Giters

marcinguy / betterscan-vanta

Betterscan.io Vanta Integration

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

betterscan-vanta

Table of Contents

Installation

Betterscan.io Vanta.com Integration

Create Application

In order to integrate it, get a Vanta subscription.

In you Vanta installation go to Settings->Developer Console

Click Create+

image

Fig. 1

Fill out this info:

image

Fig. 2

Click Generate Oauth secret

Clck Save

Connect to Vanta using Oauth2

Run on your Computer/server

python client.py

It will connect via Oauth2 to Vanta. tokens.json will be generated. Upload tokens.json to desired repo you want to integrate into Vanta under .checkmate folder

Create approperiate resource in Vanta

Create approperiate resources

image

Fig. 3

VulnerableComponent and StaticAnalysisCodeVulnerabilityConnectors

Run in CI/CI

Set those as Environmenta variables:

CLIENT_ID:
CLIENT_SECRET: 
SOURCE_ID: 
RESOURCE_ID_VULNCOMP:
RESOURCE_ID_SAST: 
LIC:

You can use a job in any CI/CD to run in at intervals.

Run in GitHub Action

Below is sample for use with private GitHub repos. GitHub actions are free also for private repos.

Add this to .github/workflows/betterscan-vanta.yml (creating GitHub action)

env:
  CLIENT_ID: ${{secrets.CLIENT_ID}}
  CLIENT_SECRET: ${{secrets.CLIENT_SECRET}}
  SOURCE_ID: ${{secrets.SOURCE_ID}}
  RESOURCE_ID_VULNCOMP: ${{secrets.RESOURCE_ID_VULNCOMP}}
  RESOURCE_ID_SAST: ${{secrets.RESOURCE_ID_SAST}}
  LIC: ${{secrets.LIC}}
  

name: Betterscan Scan Vanta

on:
  # Triggers the workflow every hour
  schedule:
    - cron: "0 * * * *"
jobs:
  Betterscan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Betterscan Scan
        uses: topcodersonline/betterscan@v3
      - name: Move tokens
        run : |
           mv .checkmate/tokens.json tokens.json
      - name: Betterscan Vanta Action
        uses: topcodersonline/betterscan-vanta@v1
      - name: Check if there are any changes
        id: verify_diff
        run: |
          tree
          rm -rf code
          mv tokens.json .checkmate/tokens.json
          git diff --quiet . || echo "changed=true" >> $GITHUB_OUTPUT
      - name: Commit
        if: steps.verify_diff.outputs.changed == 'true'
        run: |
           sudo chown -R "${USER:-$(id -un)}" .
           git config --global user.email "bot@betterscan.io"
           git config --global user.name "Betterscan.io Bot"
           git add .checkmate/tokens.json && git commit -m "tokens"
           git push origin `git rev-parse --abbrev-ref HEAD`

It will run every hour pushing resulta to Vanta

Sample screenshots

Will look like this

Date: 21/06/2023

image

Fig. 4

Here is connected integration:

image

Fig. 5

via these settings:

image

Fig. 6

and required and approperiate resources:

image

Fig. 7

About

Betterscan.io Vanta Integration

License:GNU General Public License v3.0

Languages

Language:Python 100.0%