Added ownerReference to all subsequent scan created by the nmap-subsequent-scans hook. Now it ist possible to delete the primary scan and all subsequent scans will be deleted too.

Author: rfelber

hooks/nmap-subsequent-scans/hook.js

@@ -67,7 +67,7 @@ async function handle({ scan, getFindings }) {
  */
 async function startZAPBaselineScan({ parentScan, hostname, port }) {
   console.log(
-    " --> starting subsequent ZAP Scan for host: " + hostname + ":" + port
+    " --> Starting async subsequent ZAP Scan for host: " + hostname + ":" + port
   );
 
   await startSubsequentSecureCodeBoxScan({
@@ -85,7 +85,7 @@ async function startZAPBaselineScan({ parentScan, hostname, port }) {
  */
 async function startSSHScan({ parentScan, hostname, port }) {
   console.log(
-    " --> starting subsequent SSH Scan for host: " + hostname + ":" + port
+    " --> Starting async subsequent SSH Scan for host: " + hostname + ":" + port
   );
 
   await startSubsequentSecureCodeBoxScan({
@@ -103,7 +103,7 @@ async function startSSHScan({ parentScan, hostname, port }) {
  */
 async function startNiktoScan({ parentScan, hostname, port }) {
   console.log(
-    " --> starting subsequent Nikto Scan for host: " + hostname + ":" + port
+    " --> Starting async subsequent Nikto Scan for host: " + hostname + ":" + port
   );
 
   await startSubsequentSecureCodeBoxScan({
@@ -121,7 +121,7 @@ async function startNiktoScan({ parentScan, hostname, port }) {
  */
 async function startSSLyzeScan({ parentScan, hostname, port }) {
   console.log(
-    " --> starting subsequent SSLyze Scan for host: " + hostname + ":" + port
+    " --> Starting async subsequent SSLyze Scan for host: " + hostname + ":" + port
   );
 
   await startSubsequentSecureCodeBoxScan({

hooks/nmap-subsequent-scans/scan-helpers.js

@@ -20,13 +20,19 @@ async function startSubsequentSecureCodeBoxScan({
       labels: {
         ...parentScan.metadata.labels,
       },
+      annotations: {
+        'securecodebox.io/hook': 'nmap-subsequent-scans',
+        'securecodebox.io/parent-scan': parentScan.metadata.name,
+      },
+      ...(await getOwnerReference(parentScan)),
     },
     spec: {
       scanType,
       parameters,
     },
   };
 
+
   try {
     // Starting another subsequent sslyze scan based on the nmap results
     // found at: https://github.com/kubernetes-client/javascript/blob/79736b9a608c18d818de61a6b44503a08ea3a78f/src/gen/api/customObjectsApi.ts#L209
@@ -44,4 +50,19 @@ async function startSubsequentSecureCodeBoxScan({
   }
 }
 
+async function getOwnerReference(parentScan) {
+  return {
+    ownerReferences: [
+      {
+        apiVersion: 'execution.experimental.securecodebox.io/v1',
+        blockOwnerDeletion: true,
+        controller: true,
+        kind: 'Scan',
+        name: parentScan.metadata.name,
+        uid: parentScan.metadata.uid,
+      },
+    ],
+  };
+}
+
 module.exports.startSubsequentSecureCodeBoxScan = startSubsequentSecureCodeBoxScan;