This repository was archived by the owner on Feb 26, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathapplication.yaml
More file actions
149 lines (135 loc) · 4.96 KB
/
application.yaml
File metadata and controls
149 lines (135 loc) · 4.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# This value gets replaced by maven.
# default is prod, example for development:
# mvn spring-boot:run -Pdev
spring.profiles.active: ${activatedProfiles}
# Server configuration
# These properties can be overwritten by environment variables to enable https
server.port: 8080
server.ssl:
enabled: false
key-store-password:
key-store: keystore.p12
key-store-type: PKCS12
key-alias: scb-engine
# Spring Boot Actuator configuration
# Used to enable an endpoint for health checks at '/status'
management.endpoints:
enabled-by-default: false
web.base-path: /
web.path-mapping.health: status
management.endpoint.health.enabled: true
management.health.elasticsearch.enabled: false
management.server.port: 8080
camunda.bpm:
webapp.index-redirect-enabled: true
authorization.enabled: true
spring.datasource.type: org.apache.tomcat.jdbc.pool.DataSource
logging.level: INFO
logging.level.io.securecodebox: INFO
# Persistence Provider Config
securecodebox.persistence.none.enabled: "false"
securecodebox.persistence.elasticsearch.enabled: "false"
securecodebox.persistence.s3.enabled: "false"
securecodebox.persistence.defectdojo.enabled: "false"
# Configuration for the s3 persistence provider:
securecodebox.persistence.s3.bucket: abc-def
securecodebox.persistence.s3.region: eu-central-1
# Configuration for the elasticsearch persistence provider:
securecodebox.persistence.elasticsearch.host: persistence-elasticsearch
securecodebox.persistence.elasticsearch.port: 9200
securecodebox.persistence.elasticsearch.index.prefix: securecodebox
securecodebox.persistence.elasticsearch.index.delete_on_init: false
# Must be 'basic' for basic authentication or 'token' for a api token based authentication
securecodebox.persistence.elasticsearch.auth: ""
securecodebox.persistence.elasticsearch.auth.basic.username: ""
securecodebox.persistence.elasticsearch.auth.basic.password: ""
securecodebox.persistence.elasticsearch.auth.apikey.id: ""
securecodebox.persistence.elasticsearch.auth.apikey.secret: ""
# Initialize Kibana with some basic Security Dashboards and Visualisations if no .kibana index will be found on startup
securecodebox.persistence.elasticsearch.kibana.initialize: true
securecodebox.default.target.name: BodgeIT Public Host
securecodebox.default.target.location: bodgeit
securecodebox.default.target.uri: http://bodgeit:8080/bodgeit
securecodebox.default.context: BodgeIT
# Configure Secure CodeBox rest api protection
# - basic auth
# - none
securecodebox.rest.auth: basic auth
securecodebox:
tenants: []
users: []
# Documentation on Authorization resources and permission of Camunda types are documented here:
# https://docs.camunda.org/manual/7.12/user-guide/process-engine/authorization-service/#basic-principles
groups:
- id: scanner
name: "secureCodeBox Scanner"
authorizations:
- resource: PROCESS_INSTANCE
permissions: [READ, UPDATE]
- resource: PROCESS_DEFINITION
permissions: [READ, READ_INSTANCE, UPDATE_INSTANCE]
- id: ci
name: "secureCodeBox Continuous Integration"
authorizations:
- resource: PROCESS_DEFINITION
permissions: [CREATE_INSTANCE, READ, READ_HISTORY]
- resource: PROCESS_INSTANCE
permissions: [READ, CREATE]
- id: user
name: "secureCodeBox User"
authorizations:
- resource: APPLICATION
permissions: [ACCESS]
- resource: DASHBOARD
permissions: [ALL]
- resource: DEPLOYMENT
permissions: [READ]
- resource: FILTER
permissions: [ALL]
- resource: PROCESS_DEFINITION
permissions: [CREATE_INSTANCE, READ, READ_HISTORY]
- resource: PROCESS_INSTANCE
permissions: [ALL]
- resource: TASK
permissions: [ALL]
- id: admin
name: "secureCodeBox Admin"
authorizations:
- resource: APPLICATION
permissions: [ALL]
- resource: AUTHORIZATION
permissions: [ALL]
- resource: BATCH
permissions: [ALL]
- resource: DASHBOARD
permissions: [ALL]
- resource: DECISION_DEFINITION
permissions: [ALL]
- resource: DECISION_REQUIREMENTS_DEFINITION
permissions: [ALL]
- resource: FILTER
permissions: [ALL]
- resource: GROUP
permissions: [ALL]
- resource: GROUP_MEMBERSHIP
permissions: [ALL]
- resource: PROCESS_DEFINITION
permissions: [ALL]
- resource: PROCESS_INSTANCE
permissions: [ALL]
- resource: REPORT
permissions: [ALL]
- resource: TASK
permissions: [ALL]
- resource: TENANT
permissions: [ALL]
- resource: TENANT
permissions: [ALL]
- resource: TENANT_MEMBERSHIP
permissions: [ALL]
- resource: USER
permissions: [ALL]
rest.user:
scanner-default:
user-id: ${SECURECODEBOX_USER_SCANNER:}
password: ${SECURECODEBOX_USER_SCANNER_PW:}