Merge branch 'development' into 'master'

Development See merge request !28

Merge branch 'development' into 'master'
Development See merge request !28
d56fc3ec · Al Fontaine · 98b2779b · fbbc83d4 · d56fc3ec · d56fc3ec
Commit d56fc3ec authored Aug 18, 2021 by Al Fontaine
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 35 deletions

Dockerfile Dockerfile +23 -23

README.md README.md +1 -6

hardening_manifest.yaml hardening_manifest.yaml +6 -6

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,33 +22,37 @@ RUN yum -y update \
 RUN rm -rf /usr/libexec/sudo/sesh 
-ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz
+ARG CODESONAR_PACKAGE=codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz  
+ARG CODESONAR_HOME=/opt/codesonar-6.1p0
 COPY ["${CODESONAR_PACKAGE}", "/opt"]
 RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt
 RUN rm -rf /opt/${CODESONAR_PACKAGE}
-RUN ln -s /opt/codesonar-5.4p0 /opt/codesonar
+RUN ln -s ${CODESONAR_HOME} /opt/codesonar
 RUN useradd -ms /bin/bash codesonar
-# remove some packages that are not needed
+# Remove older software versions no longer needed
-RUN rm -rf /opt/codesonar-5.4p0/third-party/julia-sarif
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-8.3
-RUN rm -rf /opt/codesonar-5.4p0/third-party/julia-tools
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-8.4
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.0
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.1
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.2
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.3
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.6
-RUN rm -rf /opt/codesonar-5.4p0/third-party/pmd
+RUN rm -rf ${CODESONAR_HOME}/csonar-eclipse/com.grammatech.codesonar.jar
-RUN rm -rf /opt/codesonar-5.4p0/third-party/pmd-5.0.4
+RUN rm -rf ${CODESONAR_HOME}/csonar-eclipse/eclipse_tests/CodeSonarTest_1.0.0.jar
+RUN rm -rf ${CODESONAR_HOME}/csurf/lib/codesonarj-runtimes/androidAPI23/android-6.0.1_r1.jar
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-8.3
+RUN rm -rf ${CODESONAR_HOME}/third-party/python/inst/lib/python3.9/site-packages/urllib3* ${CODESONAR_HOME}/third-party/python/instmt/lib/python3.9/site-packages/urllib3*
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-8.4
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.0
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.1
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.2
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.3
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.6
-RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/test/*pem /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/test/*pem
+#Remove unused certs
-RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/urllib3* /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/urllib3*
+RUN rm -rf /opt/codesonar-6.1p0/third-party/python/inst/lib/python3.9/test
-RUN rm -rf /usr/lib/python3.6/site-packages/urllib3
+RUN rm -rf /opt/codesonar-6.1p0/third-party/python/instmt/lib/python3.9/test
+RUN rm /opt/codesonar-6.1p0/third-party/python/inst/lib/python3.9/site-packages/slapdtest/certs/client.key
+RUN rm /opt/codesonar-6.1p0/third-party/python/inst/lib/python3.9/site-packages/slapdtest/certs/server.key
+RUN rm /opt/codesonar-6.1p0/third-party/python/instmt/lib/python3.9/site-packages/slapdtest/certs/client.key
+RUN rm /opt/codesonar-6.1p0/third-party/python/instmt/lib/python3.9/site-packages/slapdtest/certs/server.key
 RUN mkdir /home/codesonar/hub \
@@ -70,11 +74,7 @@ HEALTHCHECK --interval=30s --timeout=30s --start-period=180s --retries=3 CMD /op
 RUN rm /opt/codesonar/UNACCEPTED_LICENSE.txt
 RUN touch /opt/codesonar/TELEMETRY_DISABLED
-# CCE-82155-3
-RUN echo "auth             required        pam_wheel.so use_uid" >> /etc/pam.d/su
-RUN echo "CtrlAltDelBurstAction=none" >> /etc/systemd/system.conf
-#RUN fips-mode-setup --enable
-#RUN update-crypto-policies --set FIPS:OSPP
 USER codesonar

--- a/README.md
+++ b/README.md
-## CodeSonar 5.4p0
+## CodeSonar 6.1p0
 This is a default image that provides the CodeSonar Hub service. Data volumes can 
 be mounted such that data persists. A license from GrammaTech is required to be
@@ -21,11 +21,6 @@ Suggested use is to run the container using:
 This will put all data in the hub volume and route localhost:8080 to the hub and 
 connect the container to network net such that scanners can connect to it.
-The hub will have default password for the `Administrator account` set to 
-`HubSecretPasswd` at creation-time, which can be changed by 
-`--build-arg HUB_DEFAULT_PWD=YourOwnSecretPWD` during the container build step.
-Please change the default password after initial hub creation. This is also the
-time to install the run-time license.
 ## Shutdown
 Recommended to shutdown the container through

--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,13 +8,13 @@ name: "grammatech/codesonar/codesonar-hub"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dso.mil
 tags:
- "1.0.0"
+- "6.1.0"
 - "latest"
 # Build args passed to Dockerfile ARGs
 args:
  BASE_IMAGE: "redhat/ubi/ubi8"
-  BASE_TAG: "8.3"
+  BASE_TAG: "8.4"
 # Docker image labels
 labels:
@@ -23,18 +23,18 @@ labels:
  org.opencontainers.image.licenses: "GrammaTech Commercial License"
  org.opencontainers.image.url: "http://support.grammatech.com/"
  org.opencontainers.image.vendor: "GrammaTech"
-  org.opencontainers.image.version: "5.4"
+  org.opencontainers.image.version: "6.1"
  mil.dso.ironbank.image.keywords: "GrammaTech, CodeSonar, SAST, CI/CD"
  mil.dso.ironbank.image.type: "commercial"
  mil.dso.ironbank.product.name: "CodeSonar"
 # List of resources to make available to the offline build context
 resources:
-  - url: "https://download.grammatech.com/diracc2011/codesonar-5.4/codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz"
+  - url: "https://download.grammatech.com/diracc2011/codesonar-6.1/codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz"
-    filename: "codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
+    filename: "codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
    validation:
      type: "sha256" # supported: sha256, sha512
-      value: "1d0d47a2a5cde4e88d04397bcdb107188b6e999b3a2ccde5b4dddb05677b83be" # must be lowercase
+      value: "c6fe558a91b460a7ed3377a23bf98ce12f2c1c72b1519835859ceefbb295ffc8" # must be lowercase
    auth:
      type: basic
      id: grammatech