From 6e5c072feb4e5e98e926e5d6c28ec133ad12abec Mon Sep 17 00:00:00 2001
From: acammies <acammies@redhat.com>
Date: Wed, 18 Apr 2018 00:15:34 +0200
Subject: [PATCH] added instructions of how to create arachni and zap slave pods but missing screenshots and needs looking over
---
4-an-enslaved-hope/README.md | 64 +++++++++++++++++++++++++++++++-
1 files changed, 62 insertions(+), 2 deletions(-)
diff --git a/4-an-enslaved-hope/README.md b/4-an-enslaved-hope/README.md
index 75fe5cf..f0c3ca0 100644
--- a/4-an-enslaved-hope/README.md
+++ b/4-an-enslaved-hope/README.md
@@ -147,12 +147,72 @@
2. Set the trigger to scan every minute as done previously. Save the configuration and we should see the collection of Jobs as shown below.
-3. Run the jobs and validate the app is working as expected in the `test` environment!
+2. Run the jobs and validate the app is working as expected in the `test` environment!
### Part 2 - Security Scanning Slaves
> _This exercise focuses on updating the `enablement-ci-cd` repo with some new jenkins-slave pods for use in future exercise_
-3. TODO!
+#### Part 2a - OWASP ZAP
+> _OWASP ZAP (Zed Attack Proxy) is a free open source security tool used for finding security vulnerabilities in web applications._
+
+
+3. _Remove jenkins bit if this is already in somewhere, also check syntax, actually only do one git checkout_ First we're going to take the generic jenkins slave template from our exercise4/zap branch and the params.
+```bash
+$ git checkout exercise4/zap-and-arachni templates/jenkins-slave-generic-template.yml params/
+```
+
+3. This should have created the following files:
+- `templates/jenkins-slave-generic-template.yml`
+- `params/ zap-bulid-pod arachni-build-pod`
+
+3. Create an object in `insert donal's new layout here` called `zap-build-pod` and the following content:
+```yml
+ - name: "zap-build-pod"
+ namespace: "<YOUR_NAME>-ci-cd"
+ template: "{{ inventory_dir }}/../templates/jenkins-slave-generic-template.yml"
+ params: "{{ inventory_dir }}/../params/zap-build-pod"
+ tags:
+ - zap
+```
+
+3. Install ansible-y stuff (only if not run before???)
+```bash
+ansible-galaxy install -r requirements.yml --roles-path=roles
+```
+
+3. Remember to login to the cluster!
+```bash
+oc login https://console.s8.core.rht-labs.com --token=<INSERT_LOGIN_TOKEN_HERE>
+```
+
+3. Run the ansible playbook filtering with tag `zap` so only the zap build pods are run.
+```bash
+ansible-playbook roles/openshift-applier/playbooks/openshift-cluster-seed.yml \ -i inventory/ \ -e "filter_tags=zap"
+```
+
+3. Head to (https://console.s8.core.rht-labs.com/console/project/<YOUR_NAME>-ci-cd/browse/builds) on Openshift and you should see `zap-build-pod`.
+include screenshot here.
+
+#### Part 2b - Arachni Scan
+> _Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications._
+
+3. Create an object in `insert donal's new layout here` called `arachni-build-pod` and the following content:
+```yml
+ - name: "arachni-build-pod"
+ namespace: "<YOUR_NAME>-ci-cd"
+ template: "{{ inventory_dir }}/../templates/jenkins-slave-generic-template.yml"
+ params: "{{ inventory_dir }}/../params/arachni-build-pod"
+ tags:
+ - arachni
+```
+
+3. Run the ansible playbook filtering with tag `arachni` so only the zap build pods are run.
+```bash
+ansible-playbook roles/openshift-applier/playbooks/openshift-cluster-seed.yml \ -i inventory/ \ -e "filter_tags=arachni"
+```
+
+3. Head to (https://console.s8.core.rht-labs.com/console/project/<YOUR_NAME>-ci-cd/browse/builds) on Openshift and you should see `zap-build-pod`.
+include screenshot here.
_____
--
Gitblit v1.9.3