BlogOpen a Ticket
Guides

Kondukto Scan Agent (KONDA)

Suggest Edits

Konda acts as an agent between Kondukto and application security scanners to build projects, start scans and fetch scan results to Kondukto. It helps you to orchestrate some scanners that do not have an API.

📘

Supported Tools

  • Fortify SCA
  • Sonarqube-cli

📘

Supported Environments

You can install Konda on all major operating systems (Linux, Windows, and Mac). The package contains the following binaries:

  • konda (for Linux)
  • konda.exe (for Windows)
  • konda.darwin (for Mac OS)

How to Install?

  1. Download the package:
wget https://download.kondukto.io/konda/konda.zip
  1. Extract the package:
unzip konda.zip
  1. Copy agent to host machine and run:
konda --config kondukto.yaml start

Configuration

Configuration is divided into three blocks; Agent, Server, and tool.

At the first run, Konda will generate the configuration file automatically('konda.yaml').

Agent configuration

Agent configuration contains agent-specific data like id, key, and directory locations.

The id and key are unique identifiers used to register the agent to Kondukto.

You can use multiple agents to trigger scans in different environments.

  • id: Is an autogenerated UUID (should not be changed)
  • key: Agent key (should not be changed)
  • log: Log file location
  • temp: Temporary file(s) location
  • db: Konda's internal database location

Server configuration

Specifies HTTP server configurations.

  • host: HTTP server bind address/host
  • port: HTTP server bind port (default is 8099)
  • ssl: Organization's SSL certificate location

Tool-specific configuration:

Custom tool-specific configurations. It is possible to use multiple tools in one agent. Each tool may require a different setup.

Fortify:

  • args: If you are using additional build parameters on your pipeline, supply it from here
  • exec: Fortify SCA's executable path
  • interval: Scan status interval (default 5 minutes)

Example configuration file (kondukto.yaml):

agent:
    id: 71fdf4be-1f4c-425e-b178-2824030ab2d2
    key: Vz2BZnLM3OZc4RTyGPQqlENWRN6psctO
    log: /Users/baris/Downloads/_release/konda_log
    loglevel: 0
    rotation:
        age: 0
        period: 0
    temp: /var/folders/9h/9cbb862n30q72qqjlyqs20sm0000gn/T/konda
db:
    path: konda.db
fortify:
    args: []
    exec: /usr/bin/fortify
    interval: 5
    maxconcurrent: 3
server:
    host: agent01.internal.local
    port: 8099
    sslcert: ""
    sslkey: ""

Sonarqube:

  • exec: Binary location will be used for the build process
  • msbuild: Sonar Scanner dll/exe
  • token: Sonar Scanner Token
  • url: Sonar Scanner URL

Example configuration file (kondukto.yaml):

agent:
    id: 71fdf4be-1f4c-425e-b178-2824030ab2d2
    key: Vz2BZnLM3OZc4RTyGPQqlENWRN6psctO
    log: /Users/baris/Downloads/_release/konda_log
    loglevel: 0
    rotation:
        age: 0
        period: 0
    temp: /var/folders/9h/9cbb862n30q72qqjlyqs20sm0000gn/T/konda
db:
    path: konda.db
server:
    host: localhost
    port: 8099
    sslcert: ""
    sslkey: ""
sonar:
    dotnet:
        core:
            dotnet2:
                args: []
                exec: dotnet
                msbuild: SonarScanner.Msbuild.dll
            dotnet31:
                args: []
                exec: dotnet
                msbuild: SonarScanner.Msbuild.dll
        dotnet5:
            args: []
            exec: dotnet
            msbuild: SonarScanner.Msbuild.dll
        framework:
            args: []
            exec: SonarScanner.Msbuild.exe
            msbuild: Msbuild.exe
    gradle:
        args: []
        exec: gradlew
    interval: 5
    maven:
        args: []
        exec: mvn
    maxconcurrent: 3
    other:
        args: []
        exec: sonar-scanner
    token: sonar-scanner-token
    url: http://sonar-scanner.local

Available Commands

Available commands in 'konda' (./konda --help):

Konda acts as an agent between Kondukto and application security scanners to build projects, start scans and fetch scan results to Kondukto.

Usage:
  konda [flags]
  konda [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  serve       Serve starts Konda server
  start       Start starts Konda
  version     Prints konda version

Flags:
      --config string   config file (default is $HOME/.konda.yaml)
  -h, --help            help for konda
  -t, --toggle          Help message for toggle

Use "konda [command] --help" for more information about a command.

Registering Konda to Kondukto

Registering 'konda' requires Administrator privileges in Kondukto.

The agent settings are stored in the Settings > Integration > Agents menu.

And click on to Add Agent button:

  • Label: An identifier name for the agent. (ex. win-fortify, linux-fortify)
  • URL: Agent HTTP Server address. (ex. 10.200.1.1:8099)
  • Agent Id: The UUID from kondukto.yaml. (ex. 1eb6e894-84ec-4dc1-bf86-134dff659cd0)
  • Password: The key from kondukto.yaml (ex. sh7b3CgvWTpSxSVIaTu7w6-ekOWNmUWA)

If everything works, Test Connection should pass, and you can save the configuration.

Adding Konda as a Windows Service

Currently, the Konda does not register itself as a windows service; however, it is possible to register konda.exe as a Windows Service using external tools.

The easiest way is to use NSSM
You can use nssm to install a service. The command to type is:

nssm install konda.exe

The installer consists of several tabs with lots of configurable parameters. Most are preset to nssm's defaults, so it's possible to install a service without leaving the Application tab.

Updated about 1 year ago