Merge pull request #941 from laragoldstein13/patch-10

Update and rename Module 26 - Code Vulnerability Reachability.md
Azure · Feb 11, 2025 · 260ecda · 260ecda
2 parents f8fd255 + e87994c
commit 260ecda
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/...e 26 - Code Vulnerability Reachability.md → ...26 - Code Reachability Vulnerabilities.md b/...e 26 - Code Vulnerability Reachability.md → ...26 - Code Reachability Vulnerabilities.md
@@ -1,4 +1,4 @@
-# Module 25 - Defender for Cloud and XDR Integration
+# Module 26 - Defender for Cloud Code Reachability Vulnerabilities with Endor Labs
 
 <p align="left"><img src="../Images/asc-labs-intermediate.gif?raw=true"></p>
 
@@ -9,7 +9,7 @@
 
 # Overview - Reachability Demo
 
-This demo deploys a container image with reachable vulnerabilities from [Damn Vulnerable GraphQL Application](https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application). 
+This demo deploys a container image with reachable vulnerabilities from [Damn Vulnerable GraphQL Application](https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application). All necessary content for this lab can be found in [this repository](https://github.com/laragoldstein13/ReachabilityDemo). You will need to clone the repository in order to complete the lab. 
 
 # Table of Contents
 * [Prerequisites](#prerequisites)
@@ -28,25 +28,25 @@ This demo deploys a container image with reachable vulnerabilities from [Damn Vu
 * Connector for Endor Labs in Defender for Cloud. Learn how to create the connector [here](https://learn.microsoft.com/azure/defender-for-cloud/connect-endor-labs).
 
 # Exercise 1: Azure DevOps Configuration
-1. Clone this repository in Azure DevOps.
+1. Clone [this repository](https://github.com/laragoldstein13/ReachabilityDemo/tree/master) in Azure DevOps.
 2. Create a service connection in Azure DevOps to Docker. Select 'Other' when you have to specify the type of connection. Here you must specify the container registry login server, username, and password that come from access keys in Azure Container Registry. 
 ![image](https://github.com/user-attachments/assets/a1535e01-9d22-4df8-8bf0-e83cf070ba34)
 3. Create a service connection in Azure DevOps to Azure Resource Manager. Ensure that you give the service connection permissions to the relevant subscription and resource group that hosts your Kubernetes cluster. 
 4. Create a variable group in Azure Pipelines called 'tenant-variables'. This is where you should store your ENDOR_API_CREDENTIALS_KEY, ENDOR_API_SECRET, and NAMESPACE information that you get from Endor Labs. For more guidance, see [Endor Labs documentation](https://docs.endorlabs.com/deployment/ci-scans/scan-with-azuredevops/).
 ![image](https://github.com/user-attachments/assets/57d10b39-4af0-43a3-af16-9359e287bc48)
-5. Create a new pipeline using the existing file located at AzurePipeline/azure-pipelines.yml.
+5. Create a new pipeline using the existing file located at [AzurePipeline/azure-pipelines.yml](https://github.com/laragoldstein13/ReachabilityDemo/blob/master/AzurePipeline/azure-pipelines.yml).
 6. Add the following variables to the pipeline: clusterName (name of the Kubernetes cluster to deploy the container on), containerRegistry (login server name for the Azure Container Registry, e.g., reachability.azurecr.io), dockerConnection (name of the service connection to Docker to push image to Azure Container Registry), resourceGroup (resource group that hosts the Kubernetes cluster), and subscription (name of the service connection name to Azure Resource Manager).
 ![image](https://github.com/user-attachments/assets/fd265dee-fbc5-4933-8b12-07e7ff76fefc)
 7. Save and run the pipeline.
 
 # Exercise 2: GitHub Configuration
-1. Clone this repository in GitHub.
+1. Clone [this repository]([this repository](https://github.com/laragoldstein13/ReachabilityDemo/tree/master)) in GitHub.
 2. Navigate to Settings > Secrets and Variables > Actions in the GitHub repository.
 4. Create secrets for your ACR_USERNAME and ACR_PASSWORD. These come from Access Keys in ACR.
 ![image](https://github.com/user-attachments/assets/cc263e0c-b031-4a0d-acfb-7ea10719c634)
 5. Create a variable for the ACR login server name (e.g., reachability.azurecr.io).
 6. Configure [authentication](https://docs.endorlabs.com/deployment/ci-scans/scan-with-github-actions/) from GitHub to Endor Labs to send results 
-7. Create a new workflow using the existing file located at .github/workflows/containermapping.yml.
+7. Create a new workflow using the existing file located at [.github/workflows/containermapping.yml](https://github.com/laragoldstein13/ReachabilityDemo/blob/master/.github/workflows/containermapping.yml).
 8. Save and run the workflow.
 9. Deploy the container image from ACR to your AKS cluster in the Azure Portal. The easiest way to do this is to navigate to the AKS cluster and select Create > Create a quickstar application. Note that your registry and Kubernetes cluser must be [linked](https://learn.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli#configure-acr-integration-for-an-existing-aks-cluster) for this to work. To see the attack path, the container should be exposed via a service in Kubernetes. It is not recommended to do this in production tenants. 
 ![image](https://github.com/user-attachments/assets/74bb2699-1e89-4f34-9140-03bba0b75fae)

diff --git a/Labs/ReadMe.md b/Labs/ReadMe.md
@@ -186,9 +186,9 @@ Advanced | 300+ | You have lots of experience and are looking to learn about adv
 * [Exercise 4: Observing and Analyzing MDC Alerts](./Modules/Module%2025%20-%20Defender%20XDR%20Integration.md#step-4-observing-and-analyzing-mdc-alerts)
 * [Exercise 5: Correlating and Responding to Incidents Using XDR](./Modules/Module%2025%20-%20Defender%20XDR%20Integration.md#step-5-correlating-and-responding-to-incidents-using-xdr)
 
-[**Module 26 - Code Vulnerability Reachability**](https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module%2026%20-%20Code%20Vulnerability%20Reachability.md)
-* [Exercise 1: Azure DevOps Configuration](https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module%2026%20-%20Code%20Vulnerability%20Reachability.md#exercise-1-azure-devops-configuration)
-* [Exercise 2: GitHub Configuration](https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module%2026%20-%20Code%20Vulnerability%20Reachability.md#exercise-2-github-configuration)
+[**Module 26 - Code Reachability Vulnerabilities**](https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module%2026%20-%20Code%20Reachability%20Vulnerability.md)
+* [Exercise 1: Azure DevOps Configuration](https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module%2026%20-%20Code%20Reachability%20Vulnerability.md#exercise-1-azure-devops-configuration)
+* [Exercise 2: GitHub Configuration](https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module%2026%20-%20Code%20Reachability%20Vulnerability.md#exercise-2-github-configuration)
 
 [**Begin the labs here >**](https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module-1-Preparing-the-Environment.md)