From 16962d20b5dbae5a4fca9e13bf54965a995d346c Mon Sep 17 00:00:00 2001 From: ironbank-bot Date: Thu, 10 Dec 2020 01:21:17 +0000 Subject: [PATCH 1/2] Migrate to hardening_manifest.yaml --- Dockerfile | 7 ----- Jenkinsfile | 2 -- download.yaml | 7 ----- hardening_manifest.yaml | 58 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 58 insertions(+), 16 deletions(-) delete mode 100644 Jenkinsfile delete mode 100644 download.yaml create mode 100644 hardening_manifest.yaml diff --git a/Dockerfile b/Dockerfile index bc9aecf..ad9c65c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,13 +4,6 @@ ARG BASE_TAG=1.8.0 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -LABEL name="Apache ActiveMQ Artemis" \ - maintainer="bhearn@anchore.com" \ - vendor="Opensource" \ - version="2.16.0" \ - release="1" \ - summary="Image of Apache ActiveMQ Artemis" \ - description="Apache ActiveMQ is an open source, multi-protocol, Java-based messaging server." COPY apache-activemq-artemis.tar.gz /scripts/docker-run.sh opt/ diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 2c5de0a..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,2 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: "2.16.0") \ No newline at end of file diff --git a/download.yaml b/download.yaml deleted file mode 100644 index 952269c..0000000 --- a/download.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -resources: - - url: "https://downloads.apache.org/activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz" - filename: "apache-activemq-artemis.tar.gz" - validation: - type: "sha512" - value: "4990a6b742b08bff6a4c7b310d2610565b08a2a02e1a7aec065460d16f8a6fe3d4fe91a8040839f93d7c2eab09fd6a79848fb130f9820559ee3e81dcf8d51ead" \ No newline at end of file diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..d629382 --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "opensource/apache/active-mq-artemis" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "2.16.0" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/openjdk/openjdk8" + BASE_TAG: "1.8.0" + +# Docker image labels +labels: + org.opencontainers.image.title: "active-mq-artemis" + ## Human-readable description of the software packaged in the image + # org.opencontainers.image.description: "FIXME" + ## License(s) under which contained software is distributed + # org.opencontainers.image.licenses: "FIXME" + ## URL to find more information on the image + # org.opencontainers.image.url: "FIXME" + ## Name of the distributing entity, organization or individual + # org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.version: "2.16.0" + ## Keywords to help with search (ex. "cicd,gitops,golang") + # mil.dso.ironbank.image.keywords: "FIXME" + ## This value can be "opensource" or "commercial" + # mil.dso.ironbank.image.type: "FIXME" + ## Product the image belongs to for grouping multiple images + # mil.dso.ironbank.product.name: "FIXME" + +# List of resources to make available to the offline build context +resources: +- filename: apache-activemq-artemis.tar.gz + url: https://downloads.apache.org/activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz + validation: + type: sha512 + value: 4990a6b742b08bff6a4c7b310d2610565b08a2a02e1a7aec065460d16f8a6fe3d4fe91a8040839f93d7c2eab09fd6a79848fb130f9820559ee3e81dcf8d51ead + +# List of project maintainers +# FIXME: Fill in the following details for the current container owner in the whitelist +# FIXME: Include any other vendor information if applicable +maintainers: +- email: "bhearn@anchore.com" +# # The name of the current container owner +# name: "FIXME" +# # The gitlab username of the current container owner +# username: "FIXME" +# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT +# - name: "FIXME" +# username: "FIXME" +# email: "FIXME" -- GitLab From ca76f8c8a2ddbf5e2ab2a9ab0c71a8723f0670d6 Mon Sep 17 00:00:00 2001 From: bhearn Date: Mon, 14 Dec 2020 14:01:31 -0700 Subject: [PATCH 2/2] update hardening manifest --- Dockerfile | 1 - README.md | 2 +- hardening_manifest.yaml | 22 +++++++++++----------- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index ad9c65c..0b50fc1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,6 @@ ARG BASE_TAG=1.8.0 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} - COPY apache-activemq-artemis.tar.gz /scripts/docker-run.sh opt/ # Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006 diff --git a/README.md b/README.md index 7df9540..de8a358 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Apache ActiveMQ is an open source, multi-protocol, Java-based messaging server. ## Download -1. Go to the [Apache webpage](https://ironbank.dsop.io/ironbank/repomap/opensource/apache) in Iron Bank and download the latest ActiveMQ Artemis tarball. +1. Go to the [Apache webpage](https://ironbank.dso.mil/ironbank/repomap/opensource/apache) in Iron Bank and download the latest ActiveMQ Artemis tarball. 2. Navigate to the location of the download and run: ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index d629382..45076ce 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -20,20 +20,20 @@ args: labels: org.opencontainers.image.title: "active-mq-artemis" ## Human-readable description of the software packaged in the image - # org.opencontainers.image.description: "FIXME" + org.opencontainers.image.description: "Apache ActiveMQ is an open source, multi-protocol, Java-based messaging server." ## License(s) under which contained software is distributed - # org.opencontainers.image.licenses: "FIXME" + org.opencontainers.image.licenses: "Apache-2.0" ## URL to find more information on the image - # org.opencontainers.image.url: "FIXME" + org.opencontainers.image.url: "http://activemq.apache.org/components/artemis/" ## Name of the distributing entity, organization or individual - # org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.vendor: "Apache" org.opencontainers.image.version: "2.16.0" ## Keywords to help with search (ex. "cicd,gitops,golang") # mil.dso.ironbank.image.keywords: "FIXME" ## This value can be "opensource" or "commercial" - # mil.dso.ironbank.image.type: "FIXME" + mil.dso.ironbank.image.type: "opensource" ## Product the image belongs to for grouping multiple images - # mil.dso.ironbank.product.name: "FIXME" + mil.dso.ironbank.product.name: "opensource/apache" # List of resources to make available to the offline build context resources: @@ -48,11 +48,11 @@ resources: # FIXME: Include any other vendor information if applicable maintainers: - email: "bhearn@anchore.com" -# # The name of the current container owner -# name: "FIXME" -# # The gitlab username of the current container owner -# username: "FIXME" -# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT + # The name of the current container owner + name: "Blake Hearn" + # The gitlab username of the current container owner + username: "bhearn" + cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT # - name: "FIXME" # username: "FIXME" # email: "FIXME" -- GitLab