Merge branch 'codesonar61' into 'development'

Codesonar61 Fixes

See merge request !26

Dockerfile

@@ -22,35 +22,30 @@ RUN yum -y update \
 RUN rm -rf /usr/libexec/sudo/sesh 
 
 
-ARG CODESONAR_PACKAGE=codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz
+ARG CODESONAR_PACKAGE=codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz  
+ARG CODESONAR_HOME=/opt/codesonar-6.1p0
 COPY ["${CODESONAR_PACKAGE}", "/opt"]
 RUN tar -zxvf /opt/${CODESONAR_PACKAGE} -C /opt
 RUN rm -rf /opt/${CODESONAR_PACKAGE}
-RUN ln -s /opt/codesonar-5.4p0 /opt/codesonar
+RUN ln -s ${CODESONAR_HOME} /opt/codesonar
 RUN useradd -ms /bin/bash codesonar
 
-# remove some packages that are not needed
-RUN rm -rf /opt/codesonar-5.4p0/third-party/julia-sarif
-RUN rm -rf /opt/codesonar-5.4p0/third-party/julia-tools
+# Remove older software versions no longer needed
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-8.3
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-8.4
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.0
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.1
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.2
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.3
+RUN rm -rf ${CODESONAR_HOME}/third-party/postgresql-9.6
 
-RUN rm -rf /opt/codesonar-5.4p0/third-party/pmd
-RUN rm -rf /opt/codesonar-5.4p0/third-party/pmd-5.0.4
+RUN rm -rf ${CODESONAR_HOME}/csonar-eclipse/com.grammatech.codesonar.jar
+RUN rm -rf ${CODESONAR_HOME}/csonar-eclipse/eclipse_tests/CodeSonarTest_1.0.0.jar
+RUN rm -rf ${CODESONAR_HOME}/csurf/lib/codesonarj-runtimes/androidAPI23/android-6.0.1_r1.jar
 
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-8.3
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-8.4
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.0
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.1
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.2
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.3
-RUN rm -rf /opt/codesonar-5.4p0/third-party/postgresql-9.6
-RUN rm -rf /opt/codesonar-5.4p0/csonar-eclipse/com.grammatech.codesonar.jar
-RUN rm -rf /opt/codesonar-5.4p0/csonar-eclipse/eclipse_tests/CodeSonarTest_1.0.0.jar
+RUN rm -rf ${CODESONAR_HOME}/third-party/python/inst/lib/python3.9/site-packages/urllib3* ${CODESONAR_HOME}/third-party/python/instmt/lib/python3.9/site-packages/urllib3*
+#RUN rm -rf /usr/lib/python3.6/site-packages/urllib3
 
-RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/test/*pem /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/test/*pem
-
-
-RUN rm -rf /opt/codesonar-5.4p0/third-party/python/inst/lib/python2.7/site-packages/urllib3* /opt/codesonar-5.4p0/third-party/python/instmt/lib/python2.7/site-packages/urllib3*
-RUN rm -rf /usr/lib/python3.6/site-packages/urllib3
 
 
 RUN mkdir /home/codesonar/hub \
@@ -72,11 +67,7 @@ HEALTHCHECK --interval=30s --timeout=30s --start-period=180s --retries=3 CMD /op
 RUN rm /opt/codesonar/UNACCEPTED_LICENSE.txt
 RUN touch /opt/codesonar/TELEMETRY_DISABLED
 
-# CCE-82155-3
-RUN echo "auth             required        pam_wheel.so use_uid" >> /etc/pam.d/su
-RUN echo "CtrlAltDelBurstAction=none" >> /etc/systemd/system.conf
-#RUN fips-mode-setup --enable
-#RUN update-crypto-policies --set FIPS:OSPP
+
 
 
 USER codesonar

README.md

-## CodeSonar 5.4p0
+## CodeSonar 6.1p0
 
 This is a default image that provides the CodeSonar Hub service. Data volumes can 
 be mounted such that data persists. A license from GrammaTech is required to be
@@ -21,11 +21,6 @@ Suggested use is to run the container using:
 This will put all data in the hub volume and route localhost:8080 to the hub and 
 connect the container to network net such that scanners can connect to it.
 
-The hub will have default password for the `Administrator account` set to 
-`HubSecretPasswd` at creation-time, which can be changed by 
-`--build-arg HUB_DEFAULT_PWD=YourOwnSecretPWD` during the container build step.
-Please change the default password after initial hub creation. This is also the
-time to install the run-time license.
 
 ## Shutdown
 Recommended to shutdown the container through

hardening_manifest.yaml

@@ -8,7 +8,7 @@ name: "grammatech/codesonar/codesonar-hub"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dso.mil
 tags:
-- "1.0.1"
+- "6.1.0"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
@@ -23,18 +23,18 @@ labels:
   org.opencontainers.image.licenses: "GrammaTech Commercial License"
   org.opencontainers.image.url: "http://support.grammatech.com/"
   org.opencontainers.image.vendor: "GrammaTech"
-  org.opencontainers.image.version: "5.4"
+  org.opencontainers.image.version: "6.1"
   mil.dso.ironbank.image.keywords: "GrammaTech, CodeSonar, SAST, CI/CD"
   mil.dso.ironbank.image.type: "commercial"
   mil.dso.ironbank.product.name: "CodeSonar"
 
 # List of resources to make available to the offline build context
 resources:
-  - url: "https://download.grammatech.com/diracc2011/codesonar-5.4/codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz"
-    filename: "codesonar-5.4p0.20200911-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
+  - url: "https://download.grammatech.com/diracc2011/codesonar-6.1/codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz"
+    filename: "codesonar-6.1p0.20210802-x86_64-pc-linux.tar.gz" # [required field] desired staging name for the build context
     validation:
       type: "sha256" # supported: sha256, sha512
-      value: "1d0d47a2a5cde4e88d04397bcdb107188b6e999b3a2ccde5b4dddb05677b83be" # must be lowercase
+      value: "c6fe558a91b460a7ed3377a23bf98ce12f2c1c72b1519835859ceefbb295ffc8" # must be lowercase
     auth:
       type: basic
       id: grammatech