npm - @sanity-labs/backstage-plugin-trivy-backend - Versions diffs - 0.0.2 → 0.0.4 - Mend

@sanity-labs/backstage-plugin-trivy-backend 0.0.2 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/README.md +0 -114

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sanity-labs/backstage-plugin-trivy-backend",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "main": "dist/index.cjs.js",
   "types": "dist/index.d.ts",
   "license": "Apache-2.0",

package/README.md DELETED Viewed

@@ -1,114 +0,0 @@
-# Trivy Backend Plugin
-This backend plugin integrates Trivy security scan results from Google Cloud Storage into Backstage.
-## Features
-- Fetches Trivy scan results from GCS bucket (`sanity-trivy-logs`)
-- Parses filesystem and image scan outputs
-- Provides REST API endpoints for security findings
-- Links findings to CircleCI builds and GitHub PRs
-## API Endpoints
-### `GET /api/trivy/health`
-Health check endpoint.
-### `GET /api/trivy/scans`
-Returns all security scans sorted by timestamp (newest first).
-Response:
-```json
-[
-  {
-    "repo": "alert-relay",
-    "branch": "add-ci",
-    "scanId": "2627705d-5a14-4d61-ae79-e9ec457b851c",
-    "timestamp": "2024-01-15T10:30:00Z",
-    "metadata": {
-      "circleciUrl": "https://circleci.com/gh/sanity-io/alert-relay/9",
-      "githubPr": "https://github.com/sanity-io/alert-relay/pull/4",
-      "gitCommit": "6e0858eab194dcab5235b4ef41165f80c7a9dd45",
-      "committer": "obliadp"
-    },
-    "findings": [
-      {
-        "file": "deploy/base/deployment.yaml",
-        "severity": "HIGH",
-        "title": "Container should set securityContext.readOnlyRootFilesystem",
-        "description": "An immutable root file system prevents...",
-        "lines": "18-62",
-        "avdId": "https://avd.aquasec.com/misconfig/ksv014"
-      }
-    ]
-  }
-]
-```
-### `GET /api/trivy/scans/:repo/:branch/:scanId`
-Returns a specific scan by repo, branch, and scan ID.
-### `GET /api/trivy/scans/:repo/latest`
-Returns the latest scan for a specific repository.
-## Setup
-1. Ensure you have access to the `sanity-trivy-logs` GCS bucket
-2. Configure GCP credentials for the Backstage backend
-3. Add the plugin to your backend in `packages/backend/src/index.ts`:
-```typescript
-import trivy from '@internal/backstage-plugin-trivy-backend';
-const backend = createBackend();
-backend.add(trivy());
-backend.start();
-```
-## Configuration
-### app-config.yaml
-```yaml
-trivy:
-  # GCS bucket name (default: sanity-trivy-logs)
-  bucketName: sanity-trivy-logs
-  # Backend cache time in minutes (default: 5)
-  # How long to cache GCS responses in memory
-  cacheTime: 5
-  # Severity filter (default: CRITICAL, HIGH, MEDIUM)
-  severityFilter:
-    - CRITICAL
-    - HIGH
-    - MEDIUM
-```
-### GCP Authentication
-The plugin uses Google Cloud Storage with Application Default Credentials. Ensure your Backstage backend has appropriate GCP credentials configured.
-### Caching
-The backend implements in-memory caching to reduce GCS API calls:
-- Caches all API responses for the configured `cacheTime` duration
-- Cache keys are based on endpoint parameters
-- Cache stats available via `/api/trivy/health` endpoint
-- Automatic cache invalidation after TTL expires
-```json
-// GET /api/trivy/health response
-{
-  "status": "ok",
-  "cache": {
-    "size": 3,
-    "keys": ["all-scans", "latest-alert-relay", "scan-alert-relay-main-abc123"]
-  },
-  "config": {
-    "bucketName": "sanity-trivy-logs",
-    "cacheTime": 5
-  }
-}
-```