secureCodeBox
diff --git a/‎.github/workflows/ci.yaml‎
Lines changed: 5 additions & 0 deletions b/‎.github/workflows/ci.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎tests/integration/helpers.js‎
Lines changed: 77 additions & 0 deletions b/‎tests/integration/helpers.js‎
Lines changed: 77 additions & 0 deletions
diff --git a/‎tests/integration/nmap.test.js‎
Lines changed: 25 additions & 0 deletions b/‎tests/integration/nmap.test.js‎
Lines changed: 25 additions & 0 deletions
@@ -216,6 +216,11 @@ jobs:
       - name: "Install Test Dependencies"
         run: | 
           npm ci
+      - name: "Nmap Integration Tests"
+        run: | 
+          kubectl apply -f integrations/nmap/nmap-scan-type.yaml -f integrations/nmap/nmap-parse-definition.yaml
+          cd tests/integration/
+          npx jest --ci --color nmap
       - name: "Delete kind cluster"
         run: | 
           kind delete cluster
@@ -0,0 +1,77 @@
+const k8s = require("@kubernetes/client-node");
+
+const kc = new k8s.KubeConfig();
+kc.loadFromDefault();
+
+const k8sCRDApi = kc.makeApiClient(k8s.CustomObjectsApi);
+
+const namespace = "integration-tests";
+
+const sleep = duration =>
+  new Promise(resolve => setTimeout(resolve, duration * 1000));
+
+async function deleteScan(name) {
+  await k8sCRDApi.deleteNamespacedCustomObject(
+    "execution.experimental.securecodebox.io",
+    "v1",
+    namespace,
+    "scans",
+    name,
+    {}
+  );
+}
+
+/**
+ *
+ * @param {string} name name of the scan. Actual name will be sufixed with a random number to avoid conflicts
+ * @param {string} scanType type of the scan. Must match the name of a ScanType CRD
+ * @param {string[]} parameters cli argument to be passed to the scanner
+ * @param {number} timeout in seconds
+ */
+async function scan(name, scanType, parameters = [], timeout = 180) {
+  const scanDefinition = {
+    apiVersion: "execution.experimental.securecodebox.io/v1",
+    kind: "Scan",
+    metadata: {
+      // Use `generateName` instead of name to generate a random sufix and avoid name clashes
+      generateName: `${name}-`
+    },
+    spec: {
+      scanType,
+      parameters
+    }
+  };
+
+  const { body } = await k8sCRDApi.createNamespacedCustomObject(
+    "execution.experimental.securecodebox.io",
+    "v1",
+    namespace,
+    "scans",
+    scanDefinition
+  );
+
+  const actualName = body.metadata.name;
+
+  for (let i = 0; i < timeout; i++) {
+    await sleep(1);
+
+    const { body } = await k8sCRDApi.getNamespacedCustomObjectStatus(
+      "execution.experimental.securecodebox.io",
+      "v1",
+      namespace,
+      "scans",
+      actualName
+    );
+
+    const scanStatus = body.status;
+
+    if (scanStatus && scanStatus.state === "Done") {
+      await deleteScan(actualName);
+      return scanStatus.findings;
+    }
+  }
+
+  throw new Error("timed out while waiting for scan results");
+}
+
+module.exports.scan = scan;
@@ -0,0 +1,25 @@
+const { scan } = require('./helpers')
+
+test(
+  "localhost port scan should only find a host finding",
+  async () => {
+    const { categories, severities, count } = await scan(
+      "nmap-localhost",
+      "nmap",
+      ["localhost"]
+    );
+
+    expect(count).toBe(1);
+    expect(categories).toMatchInlineSnapshot(`
+      Object {
+        "Host": 1,
+      }
+    `);
+    expect(severities).toMatchInlineSnapshot(`
+      Object {
+        "informational": 1,
+      }
+    `);
+  },
+  3 * 60 * 1000
+);