Verdict-as-a-Service

Verdict-as-a-Service Logo Online Dokumentation

Guide for testing Verdict-as-a-Service On-Premise

Before you go through the following instructions, a note in advance:

In certain instances, we have incorporated the essential commands for the basic configuration of a test environment directly into these instructions. This may save you searching the Internet. We tested this procedure with all due care in June 2024.

However, we cannot provide any warranty for the installation of third-party software (Docker, Helm, Minikube).
In our instructions, you will always find the source of external information. Überprüfen Sie im When in doubt, verify that the information provided is accurate and updated.

With the following instructions it is possible to test the use of Verdict-as-a-Service in your company OnPremise:

I. Receive credentials

For credentials please contact us by e-mail or telephone.

II. Set up the test environment.

1. The prepared system:

We have used a virtualized machine (VMware) as the basis for the test as follows
(we assume these conditions in the further instructions):

  • Ubuntu Jammy 22.04 (LTS)

    • 64 bit

    • 8 CPU(s),

    • RAM 8 GB

    • Disk space 50 GB

    • Important: hardware support must be activated!
      VM_Hardwareunterstuetzng an

    • Gnome / GDM3 with installed Firefox browser and nano text editing

    • IDE (In these instructions we use the IntelliJ IDEA Community Edition)

    • Java 17 and Gradle.

2. Install helm

  • Install helm using the following commands:

curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
sudo apt-get install apt-transport-https --yes
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm
Quelle: Installing Helm from apt

3. Install Docker Engine and run it in a non-privileged user context

  • Install Docker Engine:
    The relevant terminal commands are detailed in the following instructions.
    Install using the apt repository 1. bis 3.

  • It is necessary to configure Docker in such a way that it does not require the use of ROOT rights:

    • Create a user group called "docker" with this command:

sudo groupadd docker

  • Add your non-privileged user to the docker group with the following command:

sudo usermod -aG docker $USER

  • To keep your changes without reboot, run this command.

newgrp docker

  • Test that Docker is accessible without root rights with this call:

docker run hello-world
Quelle: Manage Docker as a non-root user

4. Install Minikube

You can use Minikube to test Verdict-as-a-Servicein a single virtual machine. To ensure optimal performance, a comprehensive Kubernetes cluster is essential for productive use..

  • Activate VT-x or AMD-v virtualization in your BIOS (see above:: 1. The prepared system: hardware support).
    To check this on Linux, run the following command and make sure that the output is not empty:

egrep --color 'vmx|svm' /proc/cpuinfo

  • To install, download a static binary file and make it executable:

curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \ && chmod +x minikube

  • Add the Minikube program file to your path:

sudo cp minikube /usr/local/bin && rm minikube
Quelle: Installation von Minikube Linux

  • Start Minikube with the following call:

minikube start --driver=docker --cpus="6" --memory="6g" --addons ingress

  • Request the IP:

minikube ip

  • Enter the IP in the /etc/hosts file as shown in the screenshot.

Eintrag in /etc/hosts

We edited the hosts file using nano:

sudo nano /etc/hosts
III. Set environment parameters and install Verdict-as-a-Service

Create the file values.yaml and add this content:

To access the VaaS Docker containers, the imagePullSecret must be set in the global.secret.dockerconfigjson variable. 
global:
  imagePullSecrets:
    - registry
  secret:
    dockerconfigjson: "BASE64_ENCODED_JSON_CONTAINING_DOCKER_AUTH_CONFIG"

mini-identity-provider:
  issuer: "http://vaas/auth"
  ingress:
    className: ""
    hosts:
    - host: vaas
      paths:
      - path: /auth(/|$)(.*)
        pathType: ImplementationSpecific
        service:
          name: provider
          port: 8080
    tls: []
gateway:
  ingress:
    className: ""
    hosts:
      - host: vaas
        paths:
          - path: /ws
            pathType: ImplementationSpecific
            service:
              name: gateway
              port: 9090
      - host: vaas
        paths:
          - path: /
            pathType: ImplementationSpecific
            service:
              name: gateway
              port: 8080
    tls: []
  uploadUrl: "http://vaas/upload"

  • Install Verdict-as-a-Service:

helm install vaas oci://ghcr.io/gdatasoftwareag/charts/vaas -f values.yaml -n vaas --create-namespace

  • Go to the Minikube dashboard, choose the vaas namespace from the dropdown menu, and make sure everything is displayed in green:

minikube dashboard
Screenshot
dasboard Minikube
IV. Verdict-as-a-Service Test on-premises.

  • You need a CLIENT_ID and your personal CLIENT_SECRET to start testing.

    • For the CLIENT_ID, use the value: vaas.

  • Display your CLIENT_SECRET from the imagePullSecret received from us using the following command:

kubectl get secret -n vaas vaas-client-secret -o jsonpath="{.data.secret}" | base64 -d
sudo snap install intellij-idea-community --classic
Quelle: https://www.jetbrains.com/idea/download/?section=linux

  • Clone the VaaS repository from Github using the following link:

https://github.com/GDATASoftwareAG/vaas.git
Screenshot
Klonen des Repositorys

  • Open the folder (File→Open)

C:\vaas\java\examples\VaasExample
Screenshot
Open example

  • Open the file build.gradle in the object tree on the left. Here you will find a code section for testing the Verdict-as-a-Service file check.

Open the build.gradle file 95%

  • To test the Verdict-as-a-Service file scan, provide credentials (see above) and the path and name of the file to be checked.
    To do this, open the environment variable configuration by clicking the green run icon in front of the code snippet (File- or URL-Scan) and select Modify Run Configuration.

Screenshot
Open configuration

  • Add these environment variables via the list icon (View Screenshot) .

    • SCAN_PATH [Value = Path and name of the file to be scanned].

    • CLIENT_ID [Value = vaas].

    • CLIENT_SECRET [Extracted from imagePullSecret (see above)

Screenshot
Umgebungsvariable eingeben

You can find further ready-made SDKs for various programming languages on GitHub.

In this example, the verdict is displayed on the screen.

Verdict of the file scan 95%

Developers may choose to process this verdict in their software according to their own specifications.

Additional software development kits (SDKs) for a variety of programming languages can be found on GitHub.

If you have any questions, please contact our experts without obligation.