From 8e26c1522788a2a1eb56a436ddbf41d9a3dccfcb Mon Sep 17 00:00:00 2001 From: Aviv Shavit Date: Sun, 7 Feb 2021 11:49:48 +0200 Subject: [PATCH 1/5] update 21026 - update to release 5.3 (artifacts generated from server@1b329dd) --- Dockerfile | 81 ++++++++++++++++++++++++++++ LICENSE | 75 ++++++++++++++++++++++++++ README.md | 115 +++++++++++++++++++++++++++++++++++++++- hardening_manifest.yaml | 61 +++++++++++++++++++++ 4 files changed, 330 insertions(+), 2 deletions(-) create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 hardening_manifest.yaml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..ada07fb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,81 @@ +# These three ARGs must point to an Iron Bank image - the BASE_REGISTRY should always be what is written below; please use \ +# '--build-arg' when building locally to replace these values +# If your container is not based on either the ubi7/ubi8 Iron Bank images, then it should be based on a different Iron Bank image +# Note that you will not be able to pull containers from nexus-docker-secure.levelup-dev.io into your local dev machine +ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal +ARG BASE_TAG=8.3 + +# FROM statement must reference the base image using the three ARGs established +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +# needed again for label below +ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal +ARG BASE_TAG=8.3 + +# Aqua release version +ARG AQUA_VERSION=5.3 +# Aqua update version tag +ARG AQUA_TAG=21026-ubi8 +ENV VERSION=${AQUA_VERSION}.${AQUA_TAG} +# Aqua container type +ARG CONTAINER=scanner +ARG COMPONENT=scanner +ARG BUILDDATE +ARG COMMIT=1b329dd + +# 'LABEL' instructions should include at least the following information and any other helpful details. +LABEL name="Aqua Enterprise ${CONTAINER}" \ + maintainer="admin@aquasec.com" \ + vendor="Aqua Security Software Ltd." \ + summary="Aqua Security Enterprise - ${CONTAINER}" \ + description="Aqua Security Enterprise - ${CONTAINER}" +LABEL com.aquasec.release=${VERSION} +LABEL com.aquasec.version=${VERSION} +LABEL com.aquasec.component=$COMPONENT +LABEL com.aquasec.builddate=${BUILDDATE} +LABEL com.aquasec.commit=${COMMIT} +LABEL com.aquasec.baseimage=${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + + +ENV BUILD_ONLY_PACKAGES="tar gzip shadow-utils" +RUN microdnf install $BUILD_ONLY_PACKAGES + +ARG TARBALL="aquasec-${CONTAINER}-${AQUA_VERSION}.${AQUA_TAG}.tar.gz" + +RUN mkdir -p /build /opt/aquascans + +COPY ${TARBALL} /build/ + +RUN cd /build && \ + tar -zxvf ${TARBALL} && \ + cd - + +RUN if [[ -d /build/licenses ]]; then cp -r /build/licenses/ /licenses/; fi +RUN cd /build/ && \ + cp -r aquasec /opt/ +RUN rm -rf /build + + + +RUN groupadd -g 11433 --system aqua && \ + adduser --home-dir /home/aqua --comment "aqua user" --shell /sbin/nologin -g aqua --system -u 11433 aqua && \ + chown -R aqua:root /opt/aquasec && chown -R aqua:root /opt/aquascans + +RUN microdnf remove ${BUILD_ONLY_PACKAGES} +RUN microdnf clean all + + +# dodTODO: pending SLK-28283 +# Removing of microdnf must be after we use it +#COPY _package/remove-vulnerable-packages / +#RUN chmod +x /remove-vulnerable-packages && sync && /remove-vulnerable-packages ${ubiver} +#RUN rm /remove-vulnerable-packages + +VOLUME /opt/aquascans +WORKDIR /opt/aquasec/ + +HEALTHCHECK --timeout=5s CMD /opt/aquasec/scannercli version || exit 1 +USER 11433 +ENTRYPOINT ["/opt/aquasec/scannercli"] \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..13df15c --- /dev/null +++ b/LICENSE @@ -0,0 +1,75 @@ +THESE TERMS AND CONDITIONS (the “Agreement“) CONSTITUTE A BINDING AGREEMENT BETWEEN YOU AND AQUA (AS DEFINED BELOW). IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF AN ENTITY, YOU REPRESENT THAT YOU HAVE THE RIGHT, AUTHORITY, AND CAPACITY TO BIND SUCH ENTITY TO THIS AGREEMENT. In any event, references herein to “Customer” means you or such entity (as the case may be). “Aqua” shall mean (i) Aqua Security Software, Inc. in the event that you are a United States or Australian User; OR otherwise (ii) Aqua SECURITY SOFTWARE LTD. + +By clicking the “I Accept” button below or by otherwise installing or using any part of the Software (as defined below), Customer acknowledges these terms and conditions and represents that it has fully read and understood, and agrees to be bound by, the following (the date of such occurrence being the “Effective Date“): this Agreement and other supplemental terms and policies that this Agreement expressly incorporates by reference, and which are thereby made a part of this Agreement. + +IF CUSTOMER DOES NOT AGREE WITH ANY OF THE TERMS OR CONDITIONS OF THIS AGREEMENT, CUSTOMER MUST NEITHER CLICK “I ACCEPT” NOR INSTALL OR USE ANY PART OF THE SOFTWARE. + +By entering into the Agreement, Customer hereby irrevocably and unconditionally waives any law or regulation applicable to Customer requiring that the Agreement be localized to meet Customer’s language or requiring an original (non-electronic) signature or delivery or retention of non-electronic records. + +1. License. Subject to the terms and conditions of this Agreement, Aqua grants Customer a limited, non-exclusive, non-assignable, non-transferable, and non-sublicensable license, during the subscription-based term stated in the purchase order for the provision of Aqua’s software product identified in the purchase order (“Software“) and Support Services (defined below) executed directly with Aqua (“License Term” and “Purchase Order“, respectively), to do the following for internal business use only (collectively, the “License“): (i) install the Software (in object code only) in Customer’s on-premise, private cloud, or other installation environment stated in the Purchase Order (the “Environment(s)“) and on such number of physical or virtual machine (including without limitation server, host, node and docker engine) on which the Software is installed (“Hosts“) specified in the Purchase Order; and (ii) access and use those modules, tools, and/or features of the Software permitted (and in the quantities permitted) under the Purchase Order (“Module“). + +References herein to “Software” include all of the manuals, specifications, and similar documentation accompanying the Software or otherwise made available by Aqua (the “Documentation“), as well as any Updates (as defined in the Support Ts&Cs referenced in Section 6 below) made available to Customer pursuant to Support Services (as defined below). + +2. License Restrictions. Except to the extent expressly permitted in this Agreement (or otherwise mandated under any law applicable to Customer), Customer shall not, and shall not permit or encourage any third party to, do any of the following: (a) copy the Software; (b) sell, assign, lease, lend, rent, sublicense, or make available the Software to any third party, or otherwise use the Software to operate in a time-sharing, outsourcing, or service bureau environment; (c) modify, alter, adapt, arrange, translate, decompile, disassemble, reverse engineer, or otherwise attempt to discover the source code or non-literal aspects (such as the underlying structure, sequence, organization, and interfaces) of, the Software; (d) remove, alter, or conceal, in whole or in part, any copyright, trademark, or other proprietary rights notice or legend displayed or contained on or in the Software; (e) circumvent, disable or otherwise interfere with security-related or technical features or protocols of the Software (such as usage monitoring features); (f) make a derivative work of the Software, or use the Software to develop any service or product that is the same as (or substantially similar to) the Software; (g) disclose to the public the results of any internal performance testing or benchmarking studies of or about the Software, without first (x) sending the results and related study(ies) to Aqua, and (y) obtaining Aqua’s written approval of the assumptions, methodologies and other parameters of the testing or study; (h) use, publish or transmit any robot, malware, Trojan horse, spyware, or similar malicious item intended (or that has the potential) to damage or disrupt the Software; and/or (i) access the Software and/or its servers through or use with the Software any unauthorized means, services or tools, including, without limitation, any data mining, robots, or similar automated means or data gathering and extraction tools, including, without limitation, in order to extract for re-utilization of any parts of the Software. Customer shall not ship, transfer, or export the Software or any component thereof or use the Software in any manner, prohibited by law, including without limitation to, sell, distribute, export or download the Software: (a) into (or to a national or resident of) Cuba, Iran, Iraq, Libya, North Korea, Sudan, Lebanon, Syria, or the Crimea Region of Ukraine, (b) to anyone on the U.S. Commerce Department’s Table of Denial Orders or U.S. Treasury Department’s list of Specially Designated Nationals, (c) to any country to which such export or re-export is restricted or prohibited, or as to which the U.S., Australian or Israeli government or any agency thereof requires an export license or other governmental approval at the time of export or re-export without first obtaining such license or approval, or (d) otherwise in violation of any export or import restrictions, laws or regulations of the U.S., Australia or Israel or any foreign agency or authority. Customer agrees to the foregoing and warrants that it is not located in, under the control of, or a national or resident of any such prohibited country or on any such prohibited party list. The foregoing conditions are limitations on the scope of the License. + +3. Installation. Customer will be responsible for the installation, using a license key provided by Aqua, including without limitation: (a) all configurations (including without limitation to the Environment and other third party systems) in connection therewith; and (b) for providing Aqua with (as well as procuring for Aqua the right to access and use) all information, materials, facilities, and equipment reasonably requested by Aqua for the purposes of installation. In addition, Customer will cooperate with Aqua in configuring and maintaining the Software’s remote connectivity Module to enable Aqua to monitor and receive reports regarding Customer’s use and consumption levels of the Software (such monitoring and reports, “Usage Audits“). + +4. Payment + +4.1. License Fees. Customer will pay the Software license fees stated in the Purchase Order (“License Fees“), and in accordance with its payment terms; provided, however, that if a Usage Audit reveals a usage level above that permitted in the Purchase Order, the License Fees will be increased according to Aqua’s then-current price list (and as otherwise specified in the Purchase Order for such excessive use). For the avoidance of doubt, the foregoing mechanism shall not result in a reduction in License Fees in the event Customer’s consumption level decreases below the level purchased under the Purchase Order. Unless otherwise specified in the Purchase Order, all payments are due thirty (30) days from receipt of each invoice and are non-refundable and without any right of set-off. Any amount not paid when due will accrue interest on a daily basis until paid in full, at the lesser of: (a) the rate of one and a half percent (1.5%) per month; and (b) the highest amount permitted by applicable law. + +4.2. Taxes. Amounts payable under this Agreement are exclusive of all applicable sales, use, consumption, VAT, GST, and other taxes, duties or governmental charges, except for taxes based upon Aqua’s net income. In the event that Customer is required by applicable law to withhold or deduct taxes imposed upon Customer for any payment under this Agreement, then the amounts due to Aqua will be increased by the amount necessary so that Aqua receives and retains, free from liability for any deduction or withholding, an amount equal to the sum it would have received had Customer not made any such withholding or deduction. + +5. Third Party Software. The Software may include third party software components that are subject to open source and/or pass-through commercial licenses and/or notices (such third party programs, “Third Party Software” and “Third Party Software Terms and Notices“, respectively). Some of the Third Party Software Terms and Notices may be made available to Customer in the Software, its Documentation or via a supplementary list provided by Aqua. Any covenants, representations, warranties, indemnities and other commitments with respect to the Software in this Agreement are made by Aqua and not by any authors, licensors, or suppliers of, or contributors to, such Third Party Software. Any use of Third Party Software is subject solely to the rights and obligations under the applicable Third Party Software Terms and Notices. Notwithstanding anything in this Agreement to the contrary, Aqua does not make any representation, warranty, guarantee, or condition, and does not undertake any liability or obligation, with respect to any Third Party Software. + +6. Support Services. Subject to Customer’s timely payment of the License Fees, Aqua will provide the support and maintenance services (“Support Services“) in accordance with the terms and conditions set forth at https://www.aquasec.com/basic-support-terms/ (“Support Ts&Cs“). + +7. Confidentiality + +7.1. Customer may have access to certain non-public or proprietary information or materials of Aqua (the “Discloser“), whether in tangible or intangible form (“Confidential Information“). Without derogating from the foregoing, the Software, license keys and terms of the Purchase Order shall be deemed as Aqua’s Confidential Information. Confidential Information will not include information or material which Customer can demonstrate: (a) was in the public domain at the time of disclosure by Aqua to Customer hereunder; and/or (b) became part of the public domain after disclosure by Aqua to Customer hereunder, through no fault of Customer; (c) was in the Customer’s possession at the time of disclosure by the Aqua hereunder, and was not subject to prior continuing obligations of confidentiality by Customer to Aqua; (d) was rightfully disclosed to the Customer by a third party having the lawful right to do so; and/or (e) was independently and rightfully developed by the Recipient without (direct or indirect) use of, or reliance upon, Aqua’s Confidential Information. + +7.2. In the event that Customer is required to disclose Confidential Information of Aqua pursuant to any law or governmental or judicial order, Customer will promptly notify Aqua in writing of such law or order and reasonably cooperate with Aqua in opposing such disclosure or obtaining such other protective measures. In any event, such disclosure made pursuant to this paragraph will be made solely to the extent required by such law or order (as the case may be). + +7.3. Customer will use Aqua’s Confidential Information solely for the purpose of performing its obligations and/or exercising its rights under this Agreement and will not disclose or make available the Confidential Information to any third party, except to its employees that have a need to know such information and that are bound by obligations at least as protective as provided herein. Customer will take measures at a level at least as protective as those taken to protect its own confidential information of like nature (but in no event less than a reasonable level) to protect Aqua’s Confidential Information. Customer will promptly notify Aqua in writing in the event of any actual or suspected unauthorized use or disclosure of any Aqua Confidential Information. + +7.4. Each Party acknowledges that in the event of a breach or threatened breach of this Section 7 (Confidentiality) by Customer, Aqua may suffer irreparable harm or damage for which monetary damages will be inadequate, and will, therefore, be entitled to injunctive relief and specific performance to enforce the obligations under this Section 7‎ (Confidentiality) without the need to post a bond. + +8. Ownership. As between the Parties, Aqua is, and shall remain, the sole and exclusive owner of all Intellectual Property Rights in and to the Software and all its copies (as well as any modifications, improvements or derivatives thereto), the Support Services, and any other products or services provided by Aqua (hereinafter, “Aqua IPR“). Aqua reserves all rights not expressly granted herein and except for the License, Customer is granted no other right or license in or to any Aqua IPR. Customer undertakes not to contest Aqua’s ownership in the Aqua IPR. “Intellectual Property Rights” means any and all right, title and interest in and to patents, inventions, discoveries, copyrights, works of authorship, trade secrets, trademarks, service marks, trade dress, technical information, data, know-how, show-how, designs, drawings, utility models, topography and semiconductor mask works, specifications, formulas, methods, techniques, processes, databases, software, code, algorithms, architecture, records, documentation, and other similar intellectual or industrial property, in any form and embodied in any media, whether capable of protection or not, whether registered or unregistered, and including all applications, registrations, renewals, extensions, continuations, divisions or reissues thereof. + +9. Warranty; Disclaimer. Aqua warrants to Customer that the Software will materially perform the functions described in the technical specifications included in the Documentation for a period of sixty (60) days commencing upon the Effective Date (the “Warranty” and “Warranty Period“, respectively). The following are excluded from the foregoing Warranty: (a) the Software has not been properly installed, operated, repaired or maintained in accordance with the Documentation and the written instructions of Aqua; (b) the Software has been modified by persons other than Aqua or its authorized representatives; and (c) any error or failure related to the Environment or any third party software (including any Third Party Software), hardware or service. Customer’s sole and exclusive remedy, and Aqua’s entire obligation and liability, for a Warranty claim under this Section 9 (Warranty; Disclaimer) will be for Aqua to make commercially reasonable efforts to provide a fix, patch or workaround (which may be included in a future Update) for reproducible defects in the Software reported to Aqua in writing, all at no additional charge to Customer; provided, however, that (A) the Warranty claim is made in writing, with sufficient detail, within the Warranty Period; (B) Aqua determines that the defect is not due to any misuse, abuse, neglect, negligence, or unauthorized repair or modification of the Software; and (C) the failure or error is reproducible by Aqua. Any fix, patch, or workaround provided as part of the foregoing remedy will not re-commence the Warranty Period and are warranted for the remainder of the Warranty Period, as then in effect. + +EXCEPT TO THE EXTENT PROVIDED OTHERWISE IN THIS SECTION 9 (WARRANTY; DISCLAIMER),‎ THE SOFTWARE AND ANY SERVICES ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, AND ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES (INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, OR QUALITY OF SERVICE, OR THAT OTHERWISE ARISE FROM A COURSE OF PERFORMANCE OR USAGE OF TRADE) ARE HEREBY DISCLAIMER. AQUA DOES NOT MAKE ANY REPRESENTATION, WARRANTY, GUARANTEE OR CONDITION REGARDING THE EFFECTIVENESS, USEFULNESS, RELIABILITY, COMPLETENESS, OR QUALITY OF THE SOFTWARE, OR THAT USE OF THE SOFTWARE WILL BE UNINTERRUPTED, SECURE OR ERROR-FREE OR THAT ERRORS/BUGS ARE REPRODUCIBLE OR THAT ERRORS/BUGS ARE REPAIRABLE. + +10. LIMITATION OF LIABILITY + +10.1. IN NO EVENT WILL AQUA, ANY OF ITS AFFILIATES, PARTNERS, DISTRIBUTORS OR ANY OF THEIR LICENSORS AND SUPPLIERS BE LIABLE UNDER, OR OTHERWISE IN CONNECTION WITH, THIS AGREEMENT, THE SOFTWARE OR OTHERWISE FOR: (A) ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES; (B) ANY LOSS OF PROFITS, BUSINESS, ANTICIPATED SAVINGS, OR DATA AND/OR DAMAGE TO OR LOSS OF REPUTATION, OR GOODWILL; AND/OR (C) THE COST OF PROCURING ANY SUBSTITUTE GOODS OR SERVICES. + +10.2. THE COMBINED CUMULATIVE LIABILITY OF AQUA AND ITS AFFILIATES, PARTNERS AND ANY OF THEIR LICENSORS AND SUPPLIERS UNDER, OR OTHERWISE IN CONNECTION WITH, THIS AGREEMENT, THE SOFTWARE OR OTHERWISE, WILL NOT EXCEED THE LICENSE FEES ACTUALLY PAID BY CUSTOMER TO AQUA UNDER THE APPLICABLE PURCHASE ORDER DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH LIABILITY. AQUA’S SOLE AND EXCLUSIVE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY IN RESPECT OF ANY MAINTENANCE OR SUPPORT ISSUE SHALL BE LIMITED TO PROVISION OF SUPPORT SERVICES. + +10.3. THE PRECEDING LIMITATIONS OF LIABILITY SHALL NOT APPLY TO BREACHES OF CONFIDENTIALITY, MISAPPROPRIATION OR BREACH OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS AND OBLIGATIONS PURSUANT TO SECTION 11 (INDEMNIFICATION) HEREIN. + +10.4. THE FOREGOING LIMITATIONS OF LIABILITY WILL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND: (A) EVEN IF A PARTY OR AN AFFILIATE, DISTRIBUTOR OR SUPPLIER OF AQUA HAS BEEN ADVISED, OR SHOULD HAVE BEEN AWARE, OF THE POSSIBILITY OF LOSSES, DAMAGES, OR COSTS; (B) EVEN IF ANY REMEDY IN THIS AGREEMENT FAILS OF ITS ESSENTIAL PURPOSE; AND (C) REGARDLESS OF THE THEORY OF LIABILITY (INCLUDING, WITHOUT LIMITATION, BREACH OF CONTRACT, TORT, NEGLIGENCE OR STRICT LIABILITY). + +11. Indemnification + +11.1. By Aqua. Aqua will defend, indemnify and hold harmless Customer against any third party demand, claim, suit, or action alleging that Customer’s use of the Software in accordance with this Agreement infringes such third party’s intellectual property rights (an “Infringement Claim“), and Aqua will pay any amounts finally awarded by a court against Customer (or otherwise agreed in settlement) under such Infringement Claim. Aqua will have no obligation or liability under this Section 11.1‎ to the extent that the Infringement Claim is based upon or results from: (a) the combination or use of the Software with any third party products or services if the claim would not have occurred if not for such combination or use; (b) any modification to the Software not made by Aqua; (c) Customer’s failure to comply with the written instructions of Aqua and/or with the terms of this Agreement or the Documentation; (d) where Customer continues the alleged infringing activity after being notified thereof; (e) use or retention of a copy of the Software not in its most current version provided by Aqua; and/or (f) Aqua’s compliance with any Customer instructions or requirements (any such claim in clauses (a) through (d), a “Reverse Infringement Claim“). + +11.2. Remediation. Should the Software (in whole or in part) become, or in Aqua’s opinion be likely to become, the subject of any Infringement Claim, then Customer permits Aqua, at Aqua’s option, either to: (a) obtain for Customer the right to continue using the Software (or part thereof); or (b) replace or modify the Software (or part thereof) so that it becomes non-infringing; provided, however, that if, in Aqua’s opinion, the remedies in clauses (a) and (b) above are not commercially feasible, Aqua may terminate this Agreement immediately upon written notice to Customer and provide Customer with a pro-rata refund of any prepaid (but unutilized) License Fees based on the remaining License Term. + +11.3. By Customer. Customer will defend, indemnify, and hold harmless Aqua, Aqua Affiliates, distributors and suppliers and their respective directors, officers, employees, and suppliers from and against any third party claims, demands, actions, suits, proceedings, damages, losses, judgments and/or liabilities arising from, or related to or in connection with: (a) a Reverse Infringement Claim; and/or (b) Customer’s unauthorized use of the Software or breach of this Agreement (each, a “Aqua Claim“). + +11.4. Procedure. Each Party’s obligation and liability under this Section (Indemnification) is subject to the conditions that: (a) the indemnified Party has promptly notified the indemnifying Party in writing of the Infringement Claim or Aqua Claim, as the case may be (as used in this subsection, “Claim“), provided that a delay or failure by the indemnified Party to provide such notice will not relieve the indemnifying Party of its obligation or liability under this Section (Indemnification), except to the extent that such delay or failure materially prejudices its ability to defend the claim; (b) the indemnified Party reasonably cooperates with the indemnifying Party and permits the indemnifying Party to assume sole control of the defense of the Claim and all negotiations for any settlement thereof, provided that Aqua will not be required to cede control of a Aqua Claim to the extent that it impacts any Aqua Intellectual Property Right or goodwill, and the indemnifying Party will not enter into any settlement of a Claim without the indemnified Party’s prior express written consent, not to be unreasonably withheld, conditioned or delayed; and (c) the indemnified Party refrains from admitting any liability or otherwise compromising the defense of the Claim (in whole or in part), without the prior express written consent of the indemnifying Party. + +11.5. Entire Liability. This Section (Indemnification) states Aqua’s sole and exclusive obligation and liability, and Customer’s sole remedy, with respect to any Infringement Claim. + +12. Term and Termination + +12.1. Term. This Agreement commences as of the Effective Date and will continue in full force and effect for the duration of the License Term, unless earlier terminated in accordance with this Agreement. If the License Term is a subscription-based term, this Agreement will automatically renew for successive annual periods (as applicable), unless, a Party gives written notice to the other Party of the former’s intent not to renew the License Term, given at least thirty (30) days prior to the expiration thereof. + +12.2. Termination. Each Party may terminate this Agreement immediately upon written notice to the other Party: (a) if the other Party commits a material breach under this Agreement and, if curable, fails to cure that breach within thirty (30) days after receipt of written notice specifying the material breach (except that for payment defaults, such cure period will be seven days); and/or (b) if the other Party is declared bankrupt by a judicial decision, or, in the event an involuntary bankruptcy action is filed against such other Party, it has not taken, within sixty (60) days from service of such action to such Party, any possible action under applicable law for such filed action to be dismissed. + +12.3. Effect of Termination; Survival. Upon expiration or the effective date of termination of this Agreement (as the case may be): (a) this License will automatically terminate and Customer will uninstall and permanently erase (or, if requested by Aqua, permit Aqua to uninstall and permanently erase) all copies of the Software from the Customer’s systems; (b) Customer will pay all outstanding fees, including any License Fees; and (c) Customer shall, at Aqua’s election, erase or return to Aqua all Aqua Confidential Information in its possession or under its control. Sections 1 (Definitions), 2 (License Restrictions), 4 (Payments), 5 (Third Party Software) and 7 (Confidentiality) through 13 (Miscellaneous) will survive the expiration or termination of this Agreement. + +13. Miscellaneous. (13.1) Entire Agreement. This Agreement, all Purchase Orders and the Support Ts&Cs represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings and statements by the Parties with respect to such subject matter. In entering into this Agreement, neither Party is relying on any representation not expressly specified in this Agreement. This Agreement may only be amended by a written instrument duly signed by each Party. The Section and subsection headings used in this Agreement are for convenience only. Any terms and conditions printed, or linked to, within the Purchase Order, which is in addition to or otherwise inconsistent with the terms and conditions of this Agreement, shall be of no effect, unless explicitly stated otherwise with reference to this Agreement. (13.2) Name and Logo. Aqua may use Customer’s name and logo on its website and in its promotional materials to state that Customer is a customer of Aqua and a Software user. (13.3) Reference Customer. Customer agrees to serve as a reference customer of Aqua with other potential customers and industry analysts. (13.4) Case Study. Customer agrees, in due course, to collaborate with Aqua’s marketing team to create a case study of the Customer’s use of the Software. (13.5) Assignment. This Agreement (whether in whole or in part): (a) may not be assigned by Customer without the prior express written consent of Aqua; and (b) may be assigned by Aqua, without obligation or restriction. Any prohibited assignment will be null and void. Subject to the provisions of this Section (Assignment), this Agreement will bind and benefit each Party and its respective successors and assigns. (13.6) Governing Law; Jurisdiction. Section 13.6(a) shall apply in respect of North American users, otherwise Section 13.6(b) shall apply: (a) this Agreement will be governed by, and construed in accordance with, the laws of the State of Delaware, USA without regard to its conflicts of law rules. Any claim, dispute or controversy between the Parties will be subject to the exclusive jurisdiction and venue of the competent federal and state courts located in Wilmington, Delaware, and each Party hereby irrevocably submits to the personal jurisdiction of such courts and waives any jurisdictional, venue, or inconvenient forum or other objections to such courts; (b) This Agreement will be governed by, and construed in accordance with, the laws of the State of Israel, without regard to its conflicts of law rules. Any claim, dispute or controversy between the Parties will be subject to the exclusive jurisdiction and venue of the competent courts located in Tel Aviv-Jaffa, Israel, and each Party hereby irrevocably submits to the personal jurisdiction of such courts and waives any jurisdictional, venue, or inconvenient forum, or other objections to such courts. The following applies to all users notwithstanding the foregoing, Aqua may seek injunctive relief in any court worldwide that has competent jurisdiction. The United Nations Convention on Contracts for the International Sale of Goods is hereby disclaimed. (13.7) Feedback. If Customer provides Aqua with any feedback, ideas or suggestions regarding the Software (“Feedback“), Aqua may, at no cost, freely use such Feedback, for any purpose whatsoever and Customer hereby and shall assign all right, title and interest in and to all Feedback to Aqua upon creation thereof. For the avoidance of doubt, Feedback will not be deemed Customer’s Confidential Information. (13.8) Relationship. The Parties are solely independent contractors. Nothing in this Agreement shall create a partnership, joint venture, agency, or employment relationship between the Parties. Neither Party may make, or undertake, any commitments or obligations on behalf of the other. (13.9) Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, then: (a) the remaining provisions of this Agreement shall remain in full force and effect; and (b) such provision will be ineffective solely as to such jurisdiction (and only to the extent and for the duration of such invalidity or unenforceability), and will be substituted (in respect of such jurisdiction) with a valid and enforceable provision that most closely approximates the original legal intent and economic impact of such provision. (13.10) Notices. All notices and communications between the Parties under, or in connection with, this Agreement (“Notices“) shall be in writing, by hand delivery, by nationally recognized courier service or by prepaid certified mail. Aqua may send Notices to Customer through the management and reporting Module of the Software. Customer shall send all Notices to the mailing and email addresses and contact person listed in the Purchase Order, unless Customer has no Purchase Order with Aqua in which case Notices shall be sent to: Aqua Security Software Ltd., 20 Menachem Begin Street, Ramat-Gan 5270005, Israel, Attn: Director of Finance, Email: Support@aquasec.com. (13.11) Force Majeure. Except for payment obligations, neither Party will be liable for failure or delay in performance of any of its obligations under or in connection with this Agreement arising out of any event or circumstance beyond that Party’s reasonable control, including without limitation an Act of God, fire, flood, lightning, war, revolution, act of terrorism, riot, civil commotion, adverse weather condition, adverse traffic condition, strike, lock-out or other industrial action, and failure of supply of power, fuel, transport, equipment, raw materials, or other goods or services. (13.12) Customer Data; Storage. Customer acknowledges that the Software is not intended to, and will not, operate as an archive or file-storage product or service for Customer Data (as defined below), and Customer will be solely responsible for the maintenance and backup of all Customer Data. “Customer Data” means Customer’s content, code, or data uploaded to, or otherwise processed by, the Software. (13.13) Waiver. Any waiver granted hereunder must be in writing, duly signed by the waiving Party, and will be valid only in the specific instance in which given. + +Updated January 2020 \ No newline at end of file diff --git a/README.md b/README.md index 5dc6fa6..45f2d81 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,114 @@ -# +## Welcome to Aqua Cloud Native Security Platform (CSP)! -Project template for all Iron Bank container repositories. \ No newline at end of file +Aqua CSP provides full lifecycle security for your cloud native applications (containers, orchestrators, cloud VMs, and serverless functions) at a very granular level. Aqua includes preventive controls to secure the development pipeline; protects applications in runtime; detects and blocks attacks; and provides visibility and auditing for security risk management and compliance. + +Aqua CSP: + +* Integrates with your existing workflows for building, shipping, running, and securing your cloud workloads +* Works with the leading orchestrators and cloud provider platforms +* Secures environments consisting of servers running Linux and Windows, as well as CaaS and FaaS cloud services +* Provides you with full audit logs of security-related events that have occurred on your hosts or in your containers and serverless functions + +Aqua CSP Version 5.3 includes several new features, other improvements, and changes with respect to CSP Version 5.0. They are described below. + +### What's new in this version? +* Improved, configurable dashboard +* Redesigned main (left side) menu +* Kubernetes Assurance Policies +* Pod Enforcer +* Integration with Apolicy for Kubernetes cluster assessment +* VMware acquisition of Pivotal (rebranding) +* DTA enhancements +* Scheduled host scans +* Forbid specific Docker labels in images +* Require specific Docker labels in images +* Webhook enhancements +* Automatic database connection management +* Host scan queue enhancements +* RBAC- Email identification of application scope owners +* Aqua CyberCenter v5 as default +* Scanning of local Docker tar images +* Container Runtime Policies - support Port Scanning Detection in windows +* Audit event enhancements +* Enforcers support of httpGet for Liveness probes +* Block container exec runtime control +* HTML scan report enhancements +* Support for scanning of SUSE Linux Enterprise based images +* Login security enhancements - maximum session duration and automatic logout after inactivity +* Support for OpenID Connect +* Expanded workload container information +* UX - Dynamic text entry suggestions +* Enforcer support for AWS Bottlerocket + +More information at https://www.aquasec.com + +### Aqua images and containers +Aqua components are supplied as product images in the Aqua Registry, and deployed as containers. The typical exceptions to this are: +* Aqua Server is the central control component of Aqua CSP. +* Aqua Gateway(s) handle communication between the Aqua Server and the Aqua Enforcer(s), and use the Aqua Database. +* Aqua Scanner(s) scan images for security issues (vulnerabilities, sensitive data, and malware) and send the results to the Aqua Server. The Scanners are directed by the Image Assurance Policies you have configured using the Aqua UI. +* Aqua Enforcer(s) provide runtime security-related monitoring of your running containers, in order to provide enforcement of the Container Runtime Policies you have configured using the Aqua UI. The Aqua Enforcer(s) also ensure that + only registered and scanned images will run on the hosts where the Aqua Enforcer is deployed. + +### Deploying Aqua CSP + +Follow the example below for a simple ``podman`` based deployment. + +**Other deployment options are available at https://github.com/aquasecurity/deployments/** + +* `````` must be changed to a resolvable DNS name or the IP address of the database host. +* Replace all occurrences of `````` with a password of your choice. +* Replace `````` with a resolvable DNS name or the IP address of the Aqua Server host. +* Replace the image name with the appropriate Ironbank image source. + +``` +podman run -d -p 5432:5432 --name aqua-db \ + -e POSTGRES_PASSWORD= \ + -v /var/lib/aqua-db/data:/var/lib/postgresql/data \ + registry.aquasec.com/database:5.0 + + podman run -d -p 8080:8080 -p 443:8443 \ + --name aqua-web \ + -e SCALOCK_DBHOST= \ + -e SCALOCK_DBNAME=scalock \ + -e SCALOCK_DBUSER=postgres \ + -e SCALOCK_DBPASSWORD= \ + -e SCALOCK_AUDIT_DBHOST= \ + -e SCALOCK_AUDIT_DBNAME=slk_audit \ + -e SCALOCK_AUDIT_DBUSER=postgres \ + -e SCALOCK_AUDIT_DBPASSWORD= \ + -v /var/run/docker.sock:/var/run/docker.sock \ + registry.aquasec.com/console:5.0 + + podman run -d -p 3622:3622 -p 8443:8443 --name aqua-gateway \ + -e AQUA_CONSOLE_SECURE_ADDRESS=:443 \ + -e SCALOCK_DBHOST= \ + -e SCALOCK_DBNAME=scalock \ + -e SCALOCK_DBUSER=postgres \ + -e SCALOCK_DBPASSWORD= \ + -e SCALOCK_AUDIT_DBHOST= \ + -e SCALOCK_AUDIT_DBNAME=slk_audit \ + -e SCALOCK_AUDIT_DBUSER=postgres \ + -e SCALOCK_AUDIT_DBPASSWORD= \ + registry.aquasec.com/gateway:5.0 +``` + + The instructions to deploy the Enforcer are installation dependent and can be retrieved from Enforcers page on the Aqua console web ui. Open the 3-dot menu on the right side of the default enforcer group and select 'Copy Deployment Command'. + +### Sizing Guide +The sizing guidance below is based on a small kubernetes deployment as described in the following table: + +| Hosts | Pods | Gateways | Scanners | Enforcers | +| --- | --- | --- | --- | --- | +| 50 | 4000 | 1 | 10 | 50 | + +| Component | CPU (millicores) | RAM (GB) | Storage (GB) | +|-----------| --- | ------ | --- | +| Aqua Server | Min: 2,000 Rec: 3,000 | Min: 3.0 Rec: 5.0 | Min: 5.0 Rec: 6.0 | +| Aqua Gateway (each) | Min: 1,000 Rec: 1,000 | Min: 1.0 Rec: 2.0 | | +| Aqua Scanner (each) | Min: 500 Rec: 800 | Min: 2.0 Rec: 6.0 | Size of the largest image | +| Aqua Enforcer (each) | Min: 350 Rec: 500 | Min: 0.5 Rec: 1.5 | | +| PostgreSQL DB | Min: 2,000 Rec: 5,000 | Min: 10.0 Rec: 20.0 | Min: 50 Rec: 250 | + +#### Special note on "Local" scanning +Aqua Enterprise supports scanning images from the local host docker image store by specifiying the ``--local`` scanner command line switch. Therefore, the scanner-cli running within the scanner container requires access permissions to the docker socket. These can be provided by assigning the effective group of the container user to that of the docker with the docker ``--user`` command line switch or adding the docker group gid to the ``supplementalGroups`` list of the kubernetes deployment's ``securityContext``. \ No newline at end of file diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..7f10a52 --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,61 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "aqua-security/enterprise/scanner-5.3" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "5.3.21026-ubi8" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8-minimal" + BASE_TAG: "8.3" + +# Docker image labels +labels: + org.opencontainers.image.title: "scanner-5.3" + ## Human-readable description of the software packaged in the image + org.opencontainers.image.description: "Aqua Security Enterprise - scanner" + ## License(s) under which contained software is distributed + org.opencontainers.image.licenses: "proprietary" + ## URL to find more information on the image + # org.opencontainers.image.url: "FIXME" + ## Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "Aqua Security" + org.opencontainers.image.version: "5.3.21026-ubi8" + ## Keywords to help with search (ex. "cicd,gitops,golang") + # mil.dso.ironbank.image.keywords: "FIXME" + ## This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + ## Product the image belongs to for grouping multiple images + # mil.dso.ironbank.product.name: "FIXME" + +# List of resources to make available to the offline build context +resources: +- auth: + id: aquasec-credential + type: basic + filename: aquasec-scanner-5.3.21026-ubi8.tar.gz + url: https://download.aquasec.com/aquasec/csp/scanner/5.3/aquasec-scanner-5.3.21026-ubi8.tar.gz + validation: + type: sha256 + value: f9c4dc569368a58ecfa017bcbd145e8f796ad556a5ec28c9cb9a9b180af69bc5 + +# List of project maintainers +# FIXME: Fill in the following details for the current container owner in the whitelist +# FIXME: Include any other vendor information if applicable +maintainers: +- email: "aviv.shavit@aquasec.com" +# # The name of the current container owner + name: "Aviv Shavit" +# # The gitlab username of the current container owner + username: "avivataqua" +# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT +- name: "Al Fontaine" + username: "alfontaine" + email: "alan.fontaine@centauricorp.com" -- GitLab From 467850fa693e440e675a4b232e8272a5b6fd74f5 Mon Sep 17 00:00:00 2001 From: Aviv Shavit Date: Sun, 7 Feb 2021 13:57:42 +0200 Subject: [PATCH 2/5] update 21026 - update to release 5.3 (artifacts generated from server@1cfdcea) --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index ada07fb..dd07e0d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ ENV VERSION=${AQUA_VERSION}.${AQUA_TAG} ARG CONTAINER=scanner ARG COMPONENT=scanner ARG BUILDDATE -ARG COMMIT=1b329dd +ARG COMMIT=1cfdcea # 'LABEL' instructions should include at least the following information and any other helpful details. LABEL name="Aqua Enterprise ${CONTAINER}" \ @@ -60,7 +60,7 @@ RUN rm -rf /build RUN groupadd -g 11433 --system aqua && \ - adduser --home-dir /home/aqua --comment "aqua user" --shell /sbin/nologin -g aqua --system -u 11433 aqua && \ + adduser -m --home-dir /home/aqua --comment "aqua user" --shell /sbin/nologin -g aqua --system -u 11431 aqua && \ chown -R aqua:root /opt/aquasec && chown -R aqua:root /opt/aquascans RUN microdnf remove ${BUILD_ONLY_PACKAGES} @@ -77,5 +77,5 @@ VOLUME /opt/aquascans WORKDIR /opt/aquasec/ HEALTHCHECK --timeout=5s CMD /opt/aquasec/scannercli version || exit 1 -USER 11433 +USER 11431 ENTRYPOINT ["/opt/aquasec/scannercli"] \ No newline at end of file -- GitLab From 3c48c91dc7b7d2c9396372f4f710152703dad74e Mon Sep 17 00:00:00 2001 From: Jeffrey Weatherford Date: Mon, 8 Feb 2021 14:02:53 +0000 Subject: [PATCH 3/5] Update Dockerfile to remove label directives since those cause warnings during pre-flight. --- Dockerfile | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index dd07e0d..14c78d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,15 +2,14 @@ # '--build-arg' when building locally to replace these values # If your container is not based on either the ubi7/ubi8 Iron Bank images, then it should be based on a different Iron Bank image # Note that you will not be able to pull containers from nexus-docker-secure.levelup-dev.io into your local dev machine -ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_REGISTRY=repo1.dso.mil ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal ARG BASE_TAG=8.3 # FROM statement must reference the base image using the three ARGs established FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -# needed again for label below -ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_REGISTRY=repo1.dso.mil ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal ARG BASE_TAG=8.3 @@ -25,20 +24,6 @@ ARG COMPONENT=scanner ARG BUILDDATE ARG COMMIT=1cfdcea -# 'LABEL' instructions should include at least the following information and any other helpful details. -LABEL name="Aqua Enterprise ${CONTAINER}" \ - maintainer="admin@aquasec.com" \ - vendor="Aqua Security Software Ltd." \ - summary="Aqua Security Enterprise - ${CONTAINER}" \ - description="Aqua Security Enterprise - ${CONTAINER}" -LABEL com.aquasec.release=${VERSION} -LABEL com.aquasec.version=${VERSION} -LABEL com.aquasec.component=$COMPONENT -LABEL com.aquasec.builddate=${BUILDDATE} -LABEL com.aquasec.commit=${COMMIT} -LABEL com.aquasec.baseimage=${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - - ENV BUILD_ONLY_PACKAGES="tar gzip shadow-utils" RUN microdnf install $BUILD_ONLY_PACKAGES @@ -78,4 +63,4 @@ WORKDIR /opt/aquasec/ HEALTHCHECK --timeout=5s CMD /opt/aquasec/scannercli version || exit 1 USER 11431 -ENTRYPOINT ["/opt/aquasec/scannercli"] \ No newline at end of file +ENTRYPOINT ["/opt/aquasec/scannercli"] -- GitLab From 2f0e7be6271e7e81997d5865a6e5125df90a0ede Mon Sep 17 00:00:00 2001 From: Aviv Shavit Date: Fri, 12 Feb 2021 01:24:48 +0200 Subject: [PATCH 4/5] update 21026 dod artifacts update: *add lables and update resource file checksum in hardening.yaml - update to release 5.3 (artifacts generated from server@a2831d5) --- Dockerfile | 20 ++------------ hardening_manifest.yaml | 58 +++++++++++++++++++++++------------------ 2 files changed, 34 insertions(+), 44 deletions(-) diff --git a/Dockerfile b/Dockerfile index 14c78d6..1964c5c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,32 +2,17 @@ # '--build-arg' when building locally to replace these values # If your container is not based on either the ubi7/ubi8 Iron Bank images, then it should be based on a different Iron Bank image # Note that you will not be able to pull containers from nexus-docker-secure.levelup-dev.io into your local dev machine -ARG BASE_REGISTRY=repo1.dso.mil +ARG BASE_REGISTRY=registry1.dsop.io ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal ARG BASE_TAG=8.3 # FROM statement must reference the base image using the three ARGs established FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ARG BASE_REGISTRY=repo1.dso.mil -ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8-minimal -ARG BASE_TAG=8.3 - -# Aqua release version -ARG AQUA_VERSION=5.3 -# Aqua update version tag -ARG AQUA_TAG=21026-ubi8 -ENV VERSION=${AQUA_VERSION}.${AQUA_TAG} -# Aqua container type -ARG CONTAINER=scanner -ARG COMPONENT=scanner -ARG BUILDDATE -ARG COMMIT=1cfdcea - ENV BUILD_ONLY_PACKAGES="tar gzip shadow-utils" RUN microdnf install $BUILD_ONLY_PACKAGES -ARG TARBALL="aquasec-${CONTAINER}-${AQUA_VERSION}.${AQUA_TAG}.tar.gz" +ARG TARBALL="aquasec-scanner-5.3.21026-ubi8.tar.gz" RUN mkdir -p /build /opt/aquascans @@ -51,7 +36,6 @@ RUN groupadd -g 11433 --system aqua && \ RUN microdnf remove ${BUILD_ONLY_PACKAGES} RUN microdnf clean all - # dodTODO: pending SLK-28283 # Removing of microdnf must be after we use it #COPY _package/remove-vulnerable-packages / diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 7f10a52..2223fc9 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1,21 +1,16 @@ ---- apiVersion: v1 - # The repository name in registry1, excluding /ironbank/ name: "aqua-security/enterprise/scanner-5.3" - # List of tags to push for the repository in registry1 # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.3.21026-ubi8" -- "latest" - + - "5.3.21026-ubi8" + - "latest" # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "redhat/ubi/ubi8-minimal" BASE_TAG: "8.3" - # Docker image labels labels: org.opencontainers.image.title: "scanner-5.3" @@ -34,28 +29,39 @@ labels: mil.dso.ironbank.image.type: "commercial" ## Product the image belongs to for grouping multiple images # mil.dso.ironbank.product.name: "FIXME" - + name: "Aqua Enterprise scanner" + maintainer: "admin@aquasec.com" + vendor: "Aqua Security Software Ltd." + summary: "Aqua Security Enterprise - scanner" + description: "Aqua Security Enterprise - scanner" + com.aquasec.builddate: "2021-01-26T09:44:48" + com.aquasec.commit: "3e586a1" + com.aquasec.component: "scannercli" + com.aquasec.release: "5.3.0" + com.aquasec.version: "5.3.0" + com.aquasec.dod.commit: "a2831d5" + com.aquasec.dod.builddate: "2021-02-12T01:24+02:00" + com.aquasec.baseimage: "registry1.dsop.io/ironbank/redhat/ubi/ubi8-minimal:8.3" # List of resources to make available to the offline build context resources: -- auth: - id: aquasec-credential - type: basic - filename: aquasec-scanner-5.3.21026-ubi8.tar.gz - url: https://download.aquasec.com/aquasec/csp/scanner/5.3/aquasec-scanner-5.3.21026-ubi8.tar.gz - validation: - type: sha256 - value: f9c4dc569368a58ecfa017bcbd145e8f796ad556a5ec28c9cb9a9b180af69bc5 - + - auth: + id: aquasec-credential + type: basic + filename: aquasec-scanner-5.3.21026-ubi8.tar.gz + url: https://download.aquasec.com/aquasec/csp/scanner/5.3/aquasec-scanner-5.3.21026-ubi8.tar.gz + validation: + type: sha256 + value: 6d94980668fbccf603210bf4710bba8a516ced5c72ac21252df286a53acb0f44 # List of project maintainers # FIXME: Fill in the following details for the current container owner in the whitelist # FIXME: Include any other vendor information if applicable maintainers: -- email: "aviv.shavit@aquasec.com" -# # The name of the current container owner - name: "Aviv Shavit" -# # The gitlab username of the current container owner - username: "avivataqua" -# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT -- name: "Al Fontaine" - username: "alfontaine" - email: "alan.fontaine@centauricorp.com" + - email: "aviv.shavit@aquasec.com" + # # The name of the current container owner + name: "Aviv Shavit" + # # The gitlab username of the current container owner + username: "avivataqua" + # cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT + - name: "Al Fontaine" + username: "alfontaine" + email: "alan.fontaine@centauricorp.com" -- GitLab From cf3569c7b6d897c56a199e9ea99f04a8dde2e93b Mon Sep 17 00:00:00 2001 From: Aviv Shavit Date: Thu, 11 Mar 2021 13:37:57 +0200 Subject: [PATCH 5/5] update 21026 - update to release 5.3 (artifacts generated from server@ee4e544) --- hardening_manifest.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 2223fc9..9358b55 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -29,18 +29,14 @@ labels: mil.dso.ironbank.image.type: "commercial" ## Product the image belongs to for grouping multiple images # mil.dso.ironbank.product.name: "FIXME" - name: "Aqua Enterprise scanner" - maintainer: "admin@aquasec.com" - vendor: "Aqua Security Software Ltd." - summary: "Aqua Security Enterprise - scanner" - description: "Aqua Security Enterprise - scanner" + com.aquasec.builddate: "2021-01-26T09:44:48" com.aquasec.commit: "3e586a1" com.aquasec.component: "scannercli" com.aquasec.release: "5.3.0" com.aquasec.version: "5.3.0" - com.aquasec.dod.commit: "a2831d5" - com.aquasec.dod.builddate: "2021-02-12T01:24+02:00" + com.aquasec.dod.commit: "ee4e544" + com.aquasec.dod.builddate: "2021-03-11T13:37+02:00" com.aquasec.baseimage: "registry1.dsop.io/ironbank/redhat/ubi/ubi8-minimal:8.3" # List of resources to make available to the offline build context resources: -- GitLab