UNCLASSIFIED

Commit 7e043eff authored by Al Fontaine's avatar Al Fontaine
Browse files

Merge branch 'development' into 'master'

Development

See merge request !12
parents f8ad464a 200e3df8
Pipeline #115647 failed with stages
in 16 seconds
......@@ -19,6 +19,9 @@ Hardening:
- [ ] Container version has been updated in greylist file
- [ ] Branch has been merged into `development`
No new findings:
- [ ] There are no new findings in this update. Skip the Justifications and Approval Process steps and apply the label ~"Approval".
Justifications:
- [ ] All findings have been justified per the above documentation
- [ ] Justifications have been provided to the container hardening team
......
# These three ARGs must point to an Iron Bank image - the BASE_REGISTRY should always be what is written below; please use \
# '--build-arg' when building locally to replace these values
# If your container is not based on either the ubi7/ubi8 Iron Bank images, then it should be based on a different Iron Bank image
# Note that you will not be able to pull containers from nexus-docker-secure.levelup-dev.io into your local dev machine
ARG BASE_REGISTRY=registry1.dsop.io
ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal
ARG BASE_TAG=8.2
# FROM statement must reference the base image using the three ARGs established
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
# Aqua release version
ARG AQUA_VERSION=5.0
# Aqua update version tag
ARG AQUA_TAG=0-ubi8
ENV VERSION=${AQUA_VERSION}.${AQUA_TAG}
# Aqua container type
ARG CONTAINER=gateway
ARG BUILDDATE
ARG COMMIT=103c5e2a51
# 'LABEL' instructions should include at least the following information and any other helpful details.
LABEL name="Aqua Enterprise Console" \
maintainer="admin@aquasec.com" \
vendor="Aqua Security" \
summary="Aqua Security Enterprise - Console" \
description="Aqua Security Enterprise - Console"
LABEL com.aquasec.release=${VERSION}
LABEL com.aquasec.version=${VERSION}
LABEL com.aquasec.component=$CONTAINER
LABEL com.aquasec.builddate=${BUILDDATE}
LABEL com.aquasec.commit=${COMMIT}
ENV BUILD_ONLY_PACKAGES="tar gzip shadow-utils"
RUN microdnf install $BUILD_ONLY_PACKAGES
ARG TARBALL="aquasec-${CONTAINER}-${AQUA_VERSION}.${AQUA_TAG}.tar.gz"
RUN mkdir -p /build /opt/aquascans
COPY ${TARBALL} /build/
RUN cd /build && \
tar -zxvf ${TARBALL} && \
cd -
RUN if [[ -d /build/licenses ]]; then cp -r /build/licenses/ /licenses/; fi
RUN cd /build/ && \
cp -r aquasec /opt/
RUN rm -rf /build
COPY scripts/* /
RUN groupadd -g 11433 --system aqua && \
adduser --home-dir /home/aqua --comment "aqua user" --shell /sbin/nologin -g aqua --system -u 11433 aqua && \
chown -R aqua:root /opt/aquasec && chown -R aqua:root /opt/aquascans
RUN microdnf remove ${BUILD_ONLY_PACKAGES}
RUN microdnf clean all
# dodTODO: pending SLK-28283
# Removing of microdnf must be after we use it
#COPY _package/remove-vulnerable-packages /
#RUN chmod +x /remove-vulnerable-packages && sync && /remove-vulnerable-packages ${ubiver}
#RUN rm /remove-vulnerable-packages
VOLUME /opt/aquascans
WORKDIR /opt/aquasec/
EXPOSE 3622 8443
HEALTHCHECK --start-period=10s CMD curl -f 127.0.0.1:3622 || exit 1
USER 11433
CMD ["/gateway-entrypoint.sh"]
@Library('DCCSCR@master') _
dccscrPipeline(version: "5.0")
/* The above format is required for all production submissions.
* The version will be the image tag associated with this container for this branch.
*
* You may limit the job to the build stage or the scanning stage only:
* dccscrPipeline(version: "1.4.2", scan: false)
* dccscrPipeline(version: "1.0.0", build: false)
*
* You may also use a different branch of the jenkins-shared-library.
* Only do this if you know what you are doing:
* @Library('DCCSCR@feature1_branch') _ */
This diff is collapsed.
{
"resources": [
{
"url":"https://download.aquasec.com/aquasec/csp/gateway/5.0/aquasec-gateway-5.0.0-ubi8.tar.gz",
"filename":"aquasec-gateway-5.0.0-ubi8.tar.gz",
"validation": {
"type": "sha256",
"value": "a476b7eb0618fd2de0d5afb00de7aa481b2c6fdcb73f12aa10afbc9889d0594c"
},
"auth": {"type": "basic", "id": "aquasec-credential" },
"tls_verify": true
}
]
}
#!/bin/sh
# this entrypoint is shared between several distributions e.g. ubi and DoD
# entrypoint code common to all gateway distributions should be placed here
# distribution specific startup code should be copied placed in respective script
# run distribution specific entrypoint code if exists (i.e. we are on that distribution)
test -x /common-entrypoint-alpine.sh && /common-entrypoint-alpine.sh
#exec is needed in order to make the run be the parent process for accespting docker stop signal
exec /opt/aquasec/sedocksrv
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment