Once you’ve written your Analyzers you’ll want to deploy them to Grapl.
Analyzers live in the <DEPLOYMENT_NAME>-grapl-analyzers, so all we need to do
is upload the files to that bucket. If you’re using a local version of Grapl the
DEPLOYMENT_NAME is always local-grapl.
Analyzers should be deployed with a key of the form:
analyzer_name/main.py.
If you’re uploading to a local Grapl,
AWS_ACCESS_KEY_ID="test" \
AWS_SECRET_ACCESS_KEY="test"
aws s3 cp \
<path to analyzer> \
s3://local-grapl-analyzers-bucket/analyzers/<analyzer_name>/main.py \
--endpoint-url=http://localhost:4566
Otherwise, for an AWS deployed Grapl,
aws s3 cp \
<path to analyzer> \
s3://<DEPLOYMENT_NAME>-analyzers-bucket/analyzers/<analyzer_name>/main.py \
Deploying from Github¶
We can keep our detection logic in Github, which will allow us to perform code reviews, linting, and automate the deployment of our analyzers.
As an example, insanitybit/grapl-analyzers is set up to use this webhook.
Deploy¶
To get started you’ll need to install npm, typescript, and the aws-cdk.
Clone the repo:
git clone git@github.com:insanitybit/grapl-analyzer-deployer.git
Change directories into the /grapl-analyzer-deployer/analyzer-deployer-cdk/ folder.
You’ll need to fill out a .env file with the following and place is it in the analyzer-deployer-cdk folder.
Variables:
GITHUB_SHARED_SECRET The secret used by the server to authenticate the client.
Consider using the output of: ruby -rsecurerandom -e 'puts SecureRandom.hex(20)'
GITHUB_ACCESS_TOKEN This is a “Personal Access Token” generated by github.
DEPLOYMENT_NAME This is the unique deployment name for your Grapl deployment.
Example:
GITHUB_SHARED_SECRET="dba0bf0df5e2887e737990a35f356ff7e23a56c5"
GITHUB_ACCESS_TOKEN="58b37668a1d3f9f1fa82f1e99604d58ecbf1333b"
DEPLOYMENT_NAME="exampleco"
(You may need to build dependencies with npm i)
Run ./deploy.sh
Setting up the Webhook¶
https://developer.github.com/webhooks/creating/
Set the webhook url to the API Gateway created by your CDK deployment of Grapl.
Set the secret to the value of GITHUB_SHARED_SECRET.