Custom Defect Templates (Kubernetes) (ThreadFix 3.0)

Owned by Daniel Colon
Last updated: Jan 29, 2022
3 min read

You will learn

How to create custom Defect templates in a Kubernetes environment.

Prerequisites

Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 15 minutes
Tools required: N/A

This guide covers how to create custom Defect templates using Persistent Volumes and custom Defect templates using ConfigMaps, however, only one of the following sections should be utilized in an environment. The following guide assumes an instance using the default release name tf, if using a custom release name, replace tf with the appropriate release name. For example, if using the release name tf-qa, replace instances of tf-appsec with tf-qa-appsec.

Custom Defect Templates Using Persistent Volumes:

ThreadFix AppSec must be running before running the following commands.

  1. Create a file named velocity-templates.yaml with the following content:

    apiVersion: v1 kind: PersistentVolumeClaim metadata: name: tf-appsec-velocity-templates spec: accessModes: - ReadWriteOnce resources: requests: storage: 1G

     

  2. Create the Persistent Volume Claim:

    kubectl apply -f velocity-templates.yaml

     

  3. Create a file named appsec-patch.yaml with the following content (<tf_version> should be replaced with the user’s current version of ThreadFix):

    spec: template: spec: initContainers: - name: tf-appsec-init image: docker.io/denimgroup/appsec:<tf_version> volumeMounts: - mountPath: /opt/velocityTemplates name: velocity-templates command: - bash - -c - | cp -r /usr/local/tomcat/webapps/threadfix/velocityTemplates/* /opt/velocityTemplates containers: - name: tf-appsec volumeMounts: - mountPath: /usr/local/tomcat/webapps/threadfix/velocityTemplates name: velocity-templates volumes: - name: velocity-templates persistentVolumeClaim: claimName: tf-appsec-velocity-templates

     

  4. Apply the AppSec patch (Re-run this step anytime the configuration is changed via helm, for example helm upgrade...):

     

  5. Follow the Customize Defect Descriptions guide to create additional velocity templates.

  6. Set the ThreadFix AppSec Pod with the following:

     

  7. Copy templates to the ThreadFix container ( <new_template> should be replaced with the name of the user’s new or modified template):

     

  8. Restart the ThreadFix AppSec container:

Custom Defect Templates Using ConfigMaps

ThreadFix AppSec must be running before running the following commands.

  1. Set the ThreadFix AppSec Pod with the following:

     

  2. Copy existing templates to the local machine:

     

  3. Add new velocity templates to the ./defectTemplates directory. Follow the Customize Defect Descriptions guide for more information.

  4. Remove existing velocity templates ConfigMap (if necessary):

     

  5. Create ConfigMap from velocity templates:

     

  6. Create appsec-patch.yaml with the following content:

     

  7. Add the patch to AppSec (repeat this step on every helm upgrade):

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.