Add GVM (OpenVAS) add-on initialization script

- Create a new script `run.sh` for initializing and launching the GVM add-on.
- Ensure required environment variables `USERNAME` and `PASSWORD` are set.
- Set the timezone if the `TZ` variable is provided.
- Initialize a data directory at `/data` if it does not exist.
- Launch the GVM service and log output to a file.

fix(sonarqube): fix config.json

README.md

@@ -26,6 +26,14 @@ _SonarQube Server helps you comply with common code security standards, such as
 
 [Official Repo](https://github.com/SonarSource/sonarqube)
 
+### [GVM](./gvm)
+
+![Supports amd64 Architecture][amd64-shield]
+![Supports aarch64 Architecture][aarch64-shield]
+
+_OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test._
+
+[Official Repo](https://github.com/greenbone/openvas-scanner)
 
 ## Sponsoring ❤️
 If you like this add-on and would like to support my work and future projects, you can buy me a coffee. ☕

gvm/CHANGELOG.md

@@ -0,0 +1,2 @@
+## 0.0.x-beta
+- Initial release

gvm/Dockerfile

@@ -0,0 +1,21 @@
+# Use official GVM image
+FROM netizensoc/gvm-scanner:latest
+
+LABEL io.hass.name="GVM Scanner"
+LABEL io.hass.description="un a GVM (OpenVAS) scanner as a Home Assistant add-on."
+LABEL io.hass.arch="amd64|aarch64"
+LABEL io.hass.type="addon"
+LABEL io.hass.version="0.0.1-beta"
+
+# Set timezone
+ENV TZ=Europe/Rome
+
+# Copy the entrypoint script
+COPY run.sh /run.sh
+RUN chmod +x /run.sh
+
+# Expose default GVM Web UI port
+EXPOSE 9392
+
+# Set entrypoint
+CMD [ "/run.sh" ]

gvm/README.md

@@ -0,0 +1,63 @@
+# Home Assistant Add-on: GVM (OpenVAS) 
+
+![Supports amd64 Architecture](https://img.shields.io/badge/amd64-yes-green.svg)
+![Supports aarch64 Architecture](https://img.shields.io/badge/aarch64-yes-green.svg)
+
+This Home Assistant add-on deploys the GVM (OpenVAS) vulnerability scanner inside a Docker container.
+
+## 🚀 Features
+
+- Full GVM Scanner in a managed container
+- Web UI available on port `9392`
+- Username and password configurable from UI
+
+## ⚙️ Configuration
+
+Example `options` in `config.json`:
+
+```json
+{
+    "username": "admin",
+    "password": "changeme",
+    "ui_port": 9392,
+    "TZ": "Europe/Rome",
+    "HTTPS": "false",
+    "SSHD": "true",
+    "DB_PASSWORD": "changeme"
+}
+```
+
+## 🌐 Access
+
+Once installed, access the GVM web interface at:
+
+`http://<your-home-assistant-ip>:9392`
+
+## 📂 Repository Structure
+
+```bash
+gvm/
+├── CHANGELOG.md       # Changelog for the add-on
+├── config.json        # Add-on configuration definition
+├── Dockerfile         # Dockerfile for the GVM container
+├── icon.png           # Icon for the add-on
+├── logo.png           # Logo for the add-on
+├── README.md          # This file
+└── run.sh             # Startup script for GVM
+```
+
+## 🛡 Security
+
+> ⚠️ Always use strong passwords and ensure secure network settings, especially for database connections.
+
+---
+
+Made with ❤️ for automation and resilience.
+
+[semver]: http://semver.org/spec/v2.0.0.html
+[aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
+[amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
+[armv7-shield]: https://img.shields.io/badge/armv7-yes-green.svg
+[i386-shield]: https://img.shields.io/badge/i386-yes-green.svg
+[repository-badge]: https://img.shields.io/badge/Add%20repository%20to%20my-Home%20Assistant-41BDF5?logo=home-assistant&style=for-the-badge
+[repository-url]: https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Fmartemme%2FHomeAssistantAddons

gvm/config.json

@@ -0,0 +1,43 @@
+{
+    "name": "GVM Scanner",
+    "version": "0.0.1-beta",
+    "slug": "gvm",
+    "description": "Run a GVM (OpenVAS) scanner as a Home Assistant add-on.",
+    "startup": "services",
+    "boot": "auto",
+    "init": false,
+    "arch": ["amd64", "aarch64"],
+    "map": ["config:rw"],
+    "options": {
+        "username": "admin",
+        "password": "changeme",
+        "ui_port": 9392,
+        "TZ": "Europe/Rome",
+        "HTTPS": "false",
+        "SSHD": "true",
+        "DB_PASSWORD": "changeme"
+    },
+    "schema": {
+        "username": "str",
+        "password": "str",
+        "ui_port": "int",
+        "TZ": "str",
+        "HTTPS": "bool",
+        "SSHD": "bool",
+        "DB_PASSWORD": "str"
+    },
+    "ports": {
+        "9392/tcp": 9392
+    },
+    "ports_description": {
+        "9392/tcp": "Web Interface"
+    },
+    "webui": "http://[HOST]:[PORT:9392]",
+    "environment": {
+        "TZ": "Europe/Rome",
+        "HTTPS": "false",
+        "SSHD": "true",
+        "DB_PASSWORD": "changeme"
+    }
+  }
+  

gvm/run.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+set -e
+set -o pipefail
+
+log() {
+    echo "[GVM ADD-ON] $(date +"%Y-%m-%d %H:%M:%S") - $*"
+}
+
+# Ensure required env vars are set
+: "${USERNAME:?Environment variable USERNAME not set}"
+: "${PASSWORD:?Environment variable PASSWORD not set}"
+
+log "Starting GVM (OpenVAS) add-on..."
+
+# Setup timezone
+if [ -n "$TZ" ]; then
+    log "Setting timezone to $TZ"
+    ln -snf /usr/share/zoneinfo/$TZ /etc/localtime
+    echo "$TZ" > /etc/timezone
+fi
+
+# Initialize data directory
+DATA_DIR="/data"
+if [ ! -d "$DATA_DIR" ]; then
+    log "Creating data directory at $DATA_DIR"
+    mkdir -p "$DATA_DIR"
+fi
+
+log "Launching GVM service..."
+exec /usr/local/bin/dumb-init gvm-start | tee -a "$DATA_DIR/gvm.log"

sonarqube/CHANGELOG.md

@@ -1,2 +1,2 @@
-## 0.0.1-beta
+## 0.0.x-beta
 - Initial release

sonarqube/Dockerfile

@@ -5,7 +5,7 @@ LABEL io.hass.name="SonarQube"
 LABEL io.hass.description="SonarQube Server helps you comply with common code security standards, such as the NIST SSDF, OWASP, CWE, STIG, and CASA."
 LABEL io.hass.arch="amd64|aarch64"
 LABEL io.hass.type="addon"
-LABEL io.hass.version="0.0.1-beta"
+LABEL io.hass.version="0.0.2-beta"
 
 # Build parameters
 ARG SONARQUBE_VERSION=9.9.6.92038

sonarqube/config.json

@@ -1,13 +1,13 @@
 {
     "name": "SonarQube",
-    "version": "0.0.1-beta",
+    "version": "0.0.2-beta",
     "slug": "sonarqube",
     "description": "SonarQube Server helps you comply with common code security standards, such as the NIST SSDF, OWASP, CWE, STIG, and CASA.",
     "arch": ["amd64", "armv7", "aarch64"],
     "startup": "services",
     "boot": "auto",
     "host_network": false,
-    "privileged": true,
+    "full_access": true,
     "options": {
       "data_path": "/share/sonarqube/data",
       "extensions_path": "/share/sonarqube/extensions",
@@ -18,32 +18,31 @@
       "TZ": "Europe/Rome"
     },
     "schema": {
-      "data_path": "string",
-      "extensions_path": "string",
-      "ui_port": "integer",
-      "jdbc_url": "string",
-      "jdbc_username": "string",
-      "jdbc_password": "string",
-      "TZ": "string"
+      "data_path": "str",
+      "extensions_path": "str",
+      "ui_port": "int",
+      "jdbc_url": "str",
+      "jdbc_username": "str",
+      "jdbc_password": "str",
+      "TZ": "str"
     },
     "ports": {
-      "ui": "ui_port"
+        "9000/tcp": 9000
     },
     "ports_description": {
-      "ui": "Web Interface"
+        "9000/tcp": "Web Interface"
     },
     "map": ["config"],
-    "environment": [
-      "TZ",
-      "SONAR_JDBC_URL",
-      "SONAR_JDBC_USERNAME",
-      "SONAR_JDBC_PASSWORD"
-    ],
-    "image": "sonarqube:community",
-    "webui": "http://[HOST]:[PORT:ui]",
+    "environment": {
+      "TZ": "TZ",
+      "SONAR_JDBC_URL": "jdbc_url",
+      "SONAR_JDBC_USERNAME": "jdbc_username",
+      "SONAR_JDBC_PASSWORD": "jdbc_password"
+    },
+    "image": "sonarqube",
+    "webui": "http://[HOST]:[PORT:9000]",
     "build_from": {
         "amd64": "alpine:3.18",
         "aarch64": "alpine:3.18"
     }
   }
-