diff --git a/deepfence_agent/plugins/cloud-scanner b/deepfence_agent/plugins/cloud-scanner index 22699e9844..13de8ea765 160000 --- a/deepfence_agent/plugins/cloud-scanner +++ b/deepfence_agent/plugins/cloud-scanner @@ -1 +1 @@ -Subproject commit 22699e9844545760895b5faa3f01db7b60b9845a +Subproject commit 13de8ea7659a3753deeec6807538b5b995f4e29a diff --git a/docs/docs/cloudscanner/gcp.md b/docs/docs/cloudscanner/gcp.md index cd1896367e..8902f35b51 100644 --- a/docs/docs/cloudscanner/gcp.md +++ b/docs/docs/cloudscanner/gcp.md @@ -277,7 +277,7 @@ module "cloud_scanner_example_multiple_project" { SUCCESS_SIGNAL_URL: "" DF_LOG_LEVEL: info SCAN_INACTIVE_THRESHOLD: "21600" - CLOUD_SCANNER_POLICY: "arn:aws:iam::aws:policy/SecurityAudit" + CLOUD_SCANNER_POLICY: "" ``` 6. Start the cloud scanner using docker compose ``` diff --git a/docs/versioned_docs/version-v2.3/cloudscanner/aws.md b/docs/versioned_docs/version-v2.3/cloudscanner/aws.md index 02a52d1849..a7087c9095 100644 --- a/docs/versioned_docs/version-v2.3/cloudscanner/aws.md +++ b/docs/versioned_docs/version-v2.3/cloudscanner/aws.md @@ -303,13 +303,34 @@ For full details, refer to the GitHub repository: https://github.com/deepfence/t 3. Modify the EC2 instance, add the instance profile created by cloudformation script 4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url ``` - https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml ``` ```bash mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner - wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml ``` 5. Update the account details and console details in the docker-compose.yaml + ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1 + environment: + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" + CLOUD_PROVIDER: "aws" + CLOUD_REGION: "" + CLOUD_ACCOUNT_ID: "" + DEPLOYED_ACCOUNT_ID: "" + CLOUD_ACCOUNT_NAME: "" + ORGANIZATION_DEPLOYMENT: false + CLOUD_ORGANIZATION_ID: "" + ROLE_NAME: "" + CLOUD_AUDIT_LOG_IDS: "" + HTTP_SERVER_REQUIRED: "false" + SUCCESS_SIGNAL_URL: "" + DF_LOG_LEVEL: info + SCAN_INACTIVE_THRESHOLD: "21600" + CLOUD_SCANNER_POLICY: "arn:aws:iam::aws:policy/SecurityAudit" + ``` 6. Start the cloud scanner using docker compose ``` docker compose up -d @@ -321,13 +342,34 @@ For full details, refer to the GitHub repository: https://github.com/deepfence/t 3. Modify the EC2 instance, add the instance profile created by cloudformation script 4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url ``` - https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml ``` ```bash mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner - wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml ``` 5. Update the organization account details and console details in the docker-compose.yaml + ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1 + environment: + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" + CLOUD_PROVIDER: "aws" + CLOUD_REGION: "" + CLOUD_ACCOUNT_ID: "" + DEPLOYED_ACCOUNT_ID: "" + CLOUD_ACCOUNT_NAME: "" + ORGANIZATION_DEPLOYMENT: true + CLOUD_ORGANIZATION_ID: "" + ROLE_NAME: "" + CLOUD_AUDIT_LOG_IDS: "" + HTTP_SERVER_REQUIRED: "false" + SUCCESS_SIGNAL_URL: "" + DF_LOG_LEVEL: info + SCAN_INACTIVE_THRESHOLD: "21600" + CLOUD_SCANNER_POLICY: "arn:aws:iam::aws:policy/SecurityAudit" + ``` 6. Start the cloud scanner using docker compose ``` docker compose up -d diff --git a/docs/versioned_docs/version-v2.3/cloudscanner/azure.md b/docs/versioned_docs/version-v2.3/cloudscanner/azure.md index 3286c13e12..d1947fba6d 100644 --- a/docs/versioned_docs/version-v2.3/cloudscanner/azure.md +++ b/docs/versioned_docs/version-v2.3/cloudscanner/azure.md @@ -260,25 +260,26 @@ module "test" { ``` 3. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url ``` - https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml ``` ```bash mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner - wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml ``` 4. Update the environment vars account details and console details in the docker-compose.yaml, if deploying for multi tenants cloud scanner set `ORGANIZATION_DEPLOYMENT: true` ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1 environment: - MGMT_CONSOLE_URL: "" - MGMT_CONSOLE_PORT: - DEEPFENCE_KEY: "" + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" CLOUD_PROVIDER: "azure" CLOUD_REGION: "" CLOUD_ACCOUNT_ID: "" DEPLOYED_ACCOUNT_ID: "" CLOUD_ACCOUNT_NAME: "" ORGANIZATION_DEPLOYMENT: false - CLOUD_ORGANIZATION_ID: "" + CLOUD_ORGANIZATION_ID: "" ROLE_NAME: "" CLOUD_AUDIT_LOG_IDS: "" HTTP_SERVER_REQUIRED: "false" @@ -286,11 +287,12 @@ module "test" { DF_LOG_LEVEL: info SCAN_INACTIVE_THRESHOLD: "21600" CLOUD_SCANNER_POLICY: "" - AZURE_TENANT_ID: "" - AZURE_REGION: - AZURE_CLIENT_ID: "" - AZURE_CLIENT_SECRET: "" - AZURE_SUBSCRIPTION_ID: "SUBSCRIPTION_ID" + + AZURE_TENANT_ID: "" + AZURE_REGION: "" + AZURE_CLIENT_ID: "" + AZURE_CLIENT_SECRET: "" + AZURE_SUBSCRIPTION_ID: "" ``` 5. Start the cloud scanner using docker compose ``` diff --git a/docs/versioned_docs/version-v2.3/cloudscanner/gcp.md b/docs/versioned_docs/version-v2.3/cloudscanner/gcp.md index 306a91e009..44550a2985 100644 --- a/docs/versioned_docs/version-v2.3/cloudscanner/gcp.md +++ b/docs/versioned_docs/version-v2.3/cloudscanner/gcp.md @@ -251,13 +251,34 @@ module "cloud_scanner_example_multiple_project" { ![gcp-vm-service-account](../img/gcp-vm-service-account.png) 4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url ``` - https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml + https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml ``` ```bash mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner - wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml + wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml ``` 5. Update the account details and console details in the docker-compose.yaml + ``` + image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1 + environment: + MGMT_CONSOLE_URL: "" + MGMT_CONSOLE_PORT: + DEEPFENCE_KEY: "" + CLOUD_PROVIDER: "gcp" + CLOUD_REGION: "" + CLOUD_ACCOUNT_ID: "" + DEPLOYED_ACCOUNT_ID: "" + CLOUD_ACCOUNT_NAME: "" + ORGANIZATION_DEPLOYMENT: false + CLOUD_ORGANIZATION_ID: "" + ROLE_NAME: "" + CLOUD_AUDIT_LOG_IDS: "" + HTTP_SERVER_REQUIRED: "false" + SUCCESS_SIGNAL_URL: "" + DF_LOG_LEVEL: info + SCAN_INACTIVE_THRESHOLD: "21600" + CLOUD_SCANNER_POLICY: "" + ``` 6. Start the cloud scanner using docker compose ``` docker compose up -d