secureCodeBox · rfelber · Feb 22, 2023 · Jan 2, 2023 · Jan 5, 2023 · Jan 5, 2023
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
@@ -43,3 +43,4 @@ Committing with `git commit -s` will add the sign-off at the end of the commit m
 - Felix Hörsting <[email protected]>
 - Matthew Cascio <[email protected]>
 - Patryk Miłek <[email protected]>
+- Renato Burton <[email protected]>
diff --git a/hooks/generic-webhook/README.md b/hooks/generic-webhook/README.md
@@ -60,6 +60,9 @@ Kubernetes: `>=v1.11.0-0`
 | hook.authentication.basic.passwordKey | string | `"password"` | Name of the password key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs |
 | hook.authentication.basic.userSecret | string | `"generic-webhook-credentials"` | Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs |
 | hook.authentication.basic.usernameKey | string | `"username"` | Name of the username key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs |
+| hook.authentication.apikey.userSecret | string | `"generic-webhook-credentials"` | Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs |
+| hook.authentication.apikey.headerName | string | `"X-api-key"` |  Customize header name as per your needs |
+| hook.authentication.apikey.headerValue | string | `"26ea529e517748baa6d87ebfe5781475"` | Use your API key |
 | hook.image.repository | string | `"docker.io/securecodebox/hook-generic-webhook"` | Hook image repository |
 | hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
 | hook.labels | object | `{}` | Add Kubernetes Labels to the hook definition |

diff --git a/hooks/generic-webhook/docs/README.ArtifactHub.md b/hooks/generic-webhook/docs/README.ArtifactHub.md
@@ -68,6 +68,9 @@ Kubernetes: `>=v1.11.0-0`
 | hook.authentication.basic.passwordKey | string | `"password"` | Name of the password key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs |
 | hook.authentication.basic.userSecret | string | `"generic-webhook-credentials"` | Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs |
 | hook.authentication.basic.usernameKey | string | `"username"` | Name of the username key in the `userSecret` secret. Use this if you already have a secret with different key / value pairs |
+| hook.authentication.apikey.userSecret | string | `"generic-webhook-credentials"` | Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs |
+| hook.authentication.apikey.headerName | string | `"X-api-key"` |  Customize header name as per your needs |
+| hook.authentication.apikey.headerValue | string | `"26ea529e517748baa6d87ebfe5781475"` | Use your API key |
 | hook.image.repository | string | `"docker.io/securecodebox/hook-generic-webhook"` | Hook image repository |
 | hook.image.tag | string | defaults to the charts version | The image Tag defaults to the charts version if not defined. |
 | hook.labels | object | `{}` | Add Kubernetes Labels to the hook definition |

diff --git a/hooks/generic-webhook/hook/hook.js b/hooks/generic-webhook/hook/hook.js
@@ -8,13 +8,17 @@ async function handle({
   webhookUrl = process.env["WEBHOOK_URL"],
   webhookUser = process.env["WEBHOOK_USER"],
   webhookPassword = process.env["WEBHOOK_PASSWORD"],
+  webhookApikey = process.env["WEBHOOK_APIKEY"],
+  webhookApikeySecret = process.env["WEBHOOK_APIKEY_SECRET"],
   axios = require('axios')
 }) {
   const findings = await getFindings();
 
   console.log(`Sending ${findings.length} findings to ${webhookUrl}`);
 
-  if (webhookUser && webhookPassword){
+  if (webhookApikey && webhookApikeySecret){
+    await axios.post(webhookUrl, {scan, findings }, {headers: { [webhookApikey]: webhookApikeySecret}});
+  }else if (webhookUser && webhookPassword){
     await axios.post(webhookUrl, {scan, findings }, {auth: {username: webhookUser, password: webhookPassword}});
   }else{
     await axios.post(webhookUrl, {scan, findings });

diff --git a/hooks/generic-webhook/templates/webhook-hook.yaml b/hooks/generic-webhook/templates/webhook-hook.yaml
@@ -31,6 +31,18 @@ spec:
           name: {{ .Values.hook.authentication.basic.userSecret }}
           key: {{ .Values.hook.authentication.basic.passwordKey }}
           optional: true
+    - name: WEBHOOK_APIKEY
+      valueFrom:
+        secretKeyRef:
+          name: {{ .Values.hook.authentication.apikey.userSecret }}
+          key: {{ .Values.hook.authentication.apikey.headerName }}
+          optional: true
+    - name: WEBHOOK_APIKEY_SECRET
+      valueFrom:
+        secretKeyRef:
+          name: {{ .Values.hook.authentication.apikey.userSecret }}
+          key: {{ .Values.hook.authentication.apikey.headerValue }}
+          optional: true
   affinity:
     {{- toYaml .Values.hook.affinity | nindent 4 }}
   tolerations:

diff --git a/hooks/generic-webhook/values.yaml b/hooks/generic-webhook/values.yaml
@@ -35,8 +35,14 @@ hook:
   # hook.tolerations -- Optional tolerations settings that control how the hook job is scheduled (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
   tolerations: []
 
-  # hook.authentication -- Optional basic authentication credentials
+  # hook.authentication -- Optional basic authentication credentials or apikey
   authentication:
+    apikey:
+      # -- Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs
+      userSecret: generic-webhook-credentials
+      # -- Customize header name as per your needs ex: X-Api-Key
+      headerName: X-Example-Header
+      headerValue: example
     basic:
       # -- Link a pre-existing generic secret with `usernameKey` and `passwordKey` key / value pairs
       userSecret: generic-webhook-credentials