Syncing changes to master for stable release (#170)

* Update CODE_OF_CONDUCT.md (#157)

* Updated installation script to install a specific version of the software. (#159)

* Version passing

* Added sanity check and installation for jq and notebook

* Corrected variable name

* Updated

* Updated installation instructions

* Updated command with branch output (#160)

* Updated code (#163)

* Added completion criteria code (#165)

* Added completion criteria code

* Added completion criteria for osar

CODE_OF_CONDUCT.md

@@ -59,7 +59,7 @@ representative at an online or offline event.
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported to the community leaders responsible for enforcement at
-[INSERT CONTACT METHOD].
+arun.suresh@wipro.com.
 All complaints will be reviewed and investigated promptly and fairly.
 
 All community leaders are obligated to respect the privacy and security of the

README.md

@@ -97,6 +97,13 @@ BeSman is designed to work with linux machines. So, if you are a windows user, y
 
         curl -L https://raw.githubusercontent.com/Be-Secure/BeSman/dist/dist/get.besman.io | bash
 
+
+    If you want to install a specific version, use the following command, replacing X.Y.Z with the desired version:
+
+        export BESMAN_VERSION=X.Y.Z
+        
+        curl -L https://raw.githubusercontent.com/Be-Secure/BeSman/dist/dist/get.besman.io | bash
+
 2.  Source the files into memory
 
         source $HOME/.besman/bin/besman-init.sh

quick_install.sh

@@ -166,6 +166,30 @@ fi
 
   fi
 
+if [[ -z $(command -v jq) ]]
+then
+	echo "Installing jq"
+	sudo apt update && sudo apt install jq -y
+fi
+
+if [[ -z $(command -v pip) ]]
+then
+	echo "Installing pip"
+	sudo apt install python3-pip -y
+fi
+
+if [[ -z $(command -v jupyter) ]]
+then
+	echo "Installing jupyter notebook"
+	python3 -m pip install notebook
+fi
+
+if ! pip list | grep PyYAML
+then
+  echo "Installing pyYAML"
+  python3 -m pip install pyYAML
+fi
+
 echo "Installing BeSMAN scripts..."
 
 
@@ -259,6 +283,7 @@ if [[ -z $(grep 'besman-init.sh' "$besman_zshrc") ]]; then
     echo "Updated existing ${besman_zshrc}"
 fi
 
+bash
 echo -e "\n\n\nAll done!\n\n"
 
 echo "Please open a new terminal, or run the following in the existing one:"

scripts/tmpl/get.besman.io.tmpl

@@ -10,10 +10,25 @@ export BESMAN_SERVICE="https://raw.githubusercontent.com"
 # BESMAN_DIST_BRANCH=${BESMAN_DIST_BRANCH:-REL-${BESMAN_VERSION}}
 
 BESMAN_NAMESPACE="@BES_NAMESPACE@"
-BESMAN_VERSION="@BES_VERSION@"
+BESMAN_VERSION="${BESMAN_VERSION:-@BES_VERSION@}"
+
 BESMAN_ENV_REPOS="$BESMAN_NAMESPACE/besecure-ce-env-repo"
 # BESMAN_DIST_BRANCH=${BESMAN_DIST_BRANCH:-REL-${BESMAN_VERSION}}
 
+if [[ -z $(command -v jq) ]]
+then
+	echo "Installing jq"
+	sudo apt update && sudo apt install jq -y
+fi
+
+echo "Checking version number"
+release=$(curl -s --insecure --silent "https://api.github.com/repos/$BESMAN_NAMESPACE/BeSman/releases" | jq -r '.[].tag_name' | grep "^$BESMAN_VERSION$")
+if [[ -z $release ]] 
+then
+    echo "Version $release is not a valid version of $BESMAN_NAMESPACE/BeSman"
+	exit 1
+fi
+
 if [[ -z "$BESMAN_DIR" ]]; then
     export BESMAN_DIR="$HOME/.besman"
 fi
@@ -188,6 +203,24 @@ if [[ -z $(which gh) ]]; then
 
 fi
 
+if [[ -z $(command -v pip) ]]
+then
+	echo "Installing pip"
+	sudo apt install python3-pip -y
+fi
+
+if [[ -z $(command -v jupyter) ]]
+then
+	echo "Installing jupyter notebook"
+	python3 -m pip install notebook
+fi
+
+if ! pip list | grep PyYAML
+then
+  echo "Installing pyYAML"
+  python3 -m pip install pyYAML
+fi
+
 if [[ "$solaris" == true ]]; then
 	echo "Looking for gsed..."
 	if [ -z $(which gsed) ]; then
@@ -277,7 +310,7 @@ echo "Download script archive..."
 
 # once move to besman namespace needs to update besman-latest.zip 
 #curl -sL --location --progress-bar "${BESMAN_SERVICE}/${BESMAN_NAMESPACE}/BESman/dist/dist/besman-latest.zip" > "$besman_zip_file"
-curl -sL --location --progress-bar "${BESMAN_SERVICE}/${BESMAN_NAMESPACE}/BeSman/dist/dist/besman-latest.zip" > "$besman_zip_file"
+curl -sL --location --progress-bar "${BESMAN_SERVICE}/${BESMAN_NAMESPACE}/BeSman/dist/dist/besman-$BESMAN_VERSION.zip" > "$besman_zip_file"
 #cp "/vagrant/ProEnv/besman-latest.zip"  "$besman_zip_file"
 
 

src/main/bash/commands/besman-create.sh

@@ -160,6 +160,12 @@ BESMAN_ASSESSMENT_DATASTORE_DIR: \$HOME/besecure-assessment-datastore #***
 # BESMAN_ASSESSMENT_DATASTORE_URL - The remote repo where we store the assessment reports.
 BESMAN_ASSESSMENT_DATASTORE_URL: https://github.com/Be-Secure/besecure-assessment-datastore #***
 
+ASSESSMENT_STEP:
+    - sbom
+    - sast
+    - scorecard
+    - criticality_score
+
 EOF
     }
 
@@ -276,6 +282,11 @@ BESMAN_ARTIFACT_TRIGGER_PLAYBOOK: besman-\$BESMAN_ARTIFACT_NAME-$env_type-trigge
 # Default value is false
 BESMAN_DISPLAY_SKIPPED_ANSIBLE_HOSTS: false #***
 
+ASSESSMENT_STEP:
+    - sbom
+    - sast
+    - scorecard
+    - criticality_score
 
 # The default values of the ansible roles will be present in their respective repos.
 # You can go to https://github.com/Be-Secure/<repo of the ansible role>/blob/main/defaults/main.yml.

src/main/bash/commands/besman-list.sh

@@ -91,7 +91,7 @@ function __besman_list_envs()
         __besman_echo_yellow "$ bes set BESMAN_LOCAL_ENV false"
         __besman_echo_yellow "$ bes set BESMAN_ENV_REPOS <GitHub Org>"
     else      
-        __besman_echo_yellow "Pointing to $BESMAN_ENV_REPOS"
+        __besman_echo_yellow "Pointing to $BESMAN_ENV_REPOS; tree - $BESMAN_ENV_REPO_BRANCH"
         __besman_echo_yellow "If you wish to change the repo run the below command"
         __besman_echo_yellow "$ bes set BESMAN_ENV_REPOS <GitHub Org>"
     fi
@@ -245,7 +245,7 @@ function __besman_list_playbooks()
     __besman_echo_no_colour ""
 
     __besman_echo_no_colour ""
-    __besman_echo_yellow "Pointing to $BESMAN_PLAYBOOK_REPO"
+    __besman_echo_yellow "Pointing to $BESMAN_PLAYBOOK_REPO; tree - $BESMAN_PLAYBOOK_REPO_BRANCH"
     __besman_echo_yellow "If you wish to change the repo run the below command"
     __besman_echo_yellow "$ bes set BESMAN_PLAYBOOK_REPO <GitHub Org>/<Repo name>"
 

src/main/bash/scripts/besman-generate-osar.py

@@ -1,6 +1,7 @@
 import json
 import os
 import sys
+import yaml
 
 
 def criticality_score_parser(user_data):
@@ -142,13 +143,55 @@ def write_json_data(osar_data, osar_file_path):
     with open(osar_file_path, 'w') as f:
         json.dump(osar_data, f, indent=4)
 
+def update_assessment_step(osar_data, osar_file_path):
+    config_file = os.environ.get('BESMAN_ENV_CONFIG_FILE_PATH')
+    assessment_type = os.environ.get('ASSESSMENT_TOOL_TYPE')
+    if config_file is None or assessment_type is None:
+        print("Error: Environment variables 'BESMAN_ENV_CONFIG_FILE_PATH' and 'ASSESSMENT_TOOL_TYPE' are not set.")
+        return
+
+    with open(config_file, 'r') as file:
+        data = yaml.safe_load(file)
+
+        if 'completionCriteria' not in osar_data:
+            osar_data['completionCriteria'] = []
+            osar_data['completionStatus'] = False
+            for tool in data.get('ASSESSMENT_STEP', []):
+                if tool == assessment_type:
+                    osar_data['completionCriteria'].append({tool: True})
+                else:
+                    osar_data['completionCriteria'].append({tool: False})
+        else:
+           for tool in data.get('ASSESSMENT_STEP', []):
+                tool_found = False
+                for criteria in osar_data['completionCriteria']:
+                    for key in criteria:
+                        if key == tool and tool == assessment_type:
+                            criteria[key] = True
+                            tool_found = True
+                        elif key == tool and tool != assessment_type:
+                            tool_found = True
+                if not tool_found:
+                    osar_data['completionCriteria'].append({tool: False})
+                        #     osar_data['completionCriteria'].append({tool: False})
+        # Write the updated data back to the file
+    for criteria in osar_data['completionCriteria']:
+        for key, value in criteria.items():
+            if value == False:
+                osar_data['completionStatus'] = False
+                break
+            else:
+                osar_data['completionStatus'] = True
+
+    with open(osar_file_path, 'w') as file:
+        json.dump(osar_data, file, indent=4)
 
 # Define a dictionary mapping tool names to processing functions
 # Add more tools and their corresponding processing functions here
 tool_processors = {
     "sonarqube": sonar_parser,
     "spdx-sbom-generator": sbom_parser,
-    "ossf scorecard": scorecard_parser,
+    "scorecard": scorecard_parser,
     "fossology": fossology_parser,
     "criticality_score": criticality_score_parser
 }
@@ -175,7 +218,6 @@ def main():
         "EXECUTION_DURATION",
         "DETAILED_REPORT_PATH",
         "BESMAN_ASSESSMENT_DATASTORE_URL",
-
         "OSAR_PATH"
     ]
 
@@ -203,6 +245,7 @@ def main():
     report_output_path = os.environ.get("DETAILED_REPORT_PATH")
     beslab_assessment_datastore_url = os.environ.get("BESMAN_ASSESSMENT_DATASTORE_URL")
 
+
     osar_path = os.environ.get("OSAR_PATH")
 
     # Read and parse the JSON file(user data e.g. sonar-scan-json, snyk, sbom etc...) specified by report_output_path
@@ -268,6 +311,7 @@ def main():
         "environment": environment
     })
 
+    update_assessment_step(osar_data, osar_file_path)
     append_assessment(osar_data, new_assessment)
 
     write_json_data(osar_data, osar_file_path)