Scenarios Discovery in the ZeroNorth platform is a way to connect to your scanning tools and services and automatically inventory the application/projects in the scanning tools/service.
Applicability
This use case applies scanners that utilize the server, such as SonarQube, Black Duck Hub, Veracode, Sonatype Nexus IQ, etc. This use case does NOT apply to does scanners that are entirely CLI based, such as Bandit, Brakeman, Nmap, OWASP Dependency Check, etc. It also does not apply to “onprem” discovery where the scanning server resides in your private network (or private cloud) and is not accessible by the ZeroNorth platform.
Prerequisites:
- ZeroNorth platform license and credentials
- Valid license and credentials for respective scanning tools such as Black Duck Hub, Checkmarx, SonarQube, etc.
- Connectivity from the ZeroNorth platform to the scanning server/service. For example, if you want to perform Scenario Discovery against your Black Duck Hub server, you will need to ensure that the ZeroNorth platform can connect directly to your Black Duck Hub service. Refer to the article ZeroNorth™ Environment Checklist for networking details.
Activate Scenario:
While activating a scenario, it is crucial to specify product configuration, Host URL and Hostname along with API key, username/password, Secret key or any credentials as required.
Further details about activating a specific scenario can be found here: Activate Scenario
Scenario Discovery:
To verify the activated scenario is connected to your scanning tool,
- Go to znOPS > Scenario Dashboard .
- Once you locate the scenario you’ve activated, click ’ Discover Projects ’ to ensure connection with the respective scanning tool.
- You will then be able to see a list of projects that is available in your hosted server.
Discover Projects from Scanning Tools in ZeroNorth:
Once the activated scenario is connected to your scanning tool, you can use the Discover feature also within ZeroNorth Policy configuration. Where available, set the Application Lookup Type as “Discovery”. Select applications/projects from the resulting list.
Limitations
- Requires direct connectivity from the ZeroNorth platform to the scanner server/service.
- Discovery is triggered manually. There is currently no means to refresh the discovery results automatically.
- Discovery results will depend on the credentials being used for the Scenario. Only the applications/projects visible to the credentials will be discovered.
- Some scanning servers/services require full admin role for project discovery, e.g. SonarQube.