From 82445266398f7f976abe387e64f3439924833639 Mon Sep 17 00:00:00 2001
From: Marvin Brown <Marvin.S.Brown@erdc.dren.mil>
Date: Mon, 10 May 2021 17:09:46 -0500
Subject: [PATCH 1/3] Initial chechin to standardize documentations for Anchore
 Enterprise

---
 docs/Security.md        | 26 ++++++++++++++++++++++++
 docs/Troubleshooting.md | 14 +++++++++++++
 docs/overview.md        | 44 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 84 insertions(+)
 create mode 100644 docs/Security.md
 create mode 100644 docs/Troubleshooting.md
 create mode 100644 docs/overview.md

diff --git a/docs/Security.md b/docs/Security.md
new file mode 100644
index 0000000..0973d09
--- /dev/null
+++ b/docs/Security.md
@@ -0,0 +1,26 @@
+# Security 
+
+Anchore Enterprise supports user login to the User Interface through identities from external identity providers that support Security Assertion Markup Language (SAML). Anchore
+does not store any user credentials. However, usernames and anchore permissions are stored. The identity provider validates the user's access while an external provider validates the username and all first time user login information.
+
+The Anchore Enterprise deployment must be configured to utilize the SAML SSO.
+
+
+- It is required to Enable Oauth to ensure that Anchore can issue bearer tokens for subsequent API usage by the UI to the system APIs.
+
+- Hashed passwords are recommended. 
+
+- From the user's browser, reach the Identity Provider's login URL.
+
+- Access the metadata XML endpoint in the Identity Provider. 
+
+Configuration of SAML SSO is done using API/UI operations but requires configuration both in the user's Identity Provider and within Anchore.
+
+The Identity Provider must:
+
+- Support HTTP Redirect binding
+- Support signed assertions and signed documents
+- Allow unsigned client requests from Anchore
+- Allow unencrypted requests and responses 
+
+Click the [link](https://docs.anchore.com/current/docs/overview/sso/) for more Anchore security information.
\ No newline at end of file
diff --git a/docs/Troubleshooting.md b/docs/Troubleshooting.md
new file mode 100644
index 0000000..b0c779d
--- /dev/null
+++ b/docs/Troubleshooting.md
@@ -0,0 +1,14 @@
+# Troubleshooting Guide
+
+In this troubleshooting guide, we'll walk through several best-practice techniques to debug Anchore Enterprise.
+
+- The first recommended approach is to verify that the services are up and running and are in a healthy state.
+- The Event Subsystem can be utilized to identify issues.
+- Explore the event logs
+- Remove Repositories or Images
+
+
+For more Anchore Enterprise troubleshooting information click [here](https://docs.anchore.com/current/docs/troubleshooting/).
+
+
+
diff --git a/docs/overview.md b/docs/overview.md
new file mode 100644
index 0000000..75c0b31
--- /dev/null
+++ b/docs/overview.md
@@ -0,0 +1,44 @@
+# Anchore Enterprise
+
+Anchore Enterprise provides container inspection and compliance solutions. It protects against internal and external threats, enforces
+security best practices, and speed up DevSecOps workflows. Anchore Enterprise integrates seamlessly to enforce defined polices. 
+
+
+Anchore Enterprises can be installed using the [Helm Chart](https://github.com/anchore/anchore-charts/tree/master/stable/anchore-engine), integrated into container based CI/CD
+pipeline with a [Jenkins Plugin](https://plugins.jenkins.io/anchore-container-scanner/), and used with the GitLab CI pipelines with the [GitLab integration guide](https://docs.anchore.com/current/docs/using/integration/ci_cd/gitlab/).
+
+### Anchore Software Components
+
+- On-premises Anchore Enterprise
+    - Web UI
+    - API
+    - Notifications
+    - RBAC
+    - Reporting
+    - Worker
+    - Queue
+    - Catalog
+    - CLI
+    
+- On-premises Feed Service
+    - Enterprise UI
+    - Anchore CLI
+    - Jenkins Plugin
+    - CI Integration
+    - Enterprise RBAC
+    - Anchore Engine
+    
+### Quickstart
+
+- [Docker Compose File](https://docs.anchore.com/current/docs/quickstart/docker-compose.yaml)
+- [Prometheus Configuration for Monitoring](https://docs.anchore.com/current/docs/quickstart/anchore-prometheus.yml)
+  - [Enabling Prometheuse](https://docs.anchore.com/current/docs/quickstart/#optional-enabling-prometheus-monitoring)
+- [Swagger UI Nginx Proxy](https://docs.anchore.com/current/docs/quickstart/anchore-swaggerui-nginx.conf)
+  - [Enabling Swagger](https://docs.anchore.com/current/docs/quickstart/#optional-enabling-swagger-ui)
+  
+### More Topics
+
+- [Security]()
+- [Troubleshooting]()
+
+Find more information on Anchore Enterprise [here](https://docs.anchore.com/current/docs/overview/).
\ No newline at end of file
-- 
GitLab


From 002486e0f31c7a7ba231f6aaaa24bc593b548e23 Mon Sep 17 00:00:00 2001
From: Marvin Brown <Marvin.S.Brown@erdc.dren.mil>
Date: Mon, 10 May 2021 17:17:08 -0500
Subject: [PATCH 2/3] Refactored name added additional links for security and
 troubleshooting guide.

---
 docs/overview.md                                | 4 ++--
 docs/{Security.md => security.md}               | 0
 docs/{Troubleshooting.md => troubleshooting.md} | 0
 3 files changed, 2 insertions(+), 2 deletions(-)
 rename docs/{Security.md => security.md} (100%)
 rename docs/{Troubleshooting.md => troubleshooting.md} (100%)

diff --git a/docs/overview.md b/docs/overview.md
index 75c0b31..88e0f0a 100644
--- a/docs/overview.md
+++ b/docs/overview.md
@@ -38,7 +38,7 @@ pipeline with a [Jenkins Plugin](https://plugins.jenkins.io/anchore-container-sc
   
 ### More Topics
 
-- [Security]()
-- [Troubleshooting]()
+- [Security](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/documentation-standard/docs/security.md)
+- [Troubleshooting](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/documentation-standard/docs/troubleshooting.md)
 
 Find more information on Anchore Enterprise [here](https://docs.anchore.com/current/docs/overview/).
\ No newline at end of file
diff --git a/docs/Security.md b/docs/security.md
similarity index 100%
rename from docs/Security.md
rename to docs/security.md
diff --git a/docs/Troubleshooting.md b/docs/troubleshooting.md
similarity index 100%
rename from docs/Troubleshooting.md
rename to docs/troubleshooting.md
-- 
GitLab


From e8b1ceba90e279ba84679936588e0481bbdf469b Mon Sep 17 00:00:00 2001
From: Jason Krause <jason.krause@darkwolf.co>
Date: Tue, 11 May 2021 09:50:12 -0600
Subject: [PATCH 3/3] Linting, formatting, spelling.

Signed-off-by: Jason Krause <jason.krause@darkwolf.co>
---
 docs/Affinity.md        |  6 ++---
 docs/BBCHANGES.md       |  7 +++++-
 docs/CHART.md           | 29 ++++++++++++-----------
 docs/KEYCLOAK.md        |  2 +-
 docs/README.md          |  2 +-
 docs/metrics.md         | 51 +++++++++++++++++++++++++++++++----------
 docs/overview.md        | 47 +++++++++++++++++++------------------
 docs/security.md        | 11 ++++-----
 docs/troubleshooting.md |  4 ----
 9 files changed, 93 insertions(+), 66 deletions(-)

diff --git a/docs/Affinity.md b/docs/Affinity.md
index a2c731f..7603151 100644
--- a/docs/Affinity.md
+++ b/docs/Affinity.md
@@ -1,8 +1,8 @@
 # Node Affinity & Anti-Affinity with Anchore
 
-Affinity is exposed through values options for Anchore. If you want to schedule your pods to deploy on specific nodes you can do that through the `nodeSelector` value and as needed the `affinity` value. Additional info is provided below as well to help in configuring this. 
+Affinity is exposed through values options for Anchore. If you want to schedule your pods to deploy on specific nodes you can do that through the `nodeSelector` value and as needed the `affinity` value. Additional info is provided below as well to help in configuring this.
 
-It is good to have a basic knowledge of node affinity and available options to you before customizing in this way - the upstream kubernetes documentation [has a good walkthrough of this](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
+It is good to have a basic knowledge of node affinity and available options to you before customizing in this way - the upstream kubernetes documentation [has a good walk-through of this](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
 
 ## Values for NodeSelector
 
@@ -84,4 +84,4 @@ anchoreEnterpriseUi:
 anchoreEnterpriseEngineUpgradeJob:
   nodeSelector: {}
   affinity: {}
-```
\ No newline at end of file
+```
diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md
index 71e342b..7f2c004 100644
--- a/docs/BBCHANGES.md
+++ b/docs/BBCHANGES.md
@@ -1,7 +1,7 @@
 # Changes needed for Big Bang and Ironbank Images
 
 Due to how Big Bang is making use of Anchore (from within Umbrella) there were values and chart changes that needed to be made.
-Additionally, the Ironbank images function in slightly different ways than upstream Dockerhub images, so additional 
+Additionally, the Ironbank images function in slightly different ways than upstream Dockerhub images, so additional
 modifications were made to support their use.
 
 This provides a log of these changes to make updates from upstream faster.
@@ -141,6 +141,7 @@ anchoreEnterpriseRbac:
 ## Other Modifications
 
 To support the BigBang wrapper to simplify SSO setup the following global saml option needs to bet set:
+
 ```yaml
 anchoreGlobal:
   saml:
@@ -148,6 +149,7 @@ anchoreGlobal:
 ```
 
 The following block needs to be added to the end of the _helpers.tpl file:
+
 ```yaml
 {{/*
 Expand the name of the chart.
@@ -176,6 +178,7 @@ tls.key: {{ $cert.Key | b64enc }}
 ```
 
 In `chart/templates/engine_configmap.yaml`, modify the metrics lines as such:
+
 ```yaml
     metrics:
       enabled: {{ .Values.monitoring.enabled }}
@@ -183,6 +186,7 @@ In `chart/templates/engine_configmap.yaml`, modify the metrics lines as such:
 ```
 
 Do the same in `chart/templates/enterprise_configmap.yaml`:
+
 ```yaml
     metrics:
       enabled: {{ .Values.monitoring.enabled }}
@@ -190,6 +194,7 @@ Do the same in `chart/templates/enterprise_configmap.yaml`:
 ```
 
 In `chart/templates/enterprise_feeds_configmap.yaml` also modify the metrics lines:
+
 ```yaml
     metrics:
       enabled: {{ .Values.monitoring.enabled }}
diff --git a/docs/CHART.md b/docs/CHART.md
index 798e2dc..9b7f267 100644
--- a/docs/CHART.md
+++ b/docs/CHART.md
@@ -8,16 +8,16 @@ Each of these services can be scaled and configured independently.
 
 See [Anchore Engine](https://github.com/anchore/anchore-engine) for more project details.
 
-NOTE: Big Bang's implementation is designed to be enabled and consumed from within a customer implementation of the Big Bang release. It is fully functional as a standalone Helm install, but Big Bang will enable best integration for Big Bang "extras" and ease of use. 
+NOTE: Big Bang's implementation is designed to be enabled and consumed from within a customer implementation of the Big Bang release. It is fully functional as a standalone Helm install, but Big Bang will enable best integration for Big Bang "extras" and ease of use.
 
 ## Chart Details
 
 The chart is split into global and service specific configurations for the OSS Anchore Engine, as well as global and services specific configurations for the Enterprise components. Additionally included are Big Bang specific configs.
 
-  * The top section provides customizable Big Bang values for SSO, Istio, and automating the license secret creation for enterprise.
-  * The `anchoreGlobal` section is for configuration values required by all Anchore Engine components.
-  * The `anchoreEnterpriseGlobal` section is for configuration values required by all Anchore Engine Enterprise components.
-  * Service specific configuration values allow customization for each individual service.
+* The top section provides customizable Big Bang values for SSO, Istio, and automating the license secret creation for enterprise.
+* The `anchoreGlobal` section is for configuration values required by all Anchore Engine components.
+* The `anchoreEnterpriseGlobal` section is for configuration values required by all Anchore Engine Enterprise components.
+* Service specific configuration values allow customization for each individual service.
 
 For a description of each component, view the official documentation at: [Anchore Enterprise Service Overview](https://docs.anchore.com/current/docs/overview/architecture/)
 
@@ -59,15 +59,15 @@ stringData:
 
  The following features are available to Anchore Enterprise customers. Please contact the Anchore team for more information about getting a license for the enterprise features. [Anchore Enterprise Demo](https://anchore.com/demo/)
 
-    * Role based access control
-    * LDAP integration
-    * Graphical user interface
-    * Customizable UI dashboards
-    * On-premises feeds service
-    * Proprietary vulnerability data feed (vulnDB, MSRC)
-    * Anchore reporting API
-    * Notifications - Slack, GitHub, Jira, etc
-    * Microsoft image vulnerability scanning
+* Role based access control
+* LDAP integration
+* Graphical user interface
+* Customizable UI dashboards
+* On-premises feeds service
+* Proprietary vulnerability data feed (vulnDB, MSRC)
+* Anchore reporting API
+* Notifications - Slack, GitHub, Jira, etc
+* Microsoft image vulnerability scanning
 
 ### Enabling Enterprise Services
 
@@ -179,6 +179,7 @@ stringData:
 ### Configuring Istio
 
 Istio can be configured to utilize your desired gateway(s) and host(s). To configure istio, pass the following options to the Anchore values:
+
 ```yaml
 stringData:
   values.yaml: |-
diff --git a/docs/KEYCLOAK.md b/docs/KEYCLOAK.md
index 5b1b386..ac7458a 100644
--- a/docs/KEYCLOAK.md
+++ b/docs/KEYCLOAK.md
@@ -6,7 +6,7 @@ This document summarizes helm values and manual steps that are required to integ
 
 ## Configuration Steps
 
-These are the items you need to do to configure Keycloak and Anchore for SSO in your Big Bang installation. 
+These are the items you need to do to configure Keycloak and Anchore for SSO in your Big Bang installation.
 
 ### Keycloak Configuration
 
diff --git a/docs/README.md b/docs/README.md
index 9e27704..e5e4afb 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -10,7 +10,7 @@ This repo contains Big Bang's implementation of Anchore. This includes the upstr
 - [Chart](./CHART.md)
 - [Affinity](./Affinity.md)
 
-# Structure
+## Structure
 
 This repo contains 3 main sections. The main chart is provided under the `chart` folder. Documentation is provided under the `docs` folder. Test and CI files are under the `tests` folder.
 
diff --git a/docs/metrics.md b/docs/metrics.md
index 082b8c0..6dc0c9a 100644
--- a/docs/metrics.md
+++ b/docs/metrics.md
@@ -3,99 +3,126 @@
 ## Anchore metrics
 
 anchore_db_read_seconds_count
+
 * Duration of the read processes conducted by anchore.
 
 anchore_db_read_seconds_created
+
 * Duration of the construction processes for read.
 
 anchore_db_read_seconds_sum
+
 * The sum of the duration of all read processes.
 
 anchore_db_readwrite_seconds_count
+
 * Duration of the readwrite processes conducted by anchore.
 
 anchore_db_readwrite_seconds_created
+
 * Duration of the construction processes for readwrite.
 
 anchore-db_readwrite_seconds_sum
+
 * The sum of the durations of all readwrite processes.
 
 anchore_db_write_seconds_count
+
 * Duration of the write processes conducted by anchore.
 
 anchore_db_write_seconds_created
+
 * Duration of the construction processes for write.
 
 anchore_db_write_seconds_sum
-*  The sum of the duration of all write processes.
+
+* The sum of the duration of all write processes.
 
 anchore_monitor_runtime_seconds_count
+
 * Duration of the runtime monitor processes conducted by anchore.
 
 anchore_monitor_runtime_seconds_created
+
 * Duration of the construction processes for runtime monitor.
 
 anchore_monitor_runtime_seconds_sum
+
 * The sum of the duration of all monitor process.
 
 anchore_queue_length
+
 * Number of images pending analysis.
 
 anchore_service_info
+
 * Returns info and status on the 4 services of Anchore.
 
 anchore_tmpspace_available_bytes
+
 * Available space in the "tmp_dir" location of each container.
 
 process_resident_memory_bytes
+
 * Memory consumed by the instance
 
 ### API service
 
 prometheus_api_remote_read_queries
+
 * Returns number of queries coming from the remote stream.
 
 ### Engine
 
 prometheus_engine_queries
+
 * The number of concurrent queries that the engine is reading.
 
 prometheus_engine_queries_concurrent_max
+
 * The number of maximum concurrent queries that the engine can read.
 
 prometheus_engine_query_duration_seconds_count
+
 * Duration of the query processes conducted by prometheus.
 
 prometheus_engine_query_duration_seconds
+
 * Duration of each process
-    * Differs from prometheus_engine_query_duration_seconds_count as the duration for every process is listed seperatly
+  * Differs from prometheus_engine_query_duration_seconds_count as the duration for every process is listed seperatly
 
 prometheus_engine_query_duration_seconds_sum
+
 * The sum of the duration of all engine query processes.
 
-## Prometheus metric queries 
+## Prometheus metric queries
 
 promhttp_metric_handler_requests_in_flight
+
 * The number of metric requests that are currently being processed.
 
 promhttp_metric_handler_requests_total
-* The total number of requests made. 
+
+* The total number of requests made.
 
 ### Troubleshooting
 
 If you encounter an error running a query, see the list below for guidance on resolving errors.
 
-Error executing query: invalid parameter 'query': 
-* This results whenever a syntax error is thown when a query is parsed. 
-    * Make sure that you have no spaces in your query.
-    * Make sure certain characters (e.g <>/;) are not inteferring your query.
+Error executing query: invalid parameter 'query':
+
+* This results whenever a syntax error is thrown when a query is parsed.
+  * Make sure that you have no spaces in your query.
+  * Make sure certain characters (e.g <>/;) are not interfering your query.
 
 parse error: unknown function
+
 * This error occurs when the query database parses a function that is not in the database
-    * Make sure the function that you are running is part of the database
+  * Make sure the function that you are running is part of the database
 
 No data
+
 * This results when the query is not in the list of available queries
-    * Make sure your query is among ones that are listed.
-    * Make sure that that your expression is spelled correctly.  
-    * Make sure the app is integrated correctly
\ No newline at end of file
+  * Make sure your query is among ones that are listed.
+  * Make sure that that your expression is spelled correctly.  
+  * Make sure the app is integrated correctly
diff --git a/docs/overview.md b/docs/overview.md
index 88e0f0a..d3489a1 100644
--- a/docs/overview.md
+++ b/docs/overview.md
@@ -1,44 +1,43 @@
 # Anchore Enterprise
 
 Anchore Enterprise provides container inspection and compliance solutions. It protects against internal and external threats, enforces
-security best practices, and speed up DevSecOps workflows. Anchore Enterprise integrates seamlessly to enforce defined polices. 
-
+security best practices, and speed up DevSecOps workflows. Anchore Enterprise integrates seamlessly to enforce defined polices.
 
 Anchore Enterprises can be installed using the [Helm Chart](https://github.com/anchore/anchore-charts/tree/master/stable/anchore-engine), integrated into container based CI/CD
 pipeline with a [Jenkins Plugin](https://plugins.jenkins.io/anchore-container-scanner/), and used with the GitLab CI pipelines with the [GitLab integration guide](https://docs.anchore.com/current/docs/using/integration/ci_cd/gitlab/).
 
-### Anchore Software Components
+## Anchore Software Components
 
 - On-premises Anchore Enterprise
-    - Web UI
-    - API
-    - Notifications
-    - RBAC
-    - Reporting
-    - Worker
-    - Queue
-    - Catalog
-    - CLI
-    
+  - Web UI
+  - API
+  - Notifications
+  - RBAC
+  - Reporting
+  - Worker
+  - Queue
+  - Catalog
+  - CLI
+
 - On-premises Feed Service
-    - Enterprise UI
-    - Anchore CLI
-    - Jenkins Plugin
-    - CI Integration
-    - Enterprise RBAC
-    - Anchore Engine
-    
-### Quickstart
+  - Enterprise UI
+  - Anchore CLI
+  - Jenkins Plugin
+  - CI Integration
+  - Enterprise RBAC
+  - Anchore Engine
+
+## Quick Start
 
 - [Docker Compose File](https://docs.anchore.com/current/docs/quickstart/docker-compose.yaml)
 - [Prometheus Configuration for Monitoring](https://docs.anchore.com/current/docs/quickstart/anchore-prometheus.yml)
-  - [Enabling Prometheuse](https://docs.anchore.com/current/docs/quickstart/#optional-enabling-prometheus-monitoring)
+  - [Enabling Prometheus](https://docs.anchore.com/current/docs/quickstart/#optional-enabling-prometheus-monitoring)
 - [Swagger UI Nginx Proxy](https://docs.anchore.com/current/docs/quickstart/anchore-swaggerui-nginx.conf)
   - [Enabling Swagger](https://docs.anchore.com/current/docs/quickstart/#optional-enabling-swagger-ui)
   
-### More Topics
+## More Topics
 
 - [Security](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/documentation-standard/docs/security.md)
 - [Troubleshooting](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/documentation-standard/docs/troubleshooting.md)
 
-Find more information on Anchore Enterprise [here](https://docs.anchore.com/current/docs/overview/).
\ No newline at end of file
+Find more information on Anchore Enterprise [here](https://docs.anchore.com/current/docs/overview/).
diff --git a/docs/security.md b/docs/security.md
index 0973d09..bfe88eb 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -1,18 +1,17 @@
-# Security 
+# Security
 
 Anchore Enterprise supports user login to the User Interface through identities from external identity providers that support Security Assertion Markup Language (SAML). Anchore
 does not store any user credentials. However, usernames and anchore permissions are stored. The identity provider validates the user's access while an external provider validates the username and all first time user login information.
 
 The Anchore Enterprise deployment must be configured to utilize the SAML SSO.
 
-
 - It is required to Enable Oauth to ensure that Anchore can issue bearer tokens for subsequent API usage by the UI to the system APIs.
 
-- Hashed passwords are recommended. 
+- Hashed passwords are recommended.
 
 - From the user's browser, reach the Identity Provider's login URL.
 
-- Access the metadata XML endpoint in the Identity Provider. 
+- Access the metadata XML endpoint in the Identity Provider.
 
 Configuration of SAML SSO is done using API/UI operations but requires configuration both in the user's Identity Provider and within Anchore.
 
@@ -21,6 +20,6 @@ The Identity Provider must:
 - Support HTTP Redirect binding
 - Support signed assertions and signed documents
 - Allow unsigned client requests from Anchore
-- Allow unencrypted requests and responses 
+- Allow unencrypted requests and responses
 
-Click the [link](https://docs.anchore.com/current/docs/overview/sso/) for more Anchore security information.
\ No newline at end of file
+Click the [link](https://docs.anchore.com/current/docs/overview/sso/) for more Anchore security information.
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index b0c779d..cd6c055 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -7,8 +7,4 @@ In this troubleshooting guide, we'll walk through several best-practice techniqu
 - Explore the event logs
 - Remove Repositories or Images
 
-
 For more Anchore Enterprise troubleshooting information click [here](https://docs.anchore.com/current/docs/troubleshooting/).
-
-
-
-- 
GitLab