Skip to content

Commit 8182b57

Browse files
amaksimovvamaksimovv
committed
Добавляем сценарии работы и интерактивные демо, обновляем tutorial skill
1 parent 03fa1cb commit 8182b57

25 files changed

Lines changed: 2972 additions & 5 deletions

docs/assets/demo/fstec-sbom-demo.en.html

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,104 @@
1+
<!DOCTYPE html>
2+
<html lang="en">
3+
<head>
4+
<meta charset="UTF-8">
5+
<meta name="viewport" content="width=device-width, initial-scale=1.0">
6+
<title>FSTEC SBOM demo</title>
7+
<link rel="stylesheet" href="/assets/demo/tutorial-terminal-demo.css">
8+
</head>
9+
<body>
10+
<div class="demo-shell">
11+
<div class="demo-terminal" id="tutorial-terminal-demo">
12+
<div class="demo-titlebar">
13+
<span class="demo-dot red"></span>
14+
<span class="demo-dot yellow"></span>
15+
<span class="demo-dot green"></span>
16+
<span class="demo-title" id="demo-title"></span>
17+
</div>
18+
<div class="demo-body" id="demo-body"></div>
19+
<div class="demo-controls">
20+
<div class="demo-progress">
21+
<div class="demo-progress-fill" id="demo-progress-fill"></div>
22+
</div>
23+
<div class="demo-buttons">
24+
<button class="demo-button demo-button--primary" id="demo-start" onclick="startTutorialTerminalDemo()">Start</button>
25+
<button class="demo-button" id="demo-pause" onclick="toggleTutorialTerminalDemoPause()">Pause</button>
26+
<span class="demo-speed" id="demo-speed"></span>
27+
<button class="demo-button" id="demo-speed-button" onclick="cycleTutorialTerminalDemoSpeed()">Speed</button>
28+
</div>
29+
</div>
30+
</div>
31+
</div>
32+
33+
<script>
34+
window.TUTORIAL_TERMINAL_DEMO = {
35+
title: "local-user@fstec-python-app ~ zsh",
36+
promptUser: "local-user",
37+
promptPath: "fstec-python-app",
38+
startSpeed: 0.5,
39+
autoStart: false,
40+
labels: {
41+
start: "Start",
42+
restart: "Restart",
43+
pause: "Pause",
44+
resume: "Resume",
45+
speed: "Speed",
46+
idleTitle: "Interactive demo",
47+
idleBody: "Click <strong>“Start”</strong> to see why a local run with <code>resolve</code> helps build a full component inventory."
48+
},
49+
scenes: [
50+
{
51+
type: "card",
52+
title: "Comparing two runs",
53+
body: "The demo first shows a manifest-only scan and then a run with <code>--pip-resolve</code> and an explicit <code>pip</code> path. The output is shortened to the key fragments of a real run."
54+
},
55+
{
56+
type: "command",
57+
command: "./johnny scan dir . --api_token $CODESCORING_API_TOKEN --api_url $CODESCORING_API_URL --project \"ppk-fstec-demo\" --save-results --create-project --localization en --bom-path bom-manifest.json",
58+
output: [
59+
"Scanning project: /Users/demo/fstec-python-app",
60+
"Project name: ppk-fstec-demo",
61+
"SBOM file: /Users/demo/fstec-python-app/bom-manifest.json",
62+
"",
63+
"Manifests:",
64+
"- requirements.txt"
65+
],
66+
outputDelay: 28,
67+
afterOutputDelay: 380
68+
},
69+
{
70+
type: "card",
71+
title: "A manifest-only run may be incomplete",
72+
body: "If the manifest does not expose transitive dependencies, this run does not provide the full component list. In such ecosystems dependency resolution in the environment is recommended for a complete inventory."
73+
},
74+
{
75+
type: "command",
76+
command: "./johnny scan dir . --api_token $CODESCORING_API_TOKEN --api_url $CODESCORING_API_URL --project \"ppk-fstec-demo\" --save-results --create-project --localization en --pip-resolve --pip-path /usr/local/bin/pip3 --bom-path bom-local.json",
77+
output: [
78+
"pip 25.0 from /usr/local/lib/python3.13/site-packages/pip (python 3.13)",
79+
"certifi==2025.1.31",
80+
"cffi==1.17.1",
81+
"pycparser==2.22",
82+
"",
83+
"Scanning project: /Users/demo/fstec-python-app",
84+
"Project name: ppk-fstec-demo",
85+
"SBOM file: /Users/demo/fstec-python-app/bom-local.json",
86+
"",
87+
"Manifests:",
88+
"- codescoring_pip_for_freeze",
89+
"- requirements.txt"
90+
],
91+
outputDelay: 20,
92+
afterOutputDelay: 420
93+
},
94+
{
95+
type: "card",
96+
title: "What changed after resolve",
97+
body: "The agent used the specified <code>pip</code>, added the <code>pip freeze</code> result as <code>codescoring_pip_for_freeze</code>, saved the scan to a CLI project, and produced a local <code>bom-local.json</code>."
98+
}
99+
]
100+
};
101+
</script>
102+
<script src="/assets/demo/tutorial-terminal-demo.js"></script>
103+
</body>
104+
</html>

docs/assets/demo/fstec-sbom-demo.html

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,104 @@
1+
<!DOCTYPE html>
2+
<html lang="ru">
3+
<head>
4+
<meta charset="UTF-8">
5+
<meta name="viewport" content="width=device-width, initial-scale=1.0">
6+
<title>FSTEC SBOM demo</title>
7+
<link rel="stylesheet" href="/assets/demo/tutorial-terminal-demo.css">
8+
</head>
9+
<body>
10+
<div class="demo-shell">
11+
<div class="demo-terminal" id="tutorial-terminal-demo">
12+
<div class="demo-titlebar">
13+
<span class="demo-dot red"></span>
14+
<span class="demo-dot yellow"></span>
15+
<span class="demo-dot green"></span>
16+
<span class="demo-title" id="demo-title"></span>
17+
</div>
18+
<div class="demo-body" id="demo-body"></div>
19+
<div class="demo-controls">
20+
<div class="demo-progress">
21+
<div class="demo-progress-fill" id="demo-progress-fill"></div>
22+
</div>
23+
<div class="demo-buttons">
24+
<button class="demo-button demo-button--primary" id="demo-start" onclick="startTutorialTerminalDemo()">Запустить</button>
25+
<button class="demo-button" id="demo-pause" onclick="toggleTutorialTerminalDemoPause()">Пауза</button>
26+
<span class="demo-speed" id="demo-speed"></span>
27+
<button class="demo-button" id="demo-speed-button" onclick="cycleTutorialTerminalDemoSpeed()">Скорость</button>
28+
</div>
29+
</div>
30+
</div>
31+
</div>
32+
33+
<script>
34+
window.TUTORIAL_TERMINAL_DEMO = {
35+
title: "local-user@fstec-python-app ~ zsh",
36+
promptUser: "local-user",
37+
promptPath: "fstec-python-app",
38+
startSpeed: 0.5,
39+
autoStart: false,
40+
labels: {
41+
start: "Запустить",
42+
restart: "Сначала",
43+
pause: "Пауза",
44+
resume: "Продолжить",
45+
speed: "Скорость",
46+
idleTitle: "Интерактивное демо",
47+
idleBody: "Нажмите <strong>«Запустить»</strong>, чтобы посмотреть, почему для полного ППК полезно сначала локально запустить агент с <code>resolve</code>."
48+
},
49+
scenes: [
50+
{
51+
type: "card",
52+
title: "Сравнение двух запусков",
53+
body: "Сначала показан обычный запуск по манифесту, затем — запуск с <code>--pip-resolve</code> и явным путем к <code>pip</code>. Демо сокращено до ключевых фрагментов реального вывода."
54+
},
55+
{
56+
type: "command",
57+
command: "./johnny scan dir . --api_token $CODESCORING_API_TOKEN --api_url $CODESCORING_API_URL --project \"ppk-fstec-demo\" --save-results --create-project --localization ru --bom-path bom-manifest.json",
58+
output: [
59+
"Scanning project: /Users/demo/fstec-python-app",
60+
"Project name: ppk-fstec-demo",
61+
"SBOM file: /Users/demo/fstec-python-app/bom-manifest.json",
62+
"",
63+
"Manifests:",
64+
"- requirements.txt"
65+
],
66+
outputDelay: 28,
67+
afterOutputDelay: 380
68+
},
69+
{
70+
type: "card",
71+
title: "Обычного запуска может быть недостаточно",
72+
body: "Если манифест не раскрывает транзитивные зависимости, такой запуск не даёт полного перечня компонентов. Для качественного инвентаря в таких экосистемах рекомендуется разрешение зависимостей в окружении."
73+
},
74+
{
75+
type: "command",
76+
command: "./johnny scan dir . --api_token $CODESCORING_API_TOKEN --api_url $CODESCORING_API_URL --project \"ppk-fstec-demo\" --save-results --create-project --localization ru --pip-resolve --pip-path /usr/local/bin/pip3 --bom-path bom-local.json",
77+
output: [
78+
"pip 25.0 from /usr/local/lib/python3.13/site-packages/pip (python 3.13)",
79+
"certifi==2025.1.31",
80+
"cffi==1.17.1",
81+
"pycparser==2.22",
82+
"",
83+
"Scanning project: /Users/demo/fstec-python-app",
84+
"Project name: ppk-fstec-demo",
85+
"SBOM file: /Users/demo/fstec-python-app/bom-local.json",
86+
"",
87+
"Manifests:",
88+
"- codescoring_pip_for_freeze",
89+
"- requirements.txt"
90+
],
91+
outputDelay: 20,
92+
afterOutputDelay: 420
93+
},
94+
{
95+
type: "card",
96+
title: "Что изменилось после resolve",
97+
body: "Агент использовал <code>pip</code> по указанному пути, добавил результаты <code>pip freeze</code> как <code>codescoring_pip_for_freeze</code>, сохранил анализ в CLI-проекте и сформировал локальный <code>bom-local.json</code>."
98+
}
99+
]
100+
};
101+
</script>
102+
<script src="/assets/demo/tutorial-terminal-demo.js"></script>
103+
</body>
104+
</html>

docs/assets/demo/johnny-build-report-demo.en.html

Lines changed: 169 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,169 @@
1+
<!DOCTYPE html>
2+
<html lang="en">
3+
<head>
4+
<meta charset="UTF-8">
5+
<meta name="viewport" content="width=device-width, initial-scale=1.0">
6+
<title>Johnny build report demo</title>
7+
<link rel="stylesheet" href="/assets/demo/tutorial-terminal-demo.css">
8+
</head>
9+
<body>
10+
<div class="demo-shell">
11+
<div class="demo-terminal" id="tutorial-terminal-demo">
12+
<div class="demo-titlebar">
13+
<span class="demo-dot red"></span>
14+
<span class="demo-dot yellow"></span>
15+
<span class="demo-dot green"></span>
16+
<span class="demo-title" id="demo-title"></span>
17+
</div>
18+
<div class="demo-body" id="demo-body"></div>
19+
<div class="demo-controls">
20+
<div class="demo-progress">
21+
<div class="demo-progress-fill" id="demo-progress-fill"></div>
22+
</div>
23+
<div class="demo-buttons">
24+
<button class="demo-button demo-button--primary" id="demo-start" onclick="startTutorialTerminalDemo()">Start</button>
25+
<button class="demo-button" id="demo-pause" onclick="toggleTutorialTerminalDemoPause()">Pause</button>
26+
<span class="demo-speed" id="demo-speed"></span>
27+
<button class="demo-button" id="demo-speed-button" onclick="cycleTutorialTerminalDemoSpeed()">Speed</button>
28+
</div>
29+
</div>
30+
</div>
31+
</div>
32+
33+
<script>
34+
window.TUTORIAL_TERMINAL_DEMO = {
35+
title: "build-agent@billing-service ~ bash",
36+
promptUser: "build-agent",
37+
promptPath: "billing-service",
38+
startSpeed: 0.5,
39+
autoStart: false,
40+
labels: {
41+
start: "Start",
42+
restart: "Restart",
43+
pause: "Pause",
44+
resume: "Resume",
45+
speed: "Speed",
46+
idleTitle: "Interactive demo",
47+
idleBody: "Click <strong>Start</strong> to watch a typical Johnny Agent run in GitLab CI."
48+
},
49+
scenes: [
50+
{
51+
type: "card",
52+
title: "Johnny Agent in GitLab CI",
53+
body: "This demo shows an example `sca` job, a Johnny Agent run, and the files left after the check."
54+
},
55+
{
56+
type: "command",
57+
command: "cat .gitlab-ci.yml",
58+
output: [
59+
"stages:",
60+
" - test",
61+
"",
62+
"sca:",
63+
" stage: test",
64+
" script:",
65+
" - >",
66+
" johnny scan dir . \\",
67+
" --api_token $JOHNNY_API_TOKEN \\",
68+
" --api_url $JOHNNY_API_URL \\",
69+
" --project \"billing-service-cli\" \\",
70+
" --save-results \\",
71+
" --create-project \\",
72+
" --stage build \\",
73+
" --localization en \\",
74+
" --format \"coloredtable,junit&gt;&gt;junit.xml\" \\",
75+
" --ignore .git",
76+
" artifacts:",
77+
" paths:",
78+
" - bom.json",
79+
" - junit.xml",
80+
" when: always",
81+
" expire_in: 1 week"
82+
],
83+
outputDelay: 10
84+
},
85+
{
86+
type: "command",
87+
command: "johnny scan dir . --api_token $JOHNNY_API_TOKEN --api_url $JOHNNY_API_URL --project \"billing-service-cli\" --save-results --create-project --stage build --localization en --format \"coloredtable,junit>>junit.xml\" --ignore .git",
88+
output: [
89+
"Analysis ticket result_id: 8ce150e2-2ef4-45db-81d7-3c32ef407b07",
90+
"- Wait analysis result... [7s]",
91+
"",
92+
"Scanning project: /builds/team/billing-service",
93+
"Project name: billing-service-cli",
94+
"Policy stage: build",
95+
"SBOM file: /builds/team/billing-service/bom.json",
96+
"",
97+
"Found:",
98+
"╭──────────────────────────┬────╮",
99+
"│ Manifests │ 2 │",
100+
"├──────────────────────────┼────┤",
101+
"│ Dependencies by manifest │ 6 │",
102+
"├──────────────────────────┼────┤",
103+
"│ Vulnerabilities │ 15 │",
104+
"├──────────────────────────┼────┤",
105+
"│ Policies triggered │ 2 │",
106+
"╰──────────────────────────┴────╯",
107+
"",
108+
"Distribution by CVSS:",
109+
"╭────────────────────────┬────────────────────────╮",
110+
"│ Distribution by CVSSv3 │ Distribution by CVSSv4 │",
111+
"├─────────────┬──────────┼─────────────┬──────────┤",
112+
"│ Critical │ 3 │ Critical │ 2 │",
113+
"├─────────────┼──────────┼─────────────┼──────────┤",
114+
"│ High │ 5 │ High │ 2 │",
115+
"├─────────────┼──────────┼─────────────┼──────────┤",
116+
"│ Medium │ 7 │ Medium │ 4 │",
117+
"╰─────────────┴──────────┴─────────────┴──────────╯",
118+
"",
119+
"Vulnerabilities:",
120+
"╭────────────────┬─────────┬─────────┬──────────────┬─────────────────────╮",
121+
"│ CVE │ Exploit │ Fixed │ CVSSv3 │ Package │",
122+
"├────────────────┼─────────┼─────────┼──────────────┼─────────────────────┤",
123+
"│ CVE-2019-19844 │ │ 2.2.9 │ 9.8 Critical │ pkg:pypi/django@... │",
124+
"├────────────────┼─────────┼─────────┼──────────────┼─────────────────────┤",
125+
"│ CVE-2020-7471 │ │ 2.2.10 │ 9.8 Critical │ pkg:pypi/django@... │",
126+
"├────────────────┼─────────┼─────────┼──────────────┼─────────────────────┤",
127+
"│ CVE-2025-64459 │ V │ 4.2.26 │ 9.1 Critical │ pkg:pypi/django@... │",
128+
"╰────────────────┴─────────┴─────────┴──────────────┴─────────────────────╯",
129+
"",
130+
"Policy alerts:",
131+
"╭──────────────────────────────────┬──────────┬──────────────┬──────────────────────────╮",
132+
"│ Policy │ Level │ CVE │ Match │",
133+
"├──────────────────────────────────┼──────────┼──────────────┼──────────────────────────┤",
134+
"│ Vulnerability has exploit │ Critical │ CVE-2025... │ exploit │",
135+
"├──────────────────────────────────┼──────────┼──────────────┼──────────────────────────┤",
136+
"│ High CVSS and a fixed version │ Warning │ CVE-2020... │ CVSS3 > 7 and fixed ver. │",
137+
"╰──────────────────────────────────┴──────────┴──────────────┴──────────────────────────╯"
138+
],
139+
outputDelay: 18,
140+
afterOutputDelay: 420
141+
},
142+
{
143+
type: "command",
144+
command: "ls -1 bom.json junit.xml",
145+
output: [
146+
"bom.json",
147+
"junit.xml"
148+
],
149+
outputDelay: 24
150+
},
151+
{
152+
type: "command",
153+
command: "echo $?",
154+
output: [
155+
"1"
156+
],
157+
outputDelay: 90
158+
},
159+
{
160+
type: "card",
161+
title: "Outputs are ready",
162+
body: "In this example, the Johnny Agent saved an SBOM, prepared `junit.xml`, and returned code `1` because the policies found issues that need attention."
163+
}
164+
]
165+
};
166+
</script>
167+
<script src="/assets/demo/tutorial-terminal-demo.js"></script>
168+
</body>
169+
</html>

0 commit comments

Comments
 (0)