Nondeterministic Postrequisite Metaprotocol

    serverless-neuvector

    0.9.5 • Public • Published

    Neuvector logo

    serverless-neuvector

    serverless

    Website

    Serverless plugin for Neuvector.

    Features

    • Secure your project - scan vulnerabilities all over your project's library
    • Currently supported runtimes: Node.js, Python, Java (more runtimes coming soon...)
    • Works with the Serverless Framework

    Requirements

    • Python 2.7+
    • NodeJS 10+

    Quick Start

    1. Install via npm:

    npm install --save-dev serverless-neuvector

    2. Add serverless-neuvector to your serverless.yml:

    In your project's serverless.yml file add the following entry to the plugins section: serverless-neuvector. If there is no plugin section you will need to add it to the file.

    It should look similar to this:

    plugins:
      - serverless-neuvector

    And you need to give parameters as following, to get connection with Neuvector scan core modules

    custom:
      neuvector:
        stopDeployment: false
        ipAddress: "1.1.1.1"
        port: 10443
        username: "ciuser"
        password: "ciuserpassword"
        projectname: "demo"
        path: "."
        tolerance:  #Optional: If it is not set, high and medium will be set into 0 by default 
          high: 5
          medium: 30

    Note:

    1. stopDeployment: this parameter defines whether NeuVector should stop the function deployment if the scan finds vulnerabilities which meet the stop criteria defined in the tolerance section. Selecting “true” will stop the deployment if the criteria is met.

    2. ipAddress/port : this is the address/port of NeuVector Controller or its exposed REST API service. Make a note of the IP address of the host where the Allinone or Controller is running. Note: The default REST API port is 10443. This port must be exposed through the Allinone or Controller through a service in Kubernetes or a port map (e.g. - 10443:10443) in the Docker run or compose file.

    3. username/password : this is username/password you created in NeuVector in order to authenticate to run the serverless scan. You can create a CI/CD user in NeuVector as seen below if you wish to limit the user to scanning functions. Assign global role as CI integration.

    For directly work with Neuvector security product, a neuvector security key can be added as environment variableon. You should add an environment section on the function part.

    functions:
      hello:
        handler: handler.yourApp_handler
        environment: 
          nvsecKey: ${file(./nvsec.json):nvsecKey}

    3. Validate:

    You can check wether you have successfully installed the plugin by running the serverless command line.

    serverless --help

    the console should display neuvector as one of the plugins now available in your Serverless project.

    4. Integration:

    Library scan has already integrated into your serverless deployment process. It will work before your project deployed. And you can determine if block deployment when vulnerabilities found by "stopDeployment" in serverless.yml.

    serverless deploy

    5. You can also execute the tool on the entire project:

    serverless nv scan

    Links

    Install

    npm i serverless-neuvector

    DownloadsWeekly Downloads

    0

    Version

    0.9.5

    License

    none

    Unpacked Size

    38.4 kB

    Total Files

    13

    Last publish

    Collaborators

    • neuvector