From 649161f6f598cdf5fb7a20b3b4fd7c73a301f23e Mon Sep 17 00:00:00 2001 From: dlicheva Date: Tue, 16 Sep 2025 15:32:58 +0100 Subject: [PATCH 1/3] fix link in elastic search docs --- docs/reference/components/elasticsearch.md | 44 +++++++++++----------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/docs/reference/components/elasticsearch.md b/docs/reference/components/elasticsearch.md index 8f56d50..ac7bd6a 100644 --- a/docs/reference/components/elasticsearch.md +++ b/docs/reference/components/elasticsearch.md @@ -1,6 +1,6 @@ --- sidebar_custom_props: - icon: "/img/components/elasticsearch.svg" + icon: "/img/components/elasticsearch.svg" title: 'ElasticSearch' description: 'Reporter that pushes findings to an ElasticSearch instance.' sidebar_position: 14 @@ -9,7 +9,7 @@ sidebar_position: 14 # ElasticSearch Reporter component that pushes findings to an ElasticSearch instance. Read more -about ElasticSearch [here](https://kagi.com/search?q=elasticsearch). +about ElasticSearch [here](https://www.elastic.co/elasticsearch). ## How to use @@ -22,11 +22,11 @@ about ElasticSearch [here](https://kagi.com/search?q=elasticsearch). description: Workflow reporting to elasticsearch name: elasticsearch components: -- component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/gosec:v1.2.3 -- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/nancy:v1.2.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/reporters/elasticsearch:v1.0.1 + - component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/gosec:v1.2.3 + - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/nancy:v1.2.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/reporters/elasticsearch:v1.0.1 ``` @@ -36,22 +36,22 @@ components: ```yaml # file: ./my-workflow/overrides.yaml git-clone: -- name: "repo_url" - type: "string" - value: "https://github.com/sqreen/go-dvwa" -- name: "reference" - type: "string" - value: "master" + - name: "repo_url" + type: "string" + value: "https://github.com/sqreen/go-dvwa" + - name: "reference" + type: "string" + value: "master" elasticsearch: -- name: "elasticsearch_url" - type: "string" - value: "Your ES URL here" -- name: "elasticsearch_index" - type: "string" - value: "Any Index" -- name: "elasticsearch_api_key" - type: "string" - value: "An API Key with the rights to read cluster and write indexes" + - name: "elasticsearch_url" + type: "string" + value: "Your ES URL here" + - name: "elasticsearch_index" + type: "string" + value: "Any Index" + - name: "elasticsearch_api_key" + type: "string" + value: "An API Key with the rights to read cluster and write indexes" ``` *Warning*: You need to configure secrets and other parameters for elasticsearch From ceacbd6feccb67909b950ab0d89c2214bc2f3dfe Mon Sep 17 00:00:00 2001 From: dlicheva Date: Tue, 16 Sep 2025 15:42:34 +0100 Subject: [PATCH 2/3] add dependency track docs --- docs/reference/components/dependency-track.md | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 docs/reference/components/dependency-track.md diff --git a/docs/reference/components/dependency-track.md b/docs/reference/components/dependency-track.md new file mode 100644 index 0000000..e731849 --- /dev/null +++ b/docs/reference/components/dependency-track.md @@ -0,0 +1,38 @@ +--- +sidebar_custom_props: + icon: "/img/components/dependency-track.svg" +title: 'Dependency Track' +description: 'Reporter that pushes SBOMs to Dependency Track.' +--- + +# Dependency Track + +Reporter component that uploads CycloneDX SBOMs to +[Dependency-Track](https://dependencytrack.org/) +and transforms the found vulnerabilities to OCSF. + +## How to use + +### Open-Source + +This component is only available in the Smithy SaaS + +### SaaS + +1. In the Smithy UI, open the page to create a new workflow. +2. Configure any workflow that produces vulnerabilities (e.g. sast, sca, + container scanner etc) +3. Find the Dependency Track component in the reporters dropdown. + 4Fill the form on the right + +## Options + +You can configure this component with the following options: + +| Option Name | Description | Default | Type | +|---------------------------|------------------------------------------------------------------|---------|--------| +| dependencytrack_base_url | URL of your DependencyTrack instance | "" | String | +| dependencytrack_api_token | API token for your DependencyTrack instance | "" | String | +| project_name | Project name on Dependency Track | "" | String | +| project_version | Project version on Dependency Track | "" | String | +| sbom_file_path | filepath of the SBOM that you want to upload to Dependency Track | "" | String | From fac4e757a7d30d094ec240185b7bebb09b3e983d Mon Sep 17 00:00:00 2001 From: dlicheva Date: Tue, 16 Sep 2025 15:56:31 +0100 Subject: [PATCH 3/3] fix typo --- docs/reference/components/dependency-track.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/components/dependency-track.md b/docs/reference/components/dependency-track.md index e731849..0a2006b 100644 --- a/docs/reference/components/dependency-track.md +++ b/docs/reference/components/dependency-track.md @@ -23,7 +23,7 @@ This component is only available in the Smithy SaaS 2. Configure any workflow that produces vulnerabilities (e.g. sast, sca, container scanner etc) 3. Find the Dependency Track component in the reporters dropdown. - 4Fill the form on the right +4. Fill the form on the right ## Options