containerPort": 8000, + "hostPort": 8000, + "protocol": "tcp", + "appProtocol": "http" + } + ], + "essential": true, + "entryPoint": [ + "/deepfence/usr/local/bin/deepfence-entry-point-scratch.sh" + ], + "command": ["python3", "-m", "http.server"], + "environment": [ + { + "name": "MGMT_CONSOLE_URL", + "value": "" + }, + { + "name": "DF_SERVERLESS", + "value": "true" + }, + { + "name": "DF_LOG_LEVEL", + "value": "info" + }, + { + "name": "USER_DEFINED_TAGS", + "value": "" + }, + { + "name": "DF_INSTALL_DIR", + "value": "/deepfence" + }, + { + "name": "MGMT_CONSOLE_URL_SCHEMA", + "value": "https" + }, + { + "name": "MGMT_CONSOLE_PORT", + "value": "443" + } + ], + "mountPoints": [], + "volumesFrom": [ + { + "sourceContainer": "deepfence-agent", + "readOnly": false + } + ], + "secrets": [ + { + "name": "DEEPFENCE_KEY", + "valueFrom": ":deepfence_api_key::" + } + ], + "dependsOn": [ + { + "containerName": "deepfence-agent", + "condition": "COMPLETE" + } + ], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/test-doc-python", + "awslogs-region": "us-west-2", + "awslogs-stream-prefix": "ecs", + "mode": "non-blocking", + "max-buffer-size": "25m" + } + } + }, + { + "name": "deepfence-agent", + "image": "quay.io/deepfenceio/deepfence_agent_ce:2.4.0-fargate", + "repositoryCredentials": {}, + "cpu": 0, + "portMappings": [], + "essential": false, + "environment": [], + "mountPoints": [], + "volumesFrom": [], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/test-doc-python", + "awslogs-region": "us-west-2", + "awslogs-stream-prefix": "ecs", + "mode": "non-blocking", + "max-buffer-size": "25m" + } + } + } + ], + "volumes": [], + "networkMode": "awsvpc", + "memory": "4096", + "cpu": "2048", + "family": "test-doc-python", + "executionRoleArn": "", + "taskRoleArn": "", + "runtimePlatform": { + "cpuArchitecture": "X86_64", + "operatingSystemFamily": "LINUX" + }, + "tags": [], + "placementConstraints": [] +} +``` diff --git a/docs/versioned_docs/version-v2.4/sensors/docker.md b/docs/versioned_docs/version-v2.4/sensors/docker.md new file mode 100644 index 0000000000..babeb32756 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/sensors/docker.md @@ -0,0 +1,123 @@ +--- +title: Docker +--- + +# Docker + +On a Linux-based Docker host, the ThreatMapper agents are deployed as a lightweight container. + +Install a docker runtime on the Linux host. Refer to the [Prerequisites for the Sensor Agents](/docs/architecture#threatmapper-sensor-containers) for minimum supported platforms. + +For Windows Server hosts, experimental support exists, but it is not suitable for production use. + +## Installation of ThreatMapper Sensors + +Install and start the latest release of the deepfence sensor. Run the following command to start the sensor on the host, replacing the `CONSOLE_URL` and `DEEPFENCE_KEY` values: + +:::info +Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.4.0-multiarch` is supported in amd64 and arm64/v8 architectures. +::: + +### Docker + +```bash +docker run -dit \ + --cpus=".2" \ + --name=deepfence-agent \ + --restart on-failure \ + --pid=host \ + --net=host \ + --log-driver json-file \ + --log-opt max-size=50m \ + --privileged=true \ + -v /sys/kernel/debug:/sys/kernel/debug:rw \ + -v /var/log/fenced \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /:/fenced/mnt/host/:ro \ + -e DF_LOG_LEVEL="info" \ + -e USER_DEFINED_TAGS="" \ + -e MGMT_CONSOLE_URL="---CONSOLE-IP---" \ + -e MGMT_CONSOLE_PORT="443" \ + -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ + -e http_proxy="" \ + -e https_proxy="" \ + -e no_proxy="" \ + quay.io/deepfenceio/deepfence_agent_ce:2.4.0 +``` + +### Podman + +Podman system service (API service) should be running before deploying the sensor (https://docs.podman.io/en/latest/markdown/podman-system-service.1.html) + +```bash +sudo podman run -dit \ + --cpus=".2" \ + --name=deepfence-agent \ + --restart on-failure \ + --pid=host \ + --net=host \ + --log-driver json-file \ + --log-opt max-size=50m \ + --privileged=true \ + -v /sys/kernel/debug:/sys/kernel/debug:rw \ + -v /var/log/fenced \ + -v /run/podman/podman.sock:/run/podman/podman.sock \ + -v /run/systemd/:/run/systemd/ \ + -v /:/fenced/mnt/host/:ro \ + -e DF_LOG_LEVEL="info" \ + -e USER_DEFINED_TAGS="" \ + -e MGMT_CONSOLE_URL="---CONSOLE-IP---" \ + -e MGMT_CONSOLE_PORT="443" \ + -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \ + -e http_proxy="" \ + -e https_proxy="" \ + -e no_proxy="" \ + quay.io/deepfenceio/deepfence_agent_ce:2.4.0 +``` + +:::tip +Optionally the sensor container can be further tagged using ```USER_DEFINED_TAGS=""``` in the above command. Tags should be comma separated, for example, ```"dev,front-end"```. +::: + + +## Upgrade the ThreatMapper Sensors + +To upgrade a sensor install, stop the existing sensor and start the new version. + +## Using a Proxy Server with Docker + +If ThreatMapper management console is accessed through a proxy server, there are two ways of configuring it. +- You can start the container by providing the environment variable `http_proxy` and `https_proxy` as shown [here](#docker-1). +The environment variable will be used by our agent to communicate with the proxy. + +- Alternatively, you can also configure docker to use a proxy server for all transactions. + +Edit the file: `~/.docker/config.json`, and add the following content. Remember to change the proxy server ip address from 111.111.111.111 to your proxy server ip: + +```json +{ + "auths": { + "https://index.docker.io/v1/": { + "auth": "" + } + }, + "HttpHeaders": { + "User-Agent": "Docker-Client/19.03.1 (linux)" + }, + "proxies": { + "default": { + "httpProxy": "http://111.111.111.111:8006", + "httpsProxy": "http://111.111.111.111:8006", + "noProxy": "localhost,127.0.0.1" + } + } +} +``` + +Restart the docker daemon: + +```bash +sudo systemctl restart docker +``` + +ThreatMapper agent VMs do not require any changes for proxy server. diff --git a/docs/versioned_docs/version-v2.4/sensors/index.md b/docs/versioned_docs/version-v2.4/sensors/index.md new file mode 100644 index 0000000000..caf097ea49 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/sensors/index.md @@ -0,0 +1,49 @@ +--- +title: Installing ThreatMapper Sensors +--- + +# The Role of ThreatMapper Sensors + +Your production workloads are managed using ThreatMapper Sensors. The ThreatMapper Sensors are implemented as lightweight, privileged containers which monitor activity, discover workloads and retrieve manifests. They communicate with the ThreatMapper Management Console over TLS, using the URL and API key. + +A single ThreatMapper Console can manage multiple workload types, and on-premise and cloud deployments simultaneously. + +## Before You Begin + +Before you install the Sensors, obtain the Management Console URL and API key as described in the [Initial Configuration](/docs/console/initial-configuration). + +You should take care to install the sensor version that matches your Management Console version, as compatibility across versions is not guaranteed. + +Review the architecture for the Sensor Agent, as described in [Architecture: Sensor Agent](/docs/architecture/sensors). + +## System Requirements + +ThreatMapper performs detailed scanning of resources using sensor agents that are deployed with the target infrastructure. + +Sensor containers can be deployed directly to Kubernetes or Fargate, or can be deployed on a Docker environment. If you wish to monitor a Linux-based virtual machine or bare-metal production server, you should install a docker runtime within the host Linux operating system: + +| Feature | Requirements | +|----------------------|----------------------------------------------------------------------------| +| CPU: No of cores | 0.2 units of 1 core | +| RAM | 200 MB to 1 GB | +| Linux kernel version | >= 4.4 | +| Connectivity | Access to Deepfence Management Console IP address, port 443 (configurable) | + +For Windows Server hosts, experimental support exists, but it is not suitable for production use. + +## Installing the ThreatMapper Sensors + +For your convenience, the ThreatMapper management console provides the default installation commands to install the agent on a docker host or in a kubernetes cluster: + +| ![Agent Setup](../img/agent-setup-2.png) | +|:----------------------------------------:| +| Default Agent Setup (URL and Key masked) | + +More detailed instructions are as follows: + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; +import {useCurrentSidebarCategory} from '@docusaurus/theme-common'; + + +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/sensors/kubernetes.md b/docs/versioned_docs/version-v2.4/sensors/kubernetes.md new file mode 100644 index 0000000000..9cc790fe7d --- /dev/null +++ b/docs/versioned_docs/version-v2.4/sensors/kubernetes.md @@ -0,0 +1,90 @@ +--- +title: Kubernetes +--- + +# Kubernetes + +In Kubernetes, the ThreatMapper sensors are deployed as a daemonset in the Kubernetes cluster, using a helm chart. + +:::info +The `deepfence-console` helm chart by default runs agent and cluster-agent pods. The `deepfence-agent` helm chart need not be installed in the cluster where console helm chart is deployed. +::: + +## Quick Installation of ThreatMapper Sensors + +Install and start the latest release of the deepfence sensor. Replace `x.x.x.x` with the IP address of the Management Console and `73f6f3d0-9931-4b31-8967-fd6adf475f80` with the API key. + +### Identify container runtime +If container runtime is unknown, please follow [these](#identify-container-runtime-1) instructions. + +:::info +`clusterName` is the name / identifier of the cluster. It should be different for different kubernetes clusters. Example: prod-cluster-1, test-cluster. +::: + +:::info +Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.4.0-multiarch` is supported in amd64 and arm64/v8 architectures. +::: + +### Deploy deepfence-agent helm chart +```bash +helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper +helm repo update + +# helm show readme deepfence/deepfence-agent --version 2.4.0 | less +# helm show values deepfence/deepfence-agent --version 2.4.0 | less + +helm install deepfence-agent deepfence/deepfence-agent \ + --set managementConsoleUrl=x.x.x.x \ + --set deepfenceKey=73f6f3d0-9931-4b31-8967-fd6adf475f80 \ + --set global.imageTag=2.4.0 \ + --set clusterName="prod-cluster" \ + --set mountContainerRuntimeSocket.containerdSock=true \ + --set mountContainerRuntimeSocket.dockerSock=false \ + --set mountContainerRuntimeSocket.crioSock=false \ + --set mountContainerRuntimeSocket.podmanSock=false \ + --set mountContainerRuntimeSocket.containerdSockPath="/run/containerd/containerd.sock" \ + --set logLevel="info" \ + --namespace deepfence \ + --create-namespace \ + --version 2.4.0 +``` + +## Fine-tune the Helm deployment + +```bash +helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper +helm repo update + +helm show values deepfence/deepfence-agent --version 2.4.0 > deepfence_agent_values.yaml + +# You will need to update the following values: +# managementConsoleUrl and deepfenceKey - specify your URL/IP and API key value +# You may wish to update other values, including: +# image:name and image:clusterAgentImageName - change to point to custom images +# containerdSock - set to false if agent fails to start on some Kubernetes platforms e.g. Minikube +vim deepfence_agent_values.yaml + +helm install -f deepfence_agent_values.yaml deepfence-agent deepfence/deepfence-agent \ + --namespace deepfence \ + --create-namespace \ + --version 2.4.0 +``` + +## Delete the ThreatMapper Sensor + +```bash +helm delete deepfence-agent -n deepfence +``` + +## Identify container runtime +- To get container runtime in the k8s cluster, run the following command +```shell +kubectl get nodes -o=custom-columns=NAME:.metadata.name,Runtime:.status.nodeInfo.containerRuntimeVersion +``` +- To get container runtime socket path in the k8s cluster, run the following commands and search for `--container-runtime-endpoint` or `containerd` +```shell +kubectl apply -f https://deepfence-public.s3.amazonaws.com/kubernetes/deepfence-cluster-config-job.yaml +kubectl wait --for=condition=complete --timeout=30s job/deepfence-cluster-config +kubectl logs $(kubectl get pod -l job-name=deepfence-cluster-config -o jsonpath="{.items[0].metadata.name}") +kubectl delete -f https://deepfence-public.s3.amazonaws.com/kubernetes/deepfence-cluster-config-job.yaml +``` \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/sensors/linux-host.md b/docs/versioned_docs/version-v2.4/sensors/linux-host.md new file mode 100644 index 0000000000..7595d005a7 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/sensors/linux-host.md @@ -0,0 +1,188 @@ +--- +title: Linux Host +--- + +# Linux Host + +On a Linux-based bare-metal or virtual machine workload, the ThreatMapper sensor agents are deployed as a linux binary. + +## ThreatMapper Sensor Agents + +Install a docker runtime on the Linux host. Refer to the [Prerequisites for the Sensor Agents](/docs/architecture#threatmapper-sensor-containers) for minimum supported platforms. + +* Copy the following shell script and save as `install_deepfence.sh` +```bash +#!/bin/bash + +# MGMT_CONSOLE_URL: Example: threatmapper.customer.com or 65.65.65.65 +export MGMT_CONSOLE_URL="${MGMT_CONSOLE_URL}" +export DEEPFENCE_KEY="${DEEPFENCE_KEY}" + +if [[ -z "$MGMT_CONSOLE_URL" ]]; then + echo "env MGMT_CONSOLE_URL is not set" + exit 1 +fi + +if [[ -z "$DEEPFENCE_KEY" ]]; then + echo "env DEEPFENCE_KEY is not set" + exit 1 +fi + +export MGMT_CONSOLE_PORT="443" +export MGMT_CONSOLE_URL_SCHEMA="https" +export DF_HOSTNAME="$(hostname)" +export DF_LOG_LEVEL="info" + +MANAGEMENT_CONSOLE_URL="$MGMT_CONSOLE_URL_SCHEMA://$MGMT_CONSOLE_URL:$MGMT_CONSOLE_PORT" + +OS_ID=$(grep -oP '(?<=^ID=).+' /etc/os-release | tr -d '"') +if [[ "$OS_ID" == "amzn" || "$OS_ID" == "centos" ]]; then + # Do necessary installs for Amazon Linux + yum -y install logrotate jq curl + if [[ "$?" != "0" ]]; then + echo "Failed to install logrotate" + exit 1 + fi +else + # Do necessary installs for Ubuntu + apt-get -y install logrotate jq curl + if [[ "$?" != "0" ]]; then + echo "Failed to install logrotate" + exit 1 + fi +fi + +access_token_response=$(curl -m 5 -s -k "$MANAGEMENT_CONSOLE_URL/deepfence/auth/token" \ + --header 'Content-Type: application/json' \ + --data "{\"api_token\": \"$DEEPFENCE_KEY\"}") +if [[ $access_token_response == "" ]]; then + echo "Failed to connect to the management console" + exit 1 +fi + +access_token=$(jq -r '.access_token' <<< "$access_token_response") +if [[ $access_token == "" || $access_token == "null" ]]; then + echo "Failed to authenticate" + echo "$access_token_response" + exit 1 +fi + +download_url_response=$(curl -m 5 -s -k "$MANAGEMENT_CONSOLE_URL/deepfence/agent-deployment/binary/download-url" \ + --header "Authorization: Bearer $access_token") +if [[ $download_url_response == "" ]]; then + echo "Failed to get agent binary download url" + exit 1 +fi + +start_agent_script_download_url=$(jq -r '.start_agent_script_download_url' <<< "$download_url_response") +if [[ $start_agent_script_download_url == "" ]]; then + echo "Failed to get agent binary download url" + echo "$download_url_response" + exit 1 +fi + +cat << EOF > uninstall_deepfence.sh +#!/bin/bash + +systemctl stop deepfence-agent.service +systemctl disable deepfence-agent.service +rm -f /etc/systemd/system/deepfence-agent.service +rm -rf /opt/deepfence +EOF + +echo "Uninstalling existing Deepfence agent installation, if any" +chmod +x uninstall_deepfence.sh +bash uninstall_deepfence.sh + +if [[ ! -d "/opt/deepfence" ]]; then + mkdir -p /opt/deepfence /opt/deepfence/var/log/ +fi + +architecture="" +case $(uname -m) in + i386) architecture="386" ;; + i686) architecture="386" ;; + x86_64) architecture="amd64" ;; + arm) dpkg --print-architecture | grep -q "arm64" && architecture="arm64" || architecture="arm" ;; + aarch64) architecture="arm64" ;; +esac + +echo "Detected architecture: $architecture" + +agent_binary_download_url=$(jq -r --arg architecture "agent_binary_${architecture}_download_url" '.[$architecture]' <<< "$download_url_response") +agent_binary_filename=$(basename "$agent_binary_download_url") +agent_binary_filename=$(cut -f1 -d"?" <<< "$agent_binary_filename") + +if [[ $agent_binary_download_url == "" || $agent_binary_filename == "" ]]; then + echo "Failed to get agent binary download url" + echo "$download_url_response" + exit 1 +fi + +echo "Downloading agent binary from $agent_binary_download_url to /opt/deepfence/$agent_binary_filename" +curl -k -o "/opt/deepfence/$agent_binary_filename" "$agent_binary_download_url" + +curl -k -o /opt/deepfence/start_deepfence_agent.sh "$start_agent_script_download_url" +chmod +x "/opt/deepfence/start_deepfence_agent.sh" + +tar -xzf "/opt/deepfence/$agent_binary_filename" -C /opt/deepfence/ + +echo "MGMT_CONSOLE_URL: $MGMT_CONSOLE_URL" +echo "MGMT_CONSOLE_PORT: $MGMT_CONSOLE_PORT" +echo "DF_HOSTNAME: $DF_HOSTNAME" + +echo "Installing Deepfence agent as daemon service" + +cat << EOF > /etc/systemd/system/deepfence-agent.service +[Unit] +Description=Deepfence Agent Service +After=network.target + +[Service] +Environment="MGMT_CONSOLE_URL=$MGMT_CONSOLE_URL" +Environment="DEEPFENCE_KEY=$DEEPFENCE_KEY" +Environment="MGMT_CONSOLE_PORT=$MGMT_CONSOLE_PORT" +Environment="MGMT_CONSOLE_URL_SCHEMA=$MGMT_CONSOLE_URL_SCHEMA" +Environment="DF_HOSTNAME=$(hostname)" +Environment="DF_LOG_LEVEL=$DF_LOG_LEVEL" + +User=root +Group=root +Restart=on-failure +Type=forking +ExecStart=/opt/deepfence/start_deepfence_agent.sh +WorkingDirectory=/opt/deepfence + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload +systemctl enable deepfence-agent.service +systemctl start deepfence-agent.service +systemctl status deepfence-agent.service +``` + +* Set management console URL and Deepfence key. You can find the Deepfence API key under + `Setting>User Management>API Key` +* You can run this script as following +```bash +sudo bash install_deepfence.sh +``` + +## Logs + +To get the service logs, run the following command +```shell +sudo journalctl -u deepfence-agent.service +``` + +## Uninstall + +To uninstall deepfence agent, run the following commands +```shell +sudo systemctl stop deepfence-agent.service +sudo systemctl disable deepfence-agent.service +sudo rm -f /etc/systemd/system/deepfence-agent.service +sudo rm -rf /opt/deepfence +``` diff --git a/docs/versioned_docs/version-v2.4/tips/automating-scans.md b/docs/versioned_docs/version-v2.4/tips/automating-scans.md new file mode 100644 index 0000000000..e76db5a0e2 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/tips/automating-scans.md @@ -0,0 +1,50 @@ +--- +title: Automating Scans +--- + +# Automating Scans + +## Why should you Automate Production Scans? + +Vulnerabilities may be introduced into your production platforms at any point. And change to application dependencies of infrastructure may introduce new vulnerabilities. Changes in the application topology, such as promoting a service from internal dev traffic to external Internet traffic, can change ThreatMapper's risk-of-exploit score for a vulnerability. + +Most significantly, new vulnerabilities can be discovered in existing components at any time. A component that passed all vulnerability scans when it was deployed may still contain issues that are discovered weeks, months or years afterwards. + +ThreatMapper can scan your production platforms periodically, using the most up-to-date threat feeds at each time. This enables ThreatMapper to catch changes in application components and topology, and to find recently-disclosed vulnerabilities in components that are already deployed. + + +## Automating ThreatMapper + +The results of automated scans are added to the **Vulnerability Scans** report, and can be raised through any configured [Notification](/docs/integrations) method. + +ThreatMapper presents a series of APIs that you can use to enumerate nodes and run scans: + +* [https://deepfence.github.io/deepfence_runtime_api/](https://deepfence.github.io/deepfence_runtime_api/) + + +### Scanning Workloads before Deployment + +ThreatMapper can be invoked during the build process for a workload, commonly referred to as CI (Continuous Integration). For more information, check out the (Scanning in the CI Pipeline)[Scan-CI] documentation. + +ThreatMapper can scan registries, looking for vulnerabilities in containers. Scans can be invoked manually, or can run periodically against the registry. For more information, check out the (Scanning Registries)[Scanning Registries] documentation. + +### Use Case: Periodically Running Scans ("cron") + +#### UI +Schedule is set by default in ThreatMapper to scan all containers and hosts once a week. They can be enabled if needed. + +![Scheduled Jobs](../img/scheduled-jobs.png) + +#### API +A good example for API-driven automation - you can create a script that enumerates your infrastructure and workloads, and then scans on-demand. + + +### Use Case: Scanning Nodes before Deployment + +You can use ThreatMapper to scan new nodes as they are added to the infrastructure, and can prevent these nodes from becoming active if they fail the scan: + * Instance is started by elastic platform e.g. AWS + * Instance contains ThreatMapper agent as a component + * When instance starts, agent self-registers with management console. + * Management console notices a new instance has been added and schedules a scan (using streaming API - details to be documented) + * Once the scan has completed, if it is deemed to have failed (admin defines pass or fail criteria), the management console can delete the new node (using preconfigured credentials) + diff --git a/docs/versioned_docs/version-v2.4/tips/debugging.md b/docs/versioned_docs/version-v2.4/tips/debugging.md new file mode 100644 index 0000000000..b38800b328 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/tips/debugging.md @@ -0,0 +1,27 @@ +--- +title: Debugging +--- + +# Diagnostics logs +Deepfence Management console provides a way to download the logs for the console or from the specific agent on host or kubernetes cluster or cloud scanner. For steps to download agent logs from console UI refer [Support and Diagnostics](../operations/support.md) + +# Agent Log Locations + +- **General Log Locations** + - `/var/log/supervisor` - bootstrapper logs, this is the daemon which manages all the plugins used in the agent + - `/var/log/deepfenced` - logs of plugins managed by bootstrapper like `package-scanner`, `secret-scanner`, etc., + - `/var/log/fenced` - all the data collected by the plugins are written here before its pushed to deepfence console + +- Linux Binary Agent + - In case of linux binary agent prefix `/opt/deepfence` to **General Log Locations** + +- AWS Fargate Agent + - In case of AWS Fargate agent prefix `DF_INSTALL_DIR` to **General Log Locations** + +- Cloud Scanner + - prefix `/home/deepfence` if deployed as ECS task or AWS Fargate or GCP Cloud Run container to **General Log Locations** + - prefix `/data/home/deepfence` if deployed as docker container or kubernetes pod to **General Log Locations** + +# Vulnerability scan failures +- Check agent `package_scanner.log` file for errors this file can be located in the directory `/var/log/deepfenced` +- If there are no errors on agent and sbom generation was successful, then check the deepfence-worker logs for issue in sbom scan on console \ No newline at end of file diff --git a/docs/versioned_docs/version-v2.4/tips/sensor-agent-not-start.md b/docs/versioned_docs/version-v2.4/tips/sensor-agent-not-start.md new file mode 100644 index 0000000000..16cbabb0d4 --- /dev/null +++ b/docs/versioned_docs/version-v2.4/tips/sensor-agent-not-start.md @@ -0,0 +1,39 @@ +--- +title: Sensor Agent does not start +--- + +# Sensor Agent does not start + + +## When using Minikube (possibly other platforms), the deepfence-agent does not start + +Running `kubectl get pods -n deepfence` gives output similar to: + +``` +NAME READY STATUS RESTARTS AGE +deepfence-agent-8lxng 0/1 ContainerCreating 0 3m14s +deepfence-cluster-agent-d86cd4df8-c4fz2 1/1 Running 0 3m14s +``` + +Running `kubectl describe pod -n deepfence deepfence-agent-8lxng` reveals: + +``` + Warning FailedMount 30s (x8 over 3m14s) kubelet MountVolume.SetUp failed for volume "containerd-sock" : hostPath type check failed: /run/containerd/containerd.sock is not a socket file +``` + +**Solution:** edit `deepfence_agent_values.yaml` and set `containerdSock` to be `"false"`. Redeploy the agent using: + +```bash +helm delete deepfence-agent -n deepfence + +helm show values deepfence/deepfence-agent --version 2.4.0 > deepfence_agent_values.yaml + +# You will need to update the following values: +# containerdSock - set to "false" +vim deepfence_agent_values.yaml + +helm install -f deepfence_agent_values.yaml deepfence-agent deepfence/deepfence-agent \ + --namespace deepfence \ + --create-namespace \ + --version 2.4.0 +``` diff --git a/docs/versioned_sidebars/version-v2.3-sidebars.json b/docs/versioned_sidebars/version-v2.3-sidebars.json new file mode 100644 index 0000000000..58b7671e07 --- /dev/null +++ b/docs/versioned_sidebars/version-v2.3-sidebars.json @@ -0,0 +1,168 @@ +{ + "threatmapper": [ + { + "type": "html", + "value": "Deepfence ThreatMapper", + "className": "sidebar-title" + }, + "index", + { + "type": "category", + "label": "Architecture", + "link": { + "type": "doc", + "id": "architecture/index" + }, + "items": [ + "architecture/console", + "architecture/cloudscanner", + "architecture/sensors", + "architecture/threatgraph" + ] + }, + "demo", + { + "type": "category", + "label": "Installation", + "link": { + "type": "doc", + "id": "installation" + }, + "items": [ + { + "type": "category", + "label": "Management Console", + "link": { + "type": "doc", + "id": "console/index" + }, + "items": [ + "console/requirements", + "console/upgrade-from-v2.1", + "console/docker", + "console/kubernetes", + "console/managed-database", + "console/initial-configuration", + "console/manage-users", + "console/database-export-import", + "console/troubleshooting" + ] + }, + { + "type": "category", + "label": "Sensor Agent", + "link": { + "type": "doc", + "id": "sensors/index" + }, + "items": [ + "sensors/kubernetes", + "sensors/docker", + "sensors/aws-ecs", + "sensors/aws-fargate", + "sensors/linux-host" + ] + }, + { + "type": "category", + "label": "Cloud Scanner", + "link": { + "type": "doc", + "id": "cloudscanner/index" + }, + "items": [ + "cloudscanner/aws", + "cloudscanner/azure", + "cloudscanner/gcp", + "cloudscanner/other" + ] + }, + { + "type": "category", + "label": "Kubernetes Scanner", + "link": { + "type": "doc", + "id": "kubernetes-scanner/index" + }, + "items": [] + } + ] + }, + { + "type": "category", + "label": "Operations", + "link": { + "type": "doc", + "id": "operations/index" + }, + "items": [ + "operations/scanning", + "operations/sboms", + "operations/compliance", + { + "type": "category", + "label": "Scanning Registries", + "link": { + "type": "doc", + "id": "registries/index" + }, + "items": [ + "registries/aws-ecr" + ] + }, + "operations/scanning-ci", + "operations/support" + ] + }, + { + "type": "category", + "label": "Integrations", + "link": { + "type": "doc", + "id": "integrations/index" + }, + "items": [ + "integrations/threatrx", + "integrations/pagerduty", + "integrations/slack", + "integrations/microsoft-teams", + "integrations/sumo-logic", + "integrations/elasticsearch", + "integrations/email", + "integrations/http-endpoint", + "integrations/jira", + "integrations/s3", + "integrations/reports", + "integrations/splunk" + ] + }, + { + "type": "category", + "label": "Developers", + "link": { + "type": "doc", + "id": "developers/index" + }, + "items": [ + "developers/build", + "developers/deploy-console", + "developers/deploy-agent", + "developers/python-sdk" + ] + }, + { + "type": "category", + "label": "Tips", + "link": { + "type": "generated-index", + "description": "Tips and Techniques to get the most from ThreatMapper" + }, + "items": [ + { + "type": "autogenerated", + "dirName": "tips" + } + ] + } + ] +} diff --git a/docs/versioned_sidebars/version-v2.4-sidebars.json b/docs/versioned_sidebars/version-v2.4-sidebars.json new file mode 100644 index 0000000000..58b7671e07 --- /dev/null +++ b/docs/versioned_sidebars/version-v2.4-sidebars.json @@ -0,0 +1,168 @@ +{ + "threatmapper": [ + { + "type": "html", + "value": "Deepfence ThreatMapper", + "className": "sidebar-title" + }, + "index", + { + "type": "category", + "label": "Architecture", + "link": { + "type": "doc", + "id": "architecture/index" + }, + "items": [ + "architecture/console", + "architecture/cloudscanner", + "architecture/sensors", + "architecture/threatgraph" + ] + }, + "demo", + { + "type": "category", + "label": "Installation", + "link": { + "type": "doc", + "id": "installation" + }, + "items": [ + { + "type": "category", + "label": "Management Console", + "link": { + "type": "doc", + "id": "console/index" + }, + "items": [ + "console/requirements", + "console/upgrade-from-v2.1", + "console/docker", + "console/kubernetes", + "console/managed-database", + "console/initial-configuration", + "console/manage-users", + "console/database-export-import", + "console/troubleshooting" + ] + }, + { + "type": "category", + "label": "Sensor Agent", + "link": { + "type": "doc", + "id": "sensors/index" + }, + "items": [ + "sensors/kubernetes", + "sensors/docker", + "sensors/aws-ecs", + "sensors/aws-fargate", + "sensors/linux-host" + ] + }, + { + "type": "category", + "label": "Cloud Scanner", + "link": { + "type": "doc", + "id": "cloudscanner/index" + }, + "items": [ + "cloudscanner/aws", + "cloudscanner/azure", + "cloudscanner/gcp", + "cloudscanner/other" + ] + }, + { + "type": "category", + "label": "Kubernetes Scanner", + "link": { + "type": "doc", + "id": "kubernetes-scanner/index" + }, + "items": [] + } + ] + }, + { + "type": "category", + "label": "Operations", + "link": { + "type": "doc", + "id": "operations/index" + }, + "items": [ + "operations/scanning", + "operations/sboms", + "operations/compliance", + { + "type": "category", + "label": "Scanning Registries", + "link": { + "type": "doc", + "id": "registries/index" + }, + "items": [ + "registries/aws-ecr" + ] + }, + "operations/scanning-ci", + "operations/support" + ] + }, + { + "type": "category", + "label": "Integrations", + "link": { + "type": "doc", + "id": "integrations/index" + }, + "items": [ + "integrations/threatrx", + "integrations/pagerduty", + "integrations/slack", + "integrations/microsoft-teams", + "integrations/sumo-logic", + "integrations/elasticsearch", + "integrations/email", + "integrations/http-endpoint", + "integrations/jira", + "integrations/s3", + "integrations/reports", + "integrations/splunk" + ] + }, + { + "type": "category", + "label": "Developers", + "link": { + "type": "doc", + "id": "developers/index" + }, + "items": [ + "developers/build", + "developers/deploy-console", + "developers/deploy-agent", + "developers/python-sdk" + ] + }, + { + "type": "category", + "label": "Tips", + "link": { + "type": "generated-index", + "description": "Tips and Techniques to get the most from ThreatMapper" + }, + "items": [ + { + "type": "autogenerated", + "dirName": "tips" + } + ] + } + ] +} diff --git a/docs/versions.json b/docs/versions.json index f36b0f08a9..54853a66d4 100644 --- a/docs/versions.json +++ b/docs/versions.json @@ -1,4 +1,6 @@ [ + "v2.4", + "v2.3", "v2.2", "v2.1", "v2.0", diff --git a/docs/vulnerability_feeds/listing.json b/docs/vulnerability_feeds/listing.json index e8e2a0802e..f8761f0b8e 100644 --- a/docs/vulnerability_feeds/listing.json +++ b/docs/vulnerability_feeds/listing.json @@ -2,54 +2,54 @@ "available": { "3": [ { - "built": "2024-09-21T00:15:28.181539562Z", + "built": "2024-07-27T00:15:46.037564168Z", "version": 3, - "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v3-2024-09-21_00-02-36/threatintel-vuln-v3-2024-09-21_00-02-36.tar.gz", - "checksum": "da686b27b38b10c2b209b8af138b1fd71246fe9656e70ea71314263b5da4111e" + "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v3-2024-07-27_00-02-17/threatintel-vuln-v3-2024-07-27_00-02-17.tar.gz", + "checksum": "8f83925d8c4a968ef85ffda56beb2eb7c52be269be7b32c20b50154fedccc32a" }, { - "built": "2024-09-22T00:16:18.677703142Z", + "built": "2024-07-28T00:14:54.97279684Z", "version": 3, - "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v3-2024-09-22_00-02-41/threatintel-vuln-v3-2024-09-22_00-02-41.tar.gz", - "checksum": "c4245b374a8e31b400b8b8808b8744a1e8779222135a8693a58a830afdc8c1b9" + "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v3-2024-07-28_00-02-37/threatintel-vuln-v3-2024-07-28_00-02-37.tar.gz", + "checksum": "a6fa85e3ac6400a5c712d9cd59e0dd82b0052faa3cd0859fdf02adf4e958f11e" }, { - "built": "2024-09-23T00:14:25.50993249Z", + "built": "2024-07-29T00:14:10.110094323Z", "version": 3, - "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v3-2024-09-23_00-02-38/threatintel-vuln-v3-2024-09-23_00-02-38.tar.gz", - "checksum": "6f8eb149c8d4395fb30070b42c81787aa67d17bae5dd9fa62c403eb57aa40862" + "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v3-2024-07-29_00-02-34/threatintel-vuln-v3-2024-07-29_00-02-34.tar.gz", + "checksum": "6d113ef15cf1a8d35c10b49c13f7fea08141147399710faafea9b9773cdd0c85" }, { - "built": "2024-09-24T00:14:33.023639544Z", + "built": "2024-07-30T00:14:34.581611625Z", "version": 3, - "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v3-2024-09-24_00-02-40/threatintel-vuln-v3-2024-09-24_00-02-40.tar.gz", - "checksum": "6c1fc8aba1f84763e35910497e424b3bdbd2b70ac7b369d6adba808d149e4178" + "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v3-2024-07-30_00-02-31/threatintel-vuln-v3-2024-07-30_00-02-31.tar.gz", + "checksum": "48c6b8ef5200a68a63bdf688ec85ea3b356cf54f048f088ea8ed9789c2122a9c" } ], "5": [ { - "built": "2024-11-04T13:11:35.773111748Z", + "built": "2024-07-29T02:45:05.574607528Z", "version": 5, - "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v5-2024-11-04_13-07-57/threatintel-vuln-v5-2024-11-04_13-07-57.tar.gz", - "checksum": "16e53cf35125efb73b2020806abf0a150dcb33f21200a1acac78f10a275c6f00" + "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v5-2024-07-29_01-43-13/threatintel-vuln-v5-2024-07-29_01-43-13.tar.gz", + "checksum": "6923f69f968996ca1cb44a383b1ff00a986dbc0f30bca1400a9eb4d20ff0833e" }, { - "built": "2024-11-05T01:33:26.438820948Z", + "built": "2024-07-29T14:30:02.296892725Z", "version": 5, - "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v5-2024-11-05_01-29-49/threatintel-vuln-v5-2024-11-05_01-29-49.tar.gz", - "checksum": "d5a0597ec657cb6bb6a2193c372ead0b586fcc09e99e375f91ceacdcf5522a90" + "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v5-2024-07-29_13-20-25/threatintel-vuln-v5-2024-07-29_13-20-25.tar.gz", + "checksum": "f9e4c337b1a43187c2068d6a91b989427388037fe60dd2cd45c0b14dea783863" }, { - "built": "2024-11-05T13:09:59.176590962Z", + "built": "2024-07-30T02:51:23.31434039Z", "version": 5, - "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v5-2024-11-05_13-06-21/threatintel-vuln-v5-2024-11-05_13-06-21.tar.gz", - "checksum": "bc4dfdd6a4610df7557b2fd6e0799d2a429cc5f468913ae6c897299615bec7b5" + "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v5-2024-07-30_01-44-10/threatintel-vuln-v5-2024-07-30_01-44-10.tar.gz", + "checksum": "92db438bf79ca44ee475a5ee1f6a571f7b108acc662a1afe07a1da57c71b7184" }, { - "built": "2024-11-06T01:33:24.567281567Z", + "built": "2024-07-30T14:29:30.735660696Z", "version": 5, - "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v5-2024-11-06_01-29-48/threatintel-vuln-v5-2024-11-06_01-29-48.tar.gz", - "checksum": "29742e96fc28c55c5eb741cc51fb313169675e538b17d8af4a3627b1652cd508" + "url": "https://threat-intel.deepfence.io/vulnerability-db/releases/download/threatintel-vuln-v5-2024-07-30_13-20-11/threatintel-vuln-v5-2024-07-30_13-20-11.tar.gz", + "checksum": "605a345b4dc7be9e7f4670e1f0c6b9cdef6c5427deb42e9d6d96a9cf6a52ebce" } ] } diff --git a/docs/yarn.lock b/docs/yarn.lock index 8db363a9e0..521095e950 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -146,7 +146,7 @@ "@jridgewell/gen-mapping" "^0.3.5" "@jridgewell/trace-mapping" "^0.3.24" -"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.16.0", "@babel/code-frame@^7.23.5", "@babel/code-frame@^7.8.3": +"@babel/code-frame@^7.0.0", "@babel/code-frame@^7.16.0", "@babel/code-frame@^7.8.3": version "7.23.5" resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.23.5.tgz#9009b69a8c602293476ad598ff53e4562e15c244" integrity sha512-CgH3s1a96LipHCmSUmYFPwY7MNx8C3avkq7i4Wl3cfa662ldtUe4VM1TPXX70pfmrlWTb6jLqTYrZyT2ZTJBgA== @@ -162,6 +162,15 @@ "@babel/highlight" "^7.24.7" picocolors "^1.0.0" +"@babel/code-frame@^7.25.9", "@babel/code-frame@^7.26.0": + version "7.26.2" + resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.26.2.tgz#4b5fab97d33338eff916235055f0ebc21e573a85" + integrity sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ== + dependencies: + "@babel/helper-validator-identifier" "^7.25.9" + js-tokens "^4.0.0" + picocolors "^1.0.0" + "@babel/compat-data@^7.22.6", "@babel/compat-data@^7.23.5": version "7.23.5" resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.23.5.tgz#ffb878728bb6bdcb6f4510aa51b1be9afb8cfd98" @@ -172,6 +181,11 @@ resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.25.0.tgz#6b226a5da3a686db3c30519750e071dce292ad95" integrity sha512-P4fwKI2mjEb3ZU5cnMJzvRsRKGBUcs8jvxIoRmr6ufAY9Xk2Bz7JubRTTivkw55c7WQJfTECeqYVa+HZ0FzREg== +"@babel/compat-data@^7.25.9", "@babel/compat-data@^7.26.0": + version "7.26.2" + resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.26.2.tgz#278b6b13664557de95b8f35b90d96785850bb56e" + integrity sha512-Z0WgzSEa+aUcdiJuCIqgujCshpMWgUpgOxXotrYPSA53hA3qopNaqcJpyr0hVb1FeWdnqFA35/fUtXgBK8srQg== + "@babel/core@^7.21.3": version "7.24.9" resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.24.9.tgz#dc07c9d307162c97fa9484ea997ade65841c7c82" @@ -193,37 +207,27 @@ json5 "^2.2.3" semver "^6.3.1" -"@babel/core@^7.23.3": - version "7.24.0" - resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.24.0.tgz#56cbda6b185ae9d9bed369816a8f4423c5f2ff1b" - integrity sha512-fQfkg0Gjkza3nf0c7/w6Xf34BW4YvzNfACRLmmb7XRLa6XHdR+K9AlJlxneFfWYf6uhOzuzZVTjF/8KfndZANw== +"@babel/core@^7.25.9": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.26.0.tgz#d78b6023cc8f3114ccf049eb219613f74a747b40" + integrity sha512-i1SLeK+DzNnQ3LL/CswPCa/E5u4lh1k6IAEphON8F+cXt0t9euTshDru0q7/IqMa1PMPz5RnHuHscF8/ZJsStg== dependencies: "@ampproject/remapping" "^2.2.0" - "@babel/code-frame" "^7.23.5" - "@babel/generator" "^7.23.6" - "@babel/helper-compilation-targets" "^7.23.6" - "@babel/helper-module-transforms" "^7.23.3" - "@babel/helpers" "^7.24.0" - "@babel/parser" "^7.24.0" - "@babel/template" "^7.24.0" - "@babel/traverse" "^7.24.0" - "@babel/types" "^7.24.0" + "@babel/code-frame" "^7.26.0" + "@babel/generator" "^7.26.0" + "@babel/helper-compilation-targets" "^7.25.9" + "@babel/helper-module-transforms" "^7.26.0" + "@babel/helpers" "^7.26.0" + "@babel/parser" "^7.26.0" + "@babel/template" "^7.25.9" + "@babel/traverse" "^7.25.9" + "@babel/types" "^7.26.0" convert-source-map "^2.0.0" debug "^4.1.0" gensync "^1.0.0-beta.2" json5 "^2.2.3" semver "^6.3.1" -"@babel/generator@^7.23.3", "@babel/generator@^7.23.6": - version "7.23.6" - resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.23.6.tgz#9e1fca4811c77a10580d17d26b57b036133f3c2e" - integrity sha512-qrSfCYxYQB5owCmGLbl8XRpX1ytXlpueOb0N0UmQwA073KZxejgQTzAmJezxvpwQD9uGtK2shHdi55QT+MbjIw== - dependencies: - "@babel/types" "^7.23.6" - "@jridgewell/gen-mapping" "^0.3.2" - "@jridgewell/trace-mapping" "^0.3.17" - jsesc "^2.5.1" - "@babel/generator@^7.24.9", "@babel/generator@^7.25.0": version "7.25.0" resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.25.0.tgz#f858ddfa984350bc3d3b7f125073c9af6988f18e" @@ -234,6 +238,17 @@ "@jridgewell/trace-mapping" "^0.3.25" jsesc "^2.5.1" +"@babel/generator@^7.25.9", "@babel/generator@^7.26.0": + version "7.26.2" + resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.26.2.tgz#87b75813bec87916210e5e01939a4c823d6bb74f" + integrity sha512-zevQbhbau95nkoxSq3f/DC/SC+EEOUZd3DYqfSkMhY2/wfSeaHV1Ew4vk8e+x8lja31IbyuUa2uQ3JONqKbysw== + dependencies: + "@babel/parser" "^7.26.2" + "@babel/types" "^7.26.0" + "@jridgewell/gen-mapping" "^0.3.5" + "@jridgewell/trace-mapping" "^0.3.25" + jsesc "^3.0.2" + "@babel/helper-annotate-as-pure@^7.22.5": version "7.22.5" resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.22.5.tgz#e7f06737b197d580a01edf75d97e2c8be99d3882" @@ -248,12 +263,12 @@ dependencies: "@babel/types" "^7.24.7" -"@babel/helper-builder-binary-assignment-operator-visitor@^7.22.15": - version "7.22.15" - resolved "https://registry.yarnpkg.com/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.22.15.tgz#5426b109cf3ad47b91120f8328d8ab1be8b0b956" - integrity sha512-QkBXwGgaoC2GtGZRoma6kv7Szfv06khvhFav67ZExau2RaXzy8MpHSMO2PNoP2XtmQphJQRHFfg77Bq731Yizw== +"@babel/helper-annotate-as-pure@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.25.9.tgz#d8eac4d2dc0d7b6e11fa6e535332e0d3184f06b4" + integrity sha512-gv7320KBUFJz1RnylIg5WWYPRXKZ884AGkYpgpWW02TH66Dl+HaC1t1CKd0z3R4b6hdYEcmrNZHUmfCP+1u3/g== dependencies: - "@babel/types" "^7.22.15" + "@babel/types" "^7.25.9" "@babel/helper-builder-binary-assignment-operator-visitor@^7.24.7": version "7.24.7" @@ -263,7 +278,15 @@ "@babel/traverse" "^7.24.7" "@babel/types" "^7.24.7" -"@babel/helper-compilation-targets@^7.22.15", "@babel/helper-compilation-targets@^7.22.6", "@babel/helper-compilation-targets@^7.23.6": +"@babel/helper-builder-binary-assignment-operator-visitor@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.25.9.tgz#f41752fe772a578e67286e6779a68a5a92de1ee9" + integrity sha512-C47lC7LIDCnz0h4vai/tpNOI95tCd5ZT3iBt/DBH5lXKHZsyNQv18yf1wIIg2ntiQNgmAvA+DgZ82iW8Qdym8g== + dependencies: + "@babel/traverse" "^7.25.9" + "@babel/types" "^7.25.9" + +"@babel/helper-compilation-targets@^7.22.6": version "7.23.6" resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.23.6.tgz#4d79069b16cbcf1461289eccfbbd81501ae39991" integrity sha512-9JB548GZoQVmzrFgp8o7KxdgkTGm6xs9DW0o/Pim72UDjzr5ObUQ6ZzYPqA+g9OTS2bBQoctLJrky0RDCAWRgQ== @@ -285,19 +308,15 @@ lru-cache "^5.1.1" semver "^6.3.1" -"@babel/helper-create-class-features-plugin@^7.22.15", "@babel/helper-create-class-features-plugin@^7.23.6": - version "7.24.0" - resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.24.0.tgz#fc7554141bdbfa2d17f7b4b80153b9b090e5d158" - integrity sha512-QAH+vfvts51BCsNZ2PhY6HAggnlS6omLLFTsIpeqZk/MmJ6cW7tgz5yRv0fMJThcr6FmbMrENh1RgrWPTYA76g== +"@babel/helper-compilation-targets@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.25.9.tgz#55af025ce365be3cdc0c1c1e56c6af617ce88875" + integrity sha512-j9Db8Suy6yV/VHa4qzrj9yZfZxhLWQdVnRlXxmKLYlhWUVB1sB2G5sxuWYXk/whHD9iW76PmNzxZ4UCnTQTVEQ== dependencies: - "@babel/helper-annotate-as-pure" "^7.22.5" - "@babel/helper-environment-visitor" "^7.22.20" - "@babel/helper-function-name" "^7.23.0" - "@babel/helper-member-expression-to-functions" "^7.23.0" - "@babel/helper-optimise-call-expression" "^7.22.5" - "@babel/helper-replace-supers" "^7.22.20" - "@babel/helper-skip-transparent-expression-wrappers" "^7.22.5" - "@babel/helper-split-export-declaration" "^7.22.6" + "@babel/compat-data" "^7.25.9" + "@babel/helper-validator-option" "^7.25.9" + browserslist "^4.24.0" + lru-cache "^5.1.1" semver "^6.3.1" "@babel/helper-create-class-features-plugin@^7.24.7", "@babel/helper-create-class-features-plugin@^7.25.0": @@ -313,7 +332,20 @@ "@babel/traverse" "^7.25.0" semver "^6.3.1" -"@babel/helper-create-regexp-features-plugin@^7.18.6", "@babel/helper-create-regexp-features-plugin@^7.22.15", "@babel/helper-create-regexp-features-plugin@^7.22.5": +"@babel/helper-create-class-features-plugin@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.25.9.tgz#7644147706bb90ff613297d49ed5266bde729f83" + integrity sha512-UTZQMvt0d/rSz6KI+qdu7GQze5TIajwTS++GUozlw8VBJDEOAqSXwm1WvmYEZwqdqSGQshRocPDqrt4HBZB3fQ== + dependencies: + "@babel/helper-annotate-as-pure" "^7.25.9" + "@babel/helper-member-expression-to-functions" "^7.25.9" + "@babel/helper-optimise-call-expression" "^7.25.9" + "@babel/helper-replace-supers" "^7.25.9" + "@babel/helper-skip-transparent-expression-wrappers" "^7.25.9" + "@babel/traverse" "^7.25.9" + semver "^6.3.1" + +"@babel/helper-create-regexp-features-plugin@^7.18.6": version "7.22.15" resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.22.15.tgz#5ee90093914ea09639b01c711db0d6775e558be1" integrity sha512-29FkPLFjn4TPEa3RE7GpW+qbE8tlsu3jntNYNfcGsc49LphF1PQIiD+vMZ1z1xVOKt+93khA9tc2JBs3kBjA7w== @@ -331,16 +363,14 @@ regexpu-core "^5.3.1" semver "^6.3.1" -"@babel/helper-define-polyfill-provider@^0.5.0": - version "0.5.0" - resolved "https://registry.yarnpkg.com/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.5.0.tgz#465805b7361f461e86c680f1de21eaf88c25901b" - integrity sha512-NovQquuQLAQ5HuyjCz7WQP9MjRj7dx++yspwiyUiGl9ZyadHRSql1HZh5ogRd8W8w6YM6EQ/NTB8rgjLt5W65Q== +"@babel/helper-create-regexp-features-plugin@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.25.9.tgz#3e8999db94728ad2b2458d7a470e7770b7764e26" + integrity sha512-ORPNZ3h6ZRkOyAa/SaHU+XsLZr0UQzRwuDQ0cczIA17nAzZ+85G5cVkOJIj7QavLZGSe8QXUmNFxSZzjcZF9bw== dependencies: - "@babel/helper-compilation-targets" "^7.22.6" - "@babel/helper-plugin-utils" "^7.22.5" - debug "^4.1.1" - lodash.debounce "^4.0.8" - resolve "^1.14.2" + "@babel/helper-annotate-as-pure" "^7.25.9" + regexpu-core "^6.1.1" + semver "^6.3.1" "@babel/helper-define-polyfill-provider@^0.6.1": version "0.6.1" @@ -364,33 +394,6 @@ lodash.debounce "^4.0.8" resolve "^1.14.2" -"@babel/helper-environment-visitor@^7.22.20": - version "7.22.20" - resolved "https://registry.yarnpkg.com/@babel/helper-environment-visitor/-/helper-environment-visitor-7.22.20.tgz#96159db61d34a29dba454c959f5ae4a649ba9167" - integrity sha512-zfedSIzFhat/gFhWfHtgWvlec0nqB9YEIVrpuwjruLlXfUSnA8cJB0miHKwqDnQ7d32aKo2xt88/xZptwxbfhA== - -"@babel/helper-function-name@^7.22.5", "@babel/helper-function-name@^7.23.0": - version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/helper-function-name/-/helper-function-name-7.23.0.tgz#1f9a3cdbd5b2698a670c30d2735f9af95ed52759" - integrity sha512-OErEqsrxjZTJciZ4Oo+eoZqeW9UIiOcuYKRJA4ZAgV9myA+pOXhhmpfNCKjEH/auVfEYVFJ6y1Tc4r0eIApqiw== - dependencies: - "@babel/template" "^7.22.15" - "@babel/types" "^7.23.0" - -"@babel/helper-hoist-variables@^7.22.5": - version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz#c01a007dac05c085914e8fb652b339db50d823bb" - integrity sha512-wGjk9QZVzvknA6yKIUURb8zY3grXCcOZt+/7Wcy8O2uctxhplmUPkOdlgoNhmdVee2c92JXbf1xpMtVNbfoxRw== - dependencies: - "@babel/types" "^7.22.5" - -"@babel/helper-member-expression-to-functions@^7.22.15", "@babel/helper-member-expression-to-functions@^7.23.0": - version "7.23.0" - resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.23.0.tgz#9263e88cc5e41d39ec18c9a3e0eced59a3e7d366" - integrity sha512-6gfrPwh7OuT6gZyJZvd6WbTfrqAo7vm4xCzAXOusKqq/vWdKXphTpj5klHKNmRUU6/QRGlBsyU9mAIPaWHlqJA== - dependencies: - "@babel/types" "^7.23.0" - "@babel/helper-member-expression-to-functions@^7.24.8": version "7.24.8" resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.24.8.tgz#6155e079c913357d24a4c20480db7c712a5c3fb6" @@ -399,6 +402,14 @@ "@babel/traverse" "^7.24.8" "@babel/types" "^7.24.8" +"@babel/helper-member-expression-to-functions@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.25.9.tgz#9dfffe46f727005a5ea29051ac835fb735e4c1a3" + integrity sha512-wbfdZ9w5vk0C0oyHqAJbc62+vet5prjj01jjJ8sKn3j9h3MQQlflEdXYvuqRWjHnM12coDEqiC1IRCi0U/EKwQ== + dependencies: + "@babel/traverse" "^7.25.9" + "@babel/types" "^7.25.9" + "@babel/helper-module-imports@^7.22.15": version "7.22.15" resolved "https://registry.yarnpkg.com/@babel/helper-module-imports/-/helper-module-imports-7.22.15.tgz#16146307acdc40cc00c3b2c647713076464bdbf0" @@ -414,16 +425,13 @@ "@babel/traverse" "^7.24.7" "@babel/types" "^7.24.7" -"@babel/helper-module-transforms@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz#d7d12c3c5d30af5b3c0fcab2a6d5217773e2d0f1" - integrity sha512-7bBs4ED9OmswdfDzpz4MpWgSrV7FXlc3zIagvLFjS5H+Mk7Snr21vQ6QwrsoCGMfNC4e4LQPdoULEt4ykz0SRQ== +"@babel/helper-module-imports@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-module-imports/-/helper-module-imports-7.25.9.tgz#e7f8d20602ebdbf9ebbea0a0751fb0f2a4141715" + integrity sha512-tnUA4RsrmflIM6W6RFTLFSXITtl0wKjgpnLgXyowocVPrbYrLUXSBXDgTs8BlbmIzIdlBySRQjINYs2BAkiLtw== dependencies: - "@babel/helper-environment-visitor" "^7.22.20" - "@babel/helper-module-imports" "^7.22.15" - "@babel/helper-simple-access" "^7.22.5" - "@babel/helper-split-export-declaration" "^7.22.6" - "@babel/helper-validator-identifier" "^7.22.20" + "@babel/traverse" "^7.25.9" + "@babel/types" "^7.25.9" "@babel/helper-module-transforms@^7.24.7", "@babel/helper-module-transforms@^7.24.8", "@babel/helper-module-transforms@^7.24.9", "@babel/helper-module-transforms@^7.25.0": version "7.25.0" @@ -435,12 +443,14 @@ "@babel/helper-validator-identifier" "^7.24.7" "@babel/traverse" "^7.25.0" -"@babel/helper-optimise-call-expression@^7.22.5": - version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.22.5.tgz#f21531a9ccbff644fdd156b4077c16ff0c3f609e" - integrity sha512-HBwaojN0xFRx4yIvpwGqxiV2tUfl7401jlok564NgB9EHS1y6QT17FmKWm4ztqjeVdXLuC4fSvHc5ePpQjoTbw== +"@babel/helper-module-transforms@^7.25.9", "@babel/helper-module-transforms@^7.26.0": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.26.0.tgz#8ce54ec9d592695e58d84cd884b7b5c6a2fdeeae" + integrity sha512-xO+xu6B5K2czEnQye6BHA7DolFFmS3LB7stHZFaOLb1pAwO1HWLS8fXA+eh0A2yIvltPVmx3eNNDBJA2SLHXFw== dependencies: - "@babel/types" "^7.22.5" + "@babel/helper-module-imports" "^7.25.9" + "@babel/helper-validator-identifier" "^7.25.9" + "@babel/traverse" "^7.25.9" "@babel/helper-optimise-call-expression@^7.24.7": version "7.24.7" @@ -449,7 +459,14 @@ dependencies: "@babel/types" "^7.24.7" -"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.22.5", "@babel/helper-plugin-utils@^7.24.0", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3": +"@babel/helper-optimise-call-expression@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.25.9.tgz#3324ae50bae7e2ab3c33f60c9a877b6a0146b54e" + integrity sha512-FIpuNaz5ow8VyrYcnXQTDRGvV6tTjkNtCK/RYNDXGSLlUD6cBuQTSw43CShGxjvfBTfcUA/r6UhUCbtYqkhcuQ== + dependencies: + "@babel/types" "^7.25.9" + +"@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.10.4", "@babel/helper-plugin-utils@^7.12.13", "@babel/helper-plugin-utils@^7.14.5", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.22.5", "@babel/helper-plugin-utils@^7.8.0", "@babel/helper-plugin-utils@^7.8.3": version "7.24.0" resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz#945681931a52f15ce879fd5b86ce2dae6d3d7f2a" integrity sha512-9cUznXMG0+FxRuJfvL82QlTqIzhVW9sL0KjMPHhAOOvpQGL8QtdxnBKILjBqxlHyliz0yCa1G903ZXI/FuHy2w== @@ -459,14 +476,10 @@ resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.8.tgz#94ee67e8ec0e5d44ea7baeb51e571bd26af07878" integrity sha512-FFWx5142D8h2Mgr/iPVGH5G7w6jDn4jUSpZTyDnQO0Yn7Ks2Kuz6Pci8H6MPCoUJegd/UZQ3tAvfLCxQSnWWwg== -"@babel/helper-remap-async-to-generator@^7.22.20": - version "7.22.20" - resolved "https://registry.yarnpkg.com/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.22.20.tgz#7b68e1cb4fa964d2996fd063723fb48eca8498e0" - integrity sha512-pBGyV4uBqOns+0UvhsTO8qgl8hO89PmiDYv+/COyp1aeMcmfrfruz+/nCMFiYyFF/Knn0yfrC85ZzNFjembFTw== - dependencies: - "@babel/helper-annotate-as-pure" "^7.22.5" - "@babel/helper-environment-visitor" "^7.22.20" - "@babel/helper-wrap-function" "^7.22.20" +"@babel/helper-plugin-utils@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.25.9.tgz#9cbdd63a9443a2c92a725cca7ebca12cc8dd9f46" + integrity sha512-kSMlyUVdWe25rEsRGviIgOWnoT/nfABVWlqt9N19/dIPWViAOW2s9wznP5tURbs/IDuNk4gPy3YdYRgH3uxhBw== "@babel/helper-remap-async-to-generator@^7.24.7", "@babel/helper-remap-async-to-generator@^7.25.0": version "7.25.0" @@ -477,14 +490,14 @@ "@babel/helper-wrap-function" "^7.25.0" "@babel/traverse" "^7.25.0" -"@babel/helper-replace-supers@^7.22.20": - version "7.22.20" - resolved "https://registry.yarnpkg.com/@babel/helper-replace-supers/-/helper-replace-supers-7.22.20.tgz#e37d367123ca98fe455a9887734ed2e16eb7a793" - integrity sha512-qsW0In3dbwQUbK8kejJ4R7IHVGwHJlV6lpG6UA7a9hSa2YEiAib+N1T2kr6PEeUT+Fl7najmSOS6SmAwCHK6Tw== +"@babel/helper-remap-async-to-generator@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.25.9.tgz#e53956ab3d5b9fb88be04b3e2f31b523afd34b92" + integrity sha512-IZtukuUeBbhgOcaW2s06OXTzVNJR0ybm4W5xC1opWFFJMZbwRj5LCk+ByYH7WdZPZTt8KnFwA8pvjN2yqcPlgw== dependencies: - "@babel/helper-environment-visitor" "^7.22.20" - "@babel/helper-member-expression-to-functions" "^7.22.15" - "@babel/helper-optimise-call-expression" "^7.22.5" + "@babel/helper-annotate-as-pure" "^7.25.9" + "@babel/helper-wrap-function" "^7.25.9" + "@babel/traverse" "^7.25.9" "@babel/helper-replace-supers@^7.24.7", "@babel/helper-replace-supers@^7.25.0": version "7.25.0" @@ -495,12 +508,14 @@ "@babel/helper-optimise-call-expression" "^7.24.7" "@babel/traverse" "^7.25.0" -"@babel/helper-simple-access@^7.22.5": - version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz#4938357dc7d782b80ed6dbb03a0fba3d22b1d5de" - integrity sha512-n0H99E/K+Bika3++WNL17POvo4rKWZ7lZEp1Q+fStVbUi8nxPQEBOlTmCOxW/0JsS56SKKQ+ojAe2pHKJHN35w== +"@babel/helper-replace-supers@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-replace-supers/-/helper-replace-supers-7.25.9.tgz#ba447224798c3da3f8713fc272b145e33da6a5c5" + integrity sha512-IiDqTOTBQy0sWyeXyGSC5TBJpGFXBkRynjBeXsvbhQFKj2viwJC76Epz35YLU1fpe/Am6Vppb7W7zM4fPQzLsQ== dependencies: - "@babel/types" "^7.22.5" + "@babel/helper-member-expression-to-functions" "^7.25.9" + "@babel/helper-optimise-call-expression" "^7.25.9" + "@babel/traverse" "^7.25.9" "@babel/helper-simple-access@^7.24.7": version "7.24.7" @@ -510,12 +525,13 @@ "@babel/traverse" "^7.24.7" "@babel/types" "^7.24.7" -"@babel/helper-skip-transparent-expression-wrappers@^7.22.5": - version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.22.5.tgz#007f15240b5751c537c40e77abb4e89eeaaa8847" - integrity sha512-tK14r66JZKiC43p8Ki33yLBVJKlQDFoA8GYN67lWCDCqoL6EMMSuM9b+Iff2jHaM/RRFYl7K+iiru7hbRqNx8Q== +"@babel/helper-simple-access@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-simple-access/-/helper-simple-access-7.25.9.tgz#6d51783299884a2c74618d6ef0f86820ec2e7739" + integrity sha512-c6WHXuiaRsJTyHYLJV75t9IqsmTbItYfdj99PnzYGQZkYKvan5/2jKJ7gu31J3/BJ/A18grImSPModuyG/Eo0Q== dependencies: - "@babel/types" "^7.22.5" + "@babel/traverse" "^7.25.9" + "@babel/types" "^7.25.9" "@babel/helper-skip-transparent-expression-wrappers@^7.24.7": version "7.24.7" @@ -525,12 +541,13 @@ "@babel/traverse" "^7.24.7" "@babel/types" "^7.24.7" -"@babel/helper-split-export-declaration@^7.22.6": - version "7.22.6" - resolved "https://registry.yarnpkg.com/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz#322c61b7310c0997fe4c323955667f18fcefb91c" - integrity sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g== +"@babel/helper-skip-transparent-expression-wrappers@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.25.9.tgz#0b2e1b62d560d6b1954893fd2b705dc17c91f0c9" + integrity sha512-K4Du3BFa3gvyhzgPcntrkDgZzQaq6uozzcpGbOO1OEJaI+EJdqWIMTLgFgQf6lrfiDFo5FU+BxKepI9RmZqahA== dependencies: - "@babel/types" "^7.22.5" + "@babel/traverse" "^7.25.9" + "@babel/types" "^7.25.9" "@babel/helper-string-parser@^7.23.4": version "7.23.4" @@ -542,6 +559,11 @@ resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.24.8.tgz#5b3329c9a58803d5df425e5785865881a81ca48d" integrity sha512-pO9KhhRcuUyGnJWwyEgnRJTSIZHiT+vMD0kPeD+so0l7mxkMT19g3pjY9GTnHySck/hDzq+dtW/4VgnMkippsQ== +"@babel/helper-string-parser@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz#1aabb72ee72ed35789b4bbcad3ca2862ce614e8c" + integrity sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA== + "@babel/helper-validator-identifier@^7.22.20": version "7.22.20" resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz#c4ae002c61d2879e724581d96665583dbc1dc0e0" @@ -552,6 +574,11 @@ resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.7.tgz#75b889cfaf9e35c2aaf42cf0d72c8e91719251db" integrity sha512-rR+PBcQ1SMQDDyF6X0wxtG8QyLCgUB0eRAGguqRLfkCA87l7yAP7ehq8SNj96OOGTO8OBV70KhuFYcIkHXOg0w== +"@babel/helper-validator-identifier@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz#24b64e2c3ec7cd3b3c547729b8d16871f22cbdc7" + integrity sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ== + "@babel/helper-validator-option@^7.22.15", "@babel/helper-validator-option@^7.23.5": version "7.23.5" resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.23.5.tgz#907a3fbd4523426285365d1206c423c4c5520307" @@ -562,14 +589,10 @@ resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.24.8.tgz#3725cdeea8b480e86d34df15304806a06975e33d" integrity sha512-xb8t9tD1MHLungh/AIoWYN+gVHaB9kwlu8gffXGSt3FFEIT7RjS+xWbc2vUD1UTZdIpKj/ab3rdqJ7ufngyi2Q== -"@babel/helper-wrap-function@^7.22.20": - version "7.22.20" - resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.22.20.tgz#15352b0b9bfb10fc9c76f79f6342c00e3411a569" - integrity sha512-pms/UwkOpnQe/PDAEdV/d7dVCoBbB+R4FvYoHGZz+4VPcg7RtYy2KP7S2lbuWM6FCSgob5wshfGESbC/hzNXZw== - dependencies: - "@babel/helper-function-name" "^7.22.5" - "@babel/template" "^7.22.15" - "@babel/types" "^7.22.19" +"@babel/helper-validator-option@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.25.9.tgz#86e45bd8a49ab7e03f276577f96179653d41da72" + integrity sha512-e/zv1co8pp55dNdEcCynfj9X7nyUKUXoUEwfXqaZt0omVOmDe9oOTdKStH4GmAw6zxMFs50ZayuMfHDKlO7Tfw== "@babel/helper-wrap-function@^7.25.0": version "7.25.0" @@ -580,14 +603,14 @@ "@babel/traverse" "^7.25.0" "@babel/types" "^7.25.0" -"@babel/helpers@^7.24.0": - version "7.24.0" - resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.24.0.tgz#a3dd462b41769c95db8091e49cfe019389a9409b" - integrity sha512-ulDZdc0Aj5uLc5nETsa7EPx2L7rM0YJM8r7ck7U73AXi7qOV44IHHRAYZHY6iU1rr3C5N4NtTmMRUJP6kwCWeA== +"@babel/helper-wrap-function@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.25.9.tgz#d99dfd595312e6c894bd7d237470025c85eea9d0" + integrity sha512-ETzz9UTjQSTmw39GboatdymDq4XIQbR8ySgVrylRhPOFpsd+JrKHIuF0de7GCWmem+T4uC5z7EZguod7Wj4A4g== dependencies: - "@babel/template" "^7.24.0" - "@babel/traverse" "^7.24.0" - "@babel/types" "^7.24.0" + "@babel/template" "^7.25.9" + "@babel/traverse" "^7.25.9" + "@babel/types" "^7.25.9" "@babel/helpers@^7.24.8": version "7.25.0" @@ -597,6 +620,14 @@ "@babel/template" "^7.25.0" "@babel/types" "^7.25.0" +"@babel/helpers@^7.26.0": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.26.0.tgz#30e621f1eba5aa45fe6f4868d2e9154d884119a4" + integrity sha512-tbhNuIxNcVb21pInl3ZSjksLCvgdZy9KwJ8brv993QtIVKJBBkYXz4q4ZbAv31GdnC+R90np23L5FbEBlthAEw== + dependencies: + "@babel/template" "^7.25.9" + "@babel/types" "^7.26.0" + "@babel/highlight@^7.23.4": version "7.23.4" resolved "https://registry.yarnpkg.com/@babel/highlight/-/highlight-7.23.4.tgz#edaadf4d8232e1a961432db785091207ead0621b" @@ -616,16 +647,18 @@ js-tokens "^4.0.0" picocolors "^1.0.0" -"@babel/parser@^7.24.0": - version "7.24.0" - resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.24.0.tgz#26a3d1ff49031c53a97d03b604375f028746a9ac" - integrity sha512-QuP/FxEAzMSjXygs8v4N9dvdXzEHN4W1oF3PxuWAtPo08UdM17u89RDMgjLn/mlc56iM0HlLmVkO/wgR+rDgHg== - "@babel/parser@^7.24.8", "@babel/parser@^7.25.0": version "7.25.0" resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.25.0.tgz#9fdc9237504d797b6e7b8f66e78ea7f570d256ad" integrity sha512-CzdIU9jdP0dg7HdyB+bHvDJGagUv+qtzZt5rYCWwW6tITNqV9odjp6Qu41gkG0ca5UfdDUWrKkiAnHHdGRnOrA== +"@babel/parser@^7.25.9", "@babel/parser@^7.26.0", "@babel/parser@^7.26.2": + version "7.26.2" + resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.26.2.tgz#fd7b6f487cfea09889557ef5d4eeb9ff9a5abd11" + integrity sha512-DWMCZH9WA4Maitz2q21SRKHo9QXZxkDsbNZoVD62gusNtNBBqDg9i7uOhASfTfIGNzW+O+r7+jAlM8dwphcJKQ== + dependencies: + "@babel/types" "^7.26.0" + "@babel/plugin-bugfix-firefox-class-in-computed-class-key@^7.25.0": version "7.25.0" resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.25.0.tgz#328275f22d809b962978d998c6eba22a233ac8aa" @@ -634,6 +667,14 @@ "@babel/helper-plugin-utils" "^7.24.8" "@babel/traverse" "^7.25.0" +"@babel/plugin-bugfix-firefox-class-in-computed-class-key@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.25.9.tgz#cc2e53ebf0a0340777fff5ed521943e253b4d8fe" + integrity sha512-ZkRyVkThtxQ/J6nv3JFYv1RYY+JT5BvU0y3k5bWrmuG4woXypRa4PXmm9RhOwodRkYFWqC0C0cqcJ4OqR7kW+g== + dependencies: + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/traverse" "^7.25.9" + "@babel/plugin-bugfix-safari-class-field-initializer-scope@^7.25.0": version "7.25.0" resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-class-field-initializer-scope/-/plugin-bugfix-safari-class-field-initializer-scope-7.25.0.tgz#cd0c583e01369ef51676bdb3d7b603e17d2b3f73" @@ -641,12 +682,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.8" -"@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.23.3.tgz#5cd1c87ba9380d0afb78469292c954fee5d2411a" - integrity sha512-iRkKcCqb7iGnq9+3G6rZ+Ciz5VywC4XNRHe57lKM+jOeYAoR0lVqdeeDRfh0tQcTfw/+vBhHn926FmQhLtlFLQ== +"@babel/plugin-bugfix-safari-class-field-initializer-scope@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-class-field-initializer-scope/-/plugin-bugfix-safari-class-field-initializer-scope-7.25.9.tgz#af9e4fb63ccb8abcb92375b2fcfe36b60c774d30" + integrity sha512-MrGRLZxLD/Zjj0gdU15dfs+HH/OXvnw/U4jJD8vpcP2CJQapPEv1IWwjc/qMg7ItBlPwSv1hRBbb7LeuANdcnw== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.25.0": version "7.25.0" @@ -655,14 +696,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.8" -"@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.23.3.tgz#f6652bb16b94f8f9c20c50941e16e9756898dc5d" - integrity sha512-WwlxbfMNdVEpQjZmK5mhm7oSwD3dS6eU+Iwsi4Knl9wAletWem7kaRsGOG+8UEbRyqxY4SS5zvtfXwX+jMxUwQ== +"@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.25.9.tgz#e8dc26fcd616e6c5bf2bd0d5a2c151d4f92a9137" + integrity sha512-2qUwwfAFpJLZqxd02YW9btUCZHl+RFvdDkNfZwaIJrvB8Tesjsk8pEQkTvGwZXLqXUx/2oyY3ySRhm6HOXuCug== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/helper-skip-transparent-expression-wrappers" "^7.22.5" - "@babel/plugin-transform-optional-chaining" "^7.23.3" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@^7.24.7": version "7.24.7" @@ -673,13 +712,14 @@ "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7" "@babel/plugin-transform-optional-chaining" "^7.24.7" -"@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@^7.23.7": - version "7.23.7" - resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.23.7.tgz#516462a95d10a9618f197d39ad291a9b47ae1d7b" - integrity sha512-LlRT7HgaifEpQA1ZgLVOIJZZFVPWN5iReq/7/JixwBtwcoeVGDBD53ZV28rrsLYOZs1Y/EHhA8N/Z6aazHR8cw== +"@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.25.9.tgz#807a667f9158acac6f6164b4beb85ad9ebc9e1d1" + integrity sha512-6xWgLZTJXwilVjlnV7ospI3xi+sl8lN8rXXbBD6vYn3UYDlGsag8wrZkKcSI8G6KgqKP7vNFaDgeDnfAABq61g== dependencies: - "@babel/helper-environment-visitor" "^7.22.20" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-skip-transparent-expression-wrappers" "^7.25.9" + "@babel/plugin-transform-optional-chaining" "^7.25.9" "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@^7.25.0": version "7.25.0" @@ -689,6 +729,14 @@ "@babel/helper-plugin-utils" "^7.24.8" "@babel/traverse" "^7.25.0" +"@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.25.9.tgz#de7093f1e7deaf68eadd7cc6b07f2ab82543269e" + integrity sha512-aLnMXYPnzwwqhYSCyXfKkIkYgJ8zv9RK+roo9DkTXz38ynIhd9XCbN08s3MGvqL2MYGVUGdRQLL/JqBIeJhJBg== + dependencies: + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/traverse" "^7.25.9" + "@babel/plugin-proposal-private-property-in-object@7.21.0-placeholder-for-preset-env.2": version "7.21.0-placeholder-for-preset-env.2" resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz#7844f9289546efa9febac2de4cfe358a050bd703" @@ -729,13 +777,6 @@ dependencies: "@babel/helper-plugin-utils" "^7.8.3" -"@babel/plugin-syntax-import-assertions@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.23.3.tgz#9c05a7f592982aff1a2768260ad84bcd3f0c77fc" - integrity sha512-lPgDSU+SJLK3xmFDTV2ZRQAiM7UuUjGidwBywFavObCiZc1BeAAcMtHJKUya92hPHO+at63JJPLygilZard8jw== - dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-import-assertions@^7.24.7": version "7.24.7" resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.24.7.tgz#2a0b406b5871a20a841240586b1300ce2088a778" @@ -743,12 +784,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-syntax-import-attributes@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.23.3.tgz#992aee922cf04512461d7dae3ff6951b90a2dc06" - integrity sha512-pawnE0P9g10xgoP7yKr6CK63K2FMsTE+FZidZO/1PwRdzmAPVs+HS1mAURUsgaoxammTJvULUdIkEK0gOcU2tA== +"@babel/plugin-syntax-import-assertions@^7.26.0": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.26.0.tgz#620412405058efa56e4a564903b79355020f445f" + integrity sha512-QCWT5Hh830hK5EQa7XzuqIkQU9tT/whqbDz7kuaZMHFl1inRRg7JnuAEOQ0Ur0QUl0NufCk1msK2BeY79Aj/eg== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-syntax-import-attributes@^7.24.7": version "7.24.7" @@ -757,6 +798,13 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" +"@babel/plugin-syntax-import-attributes@^7.26.0": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.26.0.tgz#3b1412847699eea739b4f2602c74ce36f6b0b0f7" + integrity sha512-e2dttdsJ1ZTpi3B9UYGLw41hifAubg19AtCu/2I/F1QNVclOBr1dYpTdmdyZ84Xiz43BS/tCUkMAZNLv12Pi+A== + dependencies: + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/plugin-syntax-import-meta@^7.10.4": version "7.10.4" resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz#ee601348c370fa334d2207be158777496521fd51" @@ -785,6 +833,13 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" +"@babel/plugin-syntax-jsx@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.25.9.tgz#a34313a178ea56f1951599b929c1ceacee719290" + integrity sha512-ld6oezHQMZsZfp6pWtbjaNDF2tiiCYYDqQszHt5VV437lewP9aSi2Of99CK0D0XB21k7FLgnLcmQKyKzynfeAA== + dependencies: + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/plugin-syntax-logical-assignment-operators@^7.10.4": version "7.10.4" resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz#ca91ef46303530448b906652bac2e9fe9941f699" @@ -841,13 +896,6 @@ dependencies: "@babel/helper-plugin-utils" "^7.14.5" -"@babel/plugin-syntax-typescript@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.23.3.tgz#24f460c85dbbc983cd2b9c4994178bcc01df958f" - integrity sha512-9EiNjVJOMwCO+43TqoTrgQ8jMwcAd0sWyXi9RPfIsLTj4R2MADDDQXELhffaUx/uJv2AYcxBgPwH6j4TIA4ytQ== - dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-typescript@^7.24.7": version "7.24.7" resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.7.tgz#58d458271b4d3b6bb27ee6ac9525acbb259bad1c" @@ -855,6 +903,13 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" +"@babel/plugin-syntax-typescript@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.25.9.tgz#67dda2b74da43727cf21d46cf9afef23f4365399" + integrity sha512-hjMgRy5hb8uJJjUcdWunWVcoi9bGpJp8p5Ol1229PoN6aytsLwNMgmdftO23wnCLMfVmTwZDWMPNq/D1SY60JQ== + dependencies: + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/plugin-syntax-unicode-sets-regex@^7.18.6": version "7.18.6" resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz#d49a3b3e6b52e5be6740022317580234a6a47357" @@ -863,13 +918,6 @@ "@babel/helper-create-regexp-features-plugin" "^7.18.6" "@babel/helper-plugin-utils" "^7.18.6" -"@babel/plugin-transform-arrow-functions@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.23.3.tgz#94c6dcfd731af90f27a79509f9ab7fb2120fc38b" - integrity sha512-NzQcQrzaQPkaEwoTm4Mhyl8jI1huEL/WWIEvudjTCMJ9aBZNpsJbMASx7EQECtQQPS/DcnFpo0FIh3LvEO9cxQ== - dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-transform-arrow-functions@^7.24.7": version "7.24.7" resolved "https://registry.yarnpkg.com/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.24.7.tgz#4f6886c11e423bd69f3ce51dbf42424a5f275514" @@ -877,15 +925,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-async-generator-functions@^7.23.9": - version "7.23.9" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.23.9.tgz#9adaeb66fc9634a586c5df139c6240d41ed801ce" - integrity sha512-8Q3veQEDGe14dTYuwagbRtwxQDnytyg1JFu4/HwEMETeofocrB0U0ejBJIXoeG/t2oXZ8kzCyI0ZZfbT80VFNQ== +"@babel/plugin-transform-arrow-functions@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.25.9.tgz#7821d4410bee5daaadbb4cdd9a6649704e176845" + integrity sha512-6jmooXYIwn9ca5/RylZADJ+EnSxVUS5sjeJ9UPk6RWRzXCmOJCy6dqItPJFpw2cuCangPK4OYr5uhGKcmrm5Qg== dependencies: - "@babel/helper-environment-visitor" "^7.22.20" - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/helper-remap-async-to-generator" "^7.22.20" - "@babel/plugin-syntax-async-generators" "^7.8.4" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-async-generator-functions@^7.25.0": version "7.25.0" @@ -897,14 +942,14 @@ "@babel/plugin-syntax-async-generators" "^7.8.4" "@babel/traverse" "^7.25.0" -"@babel/plugin-transform-async-to-generator@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.23.3.tgz#d1f513c7a8a506d43f47df2bf25f9254b0b051fa" - integrity sha512-A7LFsKi4U4fomjqXJlZg/u0ft/n8/7n7lpffUP/ZULx/DtV9SGlNKZolHH6PE8Xl1ngCc0M11OaeZptXVkfKSw== +"@babel/plugin-transform-async-generator-functions@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.25.9.tgz#1b18530b077d18a407c494eb3d1d72da505283a2" + integrity sha512-RXV6QAzTBbhDMO9fWwOmwwTuYaiPbggWQ9INdZqAYeSHyG7FzQ+nOZaUUjNwKv9pV3aE4WFqFm1Hnbci5tBCAw== dependencies: - "@babel/helper-module-imports" "^7.22.15" - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/helper-remap-async-to-generator" "^7.22.20" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-remap-async-to-generator" "^7.25.9" + "@babel/traverse" "^7.25.9" "@babel/plugin-transform-async-to-generator@^7.24.7": version "7.24.7" @@ -915,12 +960,14 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/helper-remap-async-to-generator" "^7.24.7" -"@babel/plugin-transform-block-scoped-functions@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.23.3.tgz#fe1177d715fb569663095e04f3598525d98e8c77" - integrity sha512-vI+0sIaPIO6CNuM9Kk5VmXcMVRiOpDh7w2zZt9GXzmE/9KD70CUEVhvPR/etAeNK/FAEkhxQtXOzVF3EuRL41A== +"@babel/plugin-transform-async-to-generator@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.25.9.tgz#c80008dacae51482793e5a9c08b39a5be7e12d71" + integrity sha512-NT7Ejn7Z/LjUH0Gv5KsBCxh7BH3fbLTV0ptHvpeMvrt3cPThHfJfst9Wrb7S8EvJ7vRTFI7z+VAvFVEQn/m5zQ== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-module-imports" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-remap-async-to-generator" "^7.25.9" "@babel/plugin-transform-block-scoped-functions@^7.24.7": version "7.24.7" @@ -929,12 +976,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-block-scoping@^7.23.4": - version "7.23.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.23.4.tgz#b2d38589531c6c80fbe25e6b58e763622d2d3cf5" - integrity sha512-0QqbP6B6HOh7/8iNR4CQU2Th/bbRtBp4KS9vcaZd1fZ0wSh5Fyssg0UCIHwxh+ka+pNDREbVLQnHCMHKZfPwfw== +"@babel/plugin-transform-block-scoped-functions@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.25.9.tgz#5700691dbd7abb93de300ca7be94203764fce458" + integrity sha512-toHc9fzab0ZfenFpsyYinOX0J/5dgJVA2fm64xPewu7CoYHWEivIWKxkK2rMi4r3yQqLnVmheMXRdG+k239CgA== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-block-scoping@^7.25.0": version "7.25.0" @@ -943,13 +990,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.8" -"@babel/plugin-transform-class-properties@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.23.3.tgz#35c377db11ca92a785a718b6aa4e3ed1eb65dc48" - integrity sha512-uM+AN8yCIjDPccsKGlw271xjJtGii+xQIF/uMPS8H15L12jZTsLfF4o5vNO7d/oUguOyfdikHGc/yi9ge4SGIg== +"@babel/plugin-transform-block-scoping@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.25.9.tgz#c33665e46b06759c93687ca0f84395b80c0473a1" + integrity sha512-1F05O7AYjymAtqbsFETboN1NvBdcnzMerO+zlMyJBEz6WkMdejvGWw9p05iTSjC85RLlBseHHQpYaM4gzJkBGg== dependencies: - "@babel/helper-create-class-features-plugin" "^7.22.15" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-class-properties@^7.24.7": version "7.24.7" @@ -959,14 +1005,13 @@ "@babel/helper-create-class-features-plugin" "^7.24.7" "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-class-static-block@^7.23.4": - version "7.23.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.23.4.tgz#2a202c8787a8964dd11dfcedf994d36bfc844ab5" - integrity sha512-nsWu/1M+ggti1SOALj3hfx5FXzAY06fwPJsUZD4/A5e1bWi46VUIWtD+kOX6/IdhXGsXBWllLFDSnqSCdUNydQ== +"@babel/plugin-transform-class-properties@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.25.9.tgz#a8ce84fedb9ad512549984101fa84080a9f5f51f" + integrity sha512-bbMAII8GRSkcd0h0b4X+36GksxuheLFjP65ul9w6C3KgAamI3JqErNgSrosX6ZPj+Mpim5VvEbawXxJCyEUV3Q== dependencies: - "@babel/helper-create-class-features-plugin" "^7.22.15" - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-class-static-block" "^7.14.5" + "@babel/helper-create-class-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-class-static-block@^7.24.7": version "7.24.7" @@ -977,19 +1022,13 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/plugin-syntax-class-static-block" "^7.14.5" -"@babel/plugin-transform-classes@^7.23.8": - version "7.23.8" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.23.8.tgz#d08ae096c240347badd68cdf1b6d1624a6435d92" - integrity sha512-yAYslGsY1bX6Knmg46RjiCiNSwJKv2IUC8qOdYKqMMr0491SXFhcHqOdRDeCRohOOIzwN/90C6mQ9qAKgrP7dg== +"@babel/plugin-transform-class-static-block@^7.26.0": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.26.0.tgz#6c8da219f4eb15cae9834ec4348ff8e9e09664a0" + integrity sha512-6J2APTs7BDDm+UMqP1useWqhcRAXo0WIoVj26N7kPFB6S73Lgvyka4KTZYIxtgYXiN5HTyRObA72N2iu628iTQ== dependencies: - "@babel/helper-annotate-as-pure" "^7.22.5" - "@babel/helper-compilation-targets" "^7.23.6" - "@babel/helper-environment-visitor" "^7.22.20" - "@babel/helper-function-name" "^7.23.0" - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/helper-replace-supers" "^7.22.20" - "@babel/helper-split-export-declaration" "^7.22.6" - globals "^11.1.0" + "@babel/helper-create-class-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-classes@^7.25.0": version "7.25.0" @@ -1003,13 +1042,17 @@ "@babel/traverse" "^7.25.0" globals "^11.1.0" -"@babel/plugin-transform-computed-properties@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.23.3.tgz#652e69561fcc9d2b50ba4f7ac7f60dcf65e86474" - integrity sha512-dTj83UVTLw/+nbiHqQSFdwO9CbTtwq1DsDqm3CUEtDrZNET5rT5E6bIdTlOftDTDLMYxvxHNEYO4B9SLl8SLZw== +"@babel/plugin-transform-classes@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.25.9.tgz#7152457f7880b593a63ade8a861e6e26a4469f52" + integrity sha512-mD8APIXmseE7oZvZgGABDyM34GUmK45Um2TXiBUt7PnuAxrgoSVf123qUzPxEr/+/BHrRn5NMZCdE2m/1F8DGg== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/template" "^7.22.15" + "@babel/helper-annotate-as-pure" "^7.25.9" + "@babel/helper-compilation-targets" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-replace-supers" "^7.25.9" + "@babel/traverse" "^7.25.9" + globals "^11.1.0" "@babel/plugin-transform-computed-properties@^7.24.7": version "7.24.7" @@ -1019,12 +1062,13 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/template" "^7.24.7" -"@babel/plugin-transform-destructuring@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.23.3.tgz#8c9ee68228b12ae3dff986e56ed1ba4f3c446311" - integrity sha512-n225npDqjDIr967cMScVKHXJs7rout1q+tt50inyBCPkyZ8KxeI6d+GIbSBTT/w/9WdlWDOej3V9HE5Lgk57gw== +"@babel/plugin-transform-computed-properties@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.25.9.tgz#db36492c78460e534b8852b1d5befe3c923ef10b" + integrity sha512-HnBegGqXZR12xbcTHlJ9HGxw1OniltT26J5YpfruGqtUHlz/xKf/G2ak9e+t0rVqrjXa9WOhvYPz1ERfMj23AA== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/template" "^7.25.9" "@babel/plugin-transform-destructuring@^7.24.8": version "7.24.8" @@ -1033,13 +1077,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.8" -"@babel/plugin-transform-dotall-regex@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.23.3.tgz#3f7af6054882ede89c378d0cf889b854a993da50" - integrity sha512-vgnFYDHAKzFaTVp+mneDsIEbnJ2Np/9ng9iviHw3P/KVcgONxpNULEW/51Z/BaFojG2GI2GwwXck5uV1+1NOYQ== +"@babel/plugin-transform-destructuring@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.25.9.tgz#966ea2595c498224340883602d3cfd7a0c79cea1" + integrity sha512-WkCGb/3ZxXepmMiX101nnGiU+1CAdut8oHyEOHxkKuS1qKpU2SMXE2uSvfz8PBuLd49V6LEsbtyPhWC7fnkgvQ== dependencies: - "@babel/helper-create-regexp-features-plugin" "^7.22.15" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-dotall-regex@^7.24.7": version "7.24.7" @@ -1049,12 +1092,13 @@ "@babel/helper-create-regexp-features-plugin" "^7.24.7" "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-duplicate-keys@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.23.3.tgz#664706ca0a5dfe8d066537f99032fc1dc8b720ce" - integrity sha512-RrqQ+BQmU3Oyav3J+7/myfvRCq7Tbz+kKLLshUmMwNlDHExbGL7ARhajvoBJEvc+fCguPPu887N+3RRXBVKZUA== +"@babel/plugin-transform-dotall-regex@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.25.9.tgz#bad7945dd07734ca52fe3ad4e872b40ed09bb09a" + integrity sha512-t7ZQ7g5trIgSRYhI9pIJtRl64KHotutUJsh4Eze5l7olJv+mRSg4/MmbZ0tv1eeqRbdvo/+trvJD/Oc5DmW2cA== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-create-regexp-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-duplicate-keys@^7.24.7": version "7.24.7" @@ -1063,6 +1107,13 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" +"@babel/plugin-transform-duplicate-keys@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.25.9.tgz#8850ddf57dce2aebb4394bb434a7598031059e6d" + integrity sha512-LZxhJ6dvBb/f3x8xwWIuyiAHy56nrRG3PeYTpBkkzkYRRQ6tJLu68lEF5VIqMUZiAV7a8+Tb78nEoMCMcqjXBw== + dependencies: + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/plugin-transform-duplicate-named-capturing-groups-regex@^7.25.0": version "7.25.0" resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-named-capturing-groups-regex/-/plugin-transform-duplicate-named-capturing-groups-regex-7.25.0.tgz#809af7e3339466b49c034c683964ee8afb3e2604" @@ -1071,13 +1122,13 @@ "@babel/helper-create-regexp-features-plugin" "^7.25.0" "@babel/helper-plugin-utils" "^7.24.8" -"@babel/plugin-transform-dynamic-import@^7.23.4": - version "7.23.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.23.4.tgz#c7629e7254011ac3630d47d7f34ddd40ca535143" - integrity sha512-V6jIbLhdJK86MaLh4Jpghi8ho5fGzt3imHOBu/x0jlBaPYqDoWz4RDXjmMOfnh+JWNaQleEAByZLV0QzBT4YQQ== +"@babel/plugin-transform-duplicate-named-capturing-groups-regex@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-named-capturing-groups-regex/-/plugin-transform-duplicate-named-capturing-groups-regex-7.25.9.tgz#6f7259b4de127721a08f1e5165b852fcaa696d31" + integrity sha512-0UfuJS0EsXbRvKnwcLjFtJy/Sxc5J5jhLHnFhy7u4zih97Hz6tJkLU+O+FMMrNZrosUPxDi6sYxJ/EA8jDiAog== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-dynamic-import" "^7.8.3" + "@babel/helper-create-regexp-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-dynamic-import@^7.24.7": version "7.24.7" @@ -1087,13 +1138,12 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/plugin-syntax-dynamic-import" "^7.8.3" -"@babel/plugin-transform-exponentiation-operator@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.23.3.tgz#ea0d978f6b9232ba4722f3dbecdd18f450babd18" - integrity sha512-5fhCsl1odX96u7ILKHBj4/Y8vipoqwsJMh4csSA8qFfxrZDEA4Ssku2DyNvMJSmZNOEBT750LfFPbtrnTP90BQ== +"@babel/plugin-transform-dynamic-import@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.25.9.tgz#23e917de63ed23c6600c5dd06d94669dce79f7b8" + integrity sha512-GCggjexbmSLaFhqsojeugBpeaRIgWNTcgKVq/0qIteFEqY2A+b9QidYadrWlnbWQUrW5fn+mCvf3tr7OeBFTyg== dependencies: - "@babel/helper-builder-binary-assignment-operator-visitor" "^7.22.15" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-exponentiation-operator@^7.24.7": version "7.24.7" @@ -1103,13 +1153,13 @@ "@babel/helper-builder-binary-assignment-operator-visitor" "^7.24.7" "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-export-namespace-from@^7.23.4": - version "7.23.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.23.4.tgz#084c7b25e9a5c8271e987a08cf85807b80283191" - integrity sha512-GzuSBcKkx62dGzZI1WVgTWvkkz84FZO5TC5T8dl/Tht/rAla6Dg/Mz9Yhypg+ezVACf/rgDuQt3kbWEv7LdUDQ== +"@babel/plugin-transform-exponentiation-operator@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.25.9.tgz#ece47b70d236c1d99c263a1e22b62dc20a4c8b0f" + integrity sha512-KRhdhlVk2nObA5AYa7QMgTMTVJdfHprfpAk4DjZVtllqRg9qarilstTKEhpVjyt+Npi8ThRyiV8176Am3CodPA== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-export-namespace-from" "^7.8.3" + "@babel/helper-builder-binary-assignment-operator-visitor" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-export-namespace-from@^7.24.7": version "7.24.7" @@ -1119,13 +1169,12 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/plugin-syntax-export-namespace-from" "^7.8.3" -"@babel/plugin-transform-for-of@^7.23.6": - version "7.23.6" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.23.6.tgz#81c37e24171b37b370ba6aaffa7ac86bcb46f94e" - integrity sha512-aYH4ytZ0qSuBbpfhuofbg/e96oQ7U2w1Aw/UQmKT+1l39uEhUPoFS3fHevDc1G0OvewyDudfMKY1OulczHzWIw== +"@babel/plugin-transform-export-namespace-from@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.25.9.tgz#90745fe55053394f554e40584cda81f2c8a402a2" + integrity sha512-2NsEz+CxzJIVOPx2o9UsW1rXLqtChtLoVnwYHHiB04wS5sgn7mrV45fWMBX0Kk+ub9uXytVYfNP2HjbVbCB3Ww== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/helper-skip-transparent-expression-wrappers" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-for-of@^7.24.7": version "7.24.7" @@ -1135,14 +1184,13 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7" -"@babel/plugin-transform-function-name@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.23.3.tgz#8f424fcd862bf84cb9a1a6b42bc2f47ed630f8dc" - integrity sha512-I1QXp1LxIvt8yLaib49dRW5Okt7Q4oaxao6tFVKS/anCdEOMtYwWVKoiOA1p34GOWIZjUK0E+zCp7+l1pfQyiw== +"@babel/plugin-transform-for-of@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.25.9.tgz#4bdc7d42a213397905d89f02350c5267866d5755" + integrity sha512-LqHxduHoaGELJl2uhImHwRQudhCM50pT46rIBNvtT/Oql3nqiS3wOwP+5ten7NpYSXrrVLgtZU3DZmPtWZo16A== dependencies: - "@babel/helper-compilation-targets" "^7.22.15" - "@babel/helper-function-name" "^7.23.0" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-skip-transparent-expression-wrappers" "^7.25.9" "@babel/plugin-transform-function-name@^7.25.0": version "7.25.0" @@ -1153,13 +1201,14 @@ "@babel/helper-plugin-utils" "^7.24.8" "@babel/traverse" "^7.25.0" -"@babel/plugin-transform-json-strings@^7.23.4": - version "7.23.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.23.4.tgz#a871d9b6bd171976efad2e43e694c961ffa3714d" - integrity sha512-81nTOqM1dMwZ/aRXQ59zVubN9wHGqk6UtqRK+/q+ciXmRy8fSolhGVvG09HHRGo4l6fr/c4ZhXUQH0uFW7PZbg== +"@babel/plugin-transform-function-name@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.25.9.tgz#939d956e68a606661005bfd550c4fc2ef95f7b97" + integrity sha512-8lP+Yxjv14Vc5MuWBpJsoUCd3hD6V9DgBon2FVYL4jJgbnVQ9fTgYmonchzZJOVNgzEgbxp4OwAf6xz6M/14XA== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-json-strings" "^7.8.3" + "@babel/helper-compilation-targets" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/traverse" "^7.25.9" "@babel/plugin-transform-json-strings@^7.24.7": version "7.24.7" @@ -1169,12 +1218,12 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/plugin-syntax-json-strings" "^7.8.3" -"@babel/plugin-transform-literals@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-literals/-/plugin-transform-literals-7.23.3.tgz#8214665f00506ead73de157eba233e7381f3beb4" - integrity sha512-wZ0PIXRxnwZvl9AYpqNUxpZ5BiTGrYt7kueGQ+N5FiQ7RCOD4cm8iShd6S6ggfVIWaJf2EMk8eRzAh52RfP4rQ== +"@babel/plugin-transform-json-strings@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.25.9.tgz#c86db407cb827cded902a90c707d2781aaa89660" + integrity sha512-xoTMk0WXceiiIvsaquQQUaLLXSW1KJ159KP87VilruQm0LNNGxWzahxSS6T6i4Zg3ezp4vA4zuwiNUR53qmQAw== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-literals@^7.24.7": version "7.24.7" @@ -1183,13 +1232,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-logical-assignment-operators@^7.23.4": - version "7.23.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.23.4.tgz#e599f82c51d55fac725f62ce55d3a0886279ecb5" - integrity sha512-Mc/ALf1rmZTP4JKKEhUwiORU+vcfarFVLfcFiolKUo6sewoxSEgl36ak5t+4WamRsNr6nzjZXQjM35WsU+9vbg== +"@babel/plugin-transform-literals@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-literals/-/plugin-transform-literals-7.25.9.tgz#1a1c6b4d4aa59bc4cad5b6b3a223a0abd685c9de" + integrity sha512-9N7+2lFziW8W9pBl2TzaNht3+pgMIRP74zizeCSrtnSKVdUl8mAjjOP2OOVQAfZ881P2cNjDj1uAMEdeD50nuQ== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-logical-assignment-operators" "^7.10.4" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-logical-assignment-operators@^7.24.7": version "7.24.7" @@ -1199,12 +1247,12 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/plugin-syntax-logical-assignment-operators" "^7.10.4" -"@babel/plugin-transform-member-expression-literals@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.23.3.tgz#e37b3f0502289f477ac0e776b05a833d853cabcc" - integrity sha512-sC3LdDBDi5x96LA+Ytekz2ZPk8i/Ck+DEuDbRAll5rknJ5XRTSaPKEYwomLcs1AA8wg9b3KjIQRsnApj+q51Ag== +"@babel/plugin-transform-logical-assignment-operators@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.25.9.tgz#b19441a8c39a2fda0902900b306ea05ae1055db7" + integrity sha512-wI4wRAzGko551Y8eVf6iOY9EouIDTtPb0ByZx+ktDGHwv6bHFimrgJM/2T021txPZ2s4c7bqvHbd+vXG6K948Q== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-member-expression-literals@^7.24.7": version "7.24.7" @@ -1213,13 +1261,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-modules-amd@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.23.3.tgz#e19b55436a1416829df0a1afc495deedfae17f7d" - integrity sha512-vJYQGxeKM4t8hYCKVBlZX/gtIY2I7mRGFNcm85sgXGMTBcoV3QdVtdpbcWEbzbfUIUZKwvgFT82mRvaQIebZzw== +"@babel/plugin-transform-member-expression-literals@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.25.9.tgz#63dff19763ea64a31f5e6c20957e6a25e41ed5de" + integrity sha512-PYazBVfofCQkkMzh2P6IdIUaCEWni3iYEerAsRWuVd8+jlM1S9S9cz1dF9hIzyoZ8IA3+OwVYIp9v9e+GbgZhA== dependencies: - "@babel/helper-module-transforms" "^7.23.3" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-modules-amd@^7.24.7": version "7.24.7" @@ -1229,14 +1276,13 @@ "@babel/helper-module-transforms" "^7.24.7" "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-modules-commonjs@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.23.3.tgz#661ae831b9577e52be57dd8356b734f9700b53b4" - integrity sha512-aVS0F65LKsdNOtcz6FRCpE4OgsP2OFnW46qNxNIX9h3wuzaNcSQsJysuMwqSibC98HPrf2vCgtxKNwS0DAlgcA== +"@babel/plugin-transform-modules-amd@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.25.9.tgz#49ba478f2295101544abd794486cd3088dddb6c5" + integrity sha512-g5T11tnI36jVClQlMlt4qKDLlWnG5pP9CSM4GhdRciTNMRgkfpo5cR6b4rGIOYPgRRuFAvwjPQ/Yk+ql4dyhbw== dependencies: - "@babel/helper-module-transforms" "^7.23.3" - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/helper-simple-access" "^7.22.5" + "@babel/helper-module-transforms" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-modules-commonjs@^7.24.7", "@babel/plugin-transform-modules-commonjs@^7.24.8": version "7.24.8" @@ -1247,15 +1293,14 @@ "@babel/helper-plugin-utils" "^7.24.8" "@babel/helper-simple-access" "^7.24.7" -"@babel/plugin-transform-modules-systemjs@^7.23.9": - version "7.23.9" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.23.9.tgz#105d3ed46e4a21d257f83a2f9e2ee4203ceda6be" - integrity sha512-KDlPRM6sLo4o1FkiSlXoAa8edLXFsKKIda779fbLrvmeuc3itnjCtaO6RrtoaANsIJANj+Vk1zqbZIMhkCAHVw== +"@babel/plugin-transform-modules-commonjs@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.25.9.tgz#d165c8c569a080baf5467bda88df6425fc060686" + integrity sha512-dwh2Ol1jWwL2MgkCzUSOvfmKElqQcuswAZypBSUsScMXvgdT8Ekq5YA6TtqpTVWH+4903NmboMuH1o9i8Rxlyg== dependencies: - "@babel/helper-hoist-variables" "^7.22.5" - "@babel/helper-module-transforms" "^7.23.3" - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/helper-validator-identifier" "^7.22.20" + "@babel/helper-module-transforms" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-simple-access" "^7.25.9" "@babel/plugin-transform-modules-systemjs@^7.25.0": version "7.25.0" @@ -1267,13 +1312,15 @@ "@babel/helper-validator-identifier" "^7.24.7" "@babel/traverse" "^7.25.0" -"@babel/plugin-transform-modules-umd@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.23.3.tgz#5d4395fccd071dfefe6585a4411aa7d6b7d769e9" - integrity sha512-zHsy9iXX2nIsCBFPud3jKn1IRPWg3Ing1qOZgeKV39m1ZgIdpJqvlWVeiHBZC6ITRG0MfskhYe9cLgntfSFPIg== +"@babel/plugin-transform-modules-systemjs@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.25.9.tgz#8bd1b43836269e3d33307151a114bcf3ba6793f8" + integrity sha512-hyss7iIlH/zLHaehT+xwiymtPOpsiwIIRlCAOwBB04ta5Tt+lNItADdlXw3jAWZ96VJ2jlhl/c+PNIQPKNfvcA== dependencies: - "@babel/helper-module-transforms" "^7.23.3" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-module-transforms" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-validator-identifier" "^7.25.9" + "@babel/traverse" "^7.25.9" "@babel/plugin-transform-modules-umd@^7.24.7": version "7.24.7" @@ -1283,13 +1330,13 @@ "@babel/helper-module-transforms" "^7.24.7" "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-named-capturing-groups-regex@^7.22.5": - version "7.22.5" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.22.5.tgz#67fe18ee8ce02d57c855185e27e3dc959b2e991f" - integrity sha512-YgLLKmS3aUBhHaxp5hi1WJTgOUb/NCuDHzGT9z9WTt3YG+CPRhJs6nprbStx6DnWM4dh6gt7SU3sZodbZ08adQ== +"@babel/plugin-transform-modules-umd@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.25.9.tgz#6710079cdd7c694db36529a1e8411e49fcbf14c9" + integrity sha512-bS9MVObUgE7ww36HEfwe6g9WakQ0KF07mQF74uuXdkoziUPfKyu/nIm663kz//e5O1nPInPFx36z7WJmJ4yNEw== dependencies: - "@babel/helper-create-regexp-features-plugin" "^7.22.5" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-module-transforms" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-named-capturing-groups-regex@^7.24.7": version "7.24.7" @@ -1299,12 +1346,13 @@ "@babel/helper-create-regexp-features-plugin" "^7.24.7" "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-new-target@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.23.3.tgz#5491bb78ed6ac87e990957cea367eab781c4d980" - integrity sha512-YJ3xKqtJMAT5/TIZnpAR3I+K+WaDowYbN3xyxI8zxx/Gsypwf9B9h0VB+1Nh6ACAAPRS5NSRje0uVv5i79HYGQ== +"@babel/plugin-transform-named-capturing-groups-regex@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.25.9.tgz#454990ae6cc22fd2a0fa60b3a2c6f63a38064e6a" + integrity sha512-oqB6WHdKTGl3q/ItQhpLSnWWOpjUJLsOCLVyeFgeTktkBSCiurvPOsyt93gibI9CmuKvTUEtWmG5VhZD+5T/KA== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-create-regexp-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-new-target@^7.24.7": version "7.24.7" @@ -1313,13 +1361,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-nullish-coalescing-operator@^7.23.4": - version "7.23.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.23.4.tgz#45556aad123fc6e52189ea749e33ce090637346e" - integrity sha512-jHE9EVVqHKAQx+VePv5LLGHjmHSJR76vawFPTdlxR/LVJPfOEGxREQwQfjuZEOPTwG92X3LINSh3M40Rv4zpVA== +"@babel/plugin-transform-new-target@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.25.9.tgz#42e61711294b105c248336dcb04b77054ea8becd" + integrity sha512-U/3p8X1yCSoKyUj2eOBIx3FOn6pElFOKvAAGf8HTtItuPyB+ZeOqfn+mvTtg9ZlOAjsPdK3ayQEjqHjU/yLeVQ== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-nullish-coalescing-operator" "^7.8.3" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-nullish-coalescing-operator@^7.24.7": version "7.24.7" @@ -1329,13 +1376,12 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/plugin-syntax-nullish-coalescing-operator" "^7.8.3" -"@babel/plugin-transform-numeric-separator@^7.23.4": - version "7.23.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.23.4.tgz#03d08e3691e405804ecdd19dd278a40cca531f29" - integrity sha512-mps6auzgwjRrwKEZA05cOwuDc9FAzoyFS4ZsG/8F43bTLf/TgkJg7QXOrPO1JO599iA3qgK9MXdMGOEC8O1h6Q== +"@babel/plugin-transform-nullish-coalescing-operator@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.25.9.tgz#bcb1b0d9e948168102d5f7104375ca21c3266949" + integrity sha512-ENfftpLZw5EItALAD4WsY/KUWvhUlZndm5GC7G3evUsVeSJB6p0pBeLQUnRnBCBx7zV0RKQjR9kCuwrsIrjWog== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-numeric-separator" "^7.10.4" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-numeric-separator@^7.24.7": version "7.24.7" @@ -1345,16 +1391,12 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/plugin-syntax-numeric-separator" "^7.10.4" -"@babel/plugin-transform-object-rest-spread@^7.24.0": - version "7.24.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.24.0.tgz#7b836ad0088fdded2420ce96d4e1d3ed78b71df1" - integrity sha512-y/yKMm7buHpFFXfxVFS4Vk1ToRJDilIa6fKRioB9Vjichv58TDGXTvqV0dN7plobAmTW5eSEGXDngE+Mm+uO+w== +"@babel/plugin-transform-numeric-separator@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.25.9.tgz#bfed75866261a8b643468b0ccfd275f2033214a1" + integrity sha512-TlprrJ1GBZ3r6s96Yq8gEQv82s8/5HnCVHtEJScUj90thHQbwe+E5MLhi2bbNHBEJuzrvltXSru+BUxHDoog7Q== dependencies: - "@babel/compat-data" "^7.23.5" - "@babel/helper-compilation-targets" "^7.23.6" - "@babel/helper-plugin-utils" "^7.24.0" - "@babel/plugin-syntax-object-rest-spread" "^7.8.3" - "@babel/plugin-transform-parameters" "^7.23.3" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-object-rest-spread@^7.24.7": version "7.24.7" @@ -1366,13 +1408,14 @@ "@babel/plugin-syntax-object-rest-spread" "^7.8.3" "@babel/plugin-transform-parameters" "^7.24.7" -"@babel/plugin-transform-object-super@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.23.3.tgz#81fdb636dcb306dd2e4e8fd80db5b2362ed2ebcd" - integrity sha512-BwQ8q0x2JG+3lxCVFohg+KbQM7plfpBwThdW9A6TMtWwLsbDA01Ek2Zb/AgDN39BiZsExm4qrXxjk+P1/fzGrA== +"@babel/plugin-transform-object-rest-spread@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.25.9.tgz#0203725025074164808bcf1a2cfa90c652c99f18" + integrity sha512-fSaXafEE9CVHPweLYw4J0emp1t8zYTXyzN3UuG+lylqkvYd7RMrsOQ8TYx5RF231be0vqtFC6jnx3UmpJmKBYg== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/helper-replace-supers" "^7.22.20" + "@babel/helper-compilation-targets" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/plugin-transform-parameters" "^7.25.9" "@babel/plugin-transform-object-super@^7.24.7": version "7.24.7" @@ -1382,13 +1425,13 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/helper-replace-supers" "^7.24.7" -"@babel/plugin-transform-optional-catch-binding@^7.23.4": - version "7.23.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.23.4.tgz#318066de6dacce7d92fa244ae475aa8d91778017" - integrity sha512-XIq8t0rJPHf6Wvmbn9nFxU6ao4c7WhghTR5WyV8SrJfUFzyxhCm4nhC+iAp3HFhbAKLfYpgzhJ6t4XCtVwqO5A== +"@babel/plugin-transform-object-super@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.25.9.tgz#385d5de135162933beb4a3d227a2b7e52bb4cf03" + integrity sha512-Kj/Gh+Rw2RNLbCK1VAWj2U48yxxqL2x0k10nPtSdRa0O2xnHXalD0s+o1A6a0W43gJ00ANo38jxkQreckOzv5A== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-optional-catch-binding" "^7.8.3" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-replace-supers" "^7.25.9" "@babel/plugin-transform-optional-catch-binding@^7.24.7": version "7.24.7" @@ -1398,14 +1441,12 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/plugin-syntax-optional-catch-binding" "^7.8.3" -"@babel/plugin-transform-optional-chaining@^7.23.3", "@babel/plugin-transform-optional-chaining@^7.23.4": - version "7.23.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.23.4.tgz#6acf61203bdfc4de9d4e52e64490aeb3e52bd017" - integrity sha512-ZU8y5zWOfjM5vZ+asjgAPwDaBjJzgufjES89Rs4Lpq63O300R/kOz30WCLo6BxxX6QVEilwSlpClnG5cZaikTA== +"@babel/plugin-transform-optional-catch-binding@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.25.9.tgz#10e70d96d52bb1f10c5caaac59ac545ea2ba7ff3" + integrity sha512-qM/6m6hQZzDcZF3onzIhZeDHDO43bkNNlOX0i8n3lR6zLbu0GN2d8qfM/IERJZYauhAHSLHy39NF0Ctdvcid7g== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/helper-skip-transparent-expression-wrappers" "^7.22.5" - "@babel/plugin-syntax-optional-chaining" "^7.8.3" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-optional-chaining@^7.24.7", "@babel/plugin-transform-optional-chaining@^7.24.8": version "7.24.8" @@ -1416,12 +1457,13 @@ "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7" "@babel/plugin-syntax-optional-chaining" "^7.8.3" -"@babel/plugin-transform-parameters@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.23.3.tgz#83ef5d1baf4b1072fa6e54b2b0999a7b2527e2af" - integrity sha512-09lMt6UsUb3/34BbECKVbVwrT9bO6lILWln237z7sLaWnMsTi7Yc9fhX5DLpkJzAGfaReXI22wP41SZmnAA3Vw== +"@babel/plugin-transform-optional-chaining@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.25.9.tgz#e142eb899d26ef715435f201ab6e139541eee7dd" + integrity sha512-6AvV0FsLULbpnXeBjrY4dmWF8F7gf8QnvTEoO/wX/5xm/xE1Xo8oPuD3MPS+KS9f9XBEAWN7X1aWr4z9HdOr7A== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-skip-transparent-expression-wrappers" "^7.25.9" "@babel/plugin-transform-parameters@^7.24.7": version "7.24.7" @@ -1430,13 +1472,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-private-methods@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.23.3.tgz#b2d7a3c97e278bfe59137a978d53b2c2e038c0e4" - integrity sha512-UzqRcRtWsDMTLrRWFvUBDwmw06tCQH9Rl1uAjfh6ijMSmGYQ+fpdB+cnqRC8EMh5tuuxSv0/TejGL+7vyj+50g== +"@babel/plugin-transform-parameters@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.25.9.tgz#b856842205b3e77e18b7a7a1b94958069c7ba257" + integrity sha512-wzz6MKwpnshBAiRmn4jR8LYz/g8Ksg0o80XmwZDlordjwEk9SxBzTWC7F5ef1jhbrbOW2DJ5J6ayRukrJmnr0g== dependencies: - "@babel/helper-create-class-features-plugin" "^7.22.15" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-private-methods@^7.24.7": version "7.24.7" @@ -1446,15 +1487,13 @@ "@babel/helper-create-class-features-plugin" "^7.24.7" "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-private-property-in-object@^7.23.4": - version "7.23.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.23.4.tgz#3ec711d05d6608fd173d9b8de39872d8dbf68bf5" - integrity sha512-9G3K1YqTq3F4Vt88Djx1UZ79PDyj+yKRnUy7cZGSMe+a7jkwD259uKKuUzQlPkGam7R+8RJwh5z4xO27fA1o2A== +"@babel/plugin-transform-private-methods@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.25.9.tgz#847f4139263577526455d7d3223cd8bda51e3b57" + integrity sha512-D/JUozNpQLAPUVusvqMxyvjzllRaF8/nSrP1s2YGQT/W4LHK4xxsMcHjhOGTS01mp9Hda8nswb+FblLdJornQw== dependencies: - "@babel/helper-annotate-as-pure" "^7.22.5" - "@babel/helper-create-class-features-plugin" "^7.22.15" - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-private-property-in-object" "^7.14.5" + "@babel/helper-create-class-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-private-property-in-object@^7.24.7": version "7.24.7" @@ -1466,12 +1505,14 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/plugin-syntax-private-property-in-object" "^7.14.5" -"@babel/plugin-transform-property-literals@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.23.3.tgz#54518f14ac4755d22b92162e4a852d308a560875" - integrity sha512-jR3Jn3y7cZp4oEWPFAlRsSWjxKe4PZILGBSd4nis1TsC5qeSpb+nrtihJuDhNI7QHiVbUaiXa0X2RZY3/TI6Nw== +"@babel/plugin-transform-private-property-in-object@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.25.9.tgz#9c8b73e64e6cc3cbb2743633885a7dd2c385fe33" + integrity sha512-Evf3kcMqzXA3xfYJmZ9Pg1OvKdtqsDMSWBDzZOPLvHiTt36E75jLDQo5w1gtRU95Q4E5PDttrTf25Fw8d/uWLw== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-annotate-as-pure" "^7.25.9" + "@babel/helper-create-class-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-property-literals@^7.24.7": version "7.24.7" @@ -1480,6 +1521,13 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" +"@babel/plugin-transform-property-literals@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.25.9.tgz#d72d588bd88b0dec8b62e36f6fda91cedfe28e3f" + integrity sha512-IvIUeV5KrS/VPavfSM/Iu+RE6llrHrYIKY1yfCzyO/lMXHQ+p7uGhonmGVisv6tSBSVgWzMBohTcvkC9vQcQFA== + dependencies: + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/plugin-transform-react-constant-elements@^7.21.3": version "7.24.7" resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.24.7.tgz#b85e8f240b14400277f106c9c9b585d9acf608a1" @@ -1494,6 +1542,13 @@ dependencies: "@babel/helper-plugin-utils" "^7.22.5" +"@babel/plugin-transform-react-display-name@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.25.9.tgz#4b79746b59efa1f38c8695065a92a9f5afb24f7d" + integrity sha512-KJfMlYIUxQB1CJfO3e0+h0ZHWOTLCPP115Awhaz8U0Zpq36Gl/cXlpoyMRnUWlhNUBAzldnCiAZNvCDj7CrKxQ== + dependencies: + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/plugin-transform-react-jsx-development@^7.22.5": version "7.22.5" resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.22.5.tgz#e716b6edbef972a92165cd69d92f1255f7e73e87" @@ -1501,6 +1556,13 @@ dependencies: "@babel/plugin-transform-react-jsx" "^7.22.5" +"@babel/plugin-transform-react-jsx-development@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.25.9.tgz#8fd220a77dd139c07e25225a903b8be8c829e0d7" + integrity sha512-9mj6rm7XVYs4mdLIpbZnHOYdpW42uoiBCTVowg7sP1thUOiANgMb4UtpRivR0pp5iL+ocvUv7X4mZgFRpJEzGw== + dependencies: + "@babel/plugin-transform-react-jsx" "^7.25.9" + "@babel/plugin-transform-react-jsx@^7.22.15", "@babel/plugin-transform-react-jsx@^7.22.5": version "7.23.4" resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.23.4.tgz#393f99185110cea87184ea47bcb4a7b0c2e39312" @@ -1512,6 +1574,17 @@ "@babel/plugin-syntax-jsx" "^7.23.3" "@babel/types" "^7.23.4" +"@babel/plugin-transform-react-jsx@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.25.9.tgz#06367940d8325b36edff5e2b9cbe782947ca4166" + integrity sha512-s5XwpQYCqGerXl+Pu6VDL3x0j2d82eiV77UJ8a2mDHAW7j9SWRqQ2y1fNo1Z74CdcYipl5Z41zvjj4Nfzq36rw== + dependencies: + "@babel/helper-annotate-as-pure" "^7.25.9" + "@babel/helper-module-imports" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/plugin-syntax-jsx" "^7.25.9" + "@babel/types" "^7.25.9" + "@babel/plugin-transform-react-pure-annotations@^7.23.3": version "7.23.3" resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.23.3.tgz#fabedbdb8ee40edf5da96f3ecfc6958e3783b93c" @@ -1520,13 +1593,13 @@ "@babel/helper-annotate-as-pure" "^7.22.5" "@babel/helper-plugin-utils" "^7.22.5" -"@babel/plugin-transform-regenerator@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.23.3.tgz#141afd4a2057298602069fce7f2dc5173e6c561c" - integrity sha512-KP+75h0KghBMcVpuKisx3XTu9Ncut8Q8TuvGO4IhY+9D5DFEckQefOuIsB/gQ2tG71lCke4NMrtIPS8pOj18BQ== +"@babel/plugin-transform-react-pure-annotations@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.25.9.tgz#ea1c11b2f9dbb8e2d97025f43a3b5bc47e18ae62" + integrity sha512-KQ/Takk3T8Qzj5TppkS1be588lkbTp5uj7w6a0LeQaTMSckU/wK0oJ/pih+T690tkgI5jfmg2TqDJvd41Sj1Cg== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - regenerator-transform "^0.15.2" + "@babel/helper-annotate-as-pure" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-regenerator@^7.24.7": version "7.24.7" @@ -1536,12 +1609,21 @@ "@babel/helper-plugin-utils" "^7.24.7" regenerator-transform "^0.15.2" -"@babel/plugin-transform-reserved-words@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.23.3.tgz#4130dcee12bd3dd5705c587947eb715da12efac8" - integrity sha512-QnNTazY54YqgGxwIexMZva9gqbPa15t/x9VS+0fsEFWplwVpXYZivtgl43Z1vMpc1bdPP2PP8siFeVcnFvA3Cg== +"@babel/plugin-transform-regenerator@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.25.9.tgz#03a8a4670d6cebae95305ac6defac81ece77740b" + integrity sha512-vwDcDNsgMPDGP0nMqzahDWE5/MLcX8sv96+wfX7as7LoF/kr97Bo/7fI00lXY4wUXYfVmwIIyG80fGZ1uvt2qg== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" + regenerator-transform "^0.15.2" + +"@babel/plugin-transform-regexp-modifiers@^7.26.0": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regexp-modifiers/-/plugin-transform-regexp-modifiers-7.26.0.tgz#2f5837a5b5cd3842a919d8147e9903cc7455b850" + integrity sha512-vN6saax7lrA2yA/Pak3sCxuD6F5InBjn9IcrIKQPjpsLvuHYLVroTxjdlVRHjjBWxKOqIwpTXDkOssYT4BFdRw== + dependencies: + "@babel/helper-create-regexp-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-reserved-words@^7.24.7": version "7.24.7" @@ -1550,24 +1632,24 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-runtime@^7.22.9": - version "7.24.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.24.0.tgz#e308fe27d08b74027d42547081eefaf4f2ffbcc9" - integrity sha512-zc0GA5IitLKJrSfXlXmp8KDqLrnGECK7YRfQBmEKg1NmBOQ7e+KuclBEKJgzifQeUYLdNiAw4B4bjyvzWVLiSA== +"@babel/plugin-transform-reserved-words@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.25.9.tgz#0398aed2f1f10ba3f78a93db219b27ef417fb9ce" + integrity sha512-7DL7DKYjn5Su++4RXu8puKZm2XBPHyjWLUidaPEkCUBbE7IPcsrkRHggAOOKydH1dASWdcUBxrkOGNxUv5P3Jg== dependencies: - "@babel/helper-module-imports" "^7.22.15" - "@babel/helper-plugin-utils" "^7.24.0" - babel-plugin-polyfill-corejs2 "^0.4.8" - babel-plugin-polyfill-corejs3 "^0.9.0" - babel-plugin-polyfill-regenerator "^0.5.5" - semver "^6.3.1" + "@babel/helper-plugin-utils" "^7.25.9" -"@babel/plugin-transform-shorthand-properties@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.23.3.tgz#97d82a39b0e0c24f8a981568a8ed851745f59210" - integrity sha512-ED2fgqZLmexWiN+YNFX26fx4gh5qHDhn1O2gvEhreLW2iI63Sqm4llRLCXALKrCnbN4Jy0VcMQZl/SAzqug/jg== +"@babel/plugin-transform-runtime@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.25.9.tgz#62723ea3f5b31ffbe676da9d6dae17138ae580ea" + integrity sha512-nZp7GlEl+yULJrClz0SwHPqir3lc0zsPrDHQUcxGspSL7AKrexNSEfTbfqnDNJUO13bgKyfuOLMF8Xqtu8j3YQ== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-module-imports" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" + babel-plugin-polyfill-corejs2 "^0.4.10" + babel-plugin-polyfill-corejs3 "^0.10.6" + babel-plugin-polyfill-regenerator "^0.6.1" + semver "^6.3.1" "@babel/plugin-transform-shorthand-properties@^7.24.7": version "7.24.7" @@ -1576,13 +1658,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-spread@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.23.3.tgz#41d17aacb12bde55168403c6f2d6bdca563d362c" - integrity sha512-VvfVYlrlBVu+77xVTOAoxQ6mZbnIq5FM0aGBSFEcIh03qHf+zNqA4DC/3XMUozTg7bZV3e3mZQ0i13VB6v5yUg== +"@babel/plugin-transform-shorthand-properties@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.25.9.tgz#bb785e6091f99f826a95f9894fc16fde61c163f2" + integrity sha512-MUv6t0FhO5qHnS/W8XCbHmiRWOphNufpE1IVxhK5kuN3Td9FT1x4rx4K42s3RYdMXCXpfWkGSbCSd0Z64xA7Ng== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/helper-skip-transparent-expression-wrappers" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-spread@^7.24.7": version "7.24.7" @@ -1592,12 +1673,13 @@ "@babel/helper-plugin-utils" "^7.24.7" "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7" -"@babel/plugin-transform-sticky-regex@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.23.3.tgz#dec45588ab4a723cb579c609b294a3d1bd22ff04" - integrity sha512-HZOyN9g+rtvnOU3Yh7kSxXrKbzgrm5X4GncPY1QOquu7epga5MxKHVpYu2hvQnry/H+JjckSYRb93iNfsioAGg== +"@babel/plugin-transform-spread@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.25.9.tgz#24a35153931b4ba3d13cec4a7748c21ab5514ef9" + integrity sha512-oNknIB0TbURU5pqJFVbOOFspVlrpVwo2H1+HUIsVDvp5VauGGDP1ZEvO8Nn5xyMEs3dakajOxlmkNW7kNgSm6A== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-skip-transparent-expression-wrappers" "^7.25.9" "@babel/plugin-transform-sticky-regex@^7.24.7": version "7.24.7" @@ -1606,12 +1688,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-template-literals@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.23.3.tgz#5f0f028eb14e50b5d0f76be57f90045757539d07" - integrity sha512-Flok06AYNp7GV2oJPZZcP9vZdszev6vPBkHLwxwSpaIqx75wn6mUd3UFWsSsA0l8nXAKkyCmL/sR02m8RYGeHg== +"@babel/plugin-transform-sticky-regex@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.25.9.tgz#c7f02b944e986a417817b20ba2c504dfc1453d32" + integrity sha512-WqBUSgeVwucYDP9U/xNRQam7xV8W5Zf+6Eo7T2SRVUFlhRiMNFdFz58u0KZmCVVqs2i7SHgpRnAhzRNmKfi2uA== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-template-literals@^7.24.7": version "7.24.7" @@ -1620,12 +1702,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-typeof-symbol@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.23.3.tgz#9dfab97acc87495c0c449014eb9c547d8966bca4" - integrity sha512-4t15ViVnaFdrPC74be1gXBSMzXk3B4Us9lP7uLRQHTFpV5Dvt33pn+2MyyNxmN3VTTm3oTrZVMUmuw3oBnQ2oQ== +"@babel/plugin-transform-template-literals@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.25.9.tgz#6dbd4a24e8fad024df76d1fac6a03cf413f60fe1" + integrity sha512-o97AE4syN71M/lxrCtQByzphAdlYluKPDBzDVzMmfCobUjjhAryZV0AIpRPrxN0eAkxXO6ZLEScmt+PNhj2OTw== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-typeof-symbol@^7.24.8": version "7.24.8" @@ -1634,15 +1716,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.8" -"@babel/plugin-transform-typescript@^7.23.3": - version "7.23.6" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.23.6.tgz#aa36a94e5da8d94339ae3a4e22d40ed287feb34c" - integrity sha512-6cBG5mBvUu4VUD04OHKnYzbuHNP8huDsD3EDqqpIpsswTDoqHCjLoHb6+QgsV1WsT2nipRqCPgxD3LXnEO7XfA== +"@babel/plugin-transform-typeof-symbol@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.25.9.tgz#224ba48a92869ddbf81f9b4a5f1204bbf5a2bc4b" + integrity sha512-v61XqUMiueJROUv66BVIOi0Fv/CUuZuZMl5NkRoCVxLAnMexZ0A3kMe7vvZ0nulxMuMp0Mk6S5hNh48yki08ZA== dependencies: - "@babel/helper-annotate-as-pure" "^7.22.5" - "@babel/helper-create-class-features-plugin" "^7.23.6" - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/plugin-syntax-typescript" "^7.23.3" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-typescript@^7.24.7": version "7.25.0" @@ -1655,12 +1734,16 @@ "@babel/helper-skip-transparent-expression-wrappers" "^7.24.7" "@babel/plugin-syntax-typescript" "^7.24.7" -"@babel/plugin-transform-unicode-escapes@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.23.3.tgz#1f66d16cab01fab98d784867d24f70c1ca65b925" - integrity sha512-OMCUx/bU6ChE3r4+ZdylEqAjaQgHAgipgW8nsCfu5pGqDcFytVd91AwRvUJSBZDz0exPGgnjoqhgRYLRjFZc9Q== +"@babel/plugin-transform-typescript@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.25.9.tgz#69267905c2b33c2ac6d8fe765e9dc2ddc9df3849" + integrity sha512-7PbZQZP50tzv2KGGnhh82GSyMB01yKY9scIjf1a+GfZCtInOWqUH5+1EBU4t9fyR5Oykkkc9vFTs4OHrhHXljQ== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-annotate-as-pure" "^7.25.9" + "@babel/helper-create-class-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-skip-transparent-expression-wrappers" "^7.25.9" + "@babel/plugin-syntax-typescript" "^7.25.9" "@babel/plugin-transform-unicode-escapes@^7.24.7": version "7.24.7" @@ -1669,13 +1752,12 @@ dependencies: "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-unicode-property-regex@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.23.3.tgz#19e234129e5ffa7205010feec0d94c251083d7ad" - integrity sha512-KcLIm+pDZkWZQAFJ9pdfmh89EwVfmNovFBcXko8szpBeF8z68kWIPeKlmSOkT9BXJxs2C0uk+5LxoxIv62MROA== +"@babel/plugin-transform-unicode-escapes@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.25.9.tgz#a75ef3947ce15363fccaa38e2dd9bc70b2788b82" + integrity sha512-s5EDrE6bW97LtxOcGj1Khcx5AaXwiMmi4toFWRDP9/y0Woo6pXC+iyPu/KuhKtfSrNFd7jJB+/fkOtZy6aIC6Q== dependencies: - "@babel/helper-create-regexp-features-plugin" "^7.22.15" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-unicode-property-regex@^7.24.7": version "7.24.7" @@ -1685,13 +1767,13 @@ "@babel/helper-create-regexp-features-plugin" "^7.24.7" "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-unicode-regex@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.23.3.tgz#26897708d8f42654ca4ce1b73e96140fbad879dc" - integrity sha512-wMHpNA4x2cIA32b/ci3AfwNgheiva2W0WUKWTK7vBHBhDKfPsc5cFGNWm69WBqpwd86u1qwZ9PWevKqm1A3yAw== +"@babel/plugin-transform-unicode-property-regex@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.25.9.tgz#a901e96f2c1d071b0d1bb5dc0d3c880ce8f53dd3" + integrity sha512-Jt2d8Ga+QwRluxRQ307Vlxa6dMrYEMZCgGxoPR8V52rxPyldHu3hdlHspxaqYmE7oID5+kB+UKUB/eWS+DkkWg== dependencies: - "@babel/helper-create-regexp-features-plugin" "^7.22.15" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-create-regexp-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-unicode-regex@^7.24.7": version "7.24.7" @@ -1701,13 +1783,13 @@ "@babel/helper-create-regexp-features-plugin" "^7.24.7" "@babel/helper-plugin-utils" "^7.24.7" -"@babel/plugin-transform-unicode-sets-regex@^7.23.3": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.23.3.tgz#4fb6f0a719c2c5859d11f6b55a050cc987f3799e" - integrity sha512-W7lliA/v9bNR83Qc3q1ip9CQMZ09CcHDbHfbLRDNuAhn1Mvkr1ZNF7hPmztMQvtTGVLJ9m8IZqWsTkXOml8dbw== +"@babel/plugin-transform-unicode-regex@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.25.9.tgz#5eae747fe39eacf13a8bd006a4fb0b5d1fa5e9b1" + integrity sha512-yoxstj7Rg9dlNn9UQxzk4fcNivwv4nUYz7fYXBaKxvw/lnmPuOm/ikoELygbYq68Bls3D/D+NBPHiLwZdZZ4HA== dependencies: - "@babel/helper-create-regexp-features-plugin" "^7.22.15" - "@babel/helper-plugin-utils" "^7.22.5" + "@babel/helper-create-regexp-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" "@babel/plugin-transform-unicode-sets-regex@^7.24.7": version "7.24.7" @@ -1717,6 +1799,14 @@ "@babel/helper-create-regexp-features-plugin" "^7.24.7" "@babel/helper-plugin-utils" "^7.24.7" +"@babel/plugin-transform-unicode-sets-regex@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.25.9.tgz#65114c17b4ffc20fa5b163c63c70c0d25621fabe" + integrity sha512-8BYqO3GeVNHtx69fdPshN3fnzUNLrWdHhk/icSwigksJGczKSizZ+Z6SBCxTs723Fr5VSNorTIK7a+R2tISvwQ== + dependencies: + "@babel/helper-create-regexp-features-plugin" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/preset-env@^7.20.2": version "7.25.0" resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.25.0.tgz#3fe92e470311e91478129efda101816c680f0479" @@ -1806,90 +1896,79 @@ core-js-compat "^3.37.1" semver "^6.3.1" -"@babel/preset-env@^7.22.9": - version "7.24.0" - resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.24.0.tgz#11536a7f4b977294f0bdfad780f01a8ac8e183fc" - integrity sha512-ZxPEzV9IgvGn73iK0E6VB9/95Nd7aMFpbE0l8KQFDG70cOV9IxRP7Y2FUPmlK0v6ImlLqYX50iuZ3ZTVhOF2lA== - dependencies: - "@babel/compat-data" "^7.23.5" - "@babel/helper-compilation-targets" "^7.23.6" - "@babel/helper-plugin-utils" "^7.24.0" - "@babel/helper-validator-option" "^7.23.5" - "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression" "^7.23.3" - "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining" "^7.23.3" - "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly" "^7.23.7" +"@babel/preset-env@^7.25.9": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.26.0.tgz#30e5c6bc1bcc54865bff0c5a30f6d4ccdc7fa8b1" + integrity sha512-H84Fxq0CQJNdPFT2DrfnylZ3cf5K43rGfWK4LJGPpjKHiZlk0/RzwEus3PDDZZg+/Er7lCA03MVacueUuXdzfw== + dependencies: + "@babel/compat-data" "^7.26.0" + "@babel/helper-compilation-targets" "^7.25.9" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-validator-option" "^7.25.9" + "@babel/plugin-bugfix-firefox-class-in-computed-class-key" "^7.25.9" + "@babel/plugin-bugfix-safari-class-field-initializer-scope" "^7.25.9" + "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression" "^7.25.9" + "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining" "^7.25.9" + "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly" "^7.25.9" "@babel/plugin-proposal-private-property-in-object" "7.21.0-placeholder-for-preset-env.2" - "@babel/plugin-syntax-async-generators" "^7.8.4" - "@babel/plugin-syntax-class-properties" "^7.12.13" - "@babel/plugin-syntax-class-static-block" "^7.14.5" - "@babel/plugin-syntax-dynamic-import" "^7.8.3" - "@babel/plugin-syntax-export-namespace-from" "^7.8.3" - "@babel/plugin-syntax-import-assertions" "^7.23.3" - "@babel/plugin-syntax-import-attributes" "^7.23.3" - "@babel/plugin-syntax-import-meta" "^7.10.4" - "@babel/plugin-syntax-json-strings" "^7.8.3" - "@babel/plugin-syntax-logical-assignment-operators" "^7.10.4" - "@babel/plugin-syntax-nullish-coalescing-operator" "^7.8.3" - "@babel/plugin-syntax-numeric-separator" "^7.10.4" - "@babel/plugin-syntax-object-rest-spread" "^7.8.3" - "@babel/plugin-syntax-optional-catch-binding" "^7.8.3" - "@babel/plugin-syntax-optional-chaining" "^7.8.3" - "@babel/plugin-syntax-private-property-in-object" "^7.14.5" - "@babel/plugin-syntax-top-level-await" "^7.14.5" + "@babel/plugin-syntax-import-assertions" "^7.26.0" + "@babel/plugin-syntax-import-attributes" "^7.26.0" "@babel/plugin-syntax-unicode-sets-regex" "^7.18.6" - "@babel/plugin-transform-arrow-functions" "^7.23.3" - "@babel/plugin-transform-async-generator-functions" "^7.23.9" - "@babel/plugin-transform-async-to-generator" "^7.23.3" - "@babel/plugin-transform-block-scoped-functions" "^7.23.3" - "@babel/plugin-transform-block-scoping" "^7.23.4" - "@babel/plugin-transform-class-properties" "^7.23.3" - "@babel/plugin-transform-class-static-block" "^7.23.4" - "@babel/plugin-transform-classes" "^7.23.8" - "@babel/plugin-transform-computed-properties" "^7.23.3" - "@babel/plugin-transform-destructuring" "^7.23.3" - "@babel/plugin-transform-dotall-regex" "^7.23.3" - "@babel/plugin-transform-duplicate-keys" "^7.23.3" - "@babel/plugin-transform-dynamic-import" "^7.23.4" - "@babel/plugin-transform-exponentiation-operator" "^7.23.3" - "@babel/plugin-transform-export-namespace-from" "^7.23.4" - "@babel/plugin-transform-for-of" "^7.23.6" - "@babel/plugin-transform-function-name" "^7.23.3" - "@babel/plugin-transform-json-strings" "^7.23.4" - "@babel/plugin-transform-literals" "^7.23.3" - "@babel/plugin-transform-logical-assignment-operators" "^7.23.4" - "@babel/plugin-transform-member-expression-literals" "^7.23.3" - "@babel/plugin-transform-modules-amd" "^7.23.3" - "@babel/plugin-transform-modules-commonjs" "^7.23.3" - "@babel/plugin-transform-modules-systemjs" "^7.23.9" - "@babel/plugin-transform-modules-umd" "^7.23.3" - "@babel/plugin-transform-named-capturing-groups-regex" "^7.22.5" - "@babel/plugin-transform-new-target" "^7.23.3" - "@babel/plugin-transform-nullish-coalescing-operator" "^7.23.4" - "@babel/plugin-transform-numeric-separator" "^7.23.4" - "@babel/plugin-transform-object-rest-spread" "^7.24.0" - "@babel/plugin-transform-object-super" "^7.23.3" - "@babel/plugin-transform-optional-catch-binding" "^7.23.4" - "@babel/plugin-transform-optional-chaining" "^7.23.4" - "@babel/plugin-transform-parameters" "^7.23.3" - "@babel/plugin-transform-private-methods" "^7.23.3" - "@babel/plugin-transform-private-property-in-object" "^7.23.4" - "@babel/plugin-transform-property-literals" "^7.23.3" - "@babel/plugin-transform-regenerator" "^7.23.3" - "@babel/plugin-transform-reserved-words" "^7.23.3" - "@babel/plugin-transform-shorthand-properties" "^7.23.3" - "@babel/plugin-transform-spread" "^7.23.3" - "@babel/plugin-transform-sticky-regex" "^7.23.3" - "@babel/plugin-transform-template-literals" "^7.23.3" - "@babel/plugin-transform-typeof-symbol" "^7.23.3" - "@babel/plugin-transform-unicode-escapes" "^7.23.3" - "@babel/plugin-transform-unicode-property-regex" "^7.23.3" - "@babel/plugin-transform-unicode-regex" "^7.23.3" - "@babel/plugin-transform-unicode-sets-regex" "^7.23.3" + "@babel/plugin-transform-arrow-functions" "^7.25.9" + "@babel/plugin-transform-async-generator-functions" "^7.25.9" + "@babel/plugin-transform-async-to-generator" "^7.25.9" + "@babel/plugin-transform-block-scoped-functions" "^7.25.9" + "@babel/plugin-transform-block-scoping" "^7.25.9" + "@babel/plugin-transform-class-properties" "^7.25.9" + "@babel/plugin-transform-class-static-block" "^7.26.0" + "@babel/plugin-transform-classes" "^7.25.9" + "@babel/plugin-transform-computed-properties" "^7.25.9" + "@babel/plugin-transform-destructuring" "^7.25.9" + "@babel/plugin-transform-dotall-regex" "^7.25.9" + "@babel/plugin-transform-duplicate-keys" "^7.25.9" + "@babel/plugin-transform-duplicate-named-capturing-groups-regex" "^7.25.9" + "@babel/plugin-transform-dynamic-import" "^7.25.9" + "@babel/plugin-transform-exponentiation-operator" "^7.25.9" + "@babel/plugin-transform-export-namespace-from" "^7.25.9" + "@babel/plugin-transform-for-of" "^7.25.9" + "@babel/plugin-transform-function-name" "^7.25.9" + "@babel/plugin-transform-json-strings" "^7.25.9" + "@babel/plugin-transform-literals" "^7.25.9" + "@babel/plugin-transform-logical-assignment-operators" "^7.25.9" + "@babel/plugin-transform-member-expression-literals" "^7.25.9" + "@babel/plugin-transform-modules-amd" "^7.25.9" + "@babel/plugin-transform-modules-commonjs" "^7.25.9" + "@babel/plugin-transform-modules-systemjs" "^7.25.9" + "@babel/plugin-transform-modules-umd" "^7.25.9" + "@babel/plugin-transform-named-capturing-groups-regex" "^7.25.9" + "@babel/plugin-transform-new-target" "^7.25.9" + "@babel/plugin-transform-nullish-coalescing-operator" "^7.25.9" + "@babel/plugin-transform-numeric-separator" "^7.25.9" + "@babel/plugin-transform-object-rest-spread" "^7.25.9" + "@babel/plugin-transform-object-super" "^7.25.9" + "@babel/plugin-transform-optional-catch-binding" "^7.25.9" + "@babel/plugin-transform-optional-chaining" "^7.25.9" + "@babel/plugin-transform-parameters" "^7.25.9" + "@babel/plugin-transform-private-methods" "^7.25.9" + "@babel/plugin-transform-private-property-in-object" "^7.25.9" + "@babel/plugin-transform-property-literals" "^7.25.9" + "@babel/plugin-transform-regenerator" "^7.25.9" + "@babel/plugin-transform-regexp-modifiers" "^7.26.0" + "@babel/plugin-transform-reserved-words" "^7.25.9" + "@babel/plugin-transform-shorthand-properties" "^7.25.9" + "@babel/plugin-transform-spread" "^7.25.9" + "@babel/plugin-transform-sticky-regex" "^7.25.9" + "@babel/plugin-transform-template-literals" "^7.25.9" + "@babel/plugin-transform-typeof-symbol" "^7.25.9" + "@babel/plugin-transform-unicode-escapes" "^7.25.9" + "@babel/plugin-transform-unicode-property-regex" "^7.25.9" + "@babel/plugin-transform-unicode-regex" "^7.25.9" + "@babel/plugin-transform-unicode-sets-regex" "^7.25.9" "@babel/preset-modules" "0.1.6-no-external-plugins" - babel-plugin-polyfill-corejs2 "^0.4.8" - babel-plugin-polyfill-corejs3 "^0.9.0" - babel-plugin-polyfill-regenerator "^0.5.5" - core-js-compat "^3.31.0" + babel-plugin-polyfill-corejs2 "^0.4.10" + babel-plugin-polyfill-corejs3 "^0.10.6" + babel-plugin-polyfill-regenerator "^0.6.1" + core-js-compat "^3.38.1" semver "^6.3.1" "@babel/preset-modules@0.1.6-no-external-plugins": @@ -1901,7 +1980,7 @@ "@babel/types" "^7.4.4" esutils "^2.0.2" -"@babel/preset-react@^7.18.6", "@babel/preset-react@^7.22.5": +"@babel/preset-react@^7.18.6": version "7.23.3" resolved "https://registry.yarnpkg.com/@babel/preset-react/-/preset-react-7.23.3.tgz#f73ca07e7590f977db07eb54dbe46538cc015709" integrity sha512-tbkHOS9axH6Ysf2OUEqoSZ6T3Fa2SrNH6WTWSPBboxKzdxNc9qOICeLXkNG0ZEwbQ1HY8liwOce4aN/Ceyuq6w== @@ -1913,6 +1992,18 @@ "@babel/plugin-transform-react-jsx-development" "^7.22.5" "@babel/plugin-transform-react-pure-annotations" "^7.23.3" +"@babel/preset-react@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/preset-react/-/preset-react-7.25.9.tgz#5f473035dc2094bcfdbc7392d0766bd42dce173e" + integrity sha512-D3to0uSPiWE7rBrdIICCd0tJSIGpLaaGptna2+w7Pft5xMqLpA1sz99DK5TZ1TjGbdQ/VI1eCSZ06dv3lT4JOw== + dependencies: + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-validator-option" "^7.25.9" + "@babel/plugin-transform-react-display-name" "^7.25.9" + "@babel/plugin-transform-react-jsx" "^7.25.9" + "@babel/plugin-transform-react-jsx-development" "^7.25.9" + "@babel/plugin-transform-react-pure-annotations" "^7.25.9" + "@babel/preset-typescript@^7.21.0": version "7.24.7" resolved "https://registry.yarnpkg.com/@babel/preset-typescript/-/preset-typescript-7.24.7.tgz#66cd86ea8f8c014855671d5ea9a737139cbbfef1" @@ -1924,45 +2015,43 @@ "@babel/plugin-transform-modules-commonjs" "^7.24.7" "@babel/plugin-transform-typescript" "^7.24.7" -"@babel/preset-typescript@^7.22.5": - version "7.23.3" - resolved "https://registry.yarnpkg.com/@babel/preset-typescript/-/preset-typescript-7.23.3.tgz#14534b34ed5b6d435aa05f1ae1c5e7adcc01d913" - integrity sha512-17oIGVlqz6CchO9RFYn5U6ZpWRZIngayYCtrPRSgANSwC2V1Jb+iP74nVxzzXJte8b8BYxrL1yY96xfhTBrNNQ== +"@babel/preset-typescript@^7.25.9": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/preset-typescript/-/preset-typescript-7.26.0.tgz#4a570f1b8d104a242d923957ffa1eaff142a106d" + integrity sha512-NMk1IGZ5I/oHhoXEElcm+xUnL/szL6xflkFZmoEU9xj1qSJXpiS7rsspYo92B4DRCDvZn2erT5LdsCeXAKNCkg== dependencies: - "@babel/helper-plugin-utils" "^7.22.5" - "@babel/helper-validator-option" "^7.22.15" - "@babel/plugin-syntax-jsx" "^7.23.3" - "@babel/plugin-transform-modules-commonjs" "^7.23.3" - "@babel/plugin-transform-typescript" "^7.23.3" + "@babel/helper-plugin-utils" "^7.25.9" + "@babel/helper-validator-option" "^7.25.9" + "@babel/plugin-syntax-jsx" "^7.25.9" + "@babel/plugin-transform-modules-commonjs" "^7.25.9" + "@babel/plugin-transform-typescript" "^7.25.9" "@babel/regjsgen@^0.8.0": version "0.8.0" resolved "https://registry.yarnpkg.com/@babel/regjsgen/-/regjsgen-0.8.0.tgz#f0ba69b075e1f05fb2825b7fad991e7adbb18310" integrity sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA== -"@babel/runtime-corejs3@^7.22.6": - version "7.24.0" - resolved "https://registry.yarnpkg.com/@babel/runtime-corejs3/-/runtime-corejs3-7.24.0.tgz#34243e29e369a762dd2a356fee65c3767973828a" - integrity sha512-HxiRMOncx3ly6f3fcZ1GVKf+/EROcI9qwPgmij8Czqy6Okm/0T37T4y2ZIlLUuEUFjtM7NRsfdCO8Y3tAiJZew== +"@babel/runtime-corejs3@^7.25.9": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/runtime-corejs3/-/runtime-corejs3-7.26.0.tgz#5af6bed16073eb4a0191233d61e158a5c768c430" + integrity sha512-YXHu5lN8kJCb1LOb9PgV6pvak43X2h4HvRApcN5SdWeaItQOzfn1hgP6jasD6KWQyJDBxrVmA9o9OivlnNJK/w== dependencies: core-js-pure "^3.30.2" regenerator-runtime "^0.14.0" -"@babel/runtime@^7.1.2", "@babel/runtime@^7.10.3", "@babel/runtime@^7.12.13", "@babel/runtime@^7.12.5", "@babel/runtime@^7.22.6", "@babel/runtime@^7.8.4": +"@babel/runtime@^7.1.2", "@babel/runtime@^7.10.3", "@babel/runtime@^7.12.13", "@babel/runtime@^7.12.5", "@babel/runtime@^7.8.4": version "7.24.0" resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.24.0.tgz#584c450063ffda59697021430cb47101b085951e" integrity sha512-Chk32uHMg6TnQdvw2e9IlqPpFX/6NLuK0Ys2PqLb7/gL5uFn9mXvK715FGLlOLQrcO4qIkNHkvPGktzzXexsFw== dependencies: regenerator-runtime "^0.14.0" -"@babel/template@^7.22.15", "@babel/template@^7.24.0": - version "7.24.0" - resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.24.0.tgz#c6a524aa93a4a05d66aaf31654258fae69d87d50" - integrity sha512-Bkf2q8lMB0AFpX0NFEqSbx1OkTHf0f+0j82mkw+ZpzBnkk7e9Ql0891vlfgi+kHwOk8tQjiQHpqh4LaSa0fKEA== +"@babel/runtime@^7.25.9": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.26.0.tgz#8600c2f595f277c60815256418b85356a65173c1" + integrity sha512-FDSOghenHTiToteC/QRlv2q3DhPZ/oOXTBoirfWNx1Cx3TMVcGWQtMMmQcSvb/JjpNeGzx8Pq/b4fKEJuWm1sw== dependencies: - "@babel/code-frame" "^7.23.5" - "@babel/parser" "^7.24.0" - "@babel/types" "^7.24.0" + regenerator-runtime "^0.14.0" "@babel/template@^7.24.7", "@babel/template@^7.25.0": version "7.25.0" @@ -1973,21 +2062,14 @@ "@babel/parser" "^7.25.0" "@babel/types" "^7.25.0" -"@babel/traverse@^7.22.8", "@babel/traverse@^7.24.0": - version "7.24.0" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.24.0.tgz#4a408fbf364ff73135c714a2ab46a5eab2831b1e" - integrity sha512-HfuJlI8qq3dEDmNU5ChzzpZRWq+oxCZQyMzIMEqLho+AQnhMnKQUzH6ydo3RBl/YjPCuk68Y6s0Gx0AeyULiWw== - dependencies: - "@babel/code-frame" "^7.23.5" - "@babel/generator" "^7.23.6" - "@babel/helper-environment-visitor" "^7.22.20" - "@babel/helper-function-name" "^7.23.0" - "@babel/helper-hoist-variables" "^7.22.5" - "@babel/helper-split-export-declaration" "^7.22.6" - "@babel/parser" "^7.24.0" - "@babel/types" "^7.24.0" - debug "^4.3.1" - globals "^11.1.0" +"@babel/template@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.25.9.tgz#ecb62d81a8a6f5dc5fe8abfc3901fc52ddf15016" + integrity sha512-9DGttpmPvIxBb/2uwpVo3dqJ+O6RooAFOS+lB+xDqoE2PVCE8nfoHMdZLpfCQRLwvohzXISPZcgxt80xLfsuwg== + dependencies: + "@babel/code-frame" "^7.25.9" + "@babel/parser" "^7.25.9" + "@babel/types" "^7.25.9" "@babel/traverse@^7.24.7", "@babel/traverse@^7.24.8", "@babel/traverse@^7.25.0": version "7.25.0" @@ -2002,6 +2084,19 @@ debug "^4.3.1" globals "^11.1.0" +"@babel/traverse@^7.25.9": + version "7.25.9" + resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.25.9.tgz#a50f8fe49e7f69f53de5bea7e413cd35c5e13c84" + integrity sha512-ZCuvfwOwlz/bawvAuvcj8rrithP2/N55Tzz342AkTvq4qaWbGfmCk/tKhNaV2cthijKrPAA8SRJV5WWe7IBMJw== + dependencies: + "@babel/code-frame" "^7.25.9" + "@babel/generator" "^7.25.9" + "@babel/parser" "^7.25.9" + "@babel/template" "^7.25.9" + "@babel/types" "^7.25.9" + debug "^4.3.1" + globals "^11.1.0" + "@babel/types@^7.21.3", "@babel/types@^7.24.7", "@babel/types@^7.24.8", "@babel/types@^7.24.9", "@babel/types@^7.25.0": version "7.25.0" resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.25.0.tgz#e6e3656c581f28da8452ed4f69e38008ec0ba41b" @@ -2011,7 +2106,7 @@ "@babel/helper-validator-identifier" "^7.24.7" to-fast-properties "^2.0.0" -"@babel/types@^7.22.15", "@babel/types@^7.22.19", "@babel/types@^7.22.5", "@babel/types@^7.23.0", "@babel/types@^7.23.4", "@babel/types@^7.23.6", "@babel/types@^7.24.0", "@babel/types@^7.4.4": +"@babel/types@^7.22.15", "@babel/types@^7.22.5", "@babel/types@^7.23.4", "@babel/types@^7.4.4": version "7.24.0" resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.24.0.tgz#3b951f435a92e7333eba05b7566fd297960ea1bf" integrity sha512-+j7a5c253RfKh8iABBhywc8NSfP5LURe7Uh4qpsh6jc+aLJguvmIUBdjSdEMQv2bENrCR5MfRdjGo7vzS/ob7w== @@ -2020,6 +2115,14 @@ "@babel/helper-validator-identifier" "^7.22.20" to-fast-properties "^2.0.0" +"@babel/types@^7.25.9", "@babel/types@^7.26.0": + version "7.26.0" + resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.26.0.tgz#deabd08d6b753bc8e0f198f8709fb575e31774ff" + integrity sha512-Z/yiTPj+lDVnF7lWeKCIJzaIkI0vYO87dMpZ4bg4TDrFe4XXLFWL1TbXU27gBP3QccxV9mZICCrnjnYlJjXHOA== + dependencies: + "@babel/helper-string-parser" "^7.25.9" + "@babel/helper-validator-identifier" "^7.25.9" + "@colors/colors@1.5.0": version "1.5.0" resolved "https://registry.yarnpkg.com/@colors/colors/-/colors-1.5.0.tgz#bb504579c1cae923e6576a4f5da43d25f97bdbd9" @@ -2045,58 +2148,88 @@ "@docsearch/css" "3.6.0" algoliasearch "^4.19.1" -"@docusaurus/core@3.4.0", "@docusaurus/core@^3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/core/-/core-3.4.0.tgz#bdbf1af4b2f25d1bf4a5b62ec6137d84c821cb3c" - integrity sha512-g+0wwmN2UJsBqy2fQRQ6fhXruoEa62JDeEa5d8IdTJlMoaDaEDfHh7WjwGRn4opuTQWpjAwP/fbcgyHKlE+64w== +"@docusaurus/babel@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/babel/-/babel-3.6.0.tgz#735a003207925bd782dd08ffa5d8b3503c1f8d72" + integrity sha512-7CsoQFiadoq7AHSUIQNkI/lGfg9AQ2ZBzsf9BqfZGXkHwWDy6twuohEaG0PgQv1npSRSAB2dioVxhRSErnqKNA== dependencies: - "@babel/core" "^7.23.3" - "@babel/generator" "^7.23.3" + "@babel/core" "^7.25.9" + "@babel/generator" "^7.25.9" "@babel/plugin-syntax-dynamic-import" "^7.8.3" - "@babel/plugin-transform-runtime" "^7.22.9" - "@babel/preset-env" "^7.22.9" - "@babel/preset-react" "^7.22.5" - "@babel/preset-typescript" "^7.22.5" - "@babel/runtime" "^7.22.6" - "@babel/runtime-corejs3" "^7.22.6" - "@babel/traverse" "^7.22.8" - "@docusaurus/cssnano-preset" "3.4.0" - "@docusaurus/logger" "3.4.0" - "@docusaurus/mdx-loader" "3.4.0" - "@docusaurus/utils" "3.4.0" - "@docusaurus/utils-common" "3.4.0" - "@docusaurus/utils-validation" "3.4.0" - autoprefixer "^10.4.14" - babel-loader "^9.1.3" + "@babel/plugin-transform-runtime" "^7.25.9" + "@babel/preset-env" "^7.25.9" + "@babel/preset-react" "^7.25.9" + "@babel/preset-typescript" "^7.25.9" + "@babel/runtime" "^7.25.9" + "@babel/runtime-corejs3" "^7.25.9" + "@babel/traverse" "^7.25.9" + "@docusaurus/logger" "3.6.0" + "@docusaurus/utils" "3.6.0" babel-plugin-dynamic-import-node "^2.3.3" + fs-extra "^11.1.1" + tslib "^2.6.0" + +"@docusaurus/bundler@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/bundler/-/bundler-3.6.0.tgz#bdd060ba4d009211348e4e973a3bf4861cf0996b" + integrity sha512-o5T9HXkPKH0OQAifTxEXaebcO8kaz3tU1+wlIShZ2DKJHlsyWX3N4rToWBHroWnV/ZCT2XN3kLRzXASqrnb9Tw== + dependencies: + "@babel/core" "^7.25.9" + "@docusaurus/babel" "3.6.0" + "@docusaurus/cssnano-preset" "3.6.0" + "@docusaurus/logger" "3.6.0" + "@docusaurus/types" "3.6.0" + "@docusaurus/utils" "3.6.0" + autoprefixer "^10.4.14" + babel-loader "^9.2.1" + clean-css "^5.3.2" + copy-webpack-plugin "^11.0.0" + css-loader "^6.8.1" + css-minimizer-webpack-plugin "^5.0.1" + cssnano "^6.1.2" + file-loader "^6.2.0" + html-minifier-terser "^7.2.0" + mini-css-extract-plugin "^2.9.1" + null-loader "^4.0.1" + postcss "^8.4.26" + postcss-loader "^7.3.3" + react-dev-utils "^12.0.1" + terser-webpack-plugin "^5.3.9" + tslib "^2.6.0" + url-loader "^4.1.1" + webpack "^5.95.0" + webpackbar "^6.0.1" + +"@docusaurus/core@3.6.0", "@docusaurus/core@^3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/core/-/core-3.6.0.tgz#b23fc7e253a49cc3e5ac9e091354f497cc0b101b" + integrity sha512-lvRgMoKJJSRDt9+HhAqFcICV4kp/mw1cJJrLxIw4Q2XZnFGM1XUuwcbuaqWmGog+NcOLZaPCcCtZbn60EMCtjQ== + dependencies: + "@docusaurus/babel" "3.6.0" + "@docusaurus/bundler" "3.6.0" + "@docusaurus/logger" "3.6.0" + "@docusaurus/mdx-loader" "3.6.0" + "@docusaurus/utils" "3.6.0" + "@docusaurus/utils-common" "3.6.0" + "@docusaurus/utils-validation" "3.6.0" boxen "^6.2.1" chalk "^4.1.2" chokidar "^3.5.3" - clean-css "^5.3.2" cli-table3 "^0.6.3" combine-promises "^1.1.0" commander "^5.1.0" - copy-webpack-plugin "^11.0.0" core-js "^3.31.1" - css-loader "^6.8.1" - css-minimizer-webpack-plugin "^5.0.1" - cssnano "^6.1.2" del "^6.1.1" detect-port "^1.5.1" escape-html "^1.0.3" eta "^2.2.0" eval "^0.1.8" - file-loader "^6.2.0" fs-extra "^11.1.1" - html-minifier-terser "^7.2.0" html-tags "^3.3.1" - html-webpack-plugin "^5.5.3" + html-webpack-plugin "^5.6.0" leven "^3.1.0" lodash "^4.17.21" - mini-css-extract-plugin "^2.7.6" p-map "^4.0.0" - postcss "^8.4.26" - postcss-loader "^7.3.3" prompts "^2.4.2" react-dev-utils "^12.0.1" react-helmet-async "^1.3.0" @@ -2107,44 +2240,41 @@ react-router-dom "^5.3.4" rtl-detect "^1.0.4" semver "^7.5.4" - serve-handler "^6.1.5" + serve-handler "^6.1.6" shelljs "^0.8.5" - terser-webpack-plugin "^5.3.9" tslib "^2.6.0" update-notifier "^6.0.2" - url-loader "^4.1.1" - webpack "^5.88.1" - webpack-bundle-analyzer "^4.9.0" - webpack-dev-server "^4.15.1" - webpack-merge "^5.9.0" - webpackbar "^5.0.2" + webpack "^5.95.0" + webpack-bundle-analyzer "^4.10.2" + webpack-dev-server "^4.15.2" + webpack-merge "^6.0.1" -"@docusaurus/cssnano-preset@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/cssnano-preset/-/cssnano-preset-3.4.0.tgz#dc7922b3bbeabcefc9b60d0161680d81cf72c368" - integrity sha512-qwLFSz6v/pZHy/UP32IrprmH5ORce86BGtN0eBtG75PpzQJAzp9gefspox+s8IEOr0oZKuQ/nhzZ3xwyc3jYJQ== +"@docusaurus/cssnano-preset@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/cssnano-preset/-/cssnano-preset-3.6.0.tgz#02378e53e9568ed5fc8871d4fc158ea96fd7421c" + integrity sha512-h3jlOXqqzNSoU+C4CZLNpFtD+v2xr1UBf4idZpwMgqid9r6lb5GS7tWKnQnauio6OipacbHbDXEX3JyT1PlDkg== dependencies: cssnano-preset-advanced "^6.1.2" postcss "^8.4.38" postcss-sort-media-queries "^5.2.0" tslib "^2.6.0" -"@docusaurus/logger@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/logger/-/logger-3.4.0.tgz#8b0ac05c7f3dac2009066e2f964dee8209a77403" - integrity sha512-bZwkX+9SJ8lB9kVRkXw+xvHYSMGG4bpYHKGXeXFvyVc79NMeeBSGgzd4TQLHH+DYeOJoCdl8flrFJVxlZ0wo/Q== +"@docusaurus/logger@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/logger/-/logger-3.6.0.tgz#c7349c2636087f55f573a60a3c7f69b87d59974d" + integrity sha512-BcQhoXilXW0607cH/kO6P5Gt5KxCGfoJ+QDKNf3yO2S09/RsITlW+0QljXPbI3DklTrHrhRDmgGk1yX4nUhWTA== dependencies: chalk "^4.1.2" tslib "^2.6.0" -"@docusaurus/mdx-loader@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/mdx-loader/-/mdx-loader-3.4.0.tgz#483d7ab57928fdbb5c8bd1678098721a930fc5f6" - integrity sha512-kSSbrrk4nTjf4d+wtBA9H+FGauf2gCax89kV8SUSJu3qaTdSIKdWERlngsiHaCFgZ7laTJ8a67UFf+xlFPtuTw== +"@docusaurus/mdx-loader@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/mdx-loader/-/mdx-loader-3.6.0.tgz#f8ba7af9d59473a7182f6a9307e0432f8dce905b" + integrity sha512-GhRzL1Af/AdSSrGesSPOU/iP/aXadTGmVKuysCxZDrQR2RtBtubQZ9aw+KvdFVV7R4K/CsbgD6J5oqrXlEPk3Q== dependencies: - "@docusaurus/logger" "3.4.0" - "@docusaurus/utils" "3.4.0" - "@docusaurus/utils-validation" "3.4.0" + "@docusaurus/logger" "3.6.0" + "@docusaurus/utils" "3.6.0" + "@docusaurus/utils-validation" "3.6.0" "@mdx-js/mdx" "^3.0.0" "@slorber/remark-comment" "^1.0.0" escape-html "^1.0.3" @@ -2167,12 +2297,12 @@ vfile "^6.0.1" webpack "^5.88.1" -"@docusaurus/module-type-aliases@3.4.0", "@docusaurus/module-type-aliases@^3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/module-type-aliases/-/module-type-aliases-3.4.0.tgz#2653bde58fc1aa3dbc626a6c08cfb63a37ae1bb8" - integrity sha512-A1AyS8WF5Bkjnb8s+guTDuYmUiwJzNrtchebBHpc0gz0PyHJNMaybUlSrmJjHVcGrya0LKI4YcR3lBDQfXRYLw== +"@docusaurus/module-type-aliases@3.6.0", "@docusaurus/module-type-aliases@^3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/module-type-aliases/-/module-type-aliases-3.6.0.tgz#44083c34a53db1dde06364b4e7f2d144fa2d5394" + integrity sha512-szTrIN/6/fuk0xkf3XbRfdTFJzRQ8d1s3sQj5++58wltrT7v3yn1149oc9ryYjMpRcbsarGloQwMu7ofPe4XPg== dependencies: - "@docusaurus/types" "3.4.0" + "@docusaurus/types" "3.6.0" "@types/history" "^4.7.11" "@types/react" "*" "@types/react-router-config" "*" @@ -2180,19 +2310,20 @@ react-helmet-async "*" react-loadable "npm:@docusaurus/react-loadable@6.0.0" -"@docusaurus/plugin-content-blog@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.4.0.tgz#6373632fdbababbda73a13c4a08f907d7de8f007" - integrity sha512-vv6ZAj78ibR5Jh7XBUT4ndIjmlAxkijM3Sx5MAAzC1gyv0vupDQNhzuFg1USQmQVj3P5I6bquk12etPV3LJ+Xw== - dependencies: - "@docusaurus/core" "3.4.0" - "@docusaurus/logger" "3.4.0" - "@docusaurus/mdx-loader" "3.4.0" - "@docusaurus/types" "3.4.0" - "@docusaurus/utils" "3.4.0" - "@docusaurus/utils-common" "3.4.0" - "@docusaurus/utils-validation" "3.4.0" - cheerio "^1.0.0-rc.12" +"@docusaurus/plugin-content-blog@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.6.0.tgz#9128175b4c3ce885d9090183d74c60813844ea8d" + integrity sha512-o4aT1/E0Ldpzs/hQff5uyoSriAhS/yqBhqSn+fvSw465AaqRsva6O7CZSYleuBq6x2bewyE3QJq2PcTiHhAd8g== + dependencies: + "@docusaurus/core" "3.6.0" + "@docusaurus/logger" "3.6.0" + "@docusaurus/mdx-loader" "3.6.0" + "@docusaurus/theme-common" "3.6.0" + "@docusaurus/types" "3.6.0" + "@docusaurus/utils" "3.6.0" + "@docusaurus/utils-common" "3.6.0" + "@docusaurus/utils-validation" "3.6.0" + cheerio "1.0.0-rc.12" feed "^4.2.2" fs-extra "^11.1.1" lodash "^4.17.21" @@ -2203,19 +2334,20 @@ utility-types "^3.10.0" webpack "^5.88.1" -"@docusaurus/plugin-content-docs@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.4.0.tgz#3088973f72169a2a6d533afccec7153c8720d332" - integrity sha512-HkUCZffhBo7ocYheD9oZvMcDloRnGhBMOZRyVcAQRFmZPmNqSyISlXA1tQCIxW+r478fty97XXAGjNYzBjpCsg== - dependencies: - "@docusaurus/core" "3.4.0" - "@docusaurus/logger" "3.4.0" - "@docusaurus/mdx-loader" "3.4.0" - "@docusaurus/module-type-aliases" "3.4.0" - "@docusaurus/types" "3.4.0" - "@docusaurus/utils" "3.4.0" - "@docusaurus/utils-common" "3.4.0" - "@docusaurus/utils-validation" "3.4.0" +"@docusaurus/plugin-content-docs@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.6.0.tgz#15cae4bf81da0b0ddce09d53b10b7209116ea9c2" + integrity sha512-c5gZOxocJKO/Zev2MEZInli+b+VNswDGuKHE6QtFgidhAJonwjh2kwj967RvWFaMMk62HlLJLZ+IGK2XsVy4Aw== + dependencies: + "@docusaurus/core" "3.6.0" + "@docusaurus/logger" "3.6.0" + "@docusaurus/mdx-loader" "3.6.0" + "@docusaurus/module-type-aliases" "3.6.0" + "@docusaurus/theme-common" "3.6.0" + "@docusaurus/types" "3.6.0" + "@docusaurus/utils" "3.6.0" + "@docusaurus/utils-common" "3.6.0" + "@docusaurus/utils-validation" "3.6.0" "@types/react-router-config" "^5.0.7" combine-promises "^1.1.0" fs-extra "^11.1.1" @@ -2225,118 +2357,119 @@ utility-types "^3.10.0" webpack "^5.88.1" -"@docusaurus/plugin-content-pages@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.4.0.tgz#1846172ca0355c7d32a67ef8377750ce02bbb8ad" - integrity sha512-h2+VN/0JjpR8fIkDEAoadNjfR3oLzB+v1qSXbIAKjQ46JAHx3X22n9nqS+BWSQnTnp1AjkjSvZyJMekmcwxzxg== - dependencies: - "@docusaurus/core" "3.4.0" - "@docusaurus/mdx-loader" "3.4.0" - "@docusaurus/types" "3.4.0" - "@docusaurus/utils" "3.4.0" - "@docusaurus/utils-validation" "3.4.0" +"@docusaurus/plugin-content-pages@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.6.0.tgz#5dd284bf063baaba1e0305c90b1dd0d5acc7e466" + integrity sha512-RKHhJrfkadHc7+tt1cP48NWifOrhkSRMPdXNYytzhoQrXlP6Ph+3tfQ4/n+nT0S3Y9+wwRxYqRqA380ZLt+QtQ== + dependencies: + "@docusaurus/core" "3.6.0" + "@docusaurus/mdx-loader" "3.6.0" + "@docusaurus/types" "3.6.0" + "@docusaurus/utils" "3.6.0" + "@docusaurus/utils-validation" "3.6.0" fs-extra "^11.1.1" tslib "^2.6.0" webpack "^5.88.1" -"@docusaurus/plugin-debug@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-debug/-/plugin-debug-3.4.0.tgz#74e4ec5686fa314c26f3ac150bacadbba7f06948" - integrity sha512-uV7FDUNXGyDSD3PwUaf5YijX91T5/H9SX4ErEcshzwgzWwBtK37nUWPU3ZLJfeTavX3fycTOqk9TglpOLaWkCg== +"@docusaurus/plugin-debug@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/plugin-debug/-/plugin-debug-3.6.0.tgz#0a6da9ba31a0acb176ae2762b4d6b96b1906c826" + integrity sha512-o8T1Rl94COLdSlKvjYLQpRJQRU8WWZ8EX1B0yV0dQLNN8reyH7MQW+6z1ig4sQFfH3pnjPWVGHfuEjcib5m7Eg== dependencies: - "@docusaurus/core" "3.4.0" - "@docusaurus/types" "3.4.0" - "@docusaurus/utils" "3.4.0" + "@docusaurus/core" "3.6.0" + "@docusaurus/types" "3.6.0" + "@docusaurus/utils" "3.6.0" fs-extra "^11.1.1" react-json-view-lite "^1.2.0" tslib "^2.6.0" -"@docusaurus/plugin-google-analytics@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.4.0.tgz#5f59fc25329a59decc231936f6f9fb5663da3c55" - integrity sha512-mCArluxEGi3cmYHqsgpGGt3IyLCrFBxPsxNZ56Mpur0xSlInnIHoeLDH7FvVVcPJRPSQ9/MfRqLsainRw+BojA== +"@docusaurus/plugin-google-analytics@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.6.0.tgz#9e8245eef1bee95e44ef2af92ce3e844a8e93e64" + integrity sha512-kgRFbfpi6Hshj75YUztKyEMtI/kw0trPRwoTN4g+W1NK99R/vh8phTvhBTIMnDbetU79795LkwfG0rZ/ce6zWQ== dependencies: - "@docusaurus/core" "3.4.0" - "@docusaurus/types" "3.4.0" - "@docusaurus/utils-validation" "3.4.0" + "@docusaurus/core" "3.6.0" + "@docusaurus/types" "3.6.0" + "@docusaurus/utils-validation" "3.6.0" tslib "^2.6.0" -"@docusaurus/plugin-google-gtag@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.4.0.tgz#42489ac5fe1c83b5523ceedd5ef74f9aa8bc251b" - integrity sha512-Dsgg6PLAqzZw5wZ4QjUYc8Z2KqJqXxHxq3vIoyoBWiLEEfigIs7wHR+oiWUQy3Zk9MIk6JTYj7tMoQU0Jm3nqA== +"@docusaurus/plugin-google-gtag@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.6.0.tgz#bed8381fe3ab357d56a565f657e38d8ea6272703" + integrity sha512-nqu4IfjaO4UX+dojHL2BxHRS+sKj31CIMWYo49huQ3wTET0Oc3u/WGTaKd3ShTPDhkgiRhTOSTPUwJWrU55nHg== dependencies: - "@docusaurus/core" "3.4.0" - "@docusaurus/types" "3.4.0" - "@docusaurus/utils-validation" "3.4.0" + "@docusaurus/core" "3.6.0" + "@docusaurus/types" "3.6.0" + "@docusaurus/utils-validation" "3.6.0" "@types/gtag.js" "^0.0.12" tslib "^2.6.0" -"@docusaurus/plugin-google-tag-manager@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.4.0.tgz#cebb03a5ffa1e70b37d95601442babea251329ff" - integrity sha512-O9tX1BTwxIhgXpOLpFDueYA9DWk69WCbDRrjYoMQtFHSkTyE7RhNgyjSPREUWJb9i+YUg3OrsvrBYRl64FCPCQ== +"@docusaurus/plugin-google-tag-manager@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.6.0.tgz#326382de05888ea4317837be736eabd635adbc71" + integrity sha512-OU6c5xI0nOVbEc9eImGvvsgNWe4vGm97t/W3aLHjWsHyNk3uwFNBQMHRvBUwAi9k/K3kyC5E7DWnc67REhdLOw== dependencies: - "@docusaurus/core" "3.4.0" - "@docusaurus/types" "3.4.0" - "@docusaurus/utils-validation" "3.4.0" + "@docusaurus/core" "3.6.0" + "@docusaurus/types" "3.6.0" + "@docusaurus/utils-validation" "3.6.0" tslib "^2.6.0" -"@docusaurus/plugin-sitemap@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.4.0.tgz#b091d64d1e3c6c872050189999580187537bcbc6" - integrity sha512-+0VDvx9SmNrFNgwPoeoCha+tRoAjopwT0+pYO1xAbyLcewXSemq+eLxEa46Q1/aoOaJQ0qqHELuQM7iS2gp33Q== - dependencies: - "@docusaurus/core" "3.4.0" - "@docusaurus/logger" "3.4.0" - "@docusaurus/types" "3.4.0" - "@docusaurus/utils" "3.4.0" - "@docusaurus/utils-common" "3.4.0" - "@docusaurus/utils-validation" "3.4.0" +"@docusaurus/plugin-sitemap@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.6.0.tgz#c7c93f75f03391ca9071da48563fc4faa84966bc" + integrity sha512-YB5XMdf9FjLhgbHY/cDbYhVxsgcpPIjxY9769HUgFOB7GVzItTLOR71W035R1BiR2CA5QAn3XOSg36WLRxlhQQ== + dependencies: + "@docusaurus/core" "3.6.0" + "@docusaurus/logger" "3.6.0" + "@docusaurus/types" "3.6.0" + "@docusaurus/utils" "3.6.0" + "@docusaurus/utils-common" "3.6.0" + "@docusaurus/utils-validation" "3.6.0" fs-extra "^11.1.1" sitemap "^7.1.1" tslib "^2.6.0" -"@docusaurus/preset-classic@^3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/preset-classic/-/preset-classic-3.4.0.tgz#6082a32fbb465b0cb2c2a50ebfc277cff2c0f139" - integrity sha512-Ohj6KB7siKqZaQhNJVMBBUzT3Nnp6eTKqO+FXO3qu/n1hJl3YLwVKTWBg28LF7MWrKu46UuYavwMRxud0VyqHg== - dependencies: - "@docusaurus/core" "3.4.0" - "@docusaurus/plugin-content-blog" "3.4.0" - "@docusaurus/plugin-content-docs" "3.4.0" - "@docusaurus/plugin-content-pages" "3.4.0" - "@docusaurus/plugin-debug" "3.4.0" - "@docusaurus/plugin-google-analytics" "3.4.0" - "@docusaurus/plugin-google-gtag" "3.4.0" - "@docusaurus/plugin-google-tag-manager" "3.4.0" - "@docusaurus/plugin-sitemap" "3.4.0" - "@docusaurus/theme-classic" "3.4.0" - "@docusaurus/theme-common" "3.4.0" - "@docusaurus/theme-search-algolia" "3.4.0" - "@docusaurus/types" "3.4.0" - -"@docusaurus/theme-classic@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/theme-classic/-/theme-classic-3.4.0.tgz#1b0f48edec3e3ec8927843554b9f11e5927b0e52" - integrity sha512-0IPtmxsBYv2adr1GnZRdMkEQt1YW6tpzrUPj02YxNpvJ5+ju4E13J5tB4nfdaen/tfR1hmpSPlTFPvTf4kwy8Q== - dependencies: - "@docusaurus/core" "3.4.0" - "@docusaurus/mdx-loader" "3.4.0" - "@docusaurus/module-type-aliases" "3.4.0" - "@docusaurus/plugin-content-blog" "3.4.0" - "@docusaurus/plugin-content-docs" "3.4.0" - "@docusaurus/plugin-content-pages" "3.4.0" - "@docusaurus/theme-common" "3.4.0" - "@docusaurus/theme-translations" "3.4.0" - "@docusaurus/types" "3.4.0" - "@docusaurus/utils" "3.4.0" - "@docusaurus/utils-common" "3.4.0" - "@docusaurus/utils-validation" "3.4.0" +"@docusaurus/preset-classic@^3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/preset-classic/-/preset-classic-3.6.0.tgz#71561f366a266be571022764eb8b9e5618f573eb" + integrity sha512-kpGNdQzr/Dpm7o3b1iaQrz4DMDx3WIeBbl4V4P4maa2zAQkTdlaP4CMgA5oKrRrpqPLnQFsUM/b+qf2glhl2Tw== + dependencies: + "@docusaurus/core" "3.6.0" + "@docusaurus/plugin-content-blog" "3.6.0" + "@docusaurus/plugin-content-docs" "3.6.0" + "@docusaurus/plugin-content-pages" "3.6.0" + "@docusaurus/plugin-debug" "3.6.0" + "@docusaurus/plugin-google-analytics" "3.6.0" + "@docusaurus/plugin-google-gtag" "3.6.0" + "@docusaurus/plugin-google-tag-manager" "3.6.0" + "@docusaurus/plugin-sitemap" "3.6.0" + "@docusaurus/theme-classic" "3.6.0" + "@docusaurus/theme-common" "3.6.0" + "@docusaurus/theme-search-algolia" "3.6.0" + "@docusaurus/types" "3.6.0" + +"@docusaurus/theme-classic@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/theme-classic/-/theme-classic-3.6.0.tgz#8f34b65c85f5082deb3633a893974d2eee309121" + integrity sha512-sAXNfwPL6uRD+BuHuKXZfAXud7SS7IK/JdrPuzyQxdO1gJKzI5GFfe1ED1QoJDNWJWJ01JHE5rSnwYLEADc2rQ== + dependencies: + "@docusaurus/core" "3.6.0" + "@docusaurus/logger" "3.6.0" + "@docusaurus/mdx-loader" "3.6.0" + "@docusaurus/module-type-aliases" "3.6.0" + "@docusaurus/plugin-content-blog" "3.6.0" + "@docusaurus/plugin-content-docs" "3.6.0" + "@docusaurus/plugin-content-pages" "3.6.0" + "@docusaurus/theme-common" "3.6.0" + "@docusaurus/theme-translations" "3.6.0" + "@docusaurus/types" "3.6.0" + "@docusaurus/utils" "3.6.0" + "@docusaurus/utils-common" "3.6.0" + "@docusaurus/utils-validation" "3.6.0" "@mdx-js/react" "^3.0.0" clsx "^2.0.0" copy-text-to-clipboard "^3.2.0" - infima "0.2.0-alpha.43" + infima "0.2.0-alpha.45" lodash "^4.17.21" nprogress "^0.2.0" postcss "^8.4.26" @@ -2347,18 +2480,15 @@ tslib "^2.6.0" utility-types "^3.10.0" -"@docusaurus/theme-common@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/theme-common/-/theme-common-3.4.0.tgz#01f2b728de6cb57f6443f52fc30675cf12a5d49f" - integrity sha512-0A27alXuv7ZdCg28oPE8nH/Iz73/IUejVaCazqu9elS4ypjiLhK3KfzdSQBnL/g7YfHSlymZKdiOHEo8fJ0qMA== - dependencies: - "@docusaurus/mdx-loader" "3.4.0" - "@docusaurus/module-type-aliases" "3.4.0" - "@docusaurus/plugin-content-blog" "3.4.0" - "@docusaurus/plugin-content-docs" "3.4.0" - "@docusaurus/plugin-content-pages" "3.4.0" - "@docusaurus/utils" "3.4.0" - "@docusaurus/utils-common" "3.4.0" +"@docusaurus/theme-common@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/theme-common/-/theme-common-3.6.0.tgz#9a061d278df76da0f70a9465cd0b7299c14d03d3" + integrity sha512-frjlYE5sRs+GuPs4XXlp9aMLI2O4H5FPpznDAXBrCm+8EpWRiIb443ePMxM3IyMCQ5bwFlki0PI9C+r4apstnw== + dependencies: + "@docusaurus/mdx-loader" "3.6.0" + "@docusaurus/module-type-aliases" "3.6.0" + "@docusaurus/utils" "3.6.0" + "@docusaurus/utils-common" "3.6.0" "@types/history" "^4.7.11" "@types/react" "*" "@types/react-router-config" "*" @@ -2368,19 +2498,19 @@ tslib "^2.6.0" utility-types "^3.10.0" -"@docusaurus/theme-search-algolia@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.4.0.tgz#c499bad71d668df0d0f15b0e5e33e2fc4e330fcc" - integrity sha512-aiHFx7OCw4Wck1z6IoShVdUWIjntC8FHCw9c5dR8r3q4Ynh+zkS8y2eFFunN/DL6RXPzpnvKCg3vhLQYJDmT9Q== +"@docusaurus/theme-search-algolia@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.6.0.tgz#47dcfca68f50163abce411dd9b181855a9ec9c83" + integrity sha512-4IwRUkxjrisR8LXBHeE4d2btraWdMficbgiVL3UHvJURmyvgzMBZQP8KrK8rjdXeu8SuRxSmeV6NSVomRvdbEg== dependencies: "@docsearch/react" "^3.5.2" - "@docusaurus/core" "3.4.0" - "@docusaurus/logger" "3.4.0" - "@docusaurus/plugin-content-docs" "3.4.0" - "@docusaurus/theme-common" "3.4.0" - "@docusaurus/theme-translations" "3.4.0" - "@docusaurus/utils" "3.4.0" - "@docusaurus/utils-validation" "3.4.0" + "@docusaurus/core" "3.6.0" + "@docusaurus/logger" "3.6.0" + "@docusaurus/plugin-content-docs" "3.6.0" + "@docusaurus/theme-common" "3.6.0" + "@docusaurus/theme-translations" "3.6.0" + "@docusaurus/utils" "3.6.0" + "@docusaurus/utils-validation" "3.6.0" algoliasearch "^4.18.0" algoliasearch-helper "^3.13.3" clsx "^2.0.0" @@ -2390,18 +2520,18 @@ tslib "^2.6.0" utility-types "^3.10.0" -"@docusaurus/theme-translations@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/theme-translations/-/theme-translations-3.4.0.tgz#e6355d01352886c67e38e848b2542582ea3070af" - integrity sha512-zSxCSpmQCCdQU5Q4CnX/ID8CSUUI3fvmq4hU/GNP/XoAWtXo9SAVnM3TzpU8Gb//H3WCsT8mJcTfyOk3d9ftNg== +"@docusaurus/theme-translations@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/theme-translations/-/theme-translations-3.6.0.tgz#93994e931f340c1712c81ac80dbab5750c24634f" + integrity sha512-L555X8lWE3fv8VaF0Bc1VnAgi10UvRKFcvADHiYR7Gj37ItaWP5i7xLHsSw7fi/SHTXe5wfIeCFNqUYHyCOHAQ== dependencies: fs-extra "^11.1.1" tslib "^2.6.0" -"@docusaurus/types@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/types/-/types-3.4.0.tgz#237c3f737e9db3f7c1a5935a3ef48d6eadde8292" - integrity sha512-4jcDO8kXi5Cf9TcyikB/yKmz14f2RZ2qTRerbHAsS+5InE9ZgSLBNLsewtFTcTOXSVcbU3FoGOzcNWAmU1TR0A== +"@docusaurus/types@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/types/-/types-3.6.0.tgz#8fa82332a7c7b8093b5c55e1115f5854ce484978" + integrity sha512-jADLgoZGWhAzThr+mRiyuFD4OUzt6jHnb7NRArRKorgxckqUBaPyFOau9hhbcSTHtU6ceyeWjN7FDt7uG2Hplw== dependencies: "@mdx-js/mdx" "^3.0.0" "@types/history" "^4.7.11" @@ -2410,37 +2540,37 @@ joi "^17.9.2" react-helmet-async "^1.3.0" utility-types "^3.10.0" - webpack "^5.88.1" + webpack "^5.95.0" webpack-merge "^5.9.0" -"@docusaurus/utils-common@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/utils-common/-/utils-common-3.4.0.tgz#2a43fefd35b85ab9fcc6833187e66c15f8bfbbc6" - integrity sha512-NVx54Wr4rCEKsjOH5QEVvxIqVvm+9kh7q8aYTU5WzUU9/Hctd6aTrcZ3G0Id4zYJ+AeaG5K5qHA4CY5Kcm2iyQ== +"@docusaurus/utils-common@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/utils-common/-/utils-common-3.6.0.tgz#11855ea503132bbcaba6ca4d351293ff10a75d34" + integrity sha512-diUDNfbw33GaZMmKwdTckT2IBfVouXLXRD+zphH9ywswuaEIKqixvuf5g41H7MBBrlMsxhna3uTMoB4B/OPDcA== dependencies: tslib "^2.6.0" -"@docusaurus/utils-validation@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/utils-validation/-/utils-validation-3.4.0.tgz#0176f6e503ff45f4390ec2ecb69550f55e0b5eb7" - integrity sha512-hYQ9fM+AXYVTWxJOT1EuNaRnrR2WGpRdLDQG07O8UOpsvCPWUVOeo26Rbm0JWY2sGLfzAb+tvJ62yF+8F+TV0g== +"@docusaurus/utils-validation@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/utils-validation/-/utils-validation-3.6.0.tgz#5557ca14fa64ac29e6f70e61006be721395ecde5" + integrity sha512-CRHiKKJEKA0GFlfOf71JWHl7PtwOyX0+Zg9ep9NFEZv6Lcx3RJ9nhl7p8HRjPL6deyYceavM//BsfW4pCI4BtA== dependencies: - "@docusaurus/logger" "3.4.0" - "@docusaurus/utils" "3.4.0" - "@docusaurus/utils-common" "3.4.0" + "@docusaurus/logger" "3.6.0" + "@docusaurus/utils" "3.6.0" + "@docusaurus/utils-common" "3.6.0" fs-extra "^11.2.0" joi "^17.9.2" js-yaml "^4.1.0" lodash "^4.17.21" tslib "^2.6.0" -"@docusaurus/utils@3.4.0": - version "3.4.0" - resolved "https://registry.yarnpkg.com/@docusaurus/utils/-/utils-3.4.0.tgz#c508e20627b7a55e2b541e4a28c95e0637d6a204" - integrity sha512-fRwnu3L3nnWaXOgs88BVBmG1yGjcQqZNHG+vInhEa2Sz2oQB+ZjbEMO5Rh9ePFpZ0YDiDUhpaVjwmS+AU2F14g== +"@docusaurus/utils@3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@docusaurus/utils/-/utils-3.6.0.tgz#192785da6fd62dfd83d6f1879c3aa45547f5df23" + integrity sha512-VKczAutI4mptiAw/WcYEu5WeVhQ6Q1zdIUl64SGw9K++9lziH+Kt10Ee8l2dMpRkiUk6zzK20kMNlX2WCUwXYQ== dependencies: - "@docusaurus/logger" "3.4.0" - "@docusaurus/utils-common" "3.4.0" + "@docusaurus/logger" "3.6.0" + "@docusaurus/utils-common" "3.6.0" "@svgr/webpack" "^8.1.0" escape-string-regexp "^4.0.0" file-loader "^6.2.0" @@ -2491,7 +2621,7 @@ "@types/yargs" "^17.0.8" chalk "^4.0.0" -"@jridgewell/gen-mapping@^0.3.2", "@jridgewell/gen-mapping@^0.3.5": +"@jridgewell/gen-mapping@^0.3.5": version "0.3.5" resolved "https://registry.yarnpkg.com/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz#dcce6aff74bdf6dad1a95802b69b04a2fcb1fb36" integrity sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg== @@ -2523,7 +2653,7 @@ resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz#d7c6e6755c78567a951e04ab52ef0fd26de59f32" integrity sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg== -"@jridgewell/trace-mapping@^0.3.17", "@jridgewell/trace-mapping@^0.3.18", "@jridgewell/trace-mapping@^0.3.20", "@jridgewell/trace-mapping@^0.3.24", "@jridgewell/trace-mapping@^0.3.25": +"@jridgewell/trace-mapping@^0.3.18", "@jridgewell/trace-mapping@^0.3.20", "@jridgewell/trace-mapping@^0.3.24", "@jridgewell/trace-mapping@^0.3.25": version "0.3.25" resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz#15f190e98895f3fc23276ee14bc76b675c2e50f0" integrity sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ== @@ -2822,7 +2952,7 @@ dependencies: "@types/ms" "*" -"@types/eslint-scope@^3.7.3": +"@types/eslint-scope@^3.7.3", "@types/eslint-scope@^3.7.7": version "3.7.7" resolved "https://registry.yarnpkg.com/@types/eslint-scope/-/eslint-scope-3.7.7.tgz#3108bd5f18b0cdb277c867b3dd449c9ed7079ac5" integrity sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg== @@ -2850,6 +2980,11 @@ resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.5.tgz#a6ce3e556e00fd9895dd872dd172ad0d4bd687f4" integrity sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw== +"@types/estree@^1.0.6": + version "1.0.6" + resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.6.tgz#628effeeae2064a1b4e79f78e81d87b7e5fc7b50" + integrity sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw== + "@types/express-serve-static-core@*", "@types/express-serve-static-core@^4.17.33": version "4.17.43" resolved "https://registry.yarnpkg.com/@types/express-serve-static-core/-/express-serve-static-core-4.17.43.tgz#10d8444be560cb789c4735aea5eac6e5af45df54" @@ -3121,7 +3256,7 @@ resolved "https://registry.yarnpkg.com/@ungap/structured-clone/-/structured-clone-1.2.0.tgz#756641adb587851b5ccb3e095daf27ae581c8406" integrity sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ== -"@webassemblyjs/ast@1.12.1", "@webassemblyjs/ast@^1.11.5": +"@webassemblyjs/ast@1.12.1", "@webassemblyjs/ast@^1.11.5", "@webassemblyjs/ast@^1.12.1": version "1.12.1" resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.12.1.tgz#bb16a0e8b1914f979f45864c23819cc3e3f0d4bb" integrity sha512-EKfMUOPRRUTy5UII4qJDGPpqfwjOmZ5jeGFwid9mnoqIFK+e0vqoi1qH56JpmZSzEL53jKnNzScdmftJyG5xWg== @@ -3187,7 +3322,7 @@ resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.11.6.tgz#90f8bc34c561595fe156603be7253cdbcd0fab5a" integrity sha512-vtXf2wTQ3+up9Zsg8sa2yWiQpzSsMyXj0qViVP6xKGCUT8p8YJ6HqI7l5eCnWx1T/FYdsv07HQs2wTFbbof/RA== -"@webassemblyjs/wasm-edit@^1.11.5": +"@webassemblyjs/wasm-edit@^1.11.5", "@webassemblyjs/wasm-edit@^1.12.1": version "1.12.1" resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.12.1.tgz#9f9f3ff52a14c980939be0ef9d5df9ebc678ae3b" integrity sha512-1DuwbVvADvS5mGnXbE+c9NfA8QRcZ6iKquqjjmR10k6o+zzsRVesil54DKexiowcFCPdr/Q0qaMgB01+SQ1u6g== @@ -3222,7 +3357,7 @@ "@webassemblyjs/wasm-gen" "1.12.1" "@webassemblyjs/wasm-parser" "1.12.1" -"@webassemblyjs/wasm-parser@1.12.1", "@webassemblyjs/wasm-parser@^1.11.5": +"@webassemblyjs/wasm-parser@1.12.1", "@webassemblyjs/wasm-parser@^1.11.5", "@webassemblyjs/wasm-parser@^1.12.1": version "1.12.1" resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.12.1.tgz#c47acb90e6f083391e3fa61d113650eea1e95937" integrity sha512-xikIi7c2FHXysxXe3COrVUPSheuBtpcfhbpFj4gmu7KRLYOzANztwUU0IbsqvMqzuNK2+glRGWCEqZo1WCLyAQ== @@ -3280,6 +3415,11 @@ acorn@^8.0.0, acorn@^8.0.4, acorn@^8.7.1, acorn@^8.8.2: resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.11.3.tgz#71e0b14e13a4ec160724b38fb7b0f233b1b81d7a" integrity sha512-Y9rRfJG5jcKOE0CLisYbojUjIrIEE7AGMzA/Sm4BslANhbS+cDMpgBdcPT91oJ7OuJ9hYJBx59RjbhxVnrF8Xg== +acorn@^8.14.0: + version "8.14.0" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.14.0.tgz#063e2c70cac5fb4f6467f0b11152e04c682795b0" + integrity sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA== + address@^1.0.1, address@^1.1.2: version "1.2.2" resolved "https://registry.yarnpkg.com/address/-/address-1.2.2.tgz#2b5248dac5485a6390532c6a517fda2e3faac89e" @@ -3366,6 +3506,13 @@ ansi-align@^3.0.1: dependencies: string-width "^4.1.0" +ansi-escapes@^4.3.2: + version "4.3.2" + resolved "https://registry.yarnpkg.com/ansi-escapes/-/ansi-escapes-4.3.2.tgz#6b2291d1db7d98b6521d5f1efa42d0f3a9feb65e" + integrity sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ== + dependencies: + type-fest "^0.21.3" + ansi-html-community@^0.0.8: version "0.0.8" resolved "https://registry.yarnpkg.com/ansi-html-community/-/ansi-html-community-0.0.8.tgz#69fbc4d6ccbe383f9736934ae34c3f8290f1bf41" @@ -3388,7 +3535,7 @@ ansi-styles@^3.2.1: dependencies: color-convert "^1.9.0" -ansi-styles@^4.1.0: +ansi-styles@^4.0.0, ansi-styles@^4.1.0: version "4.3.0" resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-4.3.0.tgz#edd803628ae71c04c85ae7a0906edad34b648937" integrity sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg== @@ -3469,10 +3616,10 @@ autoprefixer@^10.4.19: picocolors "^1.0.0" postcss-value-parser "^4.2.0" -babel-loader@^9.1.3: - version "9.1.3" - resolved "https://registry.yarnpkg.com/babel-loader/-/babel-loader-9.1.3.tgz#3d0e01b4e69760cc694ee306fe16d358aa1c6f9a" - integrity sha512-xG3ST4DglodGf8qSwv0MdeWLhrDsw/32QMdTO5T1ZIp9gQur0HkCyFs7Awskr10JKXFXwpAhiCuYX5oGXnRGbw== +babel-loader@^9.2.1: + version "9.2.1" + resolved "https://registry.yarnpkg.com/babel-loader/-/babel-loader-9.2.1.tgz#04c7835db16c246dd19ba0914418f3937797587b" + integrity sha512-fqe8naHt46e0yIdkjUZYqddSXfej3AHajX+CSO5X7oy0EmPc6o5Xh+RClNoHjnieWz9AW4kZxW9yyFMhVB1QLA== dependencies: find-cache-dir "^4.0.0" schema-utils "^4.0.0" @@ -3493,15 +3640,6 @@ babel-plugin-polyfill-corejs2@^0.4.10: "@babel/helper-define-polyfill-provider" "^0.6.2" semver "^6.3.1" -babel-plugin-polyfill-corejs2@^0.4.8: - version "0.4.10" - resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.10.tgz#276f41710b03a64f6467433cab72cbc2653c38b1" - integrity sha512-rpIuu//y5OX6jVU+a5BCn1R5RSZYWAl2Nar76iwaOdycqb6JPxediskWFMMl7stfwNJR4b7eiQvh5fB5TEQJTQ== - dependencies: - "@babel/compat-data" "^7.22.6" - "@babel/helper-define-polyfill-provider" "^0.6.1" - semver "^6.3.1" - babel-plugin-polyfill-corejs3@^0.10.4: version "0.10.4" resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.10.4.tgz#789ac82405ad664c20476d0233b485281deb9c77" @@ -3510,20 +3648,13 @@ babel-plugin-polyfill-corejs3@^0.10.4: "@babel/helper-define-polyfill-provider" "^0.6.1" core-js-compat "^3.36.1" -babel-plugin-polyfill-corejs3@^0.9.0: - version "0.9.0" - resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.9.0.tgz#9eea32349d94556c2ad3ab9b82ebb27d4bf04a81" - integrity sha512-7nZPG1uzK2Ymhy/NbaOWTg3uibM2BmGASS4vHS4szRZAIR8R6GwA/xAujpdrXU5iyklrimWnLWU+BLF9suPTqg== +babel-plugin-polyfill-corejs3@^0.10.6: + version "0.10.6" + resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.10.6.tgz#2deda57caef50f59c525aeb4964d3b2f867710c7" + integrity sha512-b37+KR2i/khY5sKmWNVQAnitvquQbNdWy6lJdsr0kmquCKEEUgMKK4SboVM3HtfnZilfjr4MMQ7vY58FVWDtIA== dependencies: - "@babel/helper-define-polyfill-provider" "^0.5.0" - core-js-compat "^3.34.0" - -babel-plugin-polyfill-regenerator@^0.5.5: - version "0.5.5" - resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.5.5.tgz#8b0c8fc6434239e5d7b8a9d1f832bb2b0310f06a" - integrity sha512-OJGYZlhLqBh2DDHeqAxWB1XIvr49CxiJ2gIt61/PU55CQK4Z58OzMqjDe1zwQdQk+rBYsRc+1rJmdajM3gimHg== - dependencies: - "@babel/helper-define-polyfill-provider" "^0.5.0" + "@babel/helper-define-polyfill-provider" "^0.6.2" + core-js-compat "^3.38.0" babel-plugin-polyfill-regenerator@^0.6.1: version "0.6.2" @@ -3631,7 +3762,7 @@ braces@^3.0.2, braces@~3.0.2: dependencies: fill-range "^7.0.1" -browserslist@^4.0.0, browserslist@^4.18.1, browserslist@^4.21.10, browserslist@^4.22.2, browserslist@^4.22.3, browserslist@^4.23.0: +browserslist@^4.0.0, browserslist@^4.18.1, browserslist@^4.21.10, browserslist@^4.22.2, browserslist@^4.23.0: version "4.23.0" resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.23.0.tgz#8f3acc2bbe73af7213399430890f86c63a5674ab" integrity sha512-QW8HiM1shhT2GuzkvklfjcKDiWFXHOeFCIA/huJPwHsslwcydgk7X+z2zXpEijP98UCY7HbubZt5J2Zgvf0CaQ== @@ -3651,6 +3782,16 @@ browserslist@^4.23.1: node-releases "^2.0.14" update-browserslist-db "^1.1.0" +browserslist@^4.24.0, browserslist@^4.24.2: + version "4.24.2" + resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.24.2.tgz#f5845bc91069dbd55ee89faf9822e1d885d16580" + integrity sha512-ZIc+Q62revdMcqC6aChtW4jz3My3klmCO1fEmINZY/8J3EpBg5/A/D0AKmBveUh6pgoeycoMkVMko84tuYS+Gg== + dependencies: + caniuse-lite "^1.0.30001669" + electron-to-chromium "^1.5.41" + node-releases "^2.0.18" + update-browserslist-db "^1.1.1" + buffer-from@^1.0.0: version "1.1.2" resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.2.tgz#2b146a6fd72e80b4f55d255f35ed59a3a9a41bd5" @@ -3738,6 +3879,11 @@ caniuse-lite@^1.0.30001599, caniuse-lite@^1.0.30001640: resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001643.tgz#9c004caef315de9452ab970c3da71085f8241dbd" integrity sha512-ERgWGNleEilSrHM6iUz/zJNSQTP8Mr21wDWpdgvRwcTXGAq6jMtOUPP4dqFPTdKqZ2wKTdtB+uucZ3MRpAUSmg== +caniuse-lite@^1.0.30001669: + version "1.0.30001677" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001677.tgz#27c2e2c637e007cfa864a16f7dfe7cde66b38b5f" + integrity sha512-fmfjsOlJUpMWu+mAAtZZZHz7UEwsUxIIvu1TJfO1HqFQvB/B+ii0xr9B5HpbZY/mC4XZ8SvjHJqtAY6pDPQEog== + ccount@^2.0.0: version "2.0.1" resolved "https://registry.yarnpkg.com/ccount/-/ccount-2.0.1.tgz#17a3bf82302e0870d6da43a01311a8bc02a3ecf5" @@ -3802,7 +3948,7 @@ cheerio-select@^2.1.0: domhandler "^5.0.3" domutils "^3.0.1" -cheerio@^1.0.0-rc.12: +cheerio@1.0.0-rc.12: version "1.0.0-rc.12" resolved "https://registry.yarnpkg.com/cheerio/-/cheerio-1.0.0-rc.12.tgz#788bf7466506b1c6bf5fae51d24a2c4d62e47683" integrity sha512-VqR8m68vM46BNnuZ5NtnGBKIE/DfN0cRIzg9n40EIq9NOv90ayxLBXA8fXC5gquFRGJSTRqBq25Jt2ECLR431Q== @@ -4008,10 +4154,10 @@ connect-history-api-fallback@^2.0.0: resolved "https://registry.yarnpkg.com/connect-history-api-fallback/-/connect-history-api-fallback-2.0.0.tgz#647264845251a0daf25b97ce87834cace0f5f1c8" integrity sha512-U73+6lQFmfiNPrYbXqr6kZ1i1wiRqXnp2nhMsINseWXO8lDau0LGEffJ8kQi4EjLZympVgRdvqjAgiZ1tgzDDA== -consola@^2.15.3: - version "2.15.3" - resolved "https://registry.yarnpkg.com/consola/-/consola-2.15.3.tgz#2e11f98d6a4be71ff72e0bdf07bd23e12cb61550" - integrity sha512-9vAdYbHj6x2fLKC4+oPH0kFzY/orMZyG2Aj+kNylHxKGJ/Ed4dpNyAQYwJOdqO4zdM7XpVHmyejQDcQHrnuXbw== +consola@^3.2.3: + version "3.2.3" + resolved "https://registry.yarnpkg.com/consola/-/consola-3.2.3.tgz#0741857aa88cfa0d6fd53f1cff0375136e98502f" + integrity sha512-I5qxpzLv+sJhTVEoLYNcTW+bThDCPsit0vLNKShZx6rLtpilNpmmeTPaeqJb9ZE9dV3DGaeby6Vuhrw38WjeyQ== content-disposition@0.5.2: version "0.5.2" @@ -4062,13 +4208,6 @@ copy-webpack-plugin@^11.0.0: schema-utils "^4.0.0" serialize-javascript "^6.0.0" -core-js-compat@^3.31.0, core-js-compat@^3.34.0: - version "3.36.0" - resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.36.0.tgz#087679119bc2fdbdefad0d45d8e5d307d45ba190" - integrity sha512-iV9Pd/PsgjNWBXeq8XRtWVSgz2tKAfhfvBs7qxYty+RlRd+OCksaWmOnc4JKrTc1cToXL1N0s3l/vwlxPtdElw== - dependencies: - browserslist "^4.22.3" - core-js-compat@^3.36.1, core-js-compat@^3.37.1: version "3.37.1" resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.37.1.tgz#c844310c7852f4bdf49b8d339730b97e17ff09ee" @@ -4076,6 +4215,13 @@ core-js-compat@^3.36.1, core-js-compat@^3.37.1: dependencies: browserslist "^4.23.0" +core-js-compat@^3.38.0, core-js-compat@^3.38.1: + version "3.39.0" + resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.39.0.tgz#b12dccb495f2601dc860bdbe7b4e3ffa8ba63f61" + integrity sha512-VgEUx3VwlExr5no0tXlBt+silBvhTryPwCXRI2Id1PN8WTKu7MreethvddqOubrYxkFdv/RnYrqlv1sFNAUelw== + dependencies: + browserslist "^4.24.2" + core-js-pure@^3.30.2: version "3.36.0" resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.36.0.tgz#ffb34330b14e594d6a9835cf5843b4123f1d95db" @@ -4537,6 +4683,11 @@ electron-to-chromium@^1.4.820: resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.2.tgz#6126ad229ce45e781ec54ca40db0504787f23d19" integrity sha512-kc4r3U3V3WLaaZqThjYz/Y6z8tJe+7K0bbjUVo3i+LWIypVdMx5nXCkwRe6SWbY6ILqLdc1rKcKmr3HoH7wjSQ== +electron-to-chromium@^1.5.41: + version "1.5.52" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.52.tgz#2bed832c95a56a195504f918150e548474687da8" + integrity sha512-xtoijJTZ+qeucLBDNztDOuQBE1ksqjvNjvqFoST3nGC7fSpqJ+X6BdTBaY5BHG+IhWWmpc6b/KfpeuEDupEPOQ== + emoji-regex@^8.0.0: version "8.0.0" resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37" @@ -4575,6 +4726,14 @@ enhanced-resolve@^5.15.0: graceful-fs "^4.2.4" tapable "^2.2.0" +enhanced-resolve@^5.17.1: + version "5.17.1" + resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.17.1.tgz#67bfbbcc2f81d511be77d686a90267ef7f898a15" + integrity sha512-LMHl3dXhTcfv8gM4kEzIUeTQ+7fpdA0l2tUf34BddXPkz2A5xJ5L/Pchd5BL6rdccM9QGvu0sWZzK1Z1t4wwyg== + dependencies: + graceful-fs "^4.2.4" + tapable "^2.2.0" + entities@^2.0.0: version "2.2.0" resolved "https://registry.yarnpkg.com/entities/-/entities-2.2.0.tgz#098dc90ebb83d8dffa089d55256b351d34c4da55" @@ -4614,6 +4773,11 @@ escalade@^3.1.1, escalade@^3.1.2: resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.2.tgz#54076e9ab29ea5bf3d8f1ed62acffbb88272df27" integrity sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA== +escalade@^3.2.0: + version "3.2.0" + resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.2.0.tgz#011a3f69856ba189dffa7dc8fcce99d2a87903e5" + integrity sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA== + escape-goat@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/escape-goat/-/escape-goat-4.0.0.tgz#9424820331b510b0666b98f7873fe11ac4aa8081" @@ -4841,13 +5005,6 @@ fast-json-stable-stringify@^2.0.0: resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633" integrity sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw== -fast-url-parser@1.1.3: - version "1.1.3" - resolved "https://registry.yarnpkg.com/fast-url-parser/-/fast-url-parser-1.1.3.tgz#f4af3ea9f34d8a271cf58ad2b3759f431f0b318d" - integrity sha512-5jOCVXADYNuRkKFzNJ0dCCewsZiYo0dz8QNYljkOpFC6r2U4OBmKtvm/Tsuh4w1YYdDqDb31a8TVhBJ2OJKdqQ== - dependencies: - punycode "^1.3.2" - fastq@^1.6.0: version "1.17.1" resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.17.1.tgz#2a523f07a4e7b1e81a42b91b8bf2254107753b47" @@ -4876,6 +5033,13 @@ feed@^4.2.2: dependencies: xml-js "^1.6.11" +figures@^3.2.0: + version "3.2.0" + resolved "https://registry.yarnpkg.com/figures/-/figures-3.2.0.tgz#625c18bd293c604dc4a8ddb2febf0c88341746af" + integrity sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg== + dependencies: + escape-string-regexp "^1.0.5" + file-loader@^6.2.0: version "6.2.0" resolved "https://registry.yarnpkg.com/file-loader/-/file-loader-6.2.0.tgz#baef7cf8e1840df325e4390b4484879480eebe4d" @@ -5175,7 +5339,7 @@ graceful-fs@4.2.10: resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c" integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA== -graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.4, graceful-fs@^4.2.6, graceful-fs@^4.2.9: +graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.11, graceful-fs@^4.2.4, graceful-fs@^4.2.6, graceful-fs@^4.2.9: version "4.2.11" resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3" integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ== @@ -5435,10 +5599,10 @@ html-void-elements@^3.0.0: resolved "https://registry.yarnpkg.com/html-void-elements/-/html-void-elements-3.0.0.tgz#fc9dbd84af9e747249034d4d62602def6517f1d7" integrity sha512-bEqo66MRXsUGxWHV5IP0PUiAWwoEjba4VCzg0LjFJBpchPaTfyfCKTG6bc5F8ucKec3q5y6qOdGyYTSBEvhCrg== -html-webpack-plugin@^5.5.3: - version "5.6.0" - resolved "https://registry.yarnpkg.com/html-webpack-plugin/-/html-webpack-plugin-5.6.0.tgz#50a8fa6709245608cb00e811eacecb8e0d7b7ea0" - integrity sha512-iwaY4wzbe48AfKLZ/Cc8k0L+FKG6oSNRaZ8x5A/T/IVDGyXcbHncM9TdDa93wn0FsSm82FhTKW7f3vS61thXAw== +html-webpack-plugin@^5.6.0: + version "5.6.3" + resolved "https://registry.yarnpkg.com/html-webpack-plugin/-/html-webpack-plugin-5.6.3.tgz#a31145f0fee4184d53a794f9513147df1e653685" + integrity sha512-QSf1yjtSAsmf7rYBV7XX86uua4W/vkhIt0xNXKbsi2foEeW7vjJQz4bhnpL3xH+l1ryl1680uNv968Z+X6jSYg== dependencies: "@types/html-minifier-terser" "^6.0.0" html-minifier-terser "^6.0.2" @@ -5587,10 +5751,10 @@ indent-string@^4.0.0: resolved "https://registry.yarnpkg.com/indent-string/-/indent-string-4.0.0.tgz#624f8f4497d619b2d9768531d58f4122854d7251" integrity sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg== -infima@0.2.0-alpha.43: - version "0.2.0-alpha.43" - resolved "https://registry.yarnpkg.com/infima/-/infima-0.2.0-alpha.43.tgz#f7aa1d7b30b6c08afef441c726bac6150228cbe0" - integrity sha512-2uw57LvUqW0rK/SWYnd/2rRfxNA5DDNOh33jxF7fy46VWoNhGxiUQyVZHbBMjQ33mQem0cjdDVwgWVAmlRfgyQ== +infima@0.2.0-alpha.45: + version "0.2.0-alpha.45" + resolved "https://registry.yarnpkg.com/infima/-/infima-0.2.0-alpha.45.tgz#542aab5a249274d81679631b492973dd2c1e7466" + integrity sha512-uyH0zfr1erU1OohLk0fT4Rrb94AOhguWNOcD9uGrSpRvNB+6gZXUoJX5J0NtvzBO10YZ9PgvA4NFgt+fYg8ojw== inflight@^1.0.4: version "1.0.6" @@ -5783,11 +5947,6 @@ is-plain-object@^2.0.4: dependencies: isobject "^3.0.1" -is-plain-object@^5.0.0: - version "5.0.0" - resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-5.0.0.tgz#4427f50ab3429e9025ea7d52e9043a9ef4159344" - integrity sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q== - is-reference@^3.0.0: version "3.0.2" resolved "https://registry.yarnpkg.com/is-reference/-/is-reference-3.0.2.tgz#154747a01f45cd962404ee89d43837af2cba247c" @@ -5919,6 +6078,11 @@ jsesc@^2.5.1: resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-2.5.2.tgz#80564d2e483dacf6e8ef209650a67df3f0c283a4" integrity sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA== +jsesc@^3.0.2, jsesc@~3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-3.0.2.tgz#bb8b09a6597ba426425f2e4a07245c3d00b9343e" + integrity sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g== + jsesc@~0.5.0: version "0.5.0" resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-0.5.0.tgz#e7dee66e35d6fc16f710fe91d5cf69f70f08911d" @@ -6114,6 +6278,13 @@ markdown-extensions@^2.0.0: resolved "https://registry.yarnpkg.com/markdown-extensions/-/markdown-extensions-2.0.0.tgz#34bebc83e9938cae16e0e017e4a9814a8330d3c4" integrity sha512-o5vL7aDWatOTX8LzaS1WMoaoxIiLRQJuIKKe2wAw6IeULDHaqbiqiggmx+pKvZDb1Sj+pE46Sn1T7lCqfFtg1Q== +markdown-table@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/markdown-table/-/markdown-table-2.0.0.tgz#194a90ced26d31fe753d8b9434430214c011865b" + integrity sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A== + dependencies: + repeat-string "^1.0.0" + markdown-table@^3.0.0: version "3.0.3" resolved "https://registry.yarnpkg.com/markdown-table/-/markdown-table-3.0.3.tgz#e6331d30e493127e031dd385488b5bd326e4a6bd" @@ -6851,10 +7022,10 @@ mimic-response@^4.0.0: resolved "https://registry.yarnpkg.com/mimic-response/-/mimic-response-4.0.0.tgz#35468b19e7c75d10f5165ea25e75a5ceea7cf70f" integrity sha512-e5ISH9xMYU0DzrT+jl8q2ze9D6eWBto+I8CNpe+VI+K2J/F/k3PdkdTdz4wvGVH4NTpo+NRYTVIuMQEMMcsLqg== -mini-css-extract-plugin@^2.7.6: - version "2.8.1" - resolved "https://registry.yarnpkg.com/mini-css-extract-plugin/-/mini-css-extract-plugin-2.8.1.tgz#75245f3f30ce3a56dbdd478084df6fe475f02dc7" - integrity sha512-/1HDlyFRxWIZPI1ZpgqlZ8jMw/1Dp/dl3P0L1jtZ+zVcHqwPhGwaJwKL00WVgfnBy6PWCde9W65or7IIETImuA== +mini-css-extract-plugin@^2.9.1: + version "2.9.2" + resolved "https://registry.yarnpkg.com/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.2.tgz#966031b468917a5446f4c24a80854b2947503c5b" + integrity sha512-GJuACcS//jtq4kCtd5ii/M0SZf7OZRH+BxdqXZHaJfb8TJiVl+NgQRPwiYt2EuqeSkNydn/7vP+bcE27C5mb9w== dependencies: schema-utils "^4.0.0" tapable "^2.2.1" @@ -6947,6 +7118,11 @@ node-releases@^2.0.14: resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.14.tgz#2ffb053bceb8b2be8495ece1ab6ce600c4461b0b" integrity sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw== +node-releases@^2.0.18: + version "2.0.18" + resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.18.tgz#f010e8d35e2fe8d6b2944f03f70213ecedc4ca3f" + integrity sha512-d9VeXT4SJ7ZeOqGX6R5EM022wpL+eWPooLI+5UpWn2jCT1aosUQEhQP214x33Wkwx3JQMvIm+tIoVOdodFS40g== + normalize-path@^3.0.0, normalize-path@~3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/normalize-path/-/normalize-path-3.0.0.tgz#0dcd69ff23a1c9b11fd0978316644a0388216a65" @@ -6981,6 +7157,14 @@ nth-check@^2.0.1: dependencies: boolbase "^1.0.0" +null-loader@^4.0.1: + version "4.0.1" + resolved "https://registry.yarnpkg.com/null-loader/-/null-loader-4.0.1.tgz#8e63bd3a2dd3c64236a4679428632edd0a6dbc6a" + integrity sha512-pxqVbi4U6N26lq+LmgIbB5XATP0VdZKOG25DhHi8btMmJJefGArFyDg1yc4U3hWCJbMqSrw0qyrz1UQX+qYXqg== + dependencies: + loader-utils "^2.0.0" + schema-utils "^3.0.0" + object-assign@^4.1.1: version "4.1.1" resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863" @@ -7240,10 +7424,10 @@ path-to-regexp@0.1.7: resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.7.tgz#df604178005f522f15eb4490e7247a1bfaa67f8c" integrity sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ== -path-to-regexp@2.2.1: - version "2.2.1" - resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-2.2.1.tgz#90b617025a16381a879bc82a38d4e8bdeb2bcf45" - integrity sha512-gu9bD6Ta5bwGrrU8muHzVOBFFREpp2iRkVfhBJahwJ6p6Xw20SjT0MxLnwkjOibQmGSYhiUnf2FLe7k+jcFmGQ== +path-to-regexp@3.3.0: + version "3.3.0" + resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-3.3.0.tgz#f7f31d32e8518c2660862b644414b6d5c63a611b" + integrity sha512-qyCH421YQPS2WFDxDjftfc1ZR5WKQzVzqsp4n9M2kQhVOo/ByahFoUNJfl58kOcEGfQ//7weFTDhm+ss8Ecxgw== path-to-regexp@^1.7.0: version "1.8.0" @@ -7276,6 +7460,11 @@ picocolors@^1.0.1: resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.1.tgz#a8ad579b571952f0e5d25892de5445bcfe25aaa1" integrity sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew== +picocolors@^1.1.0: + version "1.1.1" + resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b" + integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== + picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1: version "2.3.1" resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42" @@ -7667,11 +7856,6 @@ proxy-addr@~2.0.7: forwarded "0.2.0" ipaddr.js "1.9.1" -punycode@^1.3.2: - version "1.4.1" - resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.4.1.tgz#c0d5a63b2718800ad8e1eb0fa5269c84dd41845e" - integrity sha512-jmYNElW7yvO7TV33CjSmvSiE2yco3bV2czu/OzDKdMNVZQWfxCblURLhf+47syQRBntjfLdd/H0egrzIG+oaFQ== - punycode@^2.1.0: version "2.3.1" resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" @@ -7945,6 +8129,13 @@ regenerate-unicode-properties@^10.1.0: dependencies: regenerate "^1.4.2" +regenerate-unicode-properties@^10.2.0: + version "10.2.0" + resolved "https://registry.yarnpkg.com/regenerate-unicode-properties/-/regenerate-unicode-properties-10.2.0.tgz#626e39df8c372338ea9b8028d1f99dc3fd9c3db0" + integrity sha512-DqHn3DwbmmPVzeKj9woBadqmXxLvQoQIwu7nopMc72ztvxVmVk2SBhSnx67zuye5TP+lJsb/TBQsjLKhnDf3MA== + dependencies: + regenerate "^1.4.2" + regenerate@^1.4.2: version "1.4.2" resolved "https://registry.yarnpkg.com/regenerate/-/regenerate-1.4.2.tgz#b9346d8827e8f5a32f7ba29637d398b69014848a" @@ -7974,6 +8165,18 @@ regexpu-core@^5.3.1: unicode-match-property-ecmascript "^2.0.0" unicode-match-property-value-ecmascript "^2.1.0" +regexpu-core@^6.1.1: + version "6.1.1" + resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-6.1.1.tgz#b469b245594cb2d088ceebc6369dceb8c00becac" + integrity sha512-k67Nb9jvwJcJmVpw0jPttR1/zVfnKf8Km0IPatrU/zJ5XeG3+Slx0xLXs9HByJSzXzrlz5EDvN6yLNMDc2qdnw== + dependencies: + regenerate "^1.4.2" + regenerate-unicode-properties "^10.2.0" + regjsgen "^0.8.0" + regjsparser "^0.11.0" + unicode-match-property-ecmascript "^2.0.0" + unicode-match-property-value-ecmascript "^2.1.0" + registry-auth-token@^5.0.1: version "5.0.2" resolved "https://registry.yarnpkg.com/registry-auth-token/-/registry-auth-token-5.0.2.tgz#8b026cc507c8552ebbe06724136267e63302f756" @@ -7988,6 +8191,18 @@ registry-url@^6.0.0: dependencies: rc "1.2.8" +regjsgen@^0.8.0: + version "0.8.0" + resolved "https://registry.yarnpkg.com/regjsgen/-/regjsgen-0.8.0.tgz#df23ff26e0c5b300a6470cad160a9d090c3a37ab" + integrity sha512-RvwtGe3d7LvWiDQXeQw8p5asZUmfU1G/l6WbUXeHta7Y2PEIvBTwH6E2EfmYUK8pxcxEdEmaomqyp0vZZ7C+3Q== + +regjsparser@^0.11.0: + version "0.11.2" + resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.11.2.tgz#7404ad42be00226d72bcf1f003f1f441861913d8" + integrity sha512-3OGZZ4HoLJkkAZx/48mTXJNlmqTGOzc0o9OWQPuWpkOlXXPbyN6OafCcoXUnBqE2D3f/T5L+pWc1kdEmnfnRsA== + dependencies: + jsesc "~3.0.2" + regjsparser@^0.9.1: version "0.9.1" resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.9.1.tgz#272d05aa10c7c1f67095b1ff0addae8442fc5709" @@ -8101,6 +8316,11 @@ renderkid@^3.0.0: lodash "^4.17.21" strip-ansi "^6.0.1" +repeat-string@^1.0.0: + version "1.6.1" + resolved "https://registry.yarnpkg.com/repeat-string/-/repeat-string-1.6.1.tgz#8dcae470e1c88abc2d600fff4a776286da75e637" + integrity sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w== + require-from-string@^2.0.2: version "2.0.2" resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909" @@ -8307,18 +8527,17 @@ serialize-javascript@^6.0.0, serialize-javascript@^6.0.1: dependencies: randombytes "^2.1.0" -serve-handler@^6.1.5: - version "6.1.5" - resolved "https://registry.yarnpkg.com/serve-handler/-/serve-handler-6.1.5.tgz#a4a0964f5c55c7e37a02a633232b6f0d6f068375" - integrity sha512-ijPFle6Hwe8zfmBxJdE+5fta53fdIY0lHISJvuikXB3VYFafRjMRpOffSPvCYsbKyBA7pvy9oYr/BT1O3EArlg== +serve-handler@^6.1.6: + version "6.1.6" + resolved "https://registry.yarnpkg.com/serve-handler/-/serve-handler-6.1.6.tgz#50803c1d3e947cd4a341d617f8209b22bd76cfa1" + integrity sha512-x5RL9Y2p5+Sh3D38Fh9i/iQ5ZK+e4xuXRd/pGbM4D13tgo/MGwbttUk8emytcr1YYzBYs+apnUngBDFYfpjPuQ== dependencies: bytes "3.0.0" content-disposition "0.5.2" - fast-url-parser "1.1.3" mime-types "2.1.18" minimatch "3.1.2" path-is-inside "1.0.2" - path-to-regexp "2.2.1" + path-to-regexp "3.3.0" range-parser "1.2.0" serve-index@^1.9.1: @@ -8558,7 +8777,7 @@ statuses@2.0.1: resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c" integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA== -std-env@^3.0.1: +std-env@^3.7.0: version "3.7.0" resolved "https://registry.yarnpkg.com/std-env/-/std-env-3.7.0.tgz#c9f7386ced6ecf13360b6c6c55b8aaa4ef7481d2" integrity sha512-JPbdCEQLj1w5GilpiHAx3qJvFndqybBysA3qUOnznweH4QbNYUsW/ea8QzSrnh0vNsezMMw5bcVool8lM0gwzg== @@ -8612,7 +8831,7 @@ stringify-object@^3.3.0: is-obj "^1.0.1" is-regexp "^1.0.0" -strip-ansi@^6.0.1: +strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== @@ -8800,6 +9019,11 @@ tslib@^2.0.3, tslib@^2.6.0: resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.2.tgz#703ac29425e7b37cd6fd456e92404d46d1f3e4ae" integrity sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q== +type-fest@^0.21.3: + version "0.21.3" + resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.21.3.tgz#d260a24b0198436e133fa26a524a6d65fa3b2e37" + integrity sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w== + type-fest@^1.0.1: version "1.4.0" resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-1.4.0.tgz#e9fb813fe3bf1744ec359d55d1affefa76f14be1" @@ -8957,6 +9181,14 @@ update-browserslist-db@^1.1.0: escalade "^3.1.2" picocolors "^1.0.1" +update-browserslist-db@^1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.1.1.tgz#80846fba1d79e82547fb661f8d141e0945755fe5" + integrity sha512-R8UzCaa9Az+38REPiJ1tXlImTJXlVfgHZsglwBD/k6nj76ctsH1E3q4doGrukiLQd3sGQYu56r5+lo5r94l29A== + dependencies: + escalade "^3.2.0" + picocolors "^1.1.0" + update-notifier@^6.0.2: version "6.0.2" resolved "https://registry.yarnpkg.com/update-notifier/-/update-notifier-6.0.2.tgz#a6990253dfe6d5a02bd04fbb6a61543f55026b60" @@ -9061,6 +9293,14 @@ watchpack@^2.4.0: glob-to-regexp "^0.4.1" graceful-fs "^4.1.2" +watchpack@^2.4.1: + version "2.4.2" + resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.4.2.tgz#2feeaed67412e7c33184e5a79ca738fbd38564da" + integrity sha512-TnbFSbcOCcDgjZ4piURLCbJ3nJhznVh9kw6F6iokjiFPl8ONxe9A6nMDVXDiNbrSfLILs6vB07F7wLBrwPYzJw== + dependencies: + glob-to-regexp "^0.4.1" + graceful-fs "^4.1.2" + wbuf@^1.1.0, wbuf@^1.7.3: version "1.7.3" resolved "https://registry.yarnpkg.com/wbuf/-/wbuf-1.7.3.tgz#c1d8d149316d3ea852848895cb6a0bfe887b87df" @@ -9073,10 +9313,10 @@ web-namespaces@^2.0.0: resolved "https://registry.yarnpkg.com/web-namespaces/-/web-namespaces-2.0.1.tgz#1010ff7c650eccb2592cebeeaf9a1b253fd40692" integrity sha512-bKr1DkiNa2krS7qxNtdrtHAmzuYGFQLiQ13TsorsdT6ULTkPLKuu5+GsFpDlg6JFjUTwX2DyhMPG2be8uPrqsQ== -webpack-bundle-analyzer@^4.9.0: - version "4.10.1" - resolved "https://registry.yarnpkg.com/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.10.1.tgz#84b7473b630a7b8c21c741f81d8fe4593208b454" - integrity sha512-s3P7pgexgT/HTUSYgxJyn28A+99mmLq4HsJepMPzu0R8ImJc52QNqaFYW1Z2z2uIb1/J3eYgaAWVpaC+v/1aAQ== +webpack-bundle-analyzer@^4.10.2: + version "4.10.2" + resolved "https://registry.yarnpkg.com/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.10.2.tgz#633af2862c213730be3dbdf40456db171b60d5bd" + integrity sha512-vJptkMm9pk5si4Bv922ZbKLV8UTT4zib4FPgXMhgzUny0bfDDkLXAVQs3ly3fS4/TN9ROFtb0NFrm04UXFE/Vw== dependencies: "@discoveryjs/json-ext" "0.5.7" acorn "^8.0.4" @@ -9086,16 +9326,15 @@ webpack-bundle-analyzer@^4.9.0: escape-string-regexp "^4.0.0" gzip-size "^6.0.0" html-escaper "^2.0.2" - is-plain-object "^5.0.0" opener "^1.5.2" picocolors "^1.0.0" sirv "^2.0.3" ws "^7.3.1" -webpack-dev-middleware@^5.3.1: - version "5.3.3" - resolved "https://registry.yarnpkg.com/webpack-dev-middleware/-/webpack-dev-middleware-5.3.3.tgz#efae67c2793908e7311f1d9b06f2a08dcc97e51f" - integrity sha512-hj5CYrY0bZLB+eTO+x/j67Pkrquiy7kWepMHmUMoPsmcUaeEnQJqFzHJOyxgWlq746/wUuA64p9ta34Kyb01pA== +webpack-dev-middleware@^5.3.4: + version "5.3.4" + resolved "https://registry.yarnpkg.com/webpack-dev-middleware/-/webpack-dev-middleware-5.3.4.tgz#eb7b39281cbce10e104eb2b8bf2b63fce49a3517" + integrity sha512-BVdTqhhs+0IfoeAf7EoH5WE+exCmqGerHfDM0IL096Px60Tq2Mn9MAbnaGUe6HiMa41KMCYF19gyzZmBcq/o4Q== dependencies: colorette "^2.0.10" memfs "^3.4.3" @@ -9103,10 +9342,10 @@ webpack-dev-middleware@^5.3.1: range-parser "^1.2.1" schema-utils "^4.0.0" -webpack-dev-server@^4.15.1: - version "4.15.1" - resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-4.15.1.tgz#8944b29c12760b3a45bdaa70799b17cb91b03df7" - integrity sha512-5hbAst3h3C3L8w6W4P96L5vaV0PxSmJhxZvWKYIdgxOQm8pNZ5dEOmmSLBVpP85ReeyRt6AS1QJNyo/oFFPeVA== +webpack-dev-server@^4.15.2: + version "4.15.2" + resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-4.15.2.tgz#9e0c70a42a012560860adb186986da1248333173" + integrity sha512-0XavAZbNJ5sDrCbkpWL8mia0o5WPOd2YGtxrEiZkBK9FjLppIUK2TgxK6qGD2P3hUXTJNNPVibrerKcx5WkR1g== dependencies: "@types/bonjour" "^3.5.9" "@types/connect-history-api-fallback" "^1.3.5" @@ -9136,7 +9375,7 @@ webpack-dev-server@^4.15.1: serve-index "^1.9.1" sockjs "^0.3.24" spdy "^4.0.2" - webpack-dev-middleware "^5.3.1" + webpack-dev-middleware "^5.3.4" ws "^8.13.0" webpack-merge@^5.9.0: @@ -9148,6 +9387,15 @@ webpack-merge@^5.9.0: flat "^5.0.2" wildcard "^2.0.0" +webpack-merge@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/webpack-merge/-/webpack-merge-6.0.1.tgz#50c776868e080574725abc5869bd6e4ef0a16c6a" + integrity sha512-hXXvrjtx2PLYx4qruKl+kyRSLc52V+cCvMxRjmKwoA+CBbbF5GfIBtR6kCvl0fYGqTUPKB+1ktVmTHqMOzgCBg== + dependencies: + clone-deep "^4.0.1" + flat "^5.0.2" + wildcard "^2.0.1" + webpack-sources@^3.2.3: version "3.2.3" resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.2.3.tgz#2d4daab8451fd4b240cc27055ff6a0c2ccea0cde" @@ -9183,15 +9431,48 @@ webpack@^5.88.1: watchpack "^2.4.0" webpack-sources "^3.2.3" -webpackbar@^5.0.2: - version "5.0.2" - resolved "https://registry.yarnpkg.com/webpackbar/-/webpackbar-5.0.2.tgz#d3dd466211c73852741dfc842b7556dcbc2b0570" - integrity sha512-BmFJo7veBDgQzfWXl/wwYXr/VFus0614qZ8i9znqcl9fnEdiVkdbi0TedLQ6xAK92HZHDJ0QmyQ0fmuZPAgCYQ== +webpack@^5.95.0: + version "5.96.1" + resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.96.1.tgz#3676d1626d8312b6b10d0c18cc049fba7ac01f0c" + integrity sha512-l2LlBSvVZGhL4ZrPwyr8+37AunkcYj5qh8o6u2/2rzoPc8gxFJkLj1WxNgooi9pnoc06jh0BjuXnamM4qlujZA== + dependencies: + "@types/eslint-scope" "^3.7.7" + "@types/estree" "^1.0.6" + "@webassemblyjs/ast" "^1.12.1" + "@webassemblyjs/wasm-edit" "^1.12.1" + "@webassemblyjs/wasm-parser" "^1.12.1" + acorn "^8.14.0" + browserslist "^4.24.0" + chrome-trace-event "^1.0.2" + enhanced-resolve "^5.17.1" + es-module-lexer "^1.2.1" + eslint-scope "5.1.1" + events "^3.2.0" + glob-to-regexp "^0.4.1" + graceful-fs "^4.2.11" + json-parse-even-better-errors "^2.3.1" + loader-runner "^4.2.0" + mime-types "^2.1.27" + neo-async "^2.6.2" + schema-utils "^3.2.0" + tapable "^2.1.1" + terser-webpack-plugin "^5.3.10" + watchpack "^2.4.1" + webpack-sources "^3.2.3" + +webpackbar@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/webpackbar/-/webpackbar-6.0.1.tgz#5ef57d3bf7ced8b19025477bc7496ea9d502076b" + integrity sha512-TnErZpmuKdwWBdMoexjio3KKX6ZtoKHRVvLIU0A47R0VVBDtx3ZyOJDktgYixhoJokZTYTt1Z37OkO9pnGJa9Q== dependencies: - chalk "^4.1.0" - consola "^2.15.3" + ansi-escapes "^4.3.2" + chalk "^4.1.2" + consola "^3.2.3" + figures "^3.2.0" + markdown-table "^2.0.0" pretty-time "^1.1.0" - std-env "^3.0.1" + std-env "^3.7.0" + wrap-ansi "^7.0.0" websocket-driver@>=0.5.1, websocket-driver@^0.7.4: version "0.7.4" @@ -9228,11 +9509,20 @@ widest-line@^4.0.1: dependencies: string-width "^5.0.1" -wildcard@^2.0.0: +wildcard@^2.0.0, wildcard@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/wildcard/-/wildcard-2.0.1.tgz#5ab10d02487198954836b6349f74fff961e10f67" integrity sha512-CC1bOL87PIWSBhDcTrdeLo6eGT7mCFtrg0uIJtqJUFyK+eJnzl8A1niH56uu7KMa5XFrtiV+AQuHO3n7DsHnLQ== +wrap-ansi@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" + wrap-ansi@^8.0.1, wrap-ansi@^8.1.0: version "8.1.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214"