@lateos/npm-scan 0.18.0 → 0.18.1

package/deploy/helm/npm-scan/Chart.yaml

@@ -1,22 +1,22 @@
-apiVersion: v2
-name: npm-scan
-description: npm supply chain security scanner — BYOC Helm chart for enterprise/government deployments
-type: application
-version: 1.0.0
-appVersion: "1.0.0"
-keywords:
-  - npm
-  - security
-  - supply-chain
-  - scanner
-  - byoc
-  - stig
-  - fips
-  - soc2
-  - fedramp
-sources:
-  - https://github.com/lateos-ai/npm-scan
-maintainers:
-  - name: Lateos
-    email: hello@lateos.ai
+apiVersion: v2
+name: npm-scan
+description: npm supply chain security scanner — BYOC Helm chart for enterprise/government deployments
+type: application
+version: 1.0.0
+appVersion: "1.0.0"
+keywords:
+  - npm
+  - security
+  - supply-chain
+  - scanner
+  - byoc
+  - stig
+  - fips
+  - soc2
+  - fedramp
+sources:
+  - https://github.com/lateos-ai/npm-scan
+maintainers:
+  - name: Lateos
+    email: hello@lateos.ai
 dependencies: []

package/deploy/helm/npm-scan/templates/_helpers.tpl

@@ -1,9 +1,9 @@
-{{- define "npm-scan.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{- define "npm-scan.labels" -}}
-helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- define "npm-scan.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "npm-scan.labels" -}}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}

package/deploy/helm/npm-scan/templates/api.yaml

@@ -1,94 +1,94 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "npm-scan.name" . }}-api
-  labels:
-    app: {{ include "npm-scan.name" . }}-api
-    {{- include "npm-scan.labels" . | nindent 4 }}
-  annotations:
-    stig: "SRG-APP-000141"
-spec:
-  replicas: {{ .Values.api.replicas }}
-  selector:
-    matchLabels:
-      app: {{ include "npm-scan.name" . }}-api
-  template:
-    metadata:
-      labels:
-        app: {{ include "npm-scan.name" . }}-api
-    spec:
-      containers:
-        - name: api
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: ["node", "cli/cli.js", "serve"]
-          ports:
-            - containerPort: {{ .Values.api.port }}
-          env:
-            - name: API_PORT
-              value: "{{ .Values.api.port }}"
-            - name: API_HOST
-              value: "{{ .Values.api.host }}"
-            - name: NPM_SCAN_LICENSE_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "npm-scan.name" . }}-license
-                  key: key
-                  optional: true
-            - name: NPM_SCAN_PREMIUM
-              value: "{{ .Values.premium.enabled }}"
-            {{- if .Values.premium.byoc.enabled }}
-            - name: NPM_SCAN_BYOC
-              value: "true"
-            - name: NPM_SCAN_CLOUD_PROVIDER
-              value: "{{ .Values.premium.byoc.cloudProvider }}"
-            {{- end }}
-            {{- if .Values.siem.enabled }}
-            - name: SIEM_ENABLED
-              value: "true"
-            - name: SIEM_TYPE
-              value: "{{ .Values.siem.type }}"
-            - name: SIEM_ENDPOINT
-              value: "{{ .Values.siem.endpoint }}"
-            - name: SIEM_PORT
-              value: "{{ .Values.siem.port }}"
-            {{- end }}
-            {{- if .Values.sso.enabled }}
-            - name: SSO_ENABLED
-              value: "true"
-            - name: SSO_PROVIDER
-              value: "{{ .Values.sso.provider }}"
-            - name: SSO_ISSUER_URL
-              value: "{{ .Values.sso.issuerUrl }}"
-            {{- end }}
-            {{- if .Values.postgresql.enabled }}
-            - name: PG_HOST
-              value: "{{ .Values.postgresql.host }}"
-            - name: PG_PORT
-              value: "{{ .Values.postgresql.port }}"
-            - name: PG_DATABASE
-              value: "{{ .Values.postgresql.database }}"
-            - name: PG_USERNAME
-              value: "{{ .Values.postgresql.username }}"
-            - name: PG_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Values.postgresql.existingSecret | default (printf "%s-pg" (include "npm-scan.name" .)) }}
-                  key: password
-                  optional: true
-            {{- end }}
-          resources: {{- toYaml .Values.api.resources | nindent 12 }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "npm-scan.name" . }}-api
-  labels:
-    app: {{ include "npm-scan.name" . }}-api
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: {{ .Values.api.port }}
-  selector:
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "npm-scan.name" . }}-api
+  labels:
+    app: {{ include "npm-scan.name" . }}-api
+    {{- include "npm-scan.labels" . | nindent 4 }}
+  annotations:
+    stig: "SRG-APP-000141"
+spec:
+  replicas: {{ .Values.api.replicas }}
+  selector:
+    matchLabels:
+      app: {{ include "npm-scan.name" . }}-api
+  template:
+    metadata:
+      labels:
+        app: {{ include "npm-scan.name" . }}-api
+    spec:
+      containers:
+        - name: api
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command: ["node", "cli/cli.js", "serve"]
+          ports:
+            - containerPort: {{ .Values.api.port }}
+          env:
+            - name: API_PORT
+              value: "{{ .Values.api.port }}"
+            - name: API_HOST
+              value: "{{ .Values.api.host }}"
+            - name: NPM_SCAN_LICENSE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "npm-scan.name" . }}-license
+                  key: key
+                  optional: true
+            - name: NPM_SCAN_PREMIUM
+              value: "{{ .Values.premium.enabled }}"
+            {{- if .Values.premium.byoc.enabled }}
+            - name: NPM_SCAN_BYOC
+              value: "true"
+            - name: NPM_SCAN_CLOUD_PROVIDER
+              value: "{{ .Values.premium.byoc.cloudProvider }}"
+            {{- end }}
+            {{- if .Values.siem.enabled }}
+            - name: SIEM_ENABLED
+              value: "true"
+            - name: SIEM_TYPE
+              value: "{{ .Values.siem.type }}"
+            - name: SIEM_ENDPOINT
+              value: "{{ .Values.siem.endpoint }}"
+            - name: SIEM_PORT
+              value: "{{ .Values.siem.port }}"
+            {{- end }}
+            {{- if .Values.sso.enabled }}
+            - name: SSO_ENABLED
+              value: "true"
+            - name: SSO_PROVIDER
+              value: "{{ .Values.sso.provider }}"
+            - name: SSO_ISSUER_URL
+              value: "{{ .Values.sso.issuerUrl }}"
+            {{- end }}
+            {{- if .Values.postgresql.enabled }}
+            - name: PG_HOST
+              value: "{{ .Values.postgresql.host }}"
+            - name: PG_PORT
+              value: "{{ .Values.postgresql.port }}"
+            - name: PG_DATABASE
+              value: "{{ .Values.postgresql.database }}"
+            - name: PG_USERNAME
+              value: "{{ .Values.postgresql.username }}"
+            - name: PG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.existingSecret | default (printf "%s-pg" (include "npm-scan.name" .)) }}
+                  key: password
+                  optional: true
+            {{- end }}
+          resources: {{- toYaml .Values.api.resources | nindent 12 }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "npm-scan.name" . }}-api
+  labels:
+    app: {{ include "npm-scan.name" . }}-api
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.api.port }}
+  selector:
     app: {{ include "npm-scan.name" . }}-api

package/deploy/helm/npm-scan/templates/ingress.yaml

@@ -1,28 +1,28 @@
-{{- if .Values.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "npm-scan.name" . }}
-  labels: {{- include "npm-scan.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations: {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- with .Values.ingress.className }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  rules:
-    - host: {{ .Values.ingress.host | quote }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ include "npm-scan.name" . }}-api
-                port:
-                  number: {{ .Values.service.port }}
-  {{- with .Values.ingress.tls }}
-  tls: {{- toYaml . | nindent 4 }}
-  {{- end }}
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "npm-scan.name" . }}
+  labels: {{- include "npm-scan.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations: {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.className }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.host | quote }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "npm-scan.name" . }}-api
+                port:
+                  number: {{ .Values.service.port }}
+  {{- with .Values.ingress.tls }}
+  tls: {{- toYaml . | nindent 4 }}
+  {{- end }}
 {{- end }}

package/deploy/helm/npm-scan/templates/postgresql.yaml

@@ -1,67 +1,67 @@
-{{- if .Values.postgresql.enabled }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "npm-scan.name" . }}-postgresql
-  labels:
-    app: {{ include "npm-scan.name" . }}-postgresql
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: {{ include "npm-scan.name" . }}-postgresql
-  template:
-    metadata:
-      labels:
-        app: {{ include "npm-scan.name" . }}-postgresql
-    spec:
-      containers:
-        - name: postgresql
-          image: postgres:16-alpine
-          ports:
-            - containerPort: 5432
-          env:
-            - name: POSTGRES_DB
-              value: "{{ .Values.postgresql.database }}"
-            - name: POSTGRES_USER
-              value: "{{ .Values.postgresql.username }}"
-            - name: POSTGRES_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "npm-scan.name" . }}-pg
-                  key: password
-          {{- if .Values.persistence.enabled }}
-          volumeMounts:
-            - name: data
-              mountPath: /var/lib/postgresql/data
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: {{ include "npm-scan.name" . }}-pg
-          {{- end }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "npm-scan.name" . }}-postgresql
-spec:
-  ports:
-    - port: 5432
-  selector:
-    app: {{ include "npm-scan.name" . }}-postgresql
----
-{{- if .Values.persistence.enabled }}
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ include "npm-scan.name" . }}-pg
-spec:
-  accessModes: [ReadWriteOnce]
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size }}
-  {{- with .Values.persistence.storageClass }}
-  storageClassName: {{ . }}
-  {{- end }}
-{{- end }}
+{{- if .Values.postgresql.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "npm-scan.name" . }}-postgresql
+  labels:
+    app: {{ include "npm-scan.name" . }}-postgresql
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ include "npm-scan.name" . }}-postgresql
+  template:
+    metadata:
+      labels:
+        app: {{ include "npm-scan.name" . }}-postgresql
+    spec:
+      containers:
+        - name: postgresql
+          image: postgres:16-alpine
+          ports:
+            - containerPort: 5432
+          env:
+            - name: POSTGRES_DB
+              value: "{{ .Values.postgresql.database }}"
+            - name: POSTGRES_USER
+              value: "{{ .Values.postgresql.username }}"
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "npm-scan.name" . }}-pg
+                  key: password
+          {{- if .Values.persistence.enabled }}
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/postgresql/data
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ include "npm-scan.name" . }}-pg
+          {{- end }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "npm-scan.name" . }}-postgresql
+spec:
+  ports:
+    - port: 5432
+  selector:
+    app: {{ include "npm-scan.name" . }}-postgresql
+---
+{{- if .Values.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "npm-scan.name" . }}-pg
+spec:
+  accessModes: [ReadWriteOnce]
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+  {{- with .Values.persistence.storageClass }}
+  storageClassName: {{ . }}
+  {{- end }}
+{{- end }}
 {{- end }}

package/deploy/helm/npm-scan/templates/secrets.yaml

@@ -1,19 +1,19 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "npm-scan.name" . }}-license
-  labels: {{- include "npm-scan.labels" . | nindent 4 }}
-type: Opaque
-stringData:
-  key: "{{ .Values.license.key }}"
----
-{{- if not .Values.postgresql.existingSecret }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "npm-scan.name" . }}-pg
-  labels: {{- include "npm-scan.labels" . | nindent 4 }}
-type: Opaque
-stringData:
-  password: "{{ .Values.postgresql.password }}"
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "npm-scan.name" . }}-license
+  labels: {{- include "npm-scan.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  key: "{{ .Values.license.key }}"
+---
+{{- if not .Values.postgresql.existingSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "npm-scan.name" . }}-pg
+  labels: {{- include "npm-scan.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  password: "{{ .Values.postgresql.password }}"
 {{- end }}

package/deploy/helm/npm-scan/templates/worker.yaml

@@ -1,32 +1,32 @@
-{{- if .Values.worker.enabled }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "npm-scan.name" . }}-worker
-  labels:
-    app: {{ include "npm-scan.name" . }}-worker
-    {{- include "npm-scan.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.worker.replicas }}
-  selector:
-    matchLabels:
-      app: {{ include "npm-scan.name" . }}-worker
-  template:
-    metadata:
-      labels:
-        app: {{ include "npm-scan.name" . }}-worker
-    spec:
-      containers:
-        - name: worker
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: ["node", "cli/cli.js"]
-          env:
-            - name: NPM_SCAN_LICENSE_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "npm-scan.name" . }}-license
-                  key: key
-                  optional: true
-          resources: {{- toYaml .Values.worker.resources | nindent 12 }}
+{{- if .Values.worker.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "npm-scan.name" . }}-worker
+  labels:
+    app: {{ include "npm-scan.name" . }}-worker
+    {{- include "npm-scan.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.worker.replicas }}
+  selector:
+    matchLabels:
+      app: {{ include "npm-scan.name" . }}-worker
+  template:
+    metadata:
+      labels:
+        app: {{ include "npm-scan.name" . }}-worker
+    spec:
+      containers:
+        - name: worker
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command: ["node", "cli/cli.js"]
+          env:
+            - name: NPM_SCAN_LICENSE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "npm-scan.name" . }}-license
+                  key: key
+                  optional: true
+          resources: {{- toYaml .Values.worker.resources | nindent 12 }}
 {{- end }}