UNCLASSIFIED

Skip to content

GitLab

Commit 98b2779b authored by Andy Maksymowicz's avatar Andy Maksymowicz
Browse files

Merge branch 'development' into 'master' 

Development

See merge request !20
parents 12c697c6 e9607b46
Pipeline #292129 failed with stages
in 70 minutes and 31 seconds
Hide whitespace changes
Inline Side-by-side
Showing with 282 additions and 139 deletions
.gitlab/issue_templates/Access Request.md
View file @ 98b2779b
......@@ -13,7 +13,4 @@ The access level should be:
- [ ] All accounts have been provided the necessary accesses
/label ~"Access" ~"To Do"
\ No newline at end of file
.gitlab/issue_templates/Application - Archive.md
View file @ 98b2779b
......@@ -17,7 +17,4 @@ Requesting this application be archived due to one of the following reasons:
- [ ] Iron Bank frontend no longer lists application as available or approved
/label ~"Container::Archive"
\ No newline at end of file
.gitlab/issue_templates/Application - Initial.md
View file @ 98b2779b
......@@ -7,69 +7,25 @@ Requesting application to be hardened. This is only for initial hardening of a c
Current version: (State the current version of the application as you see it)
## Communication
All communication should occur through this issue. This ensures that all information is documented in a centralized location and also ensures that all of the assignees are notified of updates. It is imperative that all required parties are listed as assignees of this issue and that individuals are not removed. Please do not remove anyone from the assignee list.
If you need to contact the Container Hardening team, please identify your assigned point of contact. You can find your point of contact by:
1. They should be listed as an assignee on this ticket
2. They should be listed in the `hardening_manifest.yaml` file under the `maintainers` section with a field of `cht_member: true`
If you have no assignee, feel free to tag Container Hardening leadership in your issue by commenting on this issue with your questions/concerns and then add `/cc @ironbank-notifications/leadership`. Gitlab will automatically notify all Container Hardening leadership to look at this issue and respond.
## Responsibilities
If this application is owned by a Contributor or Vendor (identifed as `Owner::Contributor` and `Owner::Vendor` respectively), then it is your responsibility to drive this issue through completion. This means that the Container Hardening team is not here to help push any deadlines/timeframes you may have with other customers or DoD agencies. If you have issues with the activity, you may notify Container Hardening leadership above. Do not change the ownership labels.
Under support: (Is the updated version within the same major version of the application or is this a new major version?)
## Definition of Done
Hardening:
- [ ] Hardening manifest is created and adheres to the schema (https://repo1.dsop.io/ironbank-tools/ironbank-pipeline/-/blob/master/schema/hardening_manifest.schema.json)
- [ ] Container builds successfully through the Gitlab CI pipeline
- [ ] Container builds successfully
- [ ] Greylist file has been created (requires a member from container hardening)
- [ ] Branch has been merged into `development`
- [ ] Project is configured for automatic renovate updates (if possible)
Justifications:
- [ ] All findings have been justified per the above documentation
- [ ] Justifications have been attached to this issue
- [ ] Apply the label `Approval` to indicate this container is ready for the approval phase
Note: The justifications must be provided in a timely fashion. Failure to do so could result in new findings being identified which may start this process over.
- [ ] Justifications have been provided to the container hardening team
Approval Process (Container Hardening Team processes):
Approval Process (container hardening team processes):
- [ ] Peer review from Container Hardening Team
- [ ] Findings Approver has reviewed and approved all justifications
- [ ] Approval request has been sent to Authorizing Official
- [ ] Approval request has been processed by Authorizing Official
Note: If the above approval process is kicked back for any reason, the `Approval` label will be removed and the issue will be sent back to `Open`. Any comments will be listed in this issue for you to address. Once they have been addressed, you may re-add the `Approval` label.
## Post Approval
### Continuous Monitoring
Once a container is approved, the `Approved` label will be applied to this issue and it will be closed. You will be able to find your applications on http://ironbank.dsop.io and https://registry1.dsop.io.
In addition to the above, your application will now be subscribed to continuous monitoring. This means that any new findings discovered as part of this will need justifications. To satisfy this process, any new findings will trigger a new Gitlab issue in this project with the label `Container::New Findings`. All members listed in the `maintainers` section of the `hardening_manifest.yaml` file will automatically be assigned. It is your responsibility as a Contributor or Vendor to monitor for this and provide justifications in a timely fashion. This newly created issue will have all the instructions necessary to complete the process. Failure to provide justifications could result in the revocation of the application's approval status.
### Updates
It is imperative that application updates be submitted as quickly as possible. We do not want applications to become stale. To help with this process, Ironbank recommends using a tool called [Renovate](https://github.com/renovatebot/renovate). This requires a `renovate.json` file to be placed in your project and can automate the creation of issues and merge requests.
If not using Renovate, it will be up to you as a Contributor or Vendor to keep this image up-to-date at all times. When you wish to submit an application update, you must create a new issue in this project using the `Application - Update` template and associate it with the corresponding merge request. If you submit a merge request alone, work will not proceed until a related issue is created. These issues are tracked using the label `Container::Update`.
Additionally, it is imperative that all updates must be followed through to completion. Simply submitting an application update but not following through on justifications and approvals does not suffice and risk your application's approval status being revoked.
### Bugs
Occassionally, users may file bug reports for your application. It is your responsibility to monitor for these since they are created inside your project repository. Assignees will automatically be populated by the `members` section of the `hardening_manifest.yaml` file and will have the label `Bug`.
/label ~"Container::Initial"
\ No newline at end of file
.gitlab/issue_templates/Application - Update.md
View file @ 98b2779b
......@@ -13,38 +13,18 @@ Updated version: (State the version you would like the application updated to)
Under support: (Is the updated version within the same major version of the application or is this a new major version?)
## Communication
All communication should occur through this issue. This ensures that all information is documented in a centralized location and also ensures that all of the assignees are notified of updates. It is imperative that all required parties are listed as assignees of this issue and that individuals are not removed. Please do not remove anyone from the assignee list.
If you need to contact the Container Hardening team, please identify your assigned point of contact. You can find your point of contact by:
1. They should be listed as an assignee on this ticket
2. They should be listed in the `hardening_manifest.yaml` file under the `maintainers` section with a field of `cht_member: true`
If you have no assignee, feel free to tag Container Hardening leadership in your issue by commenting on this issue with your questions/concerns and then add `/cc @ironbank-notifications/leadership`. Gitlab will automatically notify all Container Hardening leadership to look at this issue and respond.
## Responsibilities
If this application is owned by a Contributor or Vendor (identifed as `Owner::Contributor` and `Owner::Vendor` respectively), then it is your responsibility to drive this issue through completion. This means that the Container Hardening team is not here to help push any deadlines/timeframes you may have with other customers or DoD agencies. If you have issues with the activity, you may notify Container Hardening leadership above. Do not change the ownership labels.
## Definition of Done
Hardening:
- [ ] Hardening manifest has been updated and adheres to the schema (https://repo1.dsop.io/ironbank-tools/ironbank-pipeline/-/blob/master/schema/hardening_manifest.schema.json)
- [ ] Container builds successfully throughthe Gitlab CI pipeline
- [ ] Container builds successfully
- [ ] Container version has been updated in greylist file
- [ ] Branch has been merged into `development`
- [ ] Project is configured for automatic renovate updates (if possible)
No new findings:
- [ ] There are no new findings in this update. Skip the Justifications and Approval Process steps and apply the label `Approval`
- [ ] There are no new findings in this update. Skip the Justifications and Approval Process steps and apply the label ~"Approval".
Justifications:
- [ ] All findings have been justified per the above documentation
- [ ] Justifications have been provided to the container hardening team
- [ ] Skip the Justifications and Approval Process steps and apply the label `Approval`
Note: The justifications must be provided in a timely fashion. Failure to do so could result in new findings being identified which may start this process over.
Approval Process:
- [ ] Peer review from Container Hardening Team
......@@ -52,31 +32,6 @@ Approval Process:
- [ ] Approval request has been sent to Authorizing Official
- [ ] Approval request has been processed by Authorizing Official
Note: If the above approval process is kicked back for any reason, the `Approval` label will be removed and the issue will be sent back to `Open`. Any comments will be listed in this issue for you to address. Once they have been addressed, you may re-add the `Approval` label.
## Post Approval
### Continuous Monitoring
Once a container is approved, the `Approved` label will be applied to this issue and it will be closed. You will be able to find your applications on http://ironbank.dsop.io and https://registry1.dsop.io.
In addition to the above, your application will now be subscribed to continuous monitoring. This means that any new findings discovered as part of this will need justifications. To satisfy this process, any new findings will trigger a new Gitlab issue in this project with the label `Container::New Findings`. All members listed in the `maintainers` section of the `hardening_manifest.yaml` file will automatically be assigned. It is your responsibility as a Contributor or Vendor to monitor for this and provide justifications in a timely fashion. This newly created issue will have all the instructions necessary to complete the process. Failure to provide justifications could result in the revocation of the application's approval status.
### Updates
It is imperative that application updates be submitted as quickly as possible. We do not want applications to become stale. To help with this process, Ironbank recommends using a tool called [Renovate](https://github.com/renovatebot/renovate). This requires a `renovate.json` file to be placed in your project and can automate the creation of issues and merge requests.
If not using Renovate, it will be up to you as a Contributor or Vendor to keep this image up-to-date at all times. When you wish to submit an application update, you must create a new issue in this project using the `Application - Update` template and associate it with the corresponding merge request. If you submit a merge request alone, work will not proceed until a related issue is created. These issues are tracked using the label `Container::Update`.
Additionally, it is imperative that all updates must be followed through to completion. Simply submitting an application update but not following through on justifications and approvals does not suffice and risk your application's approval status being revoked.
### Bugs
Occassionally, users may file bug reports for your application. It is your responsibility to monitor for these since they are created inside your project repository. Assignees will automatically be populated by the `members` section of the `hardening_manifest.yaml` file and will have the label `Bug`.
/label ~"Container::Update"
\ No newline at end of file
.gitlab/issue_templates/Bug.md
View file @ 98b2779b
......@@ -33,9 +33,4 @@ logs, and code as it's very hard to read otherwise.)
- [ ] Bug has been identified and corrected within the container
/label ~Bug
\ No newline at end of file
.gitlab/issue_templates/Feature Request.md
View file @ 98b2779b
......@@ -28,9 +28,4 @@
- [ ] Feature has been implemented
/label ~Feature
\ No newline at end of file
.gitlab/issue_templates/Leadership Question.md
View file @ 98b2779b
......@@ -3,10 +3,5 @@
(Detailed description of the question you'd like to ask the leadership team)
/label ~"Question::Leadership" ~"To Do"
/cc @ironbank-notifications/leadership
\ No newline at end of file
.gitlab/issue_templates/New Findings.md
View file @ 98b2779b
......@@ -8,20 +8,12 @@ Container has new findings discovered during continuous monitoring.
Justifications:
- [ ] All findings have been justified
- [ ] Justifications have been provided to the container hardening team
- [ ] `Approval` label has been applied
Note: The justifications must be provided in a timely fashion. Failure to do so could result in new findings being identified which may start this process over.
Approval Process:
- [ ] Findings Approver has reviewed and approved all justifications
- [ ] Approval request has been sent to Authorizing Official
- [ ] Approval request has been processed by Authorizing Official
Note: If the above approval process is kicked back for any reason, the `Approval` label will be removed and the issue will be sent back to `Open`. Any comments will be listed in this issue for you to address. Once they have been addressed, you may re-add the `Approval` label.
/label ~"Container::New Findings"
\ No newline at end of file
.gitlab/issue_templates/Onboarding Question.md
View file @ 98b2779b
......@@ -3,10 +3,5 @@
(Detailed description of the question you'd like to ask the onboarding team)
/label ~"Question::Onboarding" ~"To Do"
/cc @ironbank-notifications/onboarding
\ No newline at end of file
.gitlab/issue_templates/Pipeline Failure.md
View file @ 98b2779b
......@@ -27,10 +27,4 @@
- [ ] Pipeline failure has been resolved
/label ~Pipeline
\ No newline at end of file
Dockerfile 0 → 100644
View file @ 98b2779b
ARG BASE_REGISTRY=registry1.dso.mil
ARG BASE_IMAGE=redhat/ubi/ubi8
ARG BASE_TAG=8.3
#change this for deployment!!!
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
RUN yum -y update \
&& yum clean all
#TO fix CCE-80935-0
#RUN yum -y install crypto-policies
#RUN yum -y install gnutls-utils
# for https://access.redhat.com/security/cve/CVE-2021-23240
RUN rm -rf /usr/libexec/sudo/sesh
ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz
COPY ["${CODESONAR_PACKAGE}", "/opt"]
RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt
RUN rm -rf /opt/${CODESONAR_PACKAGE}
RUN ln -s /opt/codesonar-5.4p0 /opt/codesonar
RUN useradd -ms /bin/bash codesonar
# remove some packages that are not needed
RUN rm -rf /opt/codesonar-5.4p0/third-party/julia-sarif
RUN rm -rf /opt/codesonar-5.4p0/third-party/julia-tools
RUN rm -rf /opt/codesonar-5.4p0/third-party/pmd
RUN rm -rf /opt/codesonar-5.4p0/third-party/pmd-5.0.4
RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-8.3
RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-8.4
RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.0
RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.1
RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.2
RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.3
RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.6
RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/test/*pem /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/test/*pem
RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/urllib3* /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/urllib3*
RUN rm -rf /usr/lib/python3.6/site-packages/urllib3
RUN mkdir /home/codesonar/hub \
&& chown codesonar.codesonar /home/codesonar/hub
#The following is needed as RH8 does not have libnsl.so.1
RUN ln -s /usr/lib64/libnsl.so.2 /usr/lib64/libnsl.so.1
COPY scripts/* /opt/
RUN chmod +x /opt/codesonar-exec.sh && \
chmod +x /opt/codesonar-health-check.sh
VOLUME [ /home/codesonar ]
HEALTHCHECK --interval=30s --timeout=30s --start-period=180s --retries=3 CMD /opt/codesonar-health-check.sh
#adjust some options
RUN rm /opt/codesonar/UNACCEPTED_LICENSE.txt
RUN touch /opt/codesonar/TELEMETRY_DISABLED
# CCE-82155-3
RUN echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su
RUN echo "CtrlAltDelBurstAction=none" >> /etc/systemd/system.conf
#RUN fips-mode-setup --enable
#RUN update-crypto-policies --set FIPS:OSPP
USER codesonar
WORKDIR /home/codesonar
EXPOSE 7340/tcp
CMD ["sh", "-c", "/opt/codesonar-exec.sh"]
LICENSE 0 → 100644
View file @ 98b2779b
GRAMMATECH SOFTWARE LICENSE AGREEMENT
Version 2020.4.0
UNLESS YOU HAVE ENTERED INTO A SEPARATE, DULY SIGNED LICENSE AGREEMENT WITH GRAMMATECH OR AN AUTHORIZED DISTRIBUTOR, YOU AGREE TO BE BOUND BY THE TERMS OF THIS SOFTWARE LICENSE AGREEMENT, WITHOUT EXCEPTION, BY INSTALLING, COPYING, OR OTHERWISE USING THE SOFTWARE. IF YOU DO NOT ACCEPT ALL OF THE TERMS OF THIS SOFTWARE LICENSE, YOU ARE NOT PERMITTED TO POSSESS, INSTALL, OR USE THE SOFTWARE IN ANY MANNER.
This Software License is between you, the end-user ("You") and GrammaTech, Inc. ("GrammaTech") (“Agreement” or “Software License”). "You" means the person or legal entity that has accepted this Software License. Together with the Quotation and/or Invoice document You have received from GrammaTech or from an authorized GrammaTech distributor (“Purchase Document”), it forms a legal contract between You and GrammaTech. It limits what You may do with the GrammaTech software licensed and its documentation, printed or electronic (collectively the "Software").
It does not extend to or include any parent, subsidiary, or affiliated organization or entity. If you are using the Software as an employee, your employer is the licensee and may have already accepted a version of this Software License. In all other circumstances, you are binding your employer to this Software License. If in such a case, you are not authorized to bind your employer, you are not permitted to install and/or use the Software.
What You may do with the Software under this Software License, and the applicability of certain terms thereof, depends on whether you have paid for a “Commercial License” or have been provided an “Evaluation License” by GrammaTech or an authorized GrammaTech distributor. If You have paid GrammaTech for software maintenance services, Part II (Software Maintenance Services) also applies to You.
PART I. License
1 License Granted. GrammaTech grants to You a non-exclusive, non-transferable, non-sublicensable license to use, in the form delivered, the Software, including a right to make a reasonable number of copies of the Software only for backup and recovery purposes, for the term, as set forth herein, or until terminated:
1.1 Commercial License
1.1.1 to analyze Your source or binary code for the purpose of assessing, correcting, or improving Your code; or
1.1.2 if the purchased license includes and authorizes the capability to do so, then to use the Software to modify Your source or binary code for internal use only, as part of Your development and testing processes, and not for use in production environments or for distribution.
1.1.2.1 Use of the functionality referenced in subsection 1.1.2 may add to, modify, and/or delete portions of the binary code to which it is applied and is not intended for use in production environments or distribution. GRAMMATECH SHALL NOT BE LIABLE IN ANY INSTANCE FOR DAMAGES IN ANY FORM FOR USE OF THE FUNCTIONALITY REFERENCED IN SUBSECTION 1.1.2 IN PRODUCTION ENVIRONMENTS AND YOU SHALL INDEMNIFY, WITHOUT LIMIT, GRAMMATECH FROM ANY AND ALL CLAIMS, DAMAGES, AND LIABILITY RESULTING FROM YOUR USE THEREIN.
1.2 Evaluation License
1.2.1 to assess the feasibility and utility of applying the Software to Your source and/or binary code for a potential purchase of the Software. Any output produced during such evaluation shall not be used in connection with development or production of any software, nor retained after the termination of the Evaluation License.
2 Limitations on Software Use. You may not:
2.1 rent, lease, sell, lend, license, transfer, or otherwise permit any person or entity other than You to use the Software in any manner;
2.2 disclose Software output, including, but not limited to, the results of any benchmark test of the Software, or Software documentation to any third party without GrammaTech’s prior written approval;
2.2.1 Notwithstanding subsection 2.2 and without limiting any other term of the Agreement, You may provide access to the Software, Software output, and Software documentation to third-parties requiring access to the Software, Software output, or Software documentation (“Authorized Parties”) that are legally obligated to strictly comply with the terms of this Agreement, including confidentiality obligations and applicable export controls, solely for Your benefit, provided that: (i) You are responsible for all acts and omissions of the Authorized Parties with respect to the Software licensed under this Agreement, including, but not limited to any breach thereby and indemnification of GrammaTech, without limit, including, but not limited to any reasonable attorneys fees as they are incurred, with respect to any and all claims arising from or related to the Authorized Parties’ use or access to the Software, Software output, or Software documentation; and (ii) You ensure that the Software, Software output, and Software documentation is completely retrieved from any Authorized Parties immediately upon the earlier of the completion of the term of the Agreement or the completion of the Authorized Parties’ services on Your behalf or need for the access permitted under this subsection.
2.3 use the Software as part of a service business in which You review the code of third parties;
2.4 make any copy of the Software or Software output without including the copyright or any other intellectual property notices and any other restrictive legends contained in the Software as it was furnished to You by GrammaTech or produced by the Software.
2.5 reverse engineer, decompile, disassemble, decipher, modify, create derivative works from the Software, or attempt to do any of the following: (i) retarget the Software for other source languages or instruction set architectures; (ii) use the Software to implement a compiler (direct translation to machine code); or (iii) circumvent or any manner interfere with the operation of any license management functionality or configuration of the Software, including, but not limited to license keys.
3 Use of Confidential Information.
3.1 During the term of this Software License, You may disclose Confidential Information to GrammaTech and GrammaTech may disclose Confidential Information to You.
3.2 "Confidential Information" means any and all technical and non-technical information or know-how of a proprietary, confidential, or trade secret nature owned by a disclosing party, in whatever form, including but not limited to, techniques, sketches, drawings, models, inventions, processes, apparatus, equipment, algorithms, software programs, software source documents, manuals and documentation related to the software programs, license keys or passwords, methods and concepts embodied in such software, and formulae related to current and future proposed products and services of each of the parties, including, without limitation, information concerning research, experimental work, development, design details and specifications, engineering, pricing, including that contained in any quotation or invoice, financial information, procurement requirements, purchasing, manufacturing, customer lists, business forecasts, sales and merchandising, marketing plans, regardless of whether it has been marked or designated as confidential and, in addition, any other information not covered by one of the aforementioned categories that is designated as proprietary, confidential, or trade secret, that is disclosed to the receiving party in any form, including, but not limited to in writing, electronically, visually, or orally. Software and Software output are included in the definition of Confidential Information.
3.3 Confidential Information does not include that which: (i) is, at the time of disclosure, available to the public, or subsequently becomes available to the general public without restriction by the disclosing party; (ii) the recipient can demonstrate was known to the recipient at the time of disclosure without restrictions on its use; (iii) is independently developed by the recipient without reference to or use of the Confidential Information; (iv) is disclosed without restriction to the recipient from a source other than the disclosing party who is not under any obligation of confidentiality with respect to such information; or (v) disclosing party notifies recipient in writing that it may disclose.
3.4 Except as otherwise permitted herein, neither You nor GrammaTech will disclose Confidential Information of the other to any third party. The recipient of Confidential Information shall not use Confidential Information except as necessary to exercise the rights granted herein or to evaluate opportunities to license additional Software. The receiving party agrees not to disclose the Confidential Information of the disclosing party to any person or entity, except to the receiving party’s employees or Authorized Parties who have signed a confidentiality agreement or are otherwise obligated to maintain the confidentiality of the Confidential Information in a manner at least as restrictive as the terms in this Software License. The receiving party agrees that it shall treat the Confidential Information of the disclosing party with the same degree of care as it accords to its own Confidential Information, but no less than reasonable care.
3.5 You shall not use or disclose GrammaTech’s Confidential Information and/or the Software, in whole or in part, to produce or have produced for You products similar to, derived from, or a replacement for the Software.
3.6 The recipient of Confidential Information is permitted to disclose only such portion of the Confidential Information under any governmental or judicial order, provided that the party so ordered shall and has promptly notified the disclosing party sufficiently in advance of the disclosure, if not prohibited from doing so by said order, so that the disclosing party has the opportunity to protect the Confidential Information with a confidentiality order or other treatment prior to the disclosure. Notwithstanding disclosure as permitted in this subsection, the disclosing party’s Confidential Information shall remain Confidential Information to the extent not entered into the public record.
3.7 You agree that GrammaTech and its affiliates may collect and use technical information gathered as part of the product support services provided to You, if any, related to the Software. The Software also includes functionality that collects a limited set of general Software usage information and sends it to GrammaTech to be used for improvement of the product and customer support purposes. The information collected includes, but is not limited to, the operating system on which the Software is running, compiler information, and counts of pre-selected events. This functionality is turned off by default and requires affirmative opt in at the time of installation of the Software. The functionality is NOT designed to collect personally identifiable or sensitive information, including, but not limited to, information about the code being analyzed, company or user names, customizations that may have been made to Your installation. GrammaTech, without any form of remuneration, may use, for any purpose in perpetuity, this information, including, but not limited to, suggested functionality or features, to improve its products and/or to provide customized services or technologies to You and will not disclose this information in a form that identifies You or any of Your Confidential Information.
4 Term and Termination.
4.1 Unless otherwise specified, including, but not limited to, in a separate signed agreement, the term of this Software License begins when you have downloaded the Software and accepted the terms hereof. The Software License may be renewed for a period, agreed upon by You and GrammaTech, by Your payment of an Invoice, within thirty (30) days of issuance by GrammaTech to You, referencing the Software License. Any inconsistent and/or additional terms contained within any document You provide to GrammaTech related to such renewal shall be of no effect.
4.2 Unless otherwise specified, this Software License shall automatically terminate: (i) if GrammaTech has not received full payment for the license within the agreed-upon credit period (if no period is specified such period shall be thirty (30) days); (ii) upon the expiration of the Software license key provided to You by GrammaTech; or (iii) You become insolvent or make an assignment for the benefit of creditors, or a trustee or receiver is appointed for You or for a substantial part of Your assets, or bankruptcy, reorganization or insolvency proceedings shall be instituted by or against You. This Software License is not assignable or assumable. If no Software license key has been provided, You are not permitted to use the Software in any manner.
4.3 Without prejudice to any other rights, GrammaTech reserves the right to terminate an Evaluation License at any time and may terminate a Commercial License at any time if You fail to comply with any provision of the Software License.
4.4 Upon termination of this Software License, for any reason, (i) You and Authorized Parties are no longer authorized to use the Software, or any derivative of the Software, in any manner whatsoever, and (ii) You agree to cease using the Software and to destroy or erase all copies, portions, extracts, or modifications of the Software, including Software documentation, in Your possession, custody, or control and that of any Authorized Parties.
4.5 Upon termination of Your license, for any reason other than the expiration of a Commercial License time-limited Term (e.g., one year), (i) You and Authorized Parties are no longer authorized to use the Software output in any manner whatsoever, and (ii) You agree to cease using the Software output and to destroy or erase all copies, extracts and modifications of it in Your possession, custody, or control and that of any Authorized Parties. Upon the termination of Your Commercial License by expiration of a time-limited Term, You may retain and use the Software output.
4.6 Notwithstanding the termination of this Software License, sections 2, 3, 4.4, 4.5, and 5-17 shall survive termination of this Software License.
5 Ownership/Proprietary Rights. You acknowledge and agree that:
5.1 GrammaTech and, as applicable, GrammaTech’s suppliers and licensors, reserve all rights in the Software not expressly granted to You in this Software License. The Software is licensed, not sold, and remains the exclusive property of GrammaTech and, as applicable, its suppliers and licensors who retain the title, copyright, and all other intellectual property rights in the Software. This Software License gives You no rights to the content of the Software;
5.2 The Software is protected by copyright and other intellectual property laws and treaties, including but not limited to those of the United States of America. You will abide by the copyright law and all other applicable laws of the United States including, but not limited to, export control laws;
5.3 The Software in source code form remains a confidential trade secret of GrammaTech and, as applicable, its suppliers and its licensors and, therefore, You will not modify the Software or attempt to decipher, decompile, disassemble, or reverse engineer the Software, except to the extent applicable laws may specifically prohibit such restriction;
5.4 CodeSonar®, CodeSurfer®, CodeSentry® are registered trademarks of GrammaTech;
5.5 Unless You have purchased Software Maintenance Services, GrammaTech has no obligation to maintain the Software, and if it chooses to maintain the Software it has no obligation to You related thereto. Notwithstanding, GrammaTech has no obligation to maintain versions of the Software that have reached the end of lifecycle, as determined by GrammaTech;
5.6 You represent and warrant that You have the right, title, or grant of license to analyze, modify, and/or use the Software in conjunction with the source and/or binary code to which You apply the Software. You shall defend, indemnify, and hold GrammaTech, its officers, directors, employees, licensors, and suppliers harmless from any and all claims, suits, damages, costs, and expenses, including reasonable attorneys fees as they are incurred, that You do not have the right, title, or license to use the Software as warranted by You. GrammaTech will provide (i) a prompt written request for indemnification or defense; (ii) sole control and authority over the defense or settlement thereof; and (iii) at Your expense, all available information, assistance and authority reasonably necessary to settle and/or defend any such claim or action. You shall have no authority to enter into or acquiesce to any settlement containing any admission of or stipulation to any guilt, fault, liability or wrongdoing on the part of GrammaTech or which would otherwise adversely affect GrammaTech without GrammaTech’s prior written consent; and
5.7 The Software may contain third-party software provided under separate license terms, including, but not limited to open source software. The applicable license terms associated with such are identified in the Software Documentation and can also be provided upon request within a reasonable period of time thereafter. Your use of such third-party software in conjunction with the Software in a manner consistent with the terms of this Software License is permitted. However, you may have broader rights under the applicable license(s) with respect to the separate use of such third-party software and nothing in this Software License is intended to impose further restrictions on your use of such third-party software as provided for in the separate license. ALL THIRD-PARTY SOFTWARE, INCLUDING, BUT NOT LIMITED TO OPEN SOURCE SOFTWARE IS PROVIDED “AS-IS” AND WITHOUT WARRANTY OF ANY KIND, WHICH ARE HEREBY DISCLAIMED BY GRAMMATECH AND ALL LICENSORS OF THIRD-PARTY SOFTWARE, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ANY WARRANTIES RELATING TO THE RELIABILITY, AVAILABILITY, LACK OF VIRUSES OR OTHER MALWARE, LACK OF NEGLIGENCE, CONDITION OF TITLE, QUIET TITLE OR POSSESSION, CORRESPONDENCE TO DESCRIPTION, OR NON-INFRINGEMENT. GRAMMATECH AND THE LICENSORS OF THIRD-PARTY SOFTWARE SHALL HAVE NO LIABILITY FOR DAMAGES OF ANY KIND, INCLUDING, BUT NOT LIMITED TO DIRECT, INDIRECT, LOST PROFITS, LOST DATA, PUNITIVE, SPECIAL, CONSEQUENTIAL, OR SIMILAR DAMAGES UNDER ANY THEORY OF LIABILITY ARISING OR RELATED TO THE USE OF DISCLOSURE OF THIRD-PARTY SOFTWARE.
6 Warranties and Disclaimers.
6.1 GrammaTech makes no representations about the suitability of the Software or about any content, information, or output made accessible by the Software, including modifications to Your source or binary code, for any purpose. GrammaTech does not warrant that operation of the Software will be uninterrupted or error free, or that functions contained in the Software shall operate in the combination that You may select or meet Your requirements. GrammaTech is not responsible for problems caused by changes in the operating characteristics of computer hardware or computer operating systems that are made after the release of the Software or by use of the Software or for problems in the interaction of the Software with non-GrammaTech software. This Software License does not change Your rights, if any, under applicable mandatory local law. The Software shall be deemed accepted upon delivery to You.
6.2 Provisions Applicable Only to Commercial Licenses.
6.2.1 If You have paid GrammaTech for a Commercial License, GrammaTech warrants to You and to You only, that for the first thirty (30) days following Your downloading of the Software or until the Software is modified by You, whichever period is shorter, the Software will perform substantially the functions described in the Software documentation. Your sole remedy under the warranty during the thirty (30) day period is that GrammaTech will undertake to correct within a reasonable period of time, as determined by GrammaTech, any reported failure of the Software to perform substantially the functions described in the documentation ("Software Error") and correct errors in the documentation (“Documentation Error”) (collectively “Errors”). GrammaTech does not warrant that all Software Errors will be corrected. If, within the above noted period, GrammaTech is unable to provide corrected Software or corrected documentation, GrammaTech will, at its sole and exclusive option, either replace the Software with a functionally-equivalent program at no charge to You or refund the license fee paid for the Software. AS TO ANY ERRORS DISCOVERED AFTER THE THIRTY (30) DAY PERIOD, THERE IS NO WARRANTY OR CONDITION OF ANY KIND.
6.2.2 THE ABOVE WARRANTIES ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GRAMMATECH AND, IF ANY, ITS SUPPLIERS AND/OR LICENSORS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES RELATING TO THE RELIABILITY, AVAILABILITY, ACCURACY OR COMPLETENESS OF RESULTS, WORKMANLIKE EFFORT, LACK OF VIRUSES OR OTHER MALWARE, LACK OF NEGLIGENCE, CONDITION OF TITLE, QUIET TITLE OR POSSESSION, CORRESPONDENCE TO DESCRIPTION, OR NON-INFRINGEMENT. NO ORAL OR WRITTEN INFORMATION OR REPRESENTATION GIVEN BY GRAMMATECH’S EMPLOYEES, DISTRIBUTORS, DEALERS, OR AGENTS SHALL INCREASE THE SCOPE OF THE ABOVE WARRANTIES OR CREATE ANY NEW WARRANTIES.
6.2.3 IN THE EVENT THAT MANDATORY APPLICABLE LOCAL LAW PROHIBITS THE EXCLUSION OF IMPLIED WARRANTIES, ANY IMPLIED WARRANTIES ARE LIMITED IN DURATION TO THE LESSER OF THIRTY (30) DAYS FROM THE DATE OF DOWNLOAD OF THE SOFTWARE OR THE MINIMUM PERIOD OF TIME PERMITTED BY SUCH APPLICABLE LAW.
6.2.4 REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL GRAMMATECH BE LIABLE TO YOU FOR ANY PUNITIVE, SPECIAL, CONSEQUENTIAL, INDIRECT OR SIMILAR DAMAGES, INCLUDING, BUT NOT LIMITED TO, ANY LOST PROFITS OR LOST DATA, ARISING OUT OF OR RELATED TO ANY ALLEGED BREACH OF THIS AGREEMENT AND/OR THE USE OR INABILITY TO USE THE SOFTWARE OR ANY DATA SUPPLIED THEREWITH, EVEN IF GRAMMATECH OR ANYONE ELSE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH CLAIM OR DAMAGES, INCLUDING BUT NOT LIMITED TO IN THE EVENT OF FAULT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, OR STRICT LIABILITY, OR FOR ANY CLAIM BY ANY OTHER PARTY, INCLUDING THIRD-PARTIES. GRAMMATECH’S SUPPLIERS AND LICENSORS, IF ANY, DISCLAIM ALL LIABILITY TO YOU OR ANY THIRD-PARTY FOR DAMAGES OF ANY KIND FOR ANY AND ALL CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT OR THE USE OF THE SOFTWARE.
6.2.5 IN THE EVENT THAT MANDATORY APPLICABLE LOCAL LAW PROHIBITS THE LIMITATION OR EXCLUSION OF LIABILITY FOR DAMAGES, INCLUDING BUT NOT LIMITED TO, INCIDENTAL OR CONSEQUENTIAL DAMAGES, GRAMMATECH'S, AND ITS SUPPLIERS’ AND/OR LICENSORS’, IF ANY, LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES SHALL BE THE LOWER OF ONE THOUSAND DOLLARS ($1,000.00) OR THE MINIMUM PERMITTED BY LAW.
6.2.6 IN NO CASE SHALL GRAMMATECH’S, ITS SUPPLIER’S, AND/OR LICENSOR’S AGGREGATE LIABILITY FOR ANY CLAIM OR ANY TYPE OF DAMAGES EXCEED THE LESSER OF THE PRICE ACTUALLY PAID BY YOU TO GRAMMATECH FOR THE SOFTWARE LICENSE GIVING RISE TO THE CLAIM OR TWO THOUSAND DOLLARS ($2,000.00).
6.3 Provisions Applicable Only to Evaluation Licenses.
6.3.1 THE SOFTWARE IS PROVIDED ‘AS IS’ AND ‘WITH ALL FAULTS.’ GRAMMATECH, ITS SUPPLIERS, AND LICENSORS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ANY WARRANTIES RELATING TO THE RELIABILITY, AVAILABILITY, ACCURACY OR COMPLETENESS OF RESULTS, WORKMANLIKE EFFORT, LACK OF VIRUSES OR OTHER MALWARE, LACK OF NEGLIGENCE, CONDITION OF TITLE, QUIET TITLE OR POSSESSION, CORRESPONDENCE TO DESCRIPTION, OR NON-INFRINGEMENT. NO ORAL OR WRITTEN INFORMATION OR REPRESENTATION GIVEN BY GRAMMATECH’S EMPLOYEES, DISTRIBUTORS, DEALERS, OR AGENTS SHALL INCREASE THE SCOPE OF THE ABOVE WARRANTIES OR CREATE ANY NEW WARRANTIES.
6.3.2 IN NO CASE SHALL GRAMMATECH, ITS SUPPLIERS, OR ITS LICENSORS BE LIABILE TO YOU, YOUR EMPLOYER, OR TO ANY THIRD-PARTY FOR DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO PUNITIVE, SPECIAL, CONSEQUENTIAL, INDIRECT OR SIMILAR DAMAGES, INCLUDING, BUT NOT LIMITED TO, ANY LOST PROFITS OR LOST DATA, ARISING OUT OF OR RELATED TO ANY ALLEGED BREACH OF THIS AGREEMENT AND/OR THE USE OR INABILITY TO USE THE SOFTWARE OR ANY DATA SUPPLIED THEREWITH, EVEN IF GRAMMATECH OR ANYONE ELSE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH CLAIM OR DAMAGES, INCLUDING BUT NOT LIMITED TO IN THE EVENT OF FAULT, TORT (INCLUDING NEGLIGENCE), MISREPRESENTATION, OR STRICT LIABILITY, OR FOR ANY CLAIM BY ANY OTHER PARTY, INCLUDING THIRD-PARTIES.
7 United States Government License Rights. The Software is “Commercial Computer Software” as defined in DFARS 252.227-7014 and, pursuant to DFAR 227.7202, licensed to the U.S. Government under terms customarily provided to the public. If DFAR is not applicable and to the extent not inconsistent with the terms of this Software License, use, disclosure, or duplication is subject to the restrictions enumerated in FAR 52.227-19(b)(2). Any use, modification, reproduction, or disclosure of the Software by the U.S. Government shall be solely in accordance with the terms of this Software License. The manufacturer is GrammaTech, Inc., 531 Esty Street, Ithaca, NY 14850.
8 Export. You may not download, use, or otherwise export or re-export the Software or any underlying information or technology except in full compliance with all United States and other applicable laws and regulations, including but not limited to those dealing with nuclear, chemical, or biological weapons proliferation. These laws include, among other things, restrictions on import/export destinations, end-users, and end-use. In particular, but without limitation, none of the Software or underlying information or technology may be downloaded or otherwise exported or re-exported (i) into Embargoed Countries/Area Controlled List Countries (ii) to anyone on the US Treasury Department’s list of Specially Designated Nationals or the US Commerce Department's Table of Deny Orders, or (iii) to the People’s Republic of China for a use that is in whole or in part a military use including the use, development or production of military items, as prohibited by US Export Administration Regulations section 744.21. By downloading or possessing the Software, You are agreeing to the foregoing and You are representing and warranting that You are not located in, under control of, or a national or resident of any such country or on any such list.
9 Rights Reserved by GrammaTech. Except as otherwise provided herein, GrammaTech reserves the right to:
9.1 alter the general availability of the Software; and
9.2 alter prices, features, specifications, capabilities, functions, licensing terms for subsequent purchases, releases, or updates, release dates, or other characteristics of the Software.
10 Additional Software/Services. This Software License applies to updates, supplements, add-on components, Error Corrections, or upgrades to later versions of the Software that GrammaTech may provide to You or make available after the date You obtain Your initial copy of the Software, unless GrammaTech provides other terms along with the update, supplement, add-on component, Error Corrections, or upgrade, in which case, the provided Software License terms shall apply.
11 Usage Audit. You agree to provide GrammaTech with written certification providing Software usage information as requested by GrammaTech and confirming that, during the term of the Software License, the Software is being used in accordance with the terms of this Agreement. Upon at least thirty (30) days prior written notice, GrammaTech, at its expense, may audit Your use of the Software to ensure that You are in compliance with the terms of this Agreement. Any such audit will be conducted during regular business hours, by GrammaTech or its appointed representative, at Your facilities. You agree to provide the auditor with access to the relevant records, equipment, and facilities to perform the audit. If an audit reveals that you have underpaid fees to GrammaTech during the period audited, exceeded Software usage limitations, and/or otherwise engaged in conduct resulting in an underpayment, You shall promptly pay GrammaTech, as invoiced, for such fees based on GrammaTech’s price list in effect at the time the audit is completed. If the fees invoiced as a result of the audit exceed five percent (5%) of the license fees paid by You for the Software, then you will also pay any and all costs and expenses arising from or relating to the audit, including reasonable attorneys fees if collection action is undertaken.
12 Applicable Law/Venue. The validity, construction, and performance of this Software License will be governed by the law of the State of New York, as if this license were executed in, and to be fully performed within, the State of New York, and without regard to its principles of conflicts of laws. The parties expressly agree that the Uniform Commercial Code (UCC), the United Nations Convention on Contracts for the International Sale of Goods (UNCISG), and the Uniform Computer Information Transactions Act (UCITA), including any version of UCITA adopted by a state, shall not apply. Any legal action or proceeding arising from and/or related to this Software License shall be brought exclusively in the federal and/or state court of New York that is geographically closest to GrammaTech’s Ithaca, NY offices. You and GrammaTech expressly consent to the personal jurisdiction and exclusive venue therein.
13 Non-Exclusive Remedy. Except as set forth herein, the exercise by either party of any of its remedies will be without prejudice to any other remedies provided herein or otherwise available at law or in equity. The breach or threatened breach of this Software License may result in irreparable harm to GrammaTech and impair its value in such a way that is difficult or impossible to calculate. Therefore, You acknowledge and agree that GrammaTech is entitled to seek, in addition to any other remedy provided for at law, equitable relief to protect its interests, without the necessity of posting bond or surety, including, but not limited to, injunctive relief, as well as money damages.
14 Assignment. This Software License is personal to You and is not assignable or transferable by You without the express prior written consent of GrammaTech, which shall be provided at the sole discretion of GrammaTech. GrammaTech may assign this Software License at its sole discretion.
15 Amendment/Waiver. This Software License may not be amended or modified, or any provision of it waived, except by a written instrument signed by an authorized representative of GrammaTech.
16 Severability. If any provision of this Software License is held by a court of competent jurisdiction to be contrary to law, the remaining provisions will remain in full force and effect. In the event of invalidity, the parties further agree to substitute for the invalid provision a valid provision which most closely resembles the intent of the invalid provision.
17 Entire Agreement. Except as otherwise provided herein, the provisions of this Software License and Purchase Documents constitute the entire agreement between the parties and supersede all prior agreements, oral or written, and all other communications relating to the subject matter hereof. If the terms of any invoice or other document provided by You to GrammaTech in connection with Your license of the Software includes different or additional terms from this Software License and/or Purchase Documents, the provisions of this Software License and Purchase Documents shall prevail and such inconsistent and/or additional terms shall have no effect.
PART II Software Maintenance Services
If, but only if, You have purchased a license for the Software and paid GrammaTech for software maintenance services as shown on the GrammaTech Quotation document or Invoice, the following additional terms and conditions (collectively referred to as "Maintenance") shall apply. GrammaTech shall have no obligation to maintain the Software unless You have paid for Maintenance as a separate purchase or as may have otherwise been required by the type of license purchased by You.
18 During the period for which Maintenance has been purchased and paid for in full:
18.1 GrammaTech will undertake to correct within a reasonable period of time, as determined by GrammaTech, any reported Software Error(s) and Documentation Error(s).
18.2 Errors should be reported in writing to GrammaTech. Such reports should contain a complete description of all aspects of the malfunction. GrammaTech support engineers will evaluate such reports and, if necessary, will consult with GrammaTech's product specialists to attempt to identify and resolve the issue. GrammaTech will respond with a fix, a work-around, or an estimate of the time necessary to resolve the reported Error. GrammaTech shall be obligated to respond only to reports concerning failure of the Software to perform in conformance with documented functionality. GrammaTech shall not be obligated to respond to reports that, as determined by GrammaTech, are related to design work or to the implementation of the Software or are "consulting" in nature.
18.3 GrammaTech shall provide You, as they are made available for licensing to the public, (a) such software modifications or additions that, when made or added to the Software, establish material conformity of the Software to the functional specifications identified in the Software documentation, and (b) any procedures or routines that, when observed in the regular operation of the Software, eliminate the practical adverse effect on You of any such nonconformity ((a) and (b) are collectively "Error Corrections").
18.4 GrammaTech shall provide to You, as they are made available for licensing to the public, such minor software modifications or additions that, when made or added to the Software, will materially improve its utility, efficiency, functional capability or application, but which do not constitute a new version of the Software (such minor modifications collectively referred to herein as "Enhancements"). At GrammaTech's option, GrammaTech may also include, as Enhancements, major modifications that are made generally available without charge to its other customers.
19 GrammaTech's obligation to provide Maintenance is contingent upon Your proper use of the Software as described in the Software Documentation. GrammaTech shall be under no obligation to provide Maintenance if such service is required, in GrammaTech's opinion, as a result of (a) Your failure to maintain the Software at GrammaTech's most recent release level, (b) Your failure to maintain site conditions within the environmental operating range specified by GrammaTech, (c) failure of the Software due to improper use, abuse, accident or neglect, (d) alterations, modifications, or attempts to repair the Software made without GrammaTech's consent, or (e) causes external to the Software, including but not limited to, failure or fluctuations in electrical power, inadequate cooling or natural disasters.
20 To the extent that GrammaTech may provide You with any Error Corrections, Updates, Upgrades, or any other software, including any new versions of the licensed Software, all such software shall constitute Software as defined by this Software License and shall be subject to all of the terms and conditions specified in Part I of this Software License, as well as Part II if Maintenance has been purchased. Use of any Software, including subsequent versions or modifications, licensed to You is limited to the number of licensing units; e.g., lines of code, in any combination between the versions, and remaining time for which You have paid.
README.md
View file @ 98b2779b
# <application name>
## CodeSonar 5.4p0
This is a default image that provides the CodeSonar Hub service. Data volumes can
be mounted such that data persists. A license from GrammaTech is required to be
able to use the hub and provide scans. Contact sales@grammatech.com for access
to a license.
## Build the Image
Build the image using the standard
`docker build -t codesonar-hub .`
## Running the Container
Suggested use is to run the container using:
`docker volume create hub`
`docker network create --driver bridge net `
`docker run -d --name hub -p 8080:7340 -v hub:/home/codesonar/hub --network net codesonar-hub`
This will put all data in the hub volume and route localhost:8080 to the hub and
connect the container to network net such that scanners can connect to it.
The hub will have default password for the `Administrator account` set to
`HubSecretPasswd` at creation-time, which can be changed by
`--build-arg HUB_DEFAULT_PWD=YourOwnSecretPWD` during the container build step.
Please change the default password after initial hub creation. This is also the
time to install the run-time license.
## Shutdown
Recommended to shutdown the container through
`http://[host]:[port]/command/shutdown` before terminating the container
## Resources
CPU Min/Recommended 2/8+<br>
RAM Min/Recommended/Max 2G/8G/Unlimited
## Ports
Application is using port 7340
Project template for all Iron Bank container repositories.
\ No newline at end of file
hardening_manifest.yaml 0 → 100644
View file @ 98b2779b
---
apiVersion: v1
# The repository name in registry1, excluding /ironbank/
name: "grammatech/codesonar/codesonar-hub"
# List of tags to push for the repository in registry1
# The most specific version should be the first tag and will be shown
# on ironbank.dso.mil
tags:
- "1.0.0"
- "latest"
# Build args passed to Dockerfile ARGs
args:
BASE_IMAGE: "redhat/ubi/ubi8"
BASE_TAG: "8.3"
# Docker image labels
labels:
org.opencontainers.image.title: "codesonar-hub"
org.opencontainers.image.description: "CodeSonar Hub Container"
org.opencontainers.image.licenses: "GrammaTech Commercial License"
org.opencontainers.image.url: "http://support.grammatech.com/"
org.opencontainers.image.vendor: "GrammaTech"
org.opencontainers.image.version: "5.4"
mil.dso.ironbank.image.keywords: "GrammaTech, CodeSonar, SAST, CI/CD"
mil.dso.ironbank.image.type: "commercial"
mil.dso.ironbank.product.name: "CodeSonar"
# List of resources to make available to the offline build context
resources:
- url: "https://download.grammatech.com/diracc2011/codesonar-5.4/codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz"
filename: "codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
validation:
type: "sha256" # supported: sha256, sha512
value: "1d0d47a2a5cde4e88d04397bcdb107188b6e999b3a2ccde5b4dddb05677b83be" # must be lowercase
auth:
type: basic
id: grammatech
# List of project maintainers
maintainers:
- email: "mhermeling@grammatech.com"
# The name of the current container owner
name: "Mark Hermeling"
# The gitlab username of the current container owner
username: "markhermeling"
scripts/codesonar-exec.sh 0 → 100644
View file @ 98b2779b
#!/bin/sh
if test -f "/home/codesonar/hub/hubpwd"; then
echo "Starting hub in /home/codesonar/hub with existing pwd"
/opt/codesonar/codesonar/bin/codesonar hub-start /home/codesonar/hub 0.0.0.0:7340
else
HUB_DEFAULT_PWD=$(date +%s | base64 | head -c 32)
echo "${HUB_DEFAULT_PWD}" > /home/codesonar/hub/hubpwd
chmod 600 /home/codesonar/hub/hubpwd
echo "Starting hub with new hub password: ${HUB_DEFAULT_PWD}"
echo -e "${HUB_DEFAULT_PWD}\n${HUB_DEFAULT_PWD}\n" | /opt/codesonar/codesonar/bin/codesonar hub-start /home/codesonar/hub 0.0.0.0:7340
fi
echo "Hub started..."
while [ 1 ]
do
echo "Hub running"
sleep 60
done
scripts/codesonar-health-check.sh 0 → 100644
View file @ 98b2779b
#!/bin/sh
curl -s http://codesonar:7340 -o /dev/null 2>&1
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED