diff --git a/Dockerfile b/Dockerfile index 4703d77ad8ed5eaffed54c504d17a1a24e26892d..41ca99318a163e22a6dfc7814223af8ce7c7f06d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,26 +3,19 @@ ARG BASE_IMAGE=redhat/ubi/ubi8 ARG BASE_TAG=8.3 - #change this for deployment!!! - FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - - RUN yum -y update \ - && yum clean all + && yum clean all - - -#TO fix CCE-80935-0 -#RUN yum -y install crypto-policies -#RUN yum -y install gnutls-utils +#TODO fix CCE-80935-0 +# RUN yum -y install crypto-policies +# RUN yum -y install gnutls-utils # for https://access.redhat.com/security/cve/CVE-2021-23240 RUN rm -rf /usr/libexec/sudo/sesh - -ARG CODESONAR_PACKAGE=codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz +ARG CODESONAR_PACKAGE=codesonar-latest-x86_64-pc-linux.tar.gz ARG CODESONAR_HOME=/opt/codesonar-6.1p0 COPY ["${CODESONAR_PACKAGE}", "/opt"] RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt @@ -45,7 +38,6 @@ RUN rm -rf ${CODESONAR_HOME}/csurf/lib/codesonarj-runtimes/androidAPI23/android- RUN rm -rf ${CODESONAR_HOME}/third-party/python/inst/lib/python3.9/site-packages/urllib3* ${CODESONAR_HOME}/third-party/python/instmt/lib/python3.9/site-packages/urllib3* - #Remove unused certs RUN rm -rf /opt/codesonar-6.1p0/third-party/python/inst/lib/python3.9/test RUN rm -rf /opt/codesonar-6.1p0/third-party/python/instmt/lib/python3.9/test @@ -54,7 +46,6 @@ RUN rm /opt/codesonar-6.1p0/third-party/python/inst/lib/python3.9/site-packages/ RUN rm /opt/codesonar-6.1p0/third-party/python/instmt/lib/python3.9/site-packages/slapdtest/certs/client.key RUN rm /opt/codesonar-6.1p0/third-party/python/instmt/lib/python3.9/site-packages/slapdtest/certs/server.key - RUN mkdir /home/codesonar/hub \ && chown codesonar.codesonar /home/codesonar/hub @@ -69,14 +60,10 @@ VOLUME /home/codesonar HEALTHCHECK --interval=30s --timeout=30s --start-period=180s --retries=3 CMD /opt/codesonar-health-check.sh - #adjust some options RUN rm /opt/codesonar/UNACCEPTED_LICENSE.txt RUN touch /opt/codesonar/TELEMETRY_DISABLED - - - USER codesonar WORKDIR /home/codesonar diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 0675b55c039fb9474618bc731bc95f56bde20d21..fd47c4929be1e95bd531fb32e5c040ab7774074b 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -30,20 +30,20 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://download.grammatech.com/diracc2011/codesonar-6.1/codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz" - filename: "codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context + - url: "https://download.grammatech.com/diracc2011/codesonar-latest-x86_64-pc-linux.tar.gz" + filename: "codesonar-latest-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context validation: type: "sha256" # supported: sha256, sha512 - value: "c6fe558a91b460a7ed3377a23bf98ce12f2c1c72b1519835859ceefbb295ffc8" # must be lowercase + value: "75b774522858c94ad7e10e0dc03d3f3bf23fae0c11e84c6861a5dd3f8f5d00b5" # must be lowercase auth: type: basic id: grammatech # List of project maintainers maintainers: -- email: "mhermeling@grammatech.com" +- email: "nchadwick@grammatech.com" # The name of the current container owner - name: "Mark Hermeling" + name: "Nathan Chadwick" # The gitlab username of the current container owner - username: "markhermeling" + username: "nchadwick"