From 8f36953dbc74853eee767a7d4801ba1c44bb66c5 Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Tue, 6 Apr 2021 17:01:51 +0000
Subject: [PATCH 01/14] Download details for CodeSonar 6.0

---
 hardening_manifest.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index e20d1af..ab6dd3a 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,7 +8,7 @@ name: "grammatech/codesonar/codesonar-hub"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dso.mil
 tags:
-- "1.0.0"
+- "6.0.0"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
@@ -23,18 +23,18 @@ labels:
   org.opencontainers.image.licenses: "GrammaTech Commercial License"
   org.opencontainers.image.url: "http://support.grammatech.com/"
   org.opencontainers.image.vendor: "GrammaTech"
-  org.opencontainers.image.version: "5.4"
+  org.opencontainers.image.version: "6.0"
   mil.dso.ironbank.image.keywords: "GrammaTech, CodeSonar, SAST, CI/CD"
   mil.dso.ironbank.image.type: "commercial"
   mil.dso.ironbank.product.name: "CodeSonar"
 
 # List of resources to make available to the offline build context
 resources:
-  - url: "https://download.grammatech.com/diracc2011/codesonar-5.4/codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz"
-    filename: "codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
+  - url: "https://download.grammatech.com/diracc2011/codesonar-6.0/codesonar-6.0p0.20210331-x86_64-pc-linux.tar.gz"
+    filename: "codesonar-6.0p0.20210331-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
     validation:
       type: "sha256" # supported: sha256, sha512
-      value: "1d0d47a2a5cde4e88d04397bcdb107188b6e999b3a2ccde5b4dddb05677b83be" # must be lowercase
+      value: "a14d6dc7352ba5c161b68b0bfc69b7c1cfa80e3fe7a49d7b83248fd463dbc5cb" # must be lowercase
     auth:
       type: basic
       id: grammatech
-- 
GitLab


From a29c6cc9dd25cec492aeebb3e81aeb7d1f233092 Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Tue, 6 Apr 2021 17:03:01 +0000
Subject: [PATCH 02/14] Update Dockerfile

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index bf33b23..37b6198 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,11 +22,11 @@ RUN yum -y update \
 RUN rm -rf /usr/libexec/sudo/sesh 
 
 
-ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz
+ARG CODESONAR_PACKAGE=codesonar-6.0p0.20210331-x86_64-pc-linux.tar.gz
 COPY ["${CODESONAR_PACKAGE}", "/opt"]
 RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt
 RUN rm -rf /opt/${CODESONAR_PACKAGE}
-RUN ln -s /opt/codesonar-5.4p0 /opt/codesonar
+RUN ln -s /opt/codesonar-6.0p0 /opt/codesonar
 RUN useradd -ms /bin/bash codesonar
 
 # remove some packages that are not needed
-- 
GitLab


From 326c11dbbee47c72bbacc999f9baf5e487c27b16 Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Wed, 7 Apr 2021 14:55:24 +0000
Subject: [PATCH 03/14] Update Dockerfile

---
 Dockerfile | 29 +++--------------------------
 1 file changed, 3 insertions(+), 26 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 37b6198..0e58976 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,32 +23,13 @@ RUN rm -rf /usr/libexec/sudo/sesh
 
 
 ARG CODESONAR_PACKAGE=codesonar-6.0p0.20210331-x86_64-pc-linux.tar.gz
+ARG CODESONAR_HOME=/opt/codesonar-6.0p0
 COPY ["${CODESONAR_PACKAGE}", "/opt"]
 RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt
 RUN rm -rf /opt/${CODESONAR_PACKAGE}
-RUN ln -s /opt/codesonar-6.0p0 /opt/codesonar
+RUN ln -s ${CODESONAR_HOME} /opt/codesonar
 RUN useradd -ms /bin/bash codesonar
 
-# remove some packages that are not needed
-RUN rm -rf /opt/codesonar-5.4p0/third-party/julia-sarif
-RUN rm -rf /opt/codesonar-5.4p0/third-party/julia-tools
-
-RUN rm -rf /opt/codesonar-5.4p0/third-party/pmd
-RUN rm -rf /opt/codesonar-5.4p0/third-party/pmd-5.0.4
-
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-8.3
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-8.4
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.0
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.1
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.2
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.3
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.6
-
-RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/test/*pem /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/test/*pem
-
-
-RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/urllib3* /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/urllib3*
-RUN rm -rf /usr/lib/python3.6/site-packages/urllib3
 
 
 RUN mkdir /home/codesonar/hub \
@@ -70,11 +51,7 @@ HEALTHCHECK --interval=30s --timeout=30s --start-period=180s --retries=3 CMD /op
 RUN rm /opt/codesonar/UNACCEPTED_LICENSE.txt
 RUN touch /opt/codesonar/TELEMETRY_DISABLED
 
-# CCE-82155-3
-RUN echo "auth             required        pam_wheel.so use_uid" >> /etc/pam.d/su
-RUN echo "CtrlAltDelBurstAction=none" >> /etc/systemd/system.conf
-#RUN fips-mode-setup --enable
-#RUN update-crypto-policies --set FIPS:OSPP
+
 
 
 USER codesonar
-- 
GitLab


From fc6507d96c5058418e98534c5fc986d9d7ca8e8f Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Tue, 13 Jul 2021 18:37:42 +0000
Subject: [PATCH 04/14] Alpha of CodeSonar 6.1

---
 hardening_manifest.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index ab6dd3a..0afe609 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,7 +8,7 @@ name: "grammatech/codesonar/codesonar-hub"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dso.mil
 tags:
-- "6.0.0"
+- "6.1.0"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
@@ -23,15 +23,15 @@ labels:
   org.opencontainers.image.licenses: "GrammaTech Commercial License"
   org.opencontainers.image.url: "http://support.grammatech.com/"
   org.opencontainers.image.vendor: "GrammaTech"
-  org.opencontainers.image.version: "6.0"
+  org.opencontainers.image.version: "6.1"
   mil.dso.ironbank.image.keywords: "GrammaTech, CodeSonar, SAST, CI/CD"
   mil.dso.ironbank.image.type: "commercial"
   mil.dso.ironbank.product.name: "CodeSonar"
 
 # List of resources to make available to the offline build context
 resources:
-  - url: "https://download.grammatech.com/diracc2011/codesonar-6.0/codesonar-6.0p0.20210331-x86_64-pc-linux.tar.gz"
-    filename: "codesonar-6.0p0.20210331-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
+  - url: "https://download.grammatech.com/diracc2011/codesonar-6.0/codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz"
+    filename: "codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
     validation:
       type: "sha256" # supported: sha256, sha512
       value: "a14d6dc7352ba5c161b68b0bfc69b7c1cfa80e3fe7a49d7b83248fd463dbc5cb" # must be lowercase
-- 
GitLab


From fa79f4292e6037fc78528fcab0d9ca7a3760ffd9 Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Tue, 13 Jul 2021 18:39:05 +0000
Subject: [PATCH 05/14] Upversion to CodeSonar 6.1

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0e58976..d3f9a2c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,8 +22,8 @@ RUN yum -y update \
 RUN rm -rf /usr/libexec/sudo/sesh 
 
 
-ARG CODESONAR_PACKAGE=codesonar-6.0p0.20210331-x86_64-pc-linux.tar.gz
-ARG CODESONAR_HOME=/opt/codesonar-6.0p0
+ARG CODESONAR_PACKAGE=codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz
+ARG CODESONAR_HOME=/opt/codesonar-6.1p0
 COPY ["${CODESONAR_PACKAGE}", "/opt"]
 RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt
 RUN rm -rf /opt/${CODESONAR_PACKAGE}
-- 
GitLab


From 3471df2e57e38bb6fe63fc3526e5b4283cd94186 Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Tue, 13 Jul 2021 18:42:17 +0000
Subject: [PATCH 06/14] Update hardening_manifest.yaml

---
 hardening_manifest.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 0afe609..0390773 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -30,7 +30,7 @@ labels:
 
 # List of resources to make available to the offline build context
 resources:
-  - url: "https://download.grammatech.com/diracc2011/codesonar-6.0/codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz"
+  - url: "https://download.grammatech.com/diracc2011/codesonar-6.1/codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz"
     filename: "codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
     validation:
       type: "sha256" # supported: sha256, sha512
-- 
GitLab


From 55cc1be5e56cf3fb5c868d191b6ce62b43b492a6 Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Tue, 13 Jul 2021 22:04:15 +0000
Subject: [PATCH 07/14] Update hardening_manifest.yaml

---
 hardening_manifest.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 0390773..b49cd45 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -30,7 +30,7 @@ labels:
 
 # List of resources to make available to the offline build context
 resources:
-  - url: "https://download.grammatech.com/diracc2011/codesonar-6.1/codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz"
+  - url: "https://download.grammatech.com/diracc2011/codesonar-early-6.1/codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz"
     filename: "codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
     validation:
       type: "sha256" # supported: sha256, sha512
-- 
GitLab


From da06456abd3b8f22600f04c5085ec0fffaadd077 Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Wed, 14 Jul 2021 14:02:28 +0000
Subject: [PATCH 08/14] Update hardening_manifest.yaml

---
 hardening_manifest.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index b49cd45..33b73f9 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -34,7 +34,7 @@ resources:
     filename: "codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
     validation:
       type: "sha256" # supported: sha256, sha512
-      value: "a14d6dc7352ba5c161b68b0bfc69b7c1cfa80e3fe7a49d7b83248fd463dbc5cb" # must be lowercase
+      value: "b1cfda925db20e2a9eaa75633886e934ed42e37674a7080fa9a898f242053ec3" # must be lowercase
     auth:
       type: basic
       id: grammatech
-- 
GitLab


From 02c3a315389c16ea3891b1df652950cccca151ff Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Wed, 14 Jul 2021 16:46:45 +0000
Subject: [PATCH 09/14] Update Dockerfile

---
 Dockerfile | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index d3f9a2c..cfeea72 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -30,6 +30,18 @@ RUN rm -rf /opt/${CODESONAR_PACKAGE}
 RUN ln -s ${CODESONAR_HOME} /opt/codesonar
 RUN useradd -ms /bin/bash codesonar
 
+# Remove older software versions no longer needed
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-8.3
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-8.4
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.0
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.1
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.2
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.3
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.6
+
+RUN rm -rf ${CODESONAR_HOME}/csonar-eclipse/com.grammatech.codesonar.jar
+RUN rm -rf ${CODESONAR_HOME}/csonar-eclipse/eclipse_tests/CodeSonarTest_1.0.0.jar
+RUN rm -rf ${CODESONAR_HOME}/csurf/lib/codesonarj-runtimes/androidAPI23/android-6.0.1_r1.jar
 
 
 RUN mkdir /home/codesonar/hub \
-- 
GitLab


From 3d9a83adcd02ce3b1f09247440bec248d6cf8b41 Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Wed, 4 Aug 2021 16:11:07 +0000
Subject: [PATCH 10/14] Updated for CodeSonar 6.1

---
 hardening_manifest.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 33b73f9..cb9900f 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -30,11 +30,11 @@ labels:
 
 # List of resources to make available to the offline build context
 resources:
-  - url: "https://download.grammatech.com/diracc2011/codesonar-early-6.1/codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz"
-    filename: "codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
+  - url: "https://download.grammatech.com/diracc2011/codesonar-6.1/codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz"
+    filename: "codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
     validation:
       type: "sha256" # supported: sha256, sha512
-      value: "b1cfda925db20e2a9eaa75633886e934ed42e37674a7080fa9a898f242053ec3" # must be lowercase
+      value: "c6fe558a91b460a7ed3377a23bf98ce12f2c1c72b1519835859ceefbb295ffc8" # must be lowercase
     auth:
       type: basic
       id: grammatech
-- 
GitLab


From 34b4a5f35e50a549f4156d10818f2d7b71d32e16 Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Wed, 4 Aug 2021 16:12:00 +0000
Subject: [PATCH 11/14] Updated for CodeSonar 6.1

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index cfeea72..f7abc90 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,7 +22,7 @@ RUN yum -y update \
 RUN rm -rf /usr/libexec/sudo/sesh 
 
 
-ARG CODESONAR_PACKAGE=codesonar-6.1p0.20210713-x86_64-pc-linux.tar.gz
+ARG CODESONAR_PACKAGE=codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz  
 ARG CODESONAR_HOME=/opt/codesonar-6.1p0
 COPY ["${CODESONAR_PACKAGE}", "/opt"]
 RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt
-- 
GitLab


From 84e9be97c13746e46d64ed80acfb7c49de385047 Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Wed, 4 Aug 2021 16:12:52 +0000
Subject: [PATCH 12/14] Updated for CodeSonar 6.1p0

---
 README.md | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 2fbe557..6f22199 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-## CodeSonar 5.4p0
+## CodeSonar 6.1p0
 
 This is a default image that provides the CodeSonar Hub service. Data volumes can 
 be mounted such that data persists. A license from GrammaTech is required to be
@@ -21,11 +21,6 @@ Suggested use is to run the container using:
 This will put all data in the hub volume and route localhost:8080 to the hub and 
 connect the container to network net such that scanners can connect to it.
 
-The hub will have default password for the `Administrator account` set to 
-`HubSecretPasswd` at creation-time, which can be changed by 
-`--build-arg HUB_DEFAULT_PWD=YourOwnSecretPWD` during the container build step.
-Please change the default password after initial hub creation. This is also the
-time to install the run-time license.
 
 ## Shutdown
 Recommended to shutdown the container through
-- 
GitLab


From 4f0cfe25f6586c64c52425e0288d6577aaf972ad Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Wed, 4 Aug 2021 17:28:41 +0000
Subject: [PATCH 13/14] Remove urllib3

---
 Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index f7abc90..9fd5542 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -43,6 +43,10 @@ RUN rm -rf ${CODESONAR_HOME}/csonar-eclipse/com.grammatech.codesonar.jar
 RUN rm -rf ${CODESONAR_HOME}/csonar-eclipse/eclipse_tests/CodeSonarTest_1.0.0.jar
 RUN rm -rf ${CODESONAR_HOME}/csurf/lib/codesonarj-runtimes/androidAPI23/android-6.0.1_r1.jar
 
+RUN rm -rf ${CODESONAR_HOME}/third-party/python/inst/lib/python2.7/site-packages/urllib3* ${CODESONAR_HOME}/third-party/python/instmt/lib/python2.7/site-packages/urllib3*
+RUN rm -rf /usr/lib/python3.6/site-packages/urllib3
+
+
 
 RUN mkdir /home/codesonar/hub \
     && chown codesonar.codesonar /home/codesonar/hub
-- 
GitLab


From 96d31f88028794ed67955e9432e4d23f58f4a6c2 Mon Sep 17 00:00:00 2001
From: Mark Hermeling <mhermeling@grammatech.com>
Date: Wed, 4 Aug 2021 17:58:38 +0000
Subject: [PATCH 14/14] Update Dockerfile

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9fd5542..a5d249f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -43,8 +43,8 @@ RUN rm -rf ${CODESONAR_HOME}/csonar-eclipse/com.grammatech.codesonar.jar
 RUN rm -rf ${CODESONAR_HOME}/csonar-eclipse/eclipse_tests/CodeSonarTest_1.0.0.jar
 RUN rm -rf ${CODESONAR_HOME}/csurf/lib/codesonarj-runtimes/androidAPI23/android-6.0.1_r1.jar
 
-RUN rm -rf ${CODESONAR_HOME}/third-party/python/inst/lib/python2.7/site-packages/urllib3* ${CODESONAR_HOME}/third-party/python/instmt/lib/python2.7/site-packages/urllib3*
-RUN rm -rf /usr/lib/python3.6/site-packages/urllib3
+RUN rm -rf ${CODESONAR_HOME}/third-party/python/inst/lib/python3.9/site-packages/urllib3* ${CODESONAR_HOME}/third-party/python/instmt/lib/python3.9/site-packages/urllib3*
+#RUN rm -rf /usr/lib/python3.6/site-packages/urllib3
 
 
 
-- 
GitLab