From 2a4c3e995eec94c19af5f85214a5daf3ffd34fdd Mon Sep 17 00:00:00 2001 From: Joshua Eason Date: Mon, 26 Oct 2020 14:38:45 +0000 Subject: [PATCH 01/57] Removing CC lines in issue templates --- .gitlab/issue_templates/Application - Archive.md | 3 +-- .gitlab/issue_templates/Application - Initial.md | 3 +-- .gitlab/issue_templates/Application - Update.md | 3 +-- .gitlab/issue_templates/Bug.md | 3 +-- .gitlab/issue_templates/Feature Request.md | 3 +-- .gitlab/issue_templates/New Findings.md | 3 +-- .gitlab/issue_templates/Pipeline Failure.md | 3 +-- README.md | 2 +- 8 files changed, 8 insertions(+), 15 deletions(-) diff --git a/.gitlab/issue_templates/Application - Archive.md b/.gitlab/issue_templates/Application - Archive.md index 9f3b5fe..a558faa 100644 --- a/.gitlab/issue_templates/Application - Archive.md +++ b/.gitlab/issue_templates/Application - Archive.md @@ -17,5 +17,4 @@ Requesting this application be archived due to one of the following reasons: - [ ] Iron Bank frontend no longer lists application as available or approved -/label ~"Container::Archive" -/cc @ironbank-notifications/archive \ No newline at end of file +/label ~"Container::Archive" \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Initial.md b/.gitlab/issue_templates/Application - Initial.md index 6594a05..b7acebd 100644 --- a/.gitlab/issue_templates/Application - Initial.md +++ b/.gitlab/issue_templates/Application - Initial.md @@ -28,5 +28,4 @@ Approval Process (container hardening team processes): -/label ~"Container::Initial" -/cc @ironbank-notifications/cht \ No newline at end of file +/label ~"Container::Initial" \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Update.md b/.gitlab/issue_templates/Application - Update.md index caebb3e..d95cb35 100644 --- a/.gitlab/issue_templates/Application - Update.md +++ b/.gitlab/issue_templates/Application - Update.md @@ -31,5 +31,4 @@ Approval Process: -/label ~"Container::Update" -/cc @ironbank-notifications/updates \ No newline at end of file +/label ~"Container::Update" \ No newline at end of file diff --git a/.gitlab/issue_templates/Bug.md b/.gitlab/issue_templates/Bug.md index 1427a0c..2030c24 100644 --- a/.gitlab/issue_templates/Bug.md +++ b/.gitlab/issue_templates/Bug.md @@ -33,5 +33,4 @@ logs, and code as it's very hard to read otherwise.) - [ ] Bug has been identified and corrected within the container -/label ~Bug -/cc @ironbank-notifications/bug \ No newline at end of file +/label ~Bug \ No newline at end of file diff --git a/.gitlab/issue_templates/Feature Request.md b/.gitlab/issue_templates/Feature Request.md index a0e2f19..94aea9a 100644 --- a/.gitlab/issue_templates/Feature Request.md +++ b/.gitlab/issue_templates/Feature Request.md @@ -28,5 +28,4 @@ - [ ] Feature has been implemented -/label ~Feature -/cc @ironbank-notifications/feature \ No newline at end of file +/label ~Feature \ No newline at end of file diff --git a/.gitlab/issue_templates/New Findings.md b/.gitlab/issue_templates/New Findings.md index 068d029..1fd613d 100644 --- a/.gitlab/issue_templates/New Findings.md +++ b/.gitlab/issue_templates/New Findings.md @@ -16,5 +16,4 @@ Approval Process: -/label ~"Container::New Findings" -/cc @ironbank-notifications/security \ No newline at end of file +/label ~"Container::New Findings" \ No newline at end of file diff --git a/.gitlab/issue_templates/Pipeline Failure.md b/.gitlab/issue_templates/Pipeline Failure.md index 28b82a9..dd6ab98 100644 --- a/.gitlab/issue_templates/Pipeline Failure.md +++ b/.gitlab/issue_templates/Pipeline Failure.md @@ -27,5 +27,4 @@ - [ ] Pipeline failure has been resolved -/label ~Pipeline -/cc @ironbank-notifications/pipelines \ No newline at end of file +/label ~Pipeline \ No newline at end of file diff --git a/README.md b/README.md index f2a2b88..5dc6fa6 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ -# master-project-template +# Project template for all Iron Bank container repositories. \ No newline at end of file -- GitLab From fb4c993c0c29da108d218f708cc200aa95af9514 Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Mon, 26 Oct 2020 15:35:38 +0000 Subject: [PATCH 02/57] Update Application - Update.md --- .gitlab/issue_templates/Application - Update.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitlab/issue_templates/Application - Update.md b/.gitlab/issue_templates/Application - Update.md index d95cb35..15567be 100644 --- a/.gitlab/issue_templates/Application - Update.md +++ b/.gitlab/issue_templates/Application - Update.md @@ -19,6 +19,9 @@ Hardening: - [ ] Container version has been updated in greylist file - [ ] Branch has been merged into `development` +No new findings: +- [ ] There are no new findings in this update. Skip the Justifications and Approval Process steps and apply the label ~"Approval". + Justifications: - [ ] All findings have been justified per the above documentation - [ ] Justifications have been provided to the container hardening team -- GitLab From ea023535253eef5de73d6c352d71f0161ff17e78 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 11 Nov 2020 19:31:07 +0000 Subject: [PATCH 03/57] Initial docker file submission. Will need a bit more refinement. --- Dockerfile | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..63f0317 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,33 @@ +ARG BASE_REGISTRY=registry.access.redhat.com +ARG BASE_IMAGE=ubi8 +ARG BASE_TAG=8.2 +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +LABEL name="GrammaTech SAST Server" \ + maintainer="jschaffer@grammatech.com" \ + vendor="GrammaTech" \ + version="5.4p0" \ + release="1" \ + summary="GrammaTech CodeSonar Hub" \ + description="GrammaTech CodeSonar Hub" + + + +RUN yum -y update \ + && yum clean all + +ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz +COPY ["${CODESONAR_PACKAGE}", "/opt"] +RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt +RUN rm -rf /opt/${CODESONAR_PACKAGE} +RUN mkdir /opt/codesonar-hubs +RUN useradd -ms /bin/bash codesonar &&\\ + chown -R codesonar:codesonar "/opt/codesonar*" + +#adjust some options +RUN rm /opt/codesonar/UNACCEPTED_LICENSE.txt +RUN touch /opt/codesonar/TELEMETRY_DISABLED +# Sanity check that we didn't forget anything above--this will fail if we did. +RUN /opt/codesonar/codesonar/bin/codesonar activate + +EXPOSE 7340 \ No newline at end of file -- GitLab From 563dd147fd96b0beb742dc6d33a5b0f2faca8e4b Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 11 Nov 2020 19:32:26 +0000 Subject: [PATCH 04/57] Initial download.json. Needs token to be set --- download.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 download.json diff --git a/download.json b/download.json new file mode 100644 index 0000000..7582b70 --- /dev/null +++ b/download.json @@ -0,0 +1,16 @@ +flora:/Users/markhermeling/IronBank-hub % vi download.json + +{ + "resources": [ + { + "url": "https://download.grammatech.com/diracc2011/codesonar-5.4/codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz", + "filename": "codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz", + "validation": { + "type": "sha256", + "value": "1d0d47a2a5cde4e88d04397bcdb107188b6e999b3a2ccde5b4dddb05677b83be" + }, + "auth": { "type": "basic","id": "grammatech-codesonar" }, + "tls_verify": true + } + ] +} -- GitLab From 58f19985459939f9c61b2690ac557bd630fd75f1 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 11 Nov 2020 19:33:27 +0000 Subject: [PATCH 05/57] Update download.json --- download.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/download.json b/download.json index 7582b70..d22b02f 100644 --- a/download.json +++ b/download.json @@ -1,5 +1,3 @@ -flora:/Users/markhermeling/IronBank-hub % vi download.json - { "resources": [ { -- GitLab From 7b7aeb9b58916af03321f5c18d8d206456489974 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 11 Nov 2020 19:34:02 +0000 Subject: [PATCH 06/57] Add new file --- Jenkinsfile | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 Jenkinsfile diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..499fe35 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,2 @@ +@Library('DCCSCR@master') _ +dccscrPipeline(version: "1.4.2") \ No newline at end of file -- GitLab From 5b1f6ae53c6b974a78e49805c781653c1b4da359 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Sat, 14 Nov 2020 20:12:45 +0000 Subject: [PATCH 07/57] Add correct credentials (from @balexander) --- download.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/download.json b/download.json index d22b02f..6536fd1 100644 --- a/download.json +++ b/download.json @@ -7,7 +7,7 @@ "type": "sha256", "value": "1d0d47a2a5cde4e88d04397bcdb107188b6e999b3a2ccde5b4dddb05677b83be" }, - "auth": { "type": "basic","id": "grammatech-codesonar" }, + "auth": { "type": "basic","id": "grammatech" }, "tls_verify": true } ] -- GitLab From b0418572d1ecf2e2f0801455777ce83a66d10c8d Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Sat, 14 Nov 2020 21:53:46 +0000 Subject: [PATCH 08/57] Add new directory --- scripts/.gitkeep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 scripts/.gitkeep diff --git a/scripts/.gitkeep b/scripts/.gitkeep new file mode 100644 index 0000000..e69de29 -- GitLab From eb72857f60599a64924a6f4d5468327ac67ebbaf Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Sat, 14 Nov 2020 22:01:30 +0000 Subject: [PATCH 09/57] Add new file --- scripts/codesonar-exec.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 scripts/codesonar-exec.sh diff --git a/scripts/codesonar-exec.sh b/scripts/codesonar-exec.sh new file mode 100644 index 0000000..524fe62 --- /dev/null +++ b/scripts/codesonar-exec.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +echo "Starting hub in /home/codesonar/hub" + +/opt/codesonar/codesonar/bin/codesonar hub-start /home/codesonar/hub + +echo "Hub started..." +while [ 1 ] +do +echo "Hub running" +sleep 60 +done \ No newline at end of file -- GitLab From 4baa5e54543a410cc0d77a38c8aae2143a402909 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Sat, 14 Nov 2020 22:03:07 +0000 Subject: [PATCH 10/57] Add new file --- scripts/codesonar-health-check.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 scripts/codesonar-health-check.sh diff --git a/scripts/codesonar-health-check.sh b/scripts/codesonar-health-check.sh new file mode 100644 index 0000000..960821a --- /dev/null +++ b/scripts/codesonar-health-check.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +curl -s http://codesonar:7340 -o /dev/null 2>&1 \ No newline at end of file -- GitLab From f72ea09c2143e88a83dda937b03245f9f3962c27 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Sat, 14 Nov 2020 22:05:08 +0000 Subject: [PATCH 11/57] Update Dockerfile --- Dockerfile | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 63f0317..ebdb483 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ARG BASE_TAG=8.2 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} LABEL name="GrammaTech SAST Server" \ - maintainer="jschaffer@grammatech.com" \ + maintainer="mhermeling@grammatech.com" \ vendor="GrammaTech" \ version="5.4p0" \ release="1" \ @@ -20,14 +20,27 @@ ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz COPY ["${CODESONAR_PACKAGE}", "/opt"] RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt RUN rm -rf /opt/${CODESONAR_PACKAGE} -RUN mkdir /opt/codesonar-hubs -RUN useradd -ms /bin/bash codesonar &&\\ - chown -R codesonar:codesonar "/opt/codesonar*" +RUN ln -s /opt/codesonar-5.4p0 /opt/codesonar +RUN useradd -ms /bin/bash codesonar + +RUN mkdir /home/codesonar/hub + +COPY scripts/* /opt/ +RUN chmod +x /opt/codesonar-exec.sh && \ + chmod +x /opt/codesonar-health-check.sh + +VOLUME [ /home/codesonar ] + +HEALTHCHECK --interval=30s --timeout=30s --start-period=180s --retries=3 CMD /opt/codesonar-health-check.sh + #adjust some options RUN rm /opt/codesonar/UNACCEPTED_LICENSE.txt RUN touch /opt/codesonar/TELEMETRY_DISABLED -# Sanity check that we didn't forget anything above--this will fail if we did. -RUN /opt/codesonar/codesonar/bin/codesonar activate -EXPOSE 7340 \ No newline at end of file +USER codesonar +WORKDIR /home/codesonar + +EXPOSE 7340 + +CMD /opt/codesonar-exec.sh \ No newline at end of file -- GitLab From a9d40bdcf6e231ae63c7a1f560d9f8679fc5eb96 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Sun, 15 Nov 2020 03:16:54 +0000 Subject: [PATCH 12/57] 2020.4 --- LICENSE | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d541b11 --- /dev/null +++ b/LICENSE @@ -0,0 +1,79 @@ +GRAMMATECH SOFTWARE LICENSE AGREEMENT +Version 2020.4.0 +UNLESS YOU HAVE ENTERED INTO A SEPARATE, DULY SIGNED LICENSE AGREEMENT WITH GRAMMATECH OR AN AUTHORIZED DISTRIBUTOR, YOU AGREE TO BE BOUND BY THE TERMS OF THIS SOFTWARE LICENSE AGREEMENT, WITHOUT EXCEPTION, BY INSTALLING, COPYING, OR OTHERWISE USING THE SOFTWARE. IF YOU DO NOT ACCEPT ALL OF THE TERMS OF THIS SOFTWARE LICENSE, YOU ARE NOT PERMITTED TO POSSESS, INSTALL, OR USE THE SOFTWARE IN ANY MANNER. +This Software License is between you, the end-user ("You") and GrammaTech, Inc. ("GrammaTech") (“Agreement” or “Software License”). "You" means the person or legal entity that has accepted this Software License. Together with the Quotation and/or Invoice document You have received from GrammaTech or from an authorized GrammaTech distributor (“Purchase Document”), it forms a legal contract between You and GrammaTech. It limits what You may do with the GrammaTech software licensed and its documentation, printed or electronic (collectively the "Software"). +It does not extend to or include any parent, subsidiary, or affiliated organization or entity. If you are using the Software as an employee, your employer is the licensee and may have already accepted a version of this Software License. In all other circumstances, you are binding your employer to this Software License. If in such a case, you are not authorized to bind your employer, you are not permitted to install and/or use the Software. +What You may do with the Software under this Software License, and the applicability of certain terms thereof, depends on whether you have paid for a “Commercial License” or have been provided an “Evaluation License” by GrammaTech or an authorized GrammaTech distributor. If You have paid GrammaTech for software maintenance services, Part II (Software Maintenance Services) also applies to You. +PART I. License +1 License Granted. GrammaTech grants to You a non-exclusive, non-transferable, non-sublicensable license to use, in the form delivered, the Software, including a right to make a reasonable number of copies of the Software only for backup and recovery purposes, for the term, as set forth herein, or until terminated: +1.1 Commercial License +1.1.1 to analyze Your source or binary code for the purpose of assessing, correcting, or improving Your code; or +1.1.2 if the purchased license includes and authorizes the capability to do so, then to use the Software to modify Your source or binary code for internal use only, as part of Your development and testing processes, and not for use in production environments or for distribution. +1.1.2.1 Use of the functionality referenced in subsection 1.1.2 may add to, modify, and/or delete portions of the binary code to which it is applied and is not intended for use in production environments or distribution. GRAMMATECH SHALL NOT BE LIABLE IN ANY INSTANCE FOR DAMAGES IN ANY FORM FOR USE OF THE FUNCTIONALITY REFERENCED IN SUBSECTION 1.1.2 IN PRODUCTION ENVIRONMENTS AND YOU SHALL INDEMNIFY, WITHOUT LIMIT, GRAMMATECH FROM ANY AND ALL CLAIMS, DAMAGES, AND LIABILITY RESULTING FROM YOUR USE THEREIN. +1.2 Evaluation License +1.2.1 to assess the feasibility and utility of applying the Software to Your source and/or binary code for a potential purchase of the Software. Any output produced during such evaluation shall not be used in connection with development or production of any software, nor retained after the termination of the Evaluation License. +2 Limitations on Software Use. You may not: +2.1 rent, lease, sell, lend, license, transfer, or otherwise permit any person or entity other than You to use the Software in any manner; +2.2 disclose Software output, including, but not limited to, the results of any benchmark test of the Software, or Software documentation to any third party without GrammaTech’s prior written approval; +2.2.1 Notwithstanding subsection 2.2 and without limiting any other term of the Agreement, You may provide access to the Software, Software output, and Software documentation to third-parties requiring access to the Software, Software output, or Software documentation (“Authorized Parties”) that are legally obligated to strictly comply with the terms of this Agreement, including confidentiality obligations and applicable export controls, solely for Your benefit, provided that: (i) You are responsible for all acts and omissions of the Authorized Parties with respect to the Software licensed under this Agreement, including, but not limited to any breach thereby and indemnification of GrammaTech, without limit, including, but not limited to any reasonable attorneys fees as they are incurred, with respect to any and all claims arising from or related to the Authorized Parties’ use or access to the Software, Software output, or Software documentation; and (ii) You ensure that the Software, Software output, and Software documentation is completely retrieved from any Authorized Parties immediately upon the earlier of the completion of the term of the Agreement or the completion of the Authorized Parties’ services on Your behalf or need for the access permitted under this subsection. +2.3 use the Software as part of a service business in which You review the code of third parties; +2.4 make any copy of the Software or Software output without including the copyright or any other intellectual property notices and any other restrictive legends contained in the Software as it was furnished to You by GrammaTech or produced by the Software. +2.5 reverse engineer, decompile, disassemble, decipher, modify, create derivative works from the Software, or attempt to do any of the following: (i) retarget the Software for other source languages or instruction set architectures; (ii) use the Software to implement a compiler (direct translation to machine code); or (iii) circumvent or any manner interfere with the operation of any license management functionality or configuration of the Software, including, but not limited to license keys. +3 Use of Confidential Information. +3.1 During the term of this Software License, You may disclose Confidential Information to GrammaTech and GrammaTech may disclose Confidential Information to You. +3.2 "Confidential Information" means any and all technical and non-technical information or know-how of a proprietary, confidential, or trade secret nature owned by a disclosing party, in whatever form, including but not limited to, techniques, sketches, drawings, models, inventions, processes, apparatus, equipment, algorithms, software programs, software source documents, manuals and documentation related to the software programs, license keys or passwords, methods and concepts embodied in such software, and formulae related to current and future proposed products and services of each of the parties, including, without limitation, information concerning research, experimental work, development, design details and specifications, engineering, pricing, including that contained in any quotation or invoice, financial information, procurement requirements, purchasing, manufacturing, customer lists, business forecasts, sales and merchandising, marketing plans, regardless of whether it has been marked or designated as confidential and, in addition, any other information not covered by one of the aforementioned categories that is designated as proprietary, confidential, or trade secret, that is disclosed to the receiving party in any form, including, but not limited to in writing, electronically, visually, or orally. Software and Software output are included in the definition of Confidential Information. +3.3 Confidential Information does not include that which: (i) is, at the time of disclosure, available to the public, or subsequently becomes available to the general public without restriction by the disclosing party; (ii) the recipient can demonstrate was known to the recipient at the time of disclosure without restrictions on its use; (iii) is independently developed by the recipient without reference to or use of the Confidential Information; (iv) is disclosed without restriction to the recipient from a source other than the disclosing party who is not under any obligation of confidentiality with respect to such information; or (v) disclosing party notifies recipient in writing that it may disclose. +3.4 Except as otherwise permitted herein, neither You nor GrammaTech will disclose Confidential Information of the other to any third party. The recipient of Confidential Information shall not use Confidential Information except as necessary to exercise the rights granted herein or to evaluate opportunities to license additional Software. The receiving party agrees not to disclose the Confidential Information of the disclosing party to any person or entity, except to the receiving party’s employees or Authorized Parties who have signed a confidentiality agreement or are otherwise obligated to maintain the confidentiality of the Confidential Information in a manner at least as restrictive as the terms in this Software License. The receiving party agrees that it shall treat the Confidential Information of the disclosing party with the same degree of care as it accords to its own Confidential Information, but no less than reasonable care. +3.5 You shall not use or disclose GrammaTech’s Confidential Information and/or the Software, in whole or in part, to produce or have produced for You products similar to, derived from, or a replacement for the Software. +3.6 The recipient of Confidential Information is permitted to disclose only such portion of the Confidential Information under any governmental or judicial order, provided that the party so ordered shall and has promptly notified the disclosing party sufficiently in advance of the disclosure, if not prohibited from doing so by said order, so that the disclosing party has the opportunity to protect the Confidential Information with a confidentiality order or other treatment prior to the disclosure. Notwithstanding disclosure as permitted in this subsection, the disclosing party’s Confidential Information shall remain Confidential Information to the extent not entered into the public record. +3.7 You agree that GrammaTech and its affiliates may collect and use technical information gathered as part of the product support services provided to You, if any, related to the Software. The Software also includes functionality that collects a limited set of general Software usage information and sends it to GrammaTech to be used for improvement of the product and customer support purposes. The information collected includes, but is not limited to, the operating system on which the Software is running, compiler information, and counts of pre-selected events. This functionality is turned off by default and requires affirmative opt in at the time of installation of the Software. The functionality is NOT designed to collect personally identifiable or sensitive information, including, but not limited to, information about the code being analyzed, company or user names, customizations that may have been made to Your installation. GrammaTech, without any form of remuneration, may use, for any purpose in perpetuity, this information, including, but not limited to, suggested functionality or features, to improve its products and/or to provide customized services or technologies to You and will not disclose this information in a form that identifies You or any of Your Confidential Information. +4 Term and Termination. +4.1 Unless otherwise specified, including, but not limited to, in a separate signed agreement, the term of this Software License begins when you have downloaded the Software and accepted the terms hereof. The Software License may be renewed for a period, agreed upon by You and GrammaTech, by Your payment of an Invoice, within thirty (30) days of issuance by GrammaTech to You, referencing the Software License. Any inconsistent and/or additional terms contained within any document You provide to GrammaTech related to such renewal shall be of no effect. +4.2 Unless otherwise specified, this Software License shall automatically terminate: (i) if GrammaTech has not received full payment for the license within the agreed-upon credit period (if no period is specified such period shall be thirty (30) days); (ii) upon the expiration of the Software license key provided to You by GrammaTech; or (iii) You become insolvent or make an assignment for the benefit of creditors, or a trustee or receiver is appointed for You or for a substantial part of Your assets, or bankruptcy, reorganization or insolvency proceedings shall be instituted by or against You. This Software License is not assignable or assumable. If no Software license key has been provided, You are not permitted to use the Software in any manner. +4.3 Without prejudice to any other rights, GrammaTech reserves the right to terminate an Evaluation License at any time and may terminate a Commercial License at any time if You fail to comply with any provision of the Software License. +4.4 Upon termination of this Software License, for any reason, (i) You and Authorized Parties are no longer authorized to use the Software, or any derivative of the Software, in any manner whatsoever, and (ii) You agree to cease using the Software and to destroy or erase all copies, portions, extracts, or modifications of the Software, including Software documentation, in Your possession, custody, or control and that of any Authorized Parties. +4.5 Upon termination of Your license, for any reason other than the expiration of a Commercial License time-limited Term (e.g., one year), (i) You and Authorized Parties are no longer authorized to use the Software output in any manner whatsoever, and (ii) You agree to cease using the Software output and to destroy or erase all copies, extracts and modifications of it in Your possession, custody, or control and that of any Authorized Parties. Upon the termination of Your Commercial License by expiration of a time-limited Term, You may retain and use the Software output. +4.6 Notwithstanding the termination of this Software License, sections 2, 3, 4.4, 4.5, and 5-17 shall survive termination of this Software License. +5 Ownership/Proprietary Rights. You acknowledge and agree that: +5.1 GrammaTech and, as applicable, GrammaTech’s suppliers and licensors, reserve all rights in the Software not expressly granted to You in this Software License. The Software is licensed, not sold, and remains the exclusive property of GrammaTech and, as applicable, its suppliers and licensors who retain the title, copyright, and all other intellectual property rights in the Software. This Software License gives You no rights to the content of the Software; +5.2 The Software is protected by copyright and other intellectual property laws and treaties, including but not limited to those of the United States of America. You will abide by the copyright law and all other applicable laws of the United States including, but not limited to, export control laws; +5.3 The Software in source code form remains a confidential trade secret of GrammaTech and, as applicable, its suppliers and its licensors and, therefore, You will not modify the Software or attempt to decipher, decompile, disassemble, or reverse engineer the Software, except to the extent applicable laws may specifically prohibit such restriction; +5.4 CodeSonar®, CodeSurfer®, CodeSentry® are registered trademarks of GrammaTech; +5.5 Unless You have purchased Software Maintenance Services, GrammaTech has no obligation to maintain the Software, and if it chooses to maintain the Software it has no obligation to You related thereto. Notwithstanding, GrammaTech has no obligation to maintain versions of the Software that have reached the end of lifecycle, as determined by GrammaTech; +5.6 You represent and warrant that You have the right, title, or grant of license to analyze, modify, and/or use the Software in conjunction with the source and/or binary code to which You apply the Software. You shall defend, indemnify, and hold GrammaTech, its officers, directors, employees, licensors, and suppliers harmless from any and all claims, suits, damages, costs, and expenses, including reasonable attorneys fees as they are incurred, that You do not have the right, title, or license to use the Software as warranted by You. GrammaTech will provide (i) a prompt written request for indemnification or defense; (ii) sole control and authority over the defense or settlement thereof; and (iii) at Your expense, all available information, assistance and authority reasonably necessary to settle and/or defend any such claim or action. You shall have no authority to enter into or acquiesce to any settlement containing any admission of or stipulation to any guilt, fault, liability or wrongdoing on the part of GrammaTech or which would otherwise adversely affect GrammaTech without GrammaTech’s prior written consent; and +5.7 The Software may contain third-party software provided under separate license terms, including, but not limited to open source software. The applicable license terms associated with such are identified in the Software Documentation and can also be provided upon request within a reasonable period of time thereafter. Your use of such third-party software in conjunction with the Software in a manner consistent with the terms of this Software License is permitted. However, you may have broader rights under the applicable license(s) with respect to the separate use of such third-party software and nothing in this Software License is intended to impose further restrictions on your use of such third-party software as provided for in the separate license. ALL THIRD-PARTY SOFTWARE, INCLUDING, BUT NOT LIMITED TO OPEN SOURCE SOFTWARE IS PROVIDED “AS-IS” AND WITHOUT WARRANTY OF ANY KIND, WHICH ARE HEREBY DISCLAIMED BY GRAMMATECH AND ALL LICENSORS OF THIRD-PARTY SOFTWARE, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ANY WARRANTIES RELATING TO THE RELIABILITY, AVAILABILITY, LACK OF VIRUSES OR OTHER MALWARE, LACK OF NEGLIGENCE, CONDITION OF TITLE, QUIET TITLE OR POSSESSION, CORRESPONDENCE TO DESCRIPTION, OR NON-INFRINGEMENT. GRAMMATECH AND THE LICENSORS OF THIRD-PARTY SOFTWARE SHALL HAVE NO LIABILITY FOR DAMAGES OF ANY KIND, INCLUDING, BUT NOT LIMITED TO DIRECT, INDIRECT, LOST PROFITS, LOST DATA, PUNITIVE, SPECIAL, CONSEQUENTIAL, OR SIMILAR DAMAGES UNDER ANY THEORY OF LIABILITY ARISING OR RELATED TO THE USE OF DISCLOSURE OF THIRD-PARTY SOFTWARE. +6 Warranties and Disclaimers. +6.1 GrammaTech makes no representations about the suitability of the Software or about any content, information, or output made accessible by the Software, including modifications to Your source or binary code, for any purpose. GrammaTech does not warrant that operation of the Software will be uninterrupted or error free, or that functions contained in the Software shall operate in the combination that You may select or meet Your requirements. GrammaTech is not responsible for problems caused by changes in the operating characteristics of computer hardware or computer operating systems that are made after the release of the Software or by use of the Software or for problems in the interaction of the Software with non-GrammaTech software. This Software License does not change Your rights, if any, under applicable mandatory local law. The Software shall be deemed accepted upon delivery to You. +6.2 Provisions Applicable Only to Commercial Licenses. +6.2.1 If You have paid GrammaTech for a Commercial License, GrammaTech warrants to You and to You only, that for the first thirty (30) days following Your downloading of the Software or until the Software is modified by You, whichever period is shorter, the Software will perform substantially the functions described in the Software documentation. Your sole remedy under the warranty during the thirty (30) day period is that GrammaTech will undertake to correct within a reasonable period of time, as determined by GrammaTech, any reported failure of the Software to perform substantially the functions described in the documentation ("Software Error") and correct errors in the documentation (“Documentation Error”) (collectively “Errors”). GrammaTech does not warrant that all Software Errors will be corrected. If, within the above noted period, GrammaTech is unable to provide corrected Software or corrected documentation, GrammaTech will, at its sole and exclusive option, either replace the Software with a functionally-equivalent program at no charge to You or refund the license fee paid for the Software. AS TO ANY ERRORS DISCOVERED AFTER THE THIRTY (30) DAY PERIOD, THERE IS NO WARRANTY OR CONDITION OF ANY KIND. +6.2.2 THE ABOVE WARRANTIES ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GRAMMATECH AND, IF ANY, ITS SUPPLIERS AND/OR LICENSORS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES RELATING TO THE RELIABILITY, AVAILABILITY, ACCURACY OR COMPLETENESS OF RESULTS, WORKMANLIKE EFFORT, LACK OF VIRUSES OR OTHER MALWARE, LACK OF NEGLIGENCE, CONDITION OF TITLE, QUIET TITLE OR POSSESSION, CORRESPONDENCE TO DESCRIPTION, OR NON-INFRINGEMENT. NO ORAL OR WRITTEN INFORMATION OR REPRESENTATION GIVEN BY GRAMMATECH’S EMPLOYEES, DISTRIBUTORS, DEALERS, OR AGENTS SHALL INCREASE THE SCOPE OF THE ABOVE WARRANTIES OR CREATE ANY NEW WARRANTIES. +6.2.3 IN THE EVENT THAT MANDATORY APPLICABLE LOCAL LAW PROHIBITS THE EXCLUSION OF IMPLIED WARRANTIES, ANY IMPLIED WARRANTIES ARE LIMITED IN DURATION TO THE LESSER OF THIRTY (30) DAYS FROM THE DATE OF DOWNLOAD OF THE SOFTWARE OR THE MINIMUM PERIOD OF TIME PERMITTED BY SUCH APPLICABLE LAW. +6.2.4 REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL GRAMMATECH BE LIABLE TO YOU FOR ANY PUNITIVE, SPECIAL, CONSEQUENTIAL, INDIRECT OR SIMILAR DAMAGES, INCLUDING, BUT NOT LIMITED TO, ANY LOST PROFITS OR LOST DATA, ARISING OUT OF OR RELATED TO ANY ALLEGED BREACH OF THIS AGREEMENT AND/OR THE USE OR INABILITY TO USE THE SOFTWARE OR ANY DATA SUPPLIED THEREWITH, EVEN IF GRAMMATECH OR ANYONE ELSE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH CLAIM OR DAMAGES, INCLUDING BUT NOT LIMITED TO IN THE EVENT OF FAULT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, OR STRICT LIABILITY, OR FOR ANY CLAIM BY ANY OTHER PARTY, INCLUDING THIRD-PARTIES. GRAMMATECH’S SUPPLIERS AND LICENSORS, IF ANY, DISCLAIM ALL LIABILITY TO YOU OR ANY THIRD-PARTY FOR DAMAGES OF ANY KIND FOR ANY AND ALL CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT OR THE USE OF THE SOFTWARE. +6.2.5 IN THE EVENT THAT MANDATORY APPLICABLE LOCAL LAW PROHIBITS THE LIMITATION OR EXCLUSION OF LIABILITY FOR DAMAGES, INCLUDING BUT NOT LIMITED TO, INCIDENTAL OR CONSEQUENTIAL DAMAGES, GRAMMATECH'S, AND ITS SUPPLIERS’ AND/OR LICENSORS’, IF ANY, LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES SHALL BE THE LOWER OF ONE THOUSAND DOLLARS ($1,000.00) OR THE MINIMUM PERMITTED BY LAW. +6.2.6 IN NO CASE SHALL GRAMMATECH’S, ITS SUPPLIER’S, AND/OR LICENSOR’S AGGREGATE LIABILITY FOR ANY CLAIM OR ANY TYPE OF DAMAGES EXCEED THE LESSER OF THE PRICE ACTUALLY PAID BY YOU TO GRAMMATECH FOR THE SOFTWARE LICENSE GIVING RISE TO THE CLAIM OR TWO THOUSAND DOLLARS ($2,000.00). +6.3 Provisions Applicable Only to Evaluation Licenses. +6.3.1 THE SOFTWARE IS PROVIDED ‘AS IS’ AND ‘WITH ALL FAULTS.’ GRAMMATECH, ITS SUPPLIERS, AND LICENSORS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ANY WARRANTIES RELATING TO THE RELIABILITY, AVAILABILITY, ACCURACY OR COMPLETENESS OF RESULTS, WORKMANLIKE EFFORT, LACK OF VIRUSES OR OTHER MALWARE, LACK OF NEGLIGENCE, CONDITION OF TITLE, QUIET TITLE OR POSSESSION, CORRESPONDENCE TO DESCRIPTION, OR NON-INFRINGEMENT. NO ORAL OR WRITTEN INFORMATION OR REPRESENTATION GIVEN BY GRAMMATECH’S EMPLOYEES, DISTRIBUTORS, DEALERS, OR AGENTS SHALL INCREASE THE SCOPE OF THE ABOVE WARRANTIES OR CREATE ANY NEW WARRANTIES. +6.3.2 IN NO CASE SHALL GRAMMATECH, ITS SUPPLIERS, OR ITS LICENSORS BE LIABILE TO YOU, YOUR EMPLOYER, OR TO ANY THIRD-PARTY FOR DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO PUNITIVE, SPECIAL, CONSEQUENTIAL, INDIRECT OR SIMILAR DAMAGES, INCLUDING, BUT NOT LIMITED TO, ANY LOST PROFITS OR LOST DATA, ARISING OUT OF OR RELATED TO ANY ALLEGED BREACH OF THIS AGREEMENT AND/OR THE USE OR INABILITY TO USE THE SOFTWARE OR ANY DATA SUPPLIED THEREWITH, EVEN IF GRAMMATECH OR ANYONE ELSE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH CLAIM OR DAMAGES, INCLUDING BUT NOT LIMITED TO IN THE EVENT OF FAULT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, OR STRICT LIABILITY, OR FOR ANY CLAIM BY ANY OTHER PARTY, INCLUDING THIRD-PARTIES. +7 United States Government License Rights. The Software is “Commercial Computer Software” as defined in DFARS 252.227-7014 and, pursuant to DFAR 227.7202, licensed to the U.S. Government under terms customarily provided to the public. If DFAR is not applicable and to the extent not inconsistent with the terms of this Software License, use, disclosure, or duplication is subject to the restrictions enumerated in FAR 52.227-19(b)(2). Any use, modification, reproduction, or disclosure of the Software by the U.S. Government shall be solely in accordance with the terms of this Software License. The manufacturer is GrammaTech, Inc., 531 Esty Street, Ithaca, NY 14850. +8 Export. You may not download, use, or otherwise export or re-export the Software or any underlying information or technology except in full compliance with all United States and other applicable laws and regulations, including but not limited to those dealing with nuclear, chemical, or biological weapons proliferation. These laws include, among other things, restrictions on import/export destinations, end-users, and end-use. In particular, but without limitation, none of the Software or underlying information or technology may be downloaded or otherwise exported or re-exported (i) into Embargoed Countries/Area Controlled List Countries (ii) to anyone on the US Treasury Department’s list of Specially Designated Nationals or the US Commerce Department's Table of Deny Orders, or (iii) to the People’s Republic of China for a use that is in whole or in part a military use including the use, development or production of military items, as prohibited by US Export Administration Regulations section 744.21. By downloading or possessing the Software, You are agreeing to the foregoing and You are representing and warranting that You are not located in, under control of, or a national or resident of any such country or on any such list. +9 Rights Reserved by GrammaTech. Except as otherwise provided herein, GrammaTech reserves the right to: +9.1 alter the general availability of the Software; and +9.2 alter prices, features, specifications, capabilities, functions, licensing terms for subsequent purchases, releases, or updates, release dates, or other characteristics of the Software. +10 Additional Software/Services. This Software License applies to updates, supplements, add-on components, Error Corrections, or upgrades to later versions of the Software that GrammaTech may provide to You or make available after the date You obtain Your initial copy of the Software, unless GrammaTech provides other terms along with the update, supplement, add-on component, Error Corrections, or upgrade, in which case, the provided Software License terms shall apply. +11 Usage Audit. You agree to provide GrammaTech with written certification providing Software usage information as requested by GrammaTech and confirming that, during the term of the Software License, the Software is being used in accordance with the terms of this Agreement. Upon at least thirty (30) days prior written notice, GrammaTech, at its expense, may audit Your use of the Software to ensure that You are in compliance with the terms of this Agreement. Any such audit will be conducted during regular business hours, by GrammaTech or its appointed representative, at Your facilities. You agree to provide the auditor with access to the relevant records, equipment, and facilities to perform the audit. If an audit reveals that you have underpaid fees to GrammaTech during the period audited, exceeded Software usage limitations, and/or otherwise engaged in conduct resulting in an underpayment, You shall promptly pay GrammaTech, as invoiced, for such fees based on GrammaTech’s price list in effect at the time the audit is completed. If the fees invoiced as a result of the audit exceed five percent (5%) of the license fees paid by You for the Software, then you will also pay any and all costs and expenses arising from or relating to the audit, including reasonable attorneys fees if collection action is undertaken. +12 Applicable Law/Venue. The validity, construction, and performance of this Software License will be governed by the law of the State of New York, as if this license were executed in, and to be fully performed within, the State of New York, and without regard to its principles of conflicts of laws. The parties expressly agree that the Uniform Commercial Code (UCC), the United Nations Convention on Contracts for the International Sale of Goods (UNCISG), and the Uniform Computer Information Transactions Act (UCITA), including any version of UCITA adopted by a state, shall not apply. Any legal action or proceeding arising from and/or related to this Software License shall be brought exclusively in the federal and/or state court of New York that is geographically closest to GrammaTech’s Ithaca, NY offices. You and GrammaTech expressly consent to the personal jurisdiction and exclusive venue therein. +13 Non-Exclusive Remedy. Except as set forth herein, the exercise by either party of any of its remedies will be without prejudice to any other remedies provided herein or otherwise available at law or in equity. The breach or threatened breach of this Software License may result in irreparable harm to GrammaTech and impair its value in such a way that is difficult or impossible to calculate. Therefore, You acknowledge and agree that GrammaTech is entitled to seek, in addition to any other remedy provided for at law, equitable relief to protect its interests, without the necessity of posting bond or surety, including, but not limited to, injunctive relief, as well as money damages. +14 Assignment. This Software License is personal to You and is not assignable or transferable by You without the express prior written consent of GrammaTech, which shall be provided at the sole discretion of GrammaTech. GrammaTech may assign this Software License at its sole discretion. +15 Amendment/Waiver. This Software License may not be amended or modified, or any provision of it waived, except by a written instrument signed by an authorized representative of GrammaTech. +16 Severability. If any provision of this Software License is held by a court of competent jurisdiction to be contrary to law, the remaining provisions will remain in full force and effect. In the event of invalidity, the parties further agree to substitute for the invalid provision a valid provision which most closely resembles the intent of the invalid provision. +17 Entire Agreement. Except as otherwise provided herein, the provisions of this Software License and Purchase Documents constitute the entire agreement between the parties and supersede all prior agreements, oral or written, and all other communications relating to the subject matter hereof. If the terms of any invoice or other document provided by You to GrammaTech in connection with Your license of the Software includes different or additional terms from this Software License and/or Purchase Documents, the provisions of this Software License and Purchase Documents shall prevail and such inconsistent and/or additional terms shall have no effect. +PART II Software Maintenance Services +If, but only if, You have purchased a license for the Software and paid GrammaTech for software maintenance services as shown on the GrammaTech Quotation document or Invoice, the following additional terms and conditions (collectively referred to as "Maintenance") shall apply. GrammaTech shall have no obligation to maintain the Software unless You have paid for Maintenance as a separate purchase or as may have otherwise been required by the type of license purchased by You. +18 During the period for which Maintenance has been purchased and paid for in full: +18.1 GrammaTech will undertake to correct within a reasonable period of time, as determined by GrammaTech, any reported Software Error(s) and Documentation Error(s). +18.2 Errors should be reported in writing to GrammaTech. Such reports should contain a complete description of all aspects of the malfunction. GrammaTech support engineers will evaluate such reports and, if necessary, will consult with GrammaTech's product specialists to attempt to identify and resolve the issue. GrammaTech will respond with a fix, a work-around, or an estimate of the time necessary to resolve the reported Error. GrammaTech shall be obligated to respond only to reports concerning failure of the Software to perform in conformance with documented functionality. GrammaTech shall not be obligated to respond to reports that, as determined by GrammaTech, are related to design work or to the implementation of the Software or are "consulting" in nature. +18.3 GrammaTech shall provide You, as they are made available for licensing to the public, (a) such software modifications or additions that, when made or added to the Software, establish material conformity of the Software to the functional specifications identified in the Software documentation, and (b) any procedures or routines that, when observed in the regular operation of the Software, eliminate the practical adverse effect on You of any such nonconformity ((a) and (b) are collectively "Error Corrections"). +18.4 GrammaTech shall provide to You, as they are made available for licensing to the public, such minor software modifications or additions that, when made or added to the Software, will materially improve its utility, efficiency, functional capability or application, but which do not constitute a new version of the Software (such minor modifications collectively referred to herein as "Enhancements"). At GrammaTech's option, GrammaTech may also include, as Enhancements, major modifications that are made generally available without charge to its other customers. +19 GrammaTech's obligation to provide Maintenance is contingent upon Your proper use of the Software as described in the Software Documentation. GrammaTech shall be under no obligation to provide Maintenance if such service is required, in GrammaTech's opinion, as a result of (a) Your failure to maintain the Software at GrammaTech's most recent release level, (b) Your failure to maintain site conditions within the environmental operating range specified by GrammaTech, (c) failure of the Software due to improper use, abuse, accident or neglect, (d) alterations, modifications, or attempts to repair the Software made without GrammaTech's consent, or (e) causes external to the Software, including but not limited to, failure or fluctuations in electrical power, inadequate cooling or natural disasters. +20 To the extent that GrammaTech may provide You with any Error Corrections, Updates, Upgrades, or any other software, including any new versions of the licensed Software, all such software shall constitute Software as defined by this Software License and shall be subject to all of the terms and conditions specified in Part I of this Software License, as well as Part II if Maintenance has been purchased. Use of any Software, including subsequent versions or modifications, licensed to You is limited to the number of licensing units; e.g., lines of code, in any combination between the versions, and remaining time for which You have paid. + -- GitLab From 8d492a637d394209258951b015d5a419641d2ad2 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Sun, 15 Nov 2020 03:38:40 +0000 Subject: [PATCH 13/57] Update README.md --- README.md | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5dc6fa6..0e2b221 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,30 @@ -# +#CodeSonar 5.4p0 + +This is a default image that provides the CodeSonar Hub service. Data volumes can +be mounted such that data persists. A license from GrammaTech is required to be +able to use the hub and provide scans. Contact sales@grammatech.com for access +to a license. + +#Build the Image +Build the image using the standard + 'docker build -t codesonar-hub .' + +#Running the Container +Suggested use is to run the container using: +'docker volume create hub +docker run -d --name hub -p 8080:7340 -v hub:/home/codesonar/hub codesonar-hub' + +This will put all data in the hub volume and route localhost:8080 to the hub. +The hub will have default password for the 'Administrator account' set to +'HubSecretPasswd' at creation-time, which can be changed by +'--build-arg HUB_DEFAULT_PWD=YourOwnSecretPWD' during the container build step. +Please change the default password after initial hub creation. This is also the +time to install the run-time license. + +#Resources +CPU Min/Recommended 2/8+ +RAM Min/Recommended/Max 2/8/Unlimited + +#Ports +Application is using port 7340 -Project template for all Iron Bank container repositories. \ No newline at end of file -- GitLab From db411951e4798a24beb64652e80aea89a9ef4a98 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Sun, 15 Nov 2020 03:44:27 +0000 Subject: [PATCH 14/57] Formatting changes --- README.md | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 0e2b221..3730ab0 100644 --- a/README.md +++ b/README.md @@ -1,30 +1,31 @@ -#CodeSonar 5.4p0 +## CodeSonar 5.4p0 This is a default image that provides the CodeSonar Hub service. Data volumes can be mounted such that data persists. A license from GrammaTech is required to be able to use the hub and provide scans. Contact sales@grammatech.com for access to a license. -#Build the Image +## Build the Image Build the image using the standard - 'docker build -t codesonar-hub .' + `docker build -t codesonar-hub .` -#Running the Container +## Running the Container Suggested use is to run the container using: -'docker volume create hub -docker run -d --name hub -p 8080:7340 -v hub:/home/codesonar/hub codesonar-hub' + +`docker volume create hub +docker run -d --name hub -p 8080:7340 -v hub:/home/codesonar/hub codesonar-hub` This will put all data in the hub volume and route localhost:8080 to the hub. -The hub will have default password for the 'Administrator account' set to -'HubSecretPasswd' at creation-time, which can be changed by -'--build-arg HUB_DEFAULT_PWD=YourOwnSecretPWD' during the container build step. +The hub will have default password for the `Administrator account` set to +`HubSecretPasswd` at creation-time, which can be changed by +`--build-arg HUB_DEFAULT_PWD=YourOwnSecretPWD` during the container build step. Please change the default password after initial hub creation. This is also the time to install the run-time license. -#Resources -CPU Min/Recommended 2/8+ +## Resources +CPU Min/Recommended 2/8+
RAM Min/Recommended/Max 2/8/Unlimited -#Ports +## Ports Application is using port 7340 -- GitLab From 1d02bbfdfdb20df58ac4d0cbfb5c928c042a8126 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Sun, 15 Nov 2020 03:52:44 +0000 Subject: [PATCH 15/57] Switch to registry1.dsop.io --- Dockerfile | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index ebdb483..cbb526d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,12 @@ -ARG BASE_REGISTRY=registry.access.redhat.com + +ARG BASE_REGISTRY=registry1.dsop.io ARG BASE_IMAGE=ubi8 ARG BASE_TAG=8.2 + +ARG HUB_DEFAULT_PWD=HubSecretPasswd + +#change this for deployment!!! + FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} LABEL name="GrammaTech SAST Server" \ @@ -23,7 +29,11 @@ RUN rm -rf /opt/${CODESONAR_PACKAGE} RUN ln -s /opt/codesonar-5.4p0 /opt/codesonar RUN useradd -ms /bin/bash codesonar -RUN mkdir /home/codesonar/hub +RUN mkdir /home/codesonar/hub \ + && chown codesonar.codesonar /home/codesonar/hub + +#The following is needed as RH8 does not have libnsl.so.1 +RUN ln -s /usr/lib64/libnsl.so.2 /usr/lib64/libnsl.so.1 COPY scripts/* /opt/ RUN chmod +x /opt/codesonar-exec.sh && \ @@ -41,6 +51,5 @@ RUN touch /opt/codesonar/TELEMETRY_DISABLED USER codesonar WORKDIR /home/codesonar -EXPOSE 7340 - -CMD /opt/codesonar-exec.sh \ No newline at end of file +EXPOSE 7340/tcp +CMD ["sh", "-c", "/opt/codesonar-exec.sh $HUB_DEFAULT_PWD"] \ No newline at end of file -- GitLab From f8dd7700d14385be745d34d40da14037fad14d5f Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Sun, 15 Nov 2020 04:02:52 +0000 Subject: [PATCH 16/57] Trying to correct BASE_* vars --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index cbb526d..74ad2f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ - ARG BASE_REGISTRY=registry1.dsop.io -ARG BASE_IMAGE=ubi8 +ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.2 ARG HUB_DEFAULT_PWD=HubSecretPasswd -- GitLab From 61d6df5aeb775471359786b8be834a63031769e5 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Sun, 15 Nov 2020 04:27:33 +0000 Subject: [PATCH 17/57] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 3730ab0..c0e4844 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,10 @@ The hub will have default password for the `Administrator account` set to Please change the default password after initial hub creation. This is also the time to install the run-time license. +## Shutdown +Recommended to shutdown the container through +`http://[host]:[port]/command/shutdown` before terminating the container + ## Resources CPU Min/Recommended 2/8+
RAM Min/Recommended/Max 2/8/Unlimited -- GitLab From 1f8e197d4bf8c0588b18cffb453a5d660c111ccc Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Tue, 17 Nov 2020 02:03:25 +0000 Subject: [PATCH 18/57] Switching the ARG HUB_DEFAULT_PWD to ENV so it can be set during run-time and not build-time --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 74ad2f5..a3fefcd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ARG BASE_REGISTRY=registry1.dsop.io ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.2 -ARG HUB_DEFAULT_PWD=HubSecretPasswd + #change this for deployment!!! @@ -16,6 +16,7 @@ LABEL name="GrammaTech SAST Server" \ summary="GrammaTech CodeSonar Hub" \ description="GrammaTech CodeSonar Hub" +ENV HUB_DEFAULT_PWD=HubSecretPasswd RUN yum -y update \ -- GitLab From 4c00e8b418136f9c5bd8b161a8a69dfe21beafeb Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Tue, 17 Nov 2020 02:04:03 +0000 Subject: [PATCH 19/57] Update codesonar-exec.sh --- scripts/codesonar-exec.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/codesonar-exec.sh b/scripts/codesonar-exec.sh index 524fe62..d87f1de 100644 --- a/scripts/codesonar-exec.sh +++ b/scripts/codesonar-exec.sh @@ -1,8 +1,8 @@ #!/bin/sh -echo "Starting hub in /home/codesonar/hub" -/opt/codesonar/codesonar/bin/codesonar hub-start /home/codesonar/hub +echo "Starting hub in /home/codesonar/hub" +echo -e "$1\n$1\n" | /opt/codesonar/codesonar/bin/codesonar hub-start /home/codesonar/hub 0.0.0.0:7340 echo "Hub started..." while [ 1 ] -- GitLab From 050a7ba12d35b5227c5be8d1d5fdcfe20d452234 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Tue, 17 Nov 2020 19:11:28 +0000 Subject: [PATCH 20/57] Update README.md --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c0e4844..2883809 100644 --- a/README.md +++ b/README.md @@ -13,9 +13,14 @@ Build the image using the standard Suggested use is to run the container using: `docker volume create hub -docker run -d --name hub -p 8080:7340 -v hub:/home/codesonar/hub codesonar-hub` -This will put all data in the hub volume and route localhost:8080 to the hub. +docker network create --driver bridge net + +docker run -d --name hub -p 8080:7340 -v hub:/home/codesonar/hub --network net codesonar-hub` + +This will put all data in the hub volume and route localhost:8080 to the hub and +connect the container to network net such that scanners can connect to it. + The hub will have default password for the `Administrator account` set to `HubSecretPasswd` at creation-time, which can be changed by `--build-arg HUB_DEFAULT_PWD=YourOwnSecretPWD` during the container build step. -- GitLab From d004575ca3f30c6b2ea5e1c2984f8610528d923d Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Tue, 17 Nov 2020 19:18:08 +0000 Subject: [PATCH 21/57] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2883809..1004472 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Recommended to shutdown the container through ## Resources CPU Min/Recommended 2/8+
-RAM Min/Recommended/Max 2/8/Unlimited +RAM Min/Recommended/Max 2G/8G/Unlimited ## Ports Application is using port 7340 -- GitLab From 3f6f9b16fb743b76ac6e430d7ad7b1026e2a4427 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Tue, 17 Nov 2020 19:19:15 +0000 Subject: [PATCH 22/57] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1004472..2fbe557 100644 --- a/README.md +++ b/README.md @@ -12,11 +12,11 @@ Build the image using the standard ## Running the Container Suggested use is to run the container using: -`docker volume create hub +`docker volume create hub` -docker network create --driver bridge net +`docker network create --driver bridge net ` -docker run -d --name hub -p 8080:7340 -v hub:/home/codesonar/hub --network net codesonar-hub` +`docker run -d --name hub -p 8080:7340 -v hub:/home/codesonar/hub --network net codesonar-hub` This will put all data in the hub volume and route localhost:8080 to the hub and connect the container to network net such that scanners can connect to it. -- GitLab From f78bb4e386c137f221a9d505f63b0da34c3c4c9f Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 3 Mar 2021 17:52:03 +0000 Subject: [PATCH 23/57] Add new file --- hardening_manifest.yaml | 55 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 hardening_manifest.yaml diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..c3bec30 --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "GrammaTech/CodeSonar/codesonar-hub" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dso.mil +tags: +- "1.0.0" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.2" + +# Docker image labels +labels: + # Name of the image + org.opencontainers.image.title: "codesonar-hub" + # Human-readable description of the software packaged in the image + org.opencontainers.image.description: "CodeSonar Hub Container" + # License(s) under which contained software is distributed + org.opencontainers.image.licenses: "GrammaTech Commercial License" + # URL to find more information on the image + org.opencontainers.image.url: "http://support.grammatech.com/ + # Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "GrammaTech" + # Authoritative version of the software + org.opencontainers.image.version: "5.4" + # Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "GrammaTech, CodeSonar, SAST" + # This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + # Product the image belongs to for grouping multiple images + #mil.dso.ironbank.product.name: "mongodb/mongodb-enterprise" + +# List of resources to make available to the offline build context +resources: + - url: "https://download.grammatech.com/diracc2011/codesonar-5.4/codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz" + filename: "codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context + validation: + type: "sha256" # supported: sha256, sha512 + value: "1d0d47a2a5cde4e88d04397bcdb107188b6e999b3a2ccde5b4dddb05677b83be" # must be lowercase + +# List of project maintainers +maintainers: +- email: "mhermeling@grammatech.com" + # The name of the current container owner + name: "Mark Hermeling" + # The gitlab username of the current container owner + username: "markhermeling" + -- GitLab From edb0d18ea35a66f25ed957fc1d08aabec02baa10 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 3 Mar 2021 17:55:00 +0000 Subject: [PATCH 24/57] Delete download.json --- download.json | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 download.json diff --git a/download.json b/download.json deleted file mode 100644 index 6536fd1..0000000 --- a/download.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "resources": [ - { - "url": "https://download.grammatech.com/diracc2011/codesonar-5.4/codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz", - "filename": "codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz", - "validation": { - "type": "sha256", - "value": "1d0d47a2a5cde4e88d04397bcdb107188b6e999b3a2ccde5b4dddb05677b83be" - }, - "auth": { "type": "basic","id": "grammatech" }, - "tls_verify": true - } - ] -} -- GitLab From c99471120c2001cc4df62abdb75dbe50d5608267 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 3 Mar 2021 17:56:08 +0000 Subject: [PATCH 25/57] Update hardening_manifest.yaml --- hardening_manifest.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index c3bec30..d9fac02 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -44,6 +44,10 @@ resources: validation: type: "sha256" # supported: sha256, sha512 value: "1d0d47a2a5cde4e88d04397bcdb107188b6e999b3a2ccde5b4dddb05677b83be" # must be lowercase + auth: + type: basic + id: grammatech + tls_verify: true # List of project maintainers maintainers: -- GitLab From 556eaaf00da199725e199e60398e0f7b78b3babc Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 3 Mar 2021 17:58:41 +0000 Subject: [PATCH 26/57] Update Dockerfile --- Dockerfile | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index a3fefcd..a787c3f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,14 +8,6 @@ ARG BASE_TAG=8.2 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -LABEL name="GrammaTech SAST Server" \ - maintainer="mhermeling@grammatech.com" \ - vendor="GrammaTech" \ - version="5.4p0" \ - release="1" \ - summary="GrammaTech CodeSonar Hub" \ - description="GrammaTech CodeSonar Hub" - ENV HUB_DEFAULT_PWD=HubSecretPasswd @@ -52,4 +44,4 @@ USER codesonar WORKDIR /home/codesonar EXPOSE 7340/tcp -CMD ["sh", "-c", "/opt/codesonar-exec.sh $HUB_DEFAULT_PWD"] \ No newline at end of file +CMD ["sh", "-c", "/opt/codesonar-exec.sh $HUB_DEFAULT_PWD"] -- GitLab From 0f07034f4f4199774e0328105652fd391d6d5ad1 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 3 Mar 2021 18:02:06 +0000 Subject: [PATCH 27/57] Update hardening_manifest.yaml --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index d9fac02..e668a9b 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -25,7 +25,7 @@ labels: # License(s) under which contained software is distributed org.opencontainers.image.licenses: "GrammaTech Commercial License" # URL to find more information on the image - org.opencontainers.image.url: "http://support.grammatech.com/ + org.opencontainers.image.url: "http://support.grammatech.com/"" # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "GrammaTech" # Authoritative version of the software -- GitLab From 240c0e262f9908a3d79ae417a14485549d99eebe Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 3 Mar 2021 18:08:17 +0000 Subject: [PATCH 28/57] Update hardening_manifest.yaml --- hardening_manifest.yaml | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index e668a9b..f0f08e5 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -18,24 +18,15 @@ args: # Docker image labels labels: - # Name of the image org.opencontainers.image.title: "codesonar-hub" - # Human-readable description of the software packaged in the image org.opencontainers.image.description: "CodeSonar Hub Container" - # License(s) under which contained software is distributed org.opencontainers.image.licenses: "GrammaTech Commercial License" - # URL to find more information on the image - org.opencontainers.image.url: "http://support.grammatech.com/"" - # Name of the distributing entity, organization or individual + org.opencontainers.image.url: "http://support.grammatech.com/" org.opencontainers.image.vendor: "GrammaTech" - # Authoritative version of the software org.opencontainers.image.version: "5.4" - # Keywords to help with search (ex. "cicd,gitops,golang") - mil.dso.ironbank.image.keywords: "GrammaTech, CodeSonar, SAST" - # This value can be "opensource" or "commercial" + mil.dso.ironbank.image.keywords: "GrammaTech, CodeSonar, SAST, CI/CD" mil.dso.ironbank.image.type: "commercial" - # Product the image belongs to for grouping multiple images - #mil.dso.ironbank.product.name: "mongodb/mongodb-enterprise" + mil.dso.ironbank.product.name: "CodeSonar" # List of resources to make available to the offline build context resources: -- GitLab From 4b608ca862151fe6e468cf0f03641e785773e0f8 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 3 Mar 2021 18:09:58 +0000 Subject: [PATCH 29/57] Update hardening_manifest.yaml --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index f0f08e5..eca7952 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -2,7 +2,7 @@ apiVersion: v1 # The repository name in registry1, excluding /ironbank/ -name: "GrammaTech/CodeSonar/codesonar-hub" +name: "grammatech/codesonar/codesonar-hub" # List of tags to push for the repository in registry1 # The most specific version should be the first tag and will be shown -- GitLab From 35d17fef6463828a933f0b7cb18a3037682318ac Mon Sep 17 00:00:00 2001 From: David Freeman Date: Wed, 3 Mar 2021 22:56:11 +0000 Subject: [PATCH 30/57] Update hardening_manifest.yaml --- hardening_manifest.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index eca7952..23e51e0 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -38,7 +38,6 @@ resources: auth: type: basic id: grammatech - tls_verify: true # List of project maintainers maintainers: -- GitLab From ba660eb05673201f7aa0e549a66c6c19be228010 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Wed, 17 Mar 2021 20:49:28 +0000 Subject: [PATCH 32/57] Delete Jenkinsfile --- Jenkinsfile | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 Jenkinsfile diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 499fe35..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,2 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: "1.4.2") \ No newline at end of file -- GitLab From 2627910acd21b67bee859e42c3628e6c1a8a6303 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Fri, 19 Mar 2021 17:52:36 +0000 Subject: [PATCH 33/57] Update Dockerfile --- Dockerfile | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/Dockerfile b/Dockerfile index a787c3f..704997f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,6 +21,21 @@ RUN rm -rf /opt/${CODESONAR_PACKAGE} RUN ln -s /opt/codesonar-5.4p0 /opt/codesonar RUN useradd -ms /bin/bash codesonar +# remove some packages that are not needed +RUN rm /opt/${CODESONAR_PACKAGE}/third-party/julia-sarif +RUN rm /opt/${CODESONAR_PACKAGE}/third-party/julia-tools + +RUN rm /opt/${CODESONAR_PACKAGE}/third-party/pmd +RUN rm /opt/${CODESONAR_PACKAGE}/third-party/pmd-5.0.4 + +RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-8.3 +RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-8.4 +RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.0 +RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.1 +RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.2 +RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.3 +RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.6 + RUN mkdir /home/codesonar/hub \ && chown codesonar.codesonar /home/codesonar/hub -- GitLab From 77351bf27f342d021a5df898d8bada3d667a5935 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Fri, 19 Mar 2021 18:16:28 +0000 Subject: [PATCH 34/57] Update Dockerfile --- Dockerfile | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 704997f..12d261f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,19 +22,19 @@ RUN ln -s /opt/codesonar-5.4p0 /opt/codesonar RUN useradd -ms /bin/bash codesonar # remove some packages that are not needed -RUN rm /opt/${CODESONAR_PACKAGE}/third-party/julia-sarif -RUN rm /opt/${CODESONAR_PACKAGE}/third-party/julia-tools - -RUN rm /opt/${CODESONAR_PACKAGE}/third-party/pmd -RUN rm /opt/${CODESONAR_PACKAGE}/third-party/pmd-5.0.4 - -RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-8.3 -RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-8.4 -RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.0 -RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.1 -RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.2 -RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.3 -RUN rm /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.6 +RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/julia-sarif +RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/julia-tools + +RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/pmd +RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/pmd-5.0.4 + +RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-8.3 +RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-8.4 +RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.0 +RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.1 +RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.2 +RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.3 +RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.6 RUN mkdir /home/codesonar/hub \ && chown codesonar.codesonar /home/codesonar/hub -- GitLab From 1154400badc3963fee363c14436875aa08bae5e7 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Fri, 19 Mar 2021 20:23:03 +0000 Subject: [PATCH 35/57] Update Dockerfile --- Dockerfile | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 12d261f..d1af3b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,19 +22,19 @@ RUN ln -s /opt/codesonar-5.4p0 /opt/codesonar RUN useradd -ms /bin/bash codesonar # remove some packages that are not needed -RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/julia-sarif -RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/julia-tools - -RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/pmd -RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/pmd-5.0.4 - -RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-8.3 -RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-8.4 -RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.0 -RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.1 -RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.2 -RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.3 -RUN rm -rf /opt/${CODESONAR_PACKAGE}/third-party/postgresql-9.6 +RUN rm -rf /opt/codesonar-5.4p0/third-party/julia-sarif +RUN rm -rf /opt/codesonar-5.4p0/third-party/julia-tools + +RUN rm -rf /opt/codesonar-5.4p0/third-party/pmd +RUN rm -rf /opt/codesonar-5.4p0/third-party/pmd-5.0.4 + +RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-8.3 +RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-8.4 +RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.0 +RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.1 +RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.2 +RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.3 +RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.6 RUN mkdir /home/codesonar/hub \ && chown codesonar.codesonar /home/codesonar/hub -- GitLab From 38122b127bf22f3bba387ab6bb36fbc13c35c83a Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Mon, 22 Mar 2021 12:40:53 +0000 Subject: [PATCH 36/57] To fix CCE-80844-4 and CCE-82155-3 and a few others --- Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Dockerfile b/Dockerfile index d1af3b1..6c092eb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,6 +14,8 @@ ENV HUB_DEFAULT_PWD=HubSecretPasswd RUN yum -y update \ && yum clean all +#TO fix CCE-80844-4 and CCE-80935-0 +RUN yum -y install aide crypto-policies ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz COPY ["${CODESONAR_PACKAGE}", "/opt"] RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt @@ -55,6 +57,10 @@ HEALTHCHECK --interval=30s --timeout=30s --start-period=180s --retries=3 CMD /op RUN rm /opt/codesonar/UNACCEPTED_LICENSE.txt RUN touch /opt/codesonar/TELEMETRY_DISABLED +# CCE-82155-3 +fips-mode-setup --enable +update-crypto-policies --set FIPS:OSPP + USER codesonar WORKDIR /home/codesonar -- GitLab From eb627cc51060afc3f0c3ae2b2396a65c5302b4a9 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Mon, 22 Mar 2021 13:09:08 +0000 Subject: [PATCH 37/57] Update Dockerfile --- Dockerfile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6c092eb..bbc2522 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,8 +14,8 @@ ENV HUB_DEFAULT_PWD=HubSecretPasswd RUN yum -y update \ && yum clean all -#TO fix CCE-80844-4 and CCE-80935-0 -RUN yum -y install aide crypto-policies +#TO fix CCE-80935-0 +RUN yum -y install crypto-policies dnf-automatic gnutls-utils libcap-ng-utils openscap-scanner usbguard ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz COPY ["${CODESONAR_PACKAGE}", "/opt"] RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt @@ -58,8 +58,13 @@ RUN rm /opt/codesonar/UNACCEPTED_LICENSE.txt RUN touch /opt/codesonar/TELEMETRY_DISABLED # CCE-82155-3 -fips-mode-setup --enable -update-crypto-policies --set FIPS:OSPP +RUN echo "RekeyLimit 1G 1h" >> /etc/ssh/ssh_config.d/02-rekey-limit.conf +RUN echo "allow with-interface match_all { 03:*:* 09:00:* }" >> /etc/usbguard/rules.conf +RUN echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su +RUN echo "CtrlAltDelBurstAction=none" >> /etc/systemd/system.conf +RUN fips-mode-setup --enable +RUN update-crypto-policies --set FIPS:OSPP +RUN systemctl enable dnf-automatic.timer USER codesonar WORKDIR /home/codesonar -- GitLab From 476461c13bbc5e192accd0e44152d75eb203ea8d Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Mon, 22 Mar 2021 13:26:33 +0000 Subject: [PATCH 38/57] Update Dockerfile --- Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bbc2522..7ead6d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,12 @@ RUN yum -y update \ && yum clean all #TO fix CCE-80935-0 -RUN yum -y install crypto-policies dnf-automatic gnutls-utils libcap-ng-utils openscap-scanner usbguard +RUN yum -y install crypto-policies \ + && yum -y install dnf-automatic \ + && yum -y install gnutls-utils \ + && yum -y install libcap-ng-utils \ + && yum -y install openscap-scanner \ + && yum -y install usbguard ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz COPY ["${CODESONAR_PACKAGE}", "/opt"] RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt -- GitLab From 37c08da8edb16b10eebbc90bdaa24c7d84034e0a Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Mon, 22 Mar 2021 13:40:31 +0000 Subject: [PATCH 39/57] Update Dockerfile --- Dockerfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7ead6d8..e7218e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,12 +15,12 @@ RUN yum -y update \ && yum clean all #TO fix CCE-80935-0 -RUN yum -y install crypto-policies \ - && yum -y install dnf-automatic \ - && yum -y install gnutls-utils \ - && yum -y install libcap-ng-utils \ - && yum -y install openscap-scanner \ - && yum -y install usbguard +RUN yum -y install crypto-policies +RUN yum -y install dnf-automatic +RUN yum -y install gnutls-utils +RUN yum -y install libcap-ng-utils +RUN yum -y install openscap-scanner +RUN yum -y install usbguard ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz COPY ["${CODESONAR_PACKAGE}", "/opt"] RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt -- GitLab From b9ad794ae9bd87703972b01ceb4f48d803669de5 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Mon, 22 Mar 2021 13:54:25 +0000 Subject: [PATCH 40/57] Update Dockerfile --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e7218e3..30339dd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,11 +16,9 @@ RUN yum -y update \ #TO fix CCE-80935-0 RUN yum -y install crypto-policies -RUN yum -y install dnf-automatic RUN yum -y install gnutls-utils RUN yum -y install libcap-ng-utils RUN yum -y install openscap-scanner -RUN yum -y install usbguard ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz COPY ["${CODESONAR_PACKAGE}", "/opt"] RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt -- GitLab From 7950156a2a73bed1867e77186501f254a4b7d445 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Mon, 22 Mar 2021 14:07:34 +0000 Subject: [PATCH 41/57] Update Dockerfile --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 30339dd..c8a03f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,6 @@ RUN yum -y update \ #TO fix CCE-80935-0 RUN yum -y install crypto-policies RUN yum -y install gnutls-utils -RUN yum -y install libcap-ng-utils RUN yum -y install openscap-scanner ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz COPY ["${CODESONAR_PACKAGE}", "/opt"] -- GitLab From 1d890b834237347f98a4c0a98b9cfe7d283b904b Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Mon, 22 Mar 2021 14:33:47 +0000 Subject: [PATCH 42/57] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c8a03f1..5b68484 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,7 @@ RUN yum -y update \ #TO fix CCE-80935-0 RUN yum -y install crypto-policies RUN yum -y install gnutls-utils -RUN yum -y install openscap-scanner + ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz COPY ["${CODESONAR_PACKAGE}", "/opt"] RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt -- GitLab From ddd15802a0ec3586c7d8c36ef2a475e1d46de1f9 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Mon, 22 Mar 2021 14:52:35 +0000 Subject: [PATCH 43/57] Update Dockerfile --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5b68484..63c9039 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,8 +60,6 @@ RUN rm /opt/codesonar/UNACCEPTED_LICENSE.txt RUN touch /opt/codesonar/TELEMETRY_DISABLED # CCE-82155-3 -RUN echo "RekeyLimit 1G 1h" >> /etc/ssh/ssh_config.d/02-rekey-limit.conf -RUN echo "allow with-interface match_all { 03:*:* 09:00:* }" >> /etc/usbguard/rules.conf RUN echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su RUN echo "CtrlAltDelBurstAction=none" >> /etc/systemd/system.conf RUN fips-mode-setup --enable -- GitLab From e259ec70493a9d41690c65d2a844c7b8db927f87 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Mon, 22 Mar 2021 15:22:02 +0000 Subject: [PATCH 44/57] Update Dockerfile --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 63c9039..8c25e7c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -62,9 +62,9 @@ RUN touch /opt/codesonar/TELEMETRY_DISABLED # CCE-82155-3 RUN echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su RUN echo "CtrlAltDelBurstAction=none" >> /etc/systemd/system.conf -RUN fips-mode-setup --enable -RUN update-crypto-policies --set FIPS:OSPP -RUN systemctl enable dnf-automatic.timer +#RUN fips-mode-setup --enable +#RUN update-crypto-policies --set FIPS:OSPP + USER codesonar WORKDIR /home/codesonar -- GitLab From 4d7da5066a0e90677aa9bda38018c295d21562dc Mon Sep 17 00:00:00 2001 From: Andy Maksymowicz Date: Thu, 25 Mar 2021 13:47:02 +0000 Subject: [PATCH 45/57] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8c25e7c..3893b17 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=redhat/ubi/ubi8 -ARG BASE_TAG=8.2 +ARG BASE_TAG=8.3 -- GitLab From a95fbf5353ab7dbcc2155dc30f74034969f438d6 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Thu, 25 Mar 2021 17:10:34 +0000 Subject: [PATCH 46/57] Update Dockerfile --- Dockerfile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Dockerfile b/Dockerfile index 3893b17..918f30c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,6 +40,16 @@ RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.2 RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.3 RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.6 +RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/test/*pem /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/test/*pem + +RUN rm -rf /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/sqlalchemy +RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/sqlalchemy +RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/jinja2 +RUN rm -rf /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/jinja2 +RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/urllib3 +RUN rm -rf /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/urllib3 +RUN rm -rf /usr/lib/python3.6/site-packages/urllib3 + RUN mkdir /home/codesonar/hub \ && chown codesonar.codesonar /home/codesonar/hub -- GitLab From 4633f0c2eca67283e8494437137ff90b18c8805d Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Thu, 25 Mar 2021 17:33:17 +0000 Subject: [PATCH 47/57] Update Dockerfile --- Dockerfile | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 918f30c..83dbca5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,10 +42,7 @@ RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.6 RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/test/*pem /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/test/*pem -RUN rm -rf /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/sqlalchemy -RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/sqlalchemy -RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/jinja2 -RUN rm -rf /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/jinja2 + RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/urllib3 RUN rm -rf /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/urllib3 RUN rm -rf /usr/lib/python3.6/site-packages/urllib3 -- GitLab From de24d4fff9653d858e7e2a7dbdcc6fc5d311770e Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Thu, 25 Mar 2021 20:01:53 +0000 Subject: [PATCH 48/57] Update Dockerfile --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 83dbca5..5288d1b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,6 +14,9 @@ ENV HUB_DEFAULT_PWD=HubSecretPasswd RUN yum -y update \ && yum clean all + +RUN yum -y remove p11-kit + #TO fix CCE-80935-0 RUN yum -y install crypto-policies RUN yum -y install gnutls-utils -- GitLab From 196001aaae0419fa539e6d2408bf89c0057d03be Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Fri, 26 Mar 2021 14:46:25 +0000 Subject: [PATCH 49/57] Update Dockerfile --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5288d1b..f2f938b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,12 +15,15 @@ RUN yum -y update \ && yum clean all -RUN yum -y remove p11-kit #TO fix CCE-80935-0 RUN yum -y install crypto-policies RUN yum -y install gnutls-utils +# for https://access.redhat.com/security/cve/CVE-2021-23240 +RUN rm -rf /usr/libexec/sudo/sesh + + ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz COPY ["${CODESONAR_PACKAGE}", "/opt"] RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt -- GitLab From 239f24de7396c3adc53ed61f80149eb5bb09582b Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Fri, 26 Mar 2021 16:19:05 +0000 Subject: [PATCH 50/57] Update Dockerfile --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f2f938b..528d911 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,8 +17,8 @@ RUN yum -y update \ #TO fix CCE-80935-0 -RUN yum -y install crypto-policies -RUN yum -y install gnutls-utils +#RUN yum -y install crypto-policies +#RUN yum -y install gnutls-utils # for https://access.redhat.com/security/cve/CVE-2021-23240 RUN rm -rf /usr/libexec/sudo/sesh @@ -53,6 +53,7 @@ RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packa RUN rm -rf /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/urllib3 RUN rm -rf /usr/lib/python3.6/site-packages/urllib3 + RUN mkdir /home/codesonar/hub \ && chown codesonar.codesonar /home/codesonar/hub -- GitLab From 4bed9bb4f6fd1d28b496e30ce344ad7bbdce47cc Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Mon, 29 Mar 2021 12:02:54 +0000 Subject: [PATCH 51/57] Remove urllib3 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 528d911..badb1dc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,8 +49,8 @@ RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.6 RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/test/*pem /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/test/*pem -RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/urllib3 -RUN rm -rf /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/urllib3 +RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/urllib3* +RUN rm -rf /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/urllib3* RUN rm -rf /usr/lib/python3.6/site-packages/urllib3 -- GitLab From 52ef0b541e0f35415ff66b28cd5440b8e8399976 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Mon, 29 Mar 2021 14:45:42 +0000 Subject: [PATCH 52/57] Update Dockerfile --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index badb1dc..83942ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,8 +49,7 @@ RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.6 RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/test/*pem /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/test/*pem -RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/urllib3* -RUN rm -rf /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/urllib3* +RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/urllib3* /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/urllib3* RUN rm -rf /usr/lib/python3.6/site-packages/urllib3 -- GitLab From 5657d632a4054aef558f6924789f4a598b4fd778 Mon Sep 17 00:00:00 2001 From: Andy Maksymowicz Date: Wed, 31 Mar 2021 15:11:29 +0000 Subject: [PATCH 53/57] Update hardening_manifest.yaml --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 23e51e0..e20d1af 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -14,7 +14,7 @@ tags: # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.2" + BASE_TAG: "8.3" # Docker image labels labels: -- GitLab From 95c9918c9af034b122b8b646fbd2f2d3a13113f9 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Thu, 1 Apr 2021 15:32:48 +0000 Subject: [PATCH 54/57] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 83942ae..de27b22 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,8 +8,8 @@ ARG BASE_TAG=8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ENV HUB_DEFAULT_PWD=HubSecretPasswd - +RUN HUB_DEFAULT_PWD=$(echo date +%s | sha256sum | base64 | head -c 32) + RUN yum -y update \ && yum clean all -- GitLab From fbb32b5e9f7156bcf39385367c84095d622d4b79 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Thu, 1 Apr 2021 15:36:55 +0000 Subject: [PATCH 55/57] Update codesonar-exec.sh --- scripts/codesonar-exec.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/codesonar-exec.sh b/scripts/codesonar-exec.sh index d87f1de..bd1776c 100644 --- a/scripts/codesonar-exec.sh +++ b/scripts/codesonar-exec.sh @@ -3,10 +3,11 @@ echo "Starting hub in /home/codesonar/hub" echo -e "$1\n$1\n" | /opt/codesonar/codesonar/bin/codesonar hub-start /home/codesonar/hub 0.0.0.0:7340 +echo "Hub password is $1" echo "Hub started..." while [ 1 ] do echo "Hub running" sleep 60 -done \ No newline at end of file +done -- GitLab From ca7787ef5d1cfe6c37639036a68fd1abdfc7dff7 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Thu, 1 Apr 2021 16:39:19 +0000 Subject: [PATCH 56/57] Change from hard-coded default password to generated default passwd --- scripts/codesonar-exec.sh | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/scripts/codesonar-exec.sh b/scripts/codesonar-exec.sh index bd1776c..c47308c 100644 --- a/scripts/codesonar-exec.sh +++ b/scripts/codesonar-exec.sh @@ -1,9 +1,16 @@ #!/bin/sh - -echo "Starting hub in /home/codesonar/hub" -echo -e "$1\n$1\n" | /opt/codesonar/codesonar/bin/codesonar hub-start /home/codesonar/hub 0.0.0.0:7340 -echo "Hub password is $1" + +if test -f "/home/codesonar/hub/hubpwd"; then + echo "Starting hub in /home/codesonar/hub with existing pwd" + /opt/codesonar/codesonar/bin/codesonar hub-start /home/codesonar/hub 0.0.0.0:7340 +else + HUB_DEFAULT_PWD=$(date +%s | base64 | head -c 32) + echo "${HUB_DEFAULT_PWD}" > /home/codesonar/hub/hubpwd + chmod 600 /home/codesonar/hub/hubpwd + echo "Starting hub with new hub password: ${HUB_DEFAULT_PWD}" + echo -e "${HUB_DEFAULT_PWD}\n${HUB_DEFAULT_PWD}\n" | /opt/codesonar/codesonar/bin/codesonar hub-start /home/codesonar/hub 0.0.0.0:7340 +fi echo "Hub started..." while [ 1 ] -- GitLab From 882dd632e5e63fcda98cb567a5150e4f38f6f4c2 Mon Sep 17 00:00:00 2001 From: Mark Hermeling Date: Thu, 1 Apr 2021 16:39:50 +0000 Subject: [PATCH 57/57] Remove default pwd --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index de27b22..bf33b23 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,8 +7,6 @@ ARG BASE_TAG=8.3 #change this for deployment!!! FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - -RUN HUB_DEFAULT_PWD=$(echo date +%s | sha256sum | base64 | head -c 32) RUN yum -y update \ @@ -83,4 +81,4 @@ USER codesonar WORKDIR /home/codesonar EXPOSE 7340/tcp -CMD ["sh", "-c", "/opt/codesonar-exec.sh $HUB_DEFAULT_PWD"] +CMD ["sh", "-c", "/opt/codesonar-exec.sh"] -- GitLab