Sonarqube helm chart

The official Sonarqube helm chart started as a community maintained effort as part of the Oteemo helm charts. It was later adopted as the official helm chart of Sonarqube and forked to a SonarSource repo.

This helm chart is the official way of installing Sonarqube in Kubernetes, even though it still has some limitations as per the official Sonarqube docs.

Contribution

The chart allows you to change the default admin password when installing Sonarqube. This is implemented as a post-install helm hook that sends a POST request to the Sonarqube admin API using a container with curl installed.

The problem was that the current/new admin password were sent as part of the query string, but were not URL-encoded. This meant trying to change the admin password to a new password with special characters would fail.

I opened a bug and submitted a PR to fix the issue and URL-encode them it: https://github.com/Oteemo/charts/pull/278

Chef docker cookbook

The official docker chef cookbook allows engineers to manage docker services and docker resources using Chef.

For example, you can install specific docker versions, configure the docker service or manage resources such as containers, networks and volumes.

Contribution

The registry_mirror option of the docker_service resource allows you to configure the docker daemon with a registry mirror. It essentially adds the --registry-mirror option to the docker daemon arguments.

While it is possible to configure multiple mirrors by providing the --registry-mirror argument multiple times, this chef resource only allowed a single mirror to be configured.

I submitted a PR that updated the option so users can provide either a string or an array for the registry_mirror option.

Kured

Kured is an open source tool that allows Kubernetes administrators to control when their Nodes can reboot.

This way, automatic upgrades like unattended-upgrades can be configured in the cluster nodes so the OS dependencies are automatically patched.

When a reboot is necessary, unattended-upgrades will create a file /var/run/reboot-required instead of automatically rebooting the node. Kured runs as a daemon in your Kubernetes cluster and monitors the existing of that file. Once it detects a node needs to be rebooted, kured ensures a single node reboots at a time, and it cordongs & drains the node before rebooting.

In addition, kured lets you define the day of the week and time of the day that your nodes can reboot, as well as delay a reboot based on prometheus alerts and/or pod selectors.

Contribution

Kured can be configured to send a slack notification when draining and rebooting a Node. However the notification message was hardcoded as in Rebooting node %s.

This was limiting for myself, since I was going to use kured in many clusters across different clouds and regions. It would be great if I could send a message like Rebooting node %s, from cluster %s, region %s

I submitted a PR that introduced 2 new options with drain/reboot message formats. I also stayed for the conversation on refactoring the notifications using shouterrr so destinations other than slack are supported.

DefectDojo

DefectDojo is an open source vulnerability aggregation tool.

It greatly simplifies the task of teams running multiple types of vulnerability scans like SCA (dependencies scan), SAST (static code analysis) or DAST (dynamic applicaiton scans) by providing a central aggregation and correlation point.

Contribution

As part of the DevSecOps efforts I was leading, we were considering DefectDojo in combination with tools like Trivy (for SCA), Sonarqube (for SAST) and ZAProxy (for DAST).

I wanted to integrate these tools into our CI/CD pipeline and aggrgate all their results in DefectDojo to get a global consolidated view per project and across the board.

One of DefectDojo's features is its ability to automatically detect a duplicate across scans. For example an unmitigated issue will keep showing in your CI/CD scans until is solved. The deduplication feature allows DefectDojo to keep a single vulnerability open and close the rest as duplicates, greatly reducing the noise in your project.

However when Trivy scans were imported, some fields were missing which caused the deduplication to not work as expected. I submitted a PR which fixed how Trivy scans where imported.

Mockgo

mockgo is a Node.js library which simplifies the task to create integration tests using a real MongoDB server.

When integrating mockgo with your tests, it will take care of downloading the right mongo binaries, initialize a real in-memory mongo database and clean it at the end of the test.

Contribution

I was using mockgo in various Node.js projects for writing integration tests that used a real mongo database but still run fast and in memory.

However some of its dependencies were outdated, which was limiting the MongoDB versions that could be used in our tests.

I submitted a PR that ended up refactoring mockgo not just to update its dependencies, but also to use promises and ended up released as the v2 of the library.

Node-apn

node-apn is a library to simplify the task of sending apple push notifications from Node.js applications.

Contribution

In the corporate environment I was working on, request to the Internet had to go through an HTTP proxy or else they would be blocked.

We were building an iOS application with a Node.js backend from where we wanted to send push notifications. For that we wanted to use the node-apn library but we could only do so if it supported connecting to apple's servers through a proxy.

Since that wasn't a feature currently available, I submitted a PR for it: https://github.com/node-apn/node-apn/pull/602