From 6ef3d9986368c45b6ee0ed57d128c0780ecc19a4 Mon Sep 17 00:00:00 2001 From: Matthew Chum Date: Mon, 15 Mar 2021 18:01:21 -0400 Subject: [PATCH 01/17] initial ingest of reporting --- .gitignore | 1 + Dockerfile | 38 +++++++++ LICENSE | 177 ++++++++++++++++++++++++++++++++++++++++ README.md | 24 +++++- hardening_manifest.yaml | 58 +++++++++++++ scripts/run_cube.sh | 38 +++++++++ 6 files changed, 334 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 hardening_manifest.yaml create mode 100755 scripts/run_cube.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..58a28d6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +**/*.gz diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9e38a1d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,38 @@ +ARG BASE_REGISTRY=registry1.dso.mil +ARG BASE_IMAGE=ironbank/opensource/nodejs/nodejs14 +ARG BASE_TAG=14.16.0 + +# Friends don't let friends bloat containers +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor + +ARG sde_version=5.13.x +COPY /"sde-${sde_version}-full.tgz" / + +USER root +RUN set -x \ + && mkdir --parents /sde/${sde_version}/wheelhouse \ + && tar --extract --gzip --file=/sde-${sde_version}-full.tgz --directory=/sde \ + && tar --extract --file=/sde/${sde_version}/bundle.tar --directory=/sde/${sde_version} + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +LABEL type="ironbank" + +USER root + +COPY --from=extractor /sde/${sde_version}/code/cube/schema /reporting/schema +COPY --from=extractor /sde/${sde_version}/code/cube/package.json /reporting/package.json +COPY --from=extractor /sde/${sde_version}/code/cube/yarn.lock /reporting/yarn.lock +COPY --from=extractor /sde/${sde_version}/code/cube/index.js /reporting/index.js + +WORKDIR /reporting + +RUN set -x \ + && echo "sde_${sde_version}" >> /.IMAGE_TAG \ + && yarn \ + && yarn cache clean + +COPY /scripts/run_cube.sh /bin/run_cube.sh + +USER node +HEALTHCHECK --interval=15s --timeout=10s --retries=3 CMD which mod_wsgi-express diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..b728b68 --- /dev/null +++ b/LICENSE @@ -0,0 +1,177 @@ +SD ELEMENTS END USER LICENSE AGREEMENT + +This End User License Agreement (this “Agreement”) is a legal contract between you, as either an +individual, Entity or Government Agency (as per the Order), and Infotek Solutions Inc. dba Security +Compass, or its affiliates (collectively “Security Compass”). + +THIS SOFTWARE IS COPYRIGHTED AND IT IS LICENSED TO YOU UNDER THIS AGREEMENT, NOT +SOLD TO YOU. BY DOWNLOADING, INSTALLING, OBTAINING A LICENSE KEY, OR OTHERWISE +ACCESSING OR USING THIS SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS +AGREEMENT, YOU UNDERSTAND IT, AND THAT YOU ACCEPT AND AGREE TO BE BOUND BY ITS +TERMS. + +IF YOU ARE ACCEPTING THIS AGREEMENT ON BEHALF OF A COMPANY, ORGANIZATION, OR +OTHER LEGAL ENTITY (AN “ENTITY”), YOU REPRESENT AND WARRANT THAT YOU HAVE FULL +POWER AND AUTHORITY TO BIND SUCH ENTITY TO THESE TERMS, AND REFERENCES TO “YOU” +OR “YOUR” HEREIN REFER TO BOTH YOU, THE INDIVIDUAL END USER, AND THE ENTITY ON +WHOSE BEHALF YOU ARE ACCEPTING THIS AGREEMENT. + +1. Intellectual Property Rights. Security Compass or its licensors retain ownership of all intellectual +property rights in and to the Software, including any modifications, translations, or derivatives thereof, +even if unauthorized, and all applicable rights in patents, copyrights, trade secrets, and trademarks. +The Software is valuable, proprietary, and unique, and you agree to be bound by and observe the +proprietary nature thereof. The Software contains material that is protected by patent, copyright, and +trade secret laws. Your rights to use the Software are limited to those expressly granted by this +Agreement. All rights not granted to you in this Agreement are reserved to Security Compass. No +ownership of the Software passes to you. Security Compass may make changes to the Software at any +time without notice. You may not remove any proprietary notice of Security Compass or any third party +from the Software. + + +2. Protection and Restrictions. + +2.1. You agree to take all reasonable steps to safeguard access to the Software to ensure that no +unauthorized person has access thereto and that no unauthorized copy, publication, disclosure, +or distribution, in whole or in part, in any form is made. + +2.2. You acknowledge that the Software contains valuable, confidential information and trade secrets +and that unauthorized use and/or copying is harmful to Security Compass. You also understand +and agree that the copying or modifying of the Documentation provided with or as part of the +Software is strictly prohibited. Any third-party software included in the Software may not be used +independently from the Software. + +2.3. You will not, and will not allow a third party to, directly or indirectly: sell, sublicense, transfer, assign, +publish, display, disclose, rent, lease, timeshare, modify, loan, distribute, market, commercialize, +or create derivative works based on the Software or any part thereof, incorporate the Software into +or with other products, or use the Software for timesharing or service bureau purposes. + +2.4. You will not reverse engineer, decompile, translate, adapt, or disassemble the Software, nor will +you attempt to reconstruct or discover any source code, underlying ideas, algorithms, file formats +or programming interfaces of the Software by any means whatsoever (except and only to the +extent that applicable law prohibits or restricts reverse engineering restrictions, and then only with +prior written notice to Security Compass). + + +3. Limitation of Liability. TO THE FULLEST EXTENT PERMITTED BY LAW, UNDER NO +CIRCUMSTANCES WILL SECURITY COMPASS, ITS AFFILIATES, ITS LICENSORS OR +RESELLERS BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL, PUNITIVE OR + +SD Elements Corporate End User License Agreement (July 2017) +INCIDENTAL DAMAGES, WHETHER FORESEEABLE OR UNFORESEEABLE, ARISING OUT OF +OR RELATED TO THIS AGREEMENT INCLUDING, BUT NOT LIMITED TO CLAIMS FOR +INACCURACY, LOSS OF DATA, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES, GOODWILL, OPPORTUNITY, REVENUE, PROFITS, OR USE OF THE PRODUCTS, +INTERRUPTION IN USE OR AVAILABILITY OF DATA, STOPPAGE OF OTHER WORK OR +IMPAIRMENT OF OTHER ASSETS OR OTHER BUSINESS LOSS, PRIVACY, NEGLIGENCE, +BREACH OF CONTRACT, TORT OR OTHERWISE AND THIRD PARTY CLAIMS, EVEN IF +SECURITY COMPASS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO +EVENT WILL SECURITY COMPASS’ AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO +THIS AGREEMENT, BASED ON ANY LEGAL THEORY, INCLUDING BUT NOT LIMITED TO +CONTRACT, TORT, BREACH OF WARRANTY INFRINGEMENT OR OTHERWISE, EXCEED THE +TOTAL AMOUNT ACTUALLY PAID BY YOU TO SECURITY COMPASS FOR THE LICENSE. + + +4. Usage Review. Where you host the Software, Security Compass may at its option request from you a +record of your usage to review and ensure compliance with this Agreement. You agree to cooperate +with Security Compass’ audit and provide reasonable assistance and access to information. Any such +audit shall not unreasonably interfere with your normal business operations. If any audit reveals a +breach of this Agreement by you, you will reimburse any amount revealed to be due to Security +Compass as a result of such breach within thirty (30) days after receipt of an invoice. +5. SD Elements Specific Terms. Your use of SD Elements shall be subject to Licensor’s per-application usage +and pricing terms and conditions as set out in Schedule A to this Agreement. + + +SCHEDULE A + +PER-APPLICATION PRICING TERMS AND CONDITIONS + +Additional or alternate terms and conditions that apply to SD Elements are provided below and form part of the +Agreement. + + +1. Definitions + +1.1. “Active Application(s)” shall mean an Application being developed within the SD Elements Software, which +has not been archived, and for which at least one (1) Project has been created. + +1.2. “Application” shall have the meaning set out in Section 3.1 below. + +1.3. “Archived Application(s)” shall mean an Active Application which has been moved to an archive within the +Software, whereupon it shall cease to be an Active Application. + +1.4. “Licensee” shall mean the individual, entity or government agency entering into this Agreement + +1.5. “License Year” shall mean a license year within the License Term + +1.6. “Project” shall mean an instance, component or release of Licensee’s software code base(s) being +developed/managed within an Application + +1.7. All Capitalized terms not defined in this Schedule shall have the meanings assigned to such terms in the +Agreement + + +2. License Metric + +2.1. The License granted to the SD Elements Software shall entitle Licensee to utilize the Software in the +development of a maximum number of Applications stated in the Order Form (hereinafter the “License +Limit”). + +2.2. Active Applications shall apply towards the usage of the License Limit. Archiving an Active Application shall +not free up the license for the Archived Application in the current License Year. + +2.3. The License Limit utilization cycle shall be reset upon the expiry of a License Year. As of the first day of the +renewal License Year, only Active Applications shall apply towards the License Limit. + + +3. Application + +3.1. For the purpose of the Agreement, an “Application” is a set of software instructions (source code, bytecode), +which compile and/or execute in a single run time environment within the Software, subject to any exception +stated below: + +(a) Licensee may create an unlimited number of new releases as Projects within an Application. Such +new releases shall not count as additional usage against the License Limit + +(b) Where Licensee utilizes the Software in the development of a web application, the browser space +code and server side code may be considered different parts of the same Application where the +technical profile of each code base is intended to produce a single list of requirements within the SD +Elements Software. + +(c) Technologies that operate as independent Licensee Applications shall be considered separate +Applications. This includes but is not limited to Java applets and browser plugins. The development +of the same Application for different mobile operating systems shall be considered to be separate +Applications, whereby each such Application shall apply as usage against the License Limit. + +(d) Server side applications which include components that run in a different run time space may be +considered the same Application where (i) a similar technology stack is utilized; and (ii) a single list +of requirements is intended for all components. + +(e) Where the Software is used to develop micro services architecture, all services shall be considered +to be a single application for the purpose of licensing where (i) all services use a similar technology +stack; and (ii) a single list of requirements is intended for all services. + + +4. Usage reporting obligations and auditing + +4.1. Where Licensee hosts the SD Elements Software On-Site, Licensee shall be required to report the number +of Applications developed using the Software, once at the end of each quarter in each License Year. A quarter +shall be measured as each three (3) month period starting from the License Effective Date stated on the +Order Form. Licensor reserves the right to refuse access to Standard Technical Support and Software +Updates until Licensee usage data is provided to Licensor. Usage reports shall be sent to +usagereport@sdelements.com + + +5. Pricing + +5.1. Pricing for the SD Elements Software is stated in the Order Form. Prices represent the License Limit and +SD Elements Corporate End User License Agreement (July 2017) +type of license granted. All prices are in United States Dollars, and are based upon an annual subscription +with a minimum one (1) year License Term. + + +6. Over-Usage + +6.1. At any time during the License Term, where Licensee’s usage exceeds the License Limit, Licensee shall pay +Licensor over-usage fees for the number of Active Applications used in excess of the License Limit at the per +Application rate set forth in the Order. Over-usage fees shall be calculated and invoiced annually after each +License Year. diff --git a/README.md b/README.md index 5dc6fa6..d178b0b 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,23 @@ -# +# reporting -Project template for all Iron Bank container repositories. \ No newline at end of file +## Summary + +This container hosts the SDElements Reporting module using CubeJS to serve reporting analytics + +## Local build + +1. Download artifacts defined in `hardening_manifest.yaml`. The URLs below are used as examples. + + ```bash + # SDE + wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.13.x-full.tgz + ``` + +2. Use this command to build locally: + + ```bash + clear && \ + export sde_version='5.13.x' && \ + docker build . -t localhost/security-compass/sd-elements/reporting:"local" \ + --build-arg sde_version="${sde_version}" + ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..fb3e317 --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "security-compass/sd-elements/mod_wsgi" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "5.13.x" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "opensource/nodejs/nodejs14" + BASE_TAG: "14.16.0" + +# Docker image labels +labels: + # Name of the image + org.opencontainers.image.title: "reporting" + # Human-readable description of the software packaged in the image + org.opencontainers.image.description: "SD Elements automatically identifies and classifies risks and translates complex requirements into actionable tasks that are assigned to your personnel to improve your security posture. It automates Risk Assessments, Threat Modeling, Secure Development, and Regulatory Compliance - at scale." + # License(s) under which contained software is distributed + org.opencontainers.image.licenses: "Commercial" + # URL to find more information on the image + org.opencontainers.image.url: "https://docs.sdelements.com" + # Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "Security Compass Ltd." + # Authoritative version of the software + org.opencontainers.image.version: "5.13.x" + # Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "webserver,cubejs,nodejs,security,appsec,code,secure" + # This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + # Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "security-compass/sd-elements" + +# List of resources to make available to the offline build context +resources: + - url: "https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.13.x-full.tgz" + filename: "sde-5.13.x-full.tgz" + validation: + type: sha256 + value: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + auth: + type: "basic" + id: "scompass-credential" + +# List of project maintainers +maintainers: +- name: "Hrdayesh Patel" + username: "hpatel" + email: "hpatel@securitycompass.com" +- name: "Matthew Chum" + username: "mchum" + email: "mchum@securitycompass.com" diff --git a/scripts/run_cube.sh b/scripts/run_cube.sh new file mode 100755 index 0000000..d2823e2 --- /dev/null +++ b/scripts/run_cube.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# shellcheck disable=SC2034,SC2015,SC2119 +# +# Copyright (c) 2020 SD Elements Inc. +# +# All Rights Reserved. +# +# NOTICE: All information contained herein is, and remains +# the property of SD Elements Incorporated and its suppliers, +# if any. The intellectual and technical concepts contained +# herein are proprietary to SD Elements Incorporated +# and its suppliers and may be covered by U.S., Canadian and other Patents, +# patents in process, and are protected by trade secret or copyright law. +# Dissemination of this information or reproduction of this material +# is strictly forbidden unless prior written permission is obtained +# from SD Elements Inc.. + +# Set strict mode +set -eu + +# Version +version='0.0.1' + +# Not using shtdlib because it uses bash and I don't feel like installing it on alpine + +# Bootstrap database name like `run_wsgi.sh` +# NOTE: if this bootstrapping changes, ensure you change `bin/run_wsgi.sh` as well +if [ -z "${CUBEJS_DB_NAME:-}" ]; then + tag_file='/.IMAGE_TAG' + if [ -e "${tag_file}" ]; then + echo "Attempting to open '${tag_file}'" + export CUBEJS_DB_NAME="$(cat "${tag_file}")" + echo "CUBEJS_DB_NAME=${CUBEJS_DB_NAME}" + fi +fi + +# Continue running the commands to start cube/reporting +exec "$@" -- GitLab From c12cd6dcd6d9e4f7040b053e0e2c9f445add7773 Mon Sep 17 00:00:00 2001 From: Matthew Chum Date: Tue, 16 Mar 2021 16:36:31 -0400 Subject: [PATCH 02/17] add another arg --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9e38a1d..0a77378 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,6 +16,8 @@ RUN set -x \ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} +ARG sde_version=5.13.x + LABEL type="ironbank" USER root -- GitLab From 95c3f3ec59076d60f4d90fd080a2c081ff392e5d Mon Sep 17 00:00:00 2001 From: Matthew Chum Date: Tue, 16 Mar 2021 16:54:53 -0400 Subject: [PATCH 03/17] using 5.12.27 to pass the pipeline --- Dockerfile | 6 ++---- README.md | 4 ++-- hardening_manifest.yaml | 10 +++++----- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0a77378..5265dae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ ARG BASE_TAG=14.16.0 # Friends don't let friends bloat containers FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor -ARG sde_version=5.13.x +ARG sde_version=5.12.27 COPY /"sde-${sde_version}-full.tgz" / USER root @@ -16,9 +16,7 @@ RUN set -x \ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ARG sde_version=5.13.x - -LABEL type="ironbank" +ARG sde_version=5.12.27 USER root diff --git a/README.md b/README.md index d178b0b..af45bba 100644 --- a/README.md +++ b/README.md @@ -10,14 +10,14 @@ This container hosts the SDElements Reporting module using CubeJS to serve repor ```bash # SDE - wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.13.x-full.tgz + wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.12.27-full.tgz ``` 2. Use this command to build locally: ```bash clear && \ - export sde_version='5.13.x' && \ + export sde_version='5.12.27' && \ docker build . -t localhost/security-compass/sd-elements/reporting:"local" \ --build-arg sde_version="${sde_version}" ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index fb3e317..05bf9c3 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "security-compass/sd-elements/mod_wsgi" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.13.x" +- "5.12.27" - "latest" # Build args passed to Dockerfile ARGs @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Security Compass Ltd." # Authoritative version of the software - org.opencontainers.image.version: "5.13.x" + org.opencontainers.image.version: "5.12.27" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "webserver,cubejs,nodejs,security,appsec,code,secure" # This value can be "opensource" or "commercial" @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.13.x-full.tgz" - filename: "sde-5.13.x-full.tgz" + - url: "https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.12.27-full.tgz" + filename: "sde-5.12.27-full.tgz" validation: type: sha256 - value: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + value: "fd1fa3230438b63302478ba70eafe2497dcbe97477ceab924607fabb639d275a" auth: type: "basic" id: "scompass-credential" -- GitLab From e9802b931d50bcc09205d54c9f1066a2e423ee0e Mon Sep 17 00:00:00 2001 From: Matthew Chum Date: Tue, 16 Mar 2021 18:01:24 -0400 Subject: [PATCH 04/17] using 5.11 as testing grounds --- Dockerfile | 4 ++-- README.md | 4 ++-- hardening_manifest.yaml | 10 +++++----- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5265dae..b3f9bc2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ ARG BASE_TAG=14.16.0 # Friends don't let friends bloat containers FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor -ARG sde_version=5.12.27 +ARG sde_version=5.11.27 COPY /"sde-${sde_version}-full.tgz" / USER root @@ -16,7 +16,7 @@ RUN set -x \ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ARG sde_version=5.12.27 +ARG sde_version=5.11.27 USER root diff --git a/README.md b/README.md index af45bba..996fb49 100644 --- a/README.md +++ b/README.md @@ -10,14 +10,14 @@ This container hosts the SDElements Reporting module using CubeJS to serve repor ```bash # SDE - wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.12.27-full.tgz + wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.11.27-full.tgz ``` 2. Use this command to build locally: ```bash clear && \ - export sde_version='5.12.27' && \ + export sde_version='5.11.27' && \ docker build . -t localhost/security-compass/sd-elements/reporting:"local" \ --build-arg sde_version="${sde_version}" ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 05bf9c3..a0a59bc 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "security-compass/sd-elements/mod_wsgi" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.12.27" +- "5.11.27" - "latest" # Build args passed to Dockerfile ARGs @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Security Compass Ltd." # Authoritative version of the software - org.opencontainers.image.version: "5.12.27" + org.opencontainers.image.version: "5.11.27" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "webserver,cubejs,nodejs,security,appsec,code,secure" # This value can be "opensource" or "commercial" @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.12.27-full.tgz" - filename: "sde-5.12.27-full.tgz" + - url: "https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.11.27-full.tgz" + filename: "sde-5.11.27-full.tgz" validation: type: sha256 - value: "fd1fa3230438b63302478ba70eafe2497dcbe97477ceab924607fabb639d275a" + value: "7ec23e574f3567eedd651666f326fe834e0e1688a35422f2c69cf9c1873c9c57" auth: type: "basic" id: "scompass-credential" -- GitLab From 82510b87e28b98a956b92dc487e20cc2c9b5d557 Mon Sep 17 00:00:00 2001 From: Matthew Chum Date: Mon, 29 Mar 2021 15:48:26 -0400 Subject: [PATCH 05/17] updating to use build artifacts --- Dockerfile | 15 +++++++-------- README.md | 2 +- hardening_manifest.yaml | 6 +++--- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index b3f9bc2..b36a8be 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,13 +6,12 @@ ARG BASE_TAG=14.16.0 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor ARG sde_version=5.11.27 -COPY /"sde-${sde_version}-full.tgz" / +COPY /"sde-reporting-${sde_version}.tgz" / USER root RUN set -x \ && mkdir --parents /sde/${sde_version}/wheelhouse \ - && tar --extract --gzip --file=/sde-${sde_version}-full.tgz --directory=/sde \ - && tar --extract --file=/sde/${sde_version}/bundle.tar --directory=/sde/${sde_version} + && tar --extract --gzip --file=/sde-reporting-${sde_version}.tgz --directory=/sde FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -20,10 +19,10 @@ ARG sde_version=5.11.27 USER root -COPY --from=extractor /sde/${sde_version}/code/cube/schema /reporting/schema -COPY --from=extractor /sde/${sde_version}/code/cube/package.json /reporting/package.json -COPY --from=extractor /sde/${sde_version}/code/cube/yarn.lock /reporting/yarn.lock -COPY --from=extractor /sde/${sde_version}/code/cube/index.js /reporting/index.js +COPY --from=extractor /sde/package/schema /reporting/schema +COPY --from=extractor /sde/package/package.json /reporting/package.json +COPY --from=extractor /sde/package/node_modules /reporting/node_modules +COPY --from=extractor /sde/package/index.js /reporting/index.js WORKDIR /reporting @@ -35,4 +34,4 @@ RUN set -x \ COPY /scripts/run_cube.sh /bin/run_cube.sh USER node -HEALTHCHECK --interval=15s --timeout=10s --retries=3 CMD which mod_wsgi-express +HEALTHCHECK --interval=15s --timeout=10s --retries=3 CMD which node diff --git a/README.md b/README.md index 996fb49..dd86b64 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ This container hosts the SDElements Reporting module using CubeJS to serve repor ```bash # SDE - wget --http-user=user --ask-password https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.11.27-full.tgz + wget --http-user=user --ask-password https://artifact.sdelements.com/reporting/prod/sde-reporting-5.11.27.tgz ``` 2. Use this command to build locally: diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index a0a59bc..ca1e2a4 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://tar.sdelements.com/pulp/isos/prod-sde/sde-5.11.27-full.tgz" - filename: "sde-5.11.27-full.tgz" + - url: "https://artifact.sdelements.com/reporting/prod/sde-reporting-5.11.27.tgz" + filename: "sde-reporting-5.11.27.tgz" validation: type: sha256 - value: "7ec23e574f3567eedd651666f326fe834e0e1688a35422f2c69cf9c1873c9c57" + value: "1ba06ac25fd52e55d222e4b59d59c51e4bcbe5b6307125d250c590b857817026" auth: type: "basic" id: "scompass-credential" -- GitLab From 09f6c3189d42caf0d6c5e6e0ad489504bf4a8844 Mon Sep 17 00:00:00 2001 From: Matthew Chum Date: Mon, 29 Mar 2021 17:27:40 -0400 Subject: [PATCH 06/17] no longer need to install --- Dockerfile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index b36a8be..2ca44df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ COPY /"sde-reporting-${sde_version}.tgz" / USER root RUN set -x \ - && mkdir --parents /sde/${sde_version}/wheelhouse \ + && mkdir /sde \ && tar --extract --gzip --file=/sde-reporting-${sde_version}.tgz --directory=/sde FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -27,9 +27,7 @@ COPY --from=extractor /sde/package/index.js /reporting/index.js WORKDIR /reporting RUN set -x \ - && echo "sde_${sde_version}" >> /.IMAGE_TAG \ - && yarn \ - && yarn cache clean + && echo "sde_${sde_version}" >> /.IMAGE_TAG COPY /scripts/run_cube.sh /bin/run_cube.sh -- GitLab From 6b1b39e7c2a0c9689cd565a488ccf5ce6394d36c Mon Sep 17 00:00:00 2001 From: Hrdayesh Patel Date: Fri, 16 Apr 2021 11:24:19 -0400 Subject: [PATCH 07/17] Update to 5.13 --- .gitignore | 1 + Dockerfile | 16 +++++++++------- README.md | 4 ++-- hardening_manifest.yaml | 10 +++++----- scripts/run_cube.sh | 2 -- 5 files changed, 17 insertions(+), 16 deletions(-) diff --git a/.gitignore b/.gitignore index 58a28d6..624eacd 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ **/*.gz +**/*.tgz diff --git a/Dockerfile b/Dockerfile index 2ca44df..2b0117b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,8 @@ ARG BASE_TAG=14.16.0 # Friends don't let friends bloat containers FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor -ARG sde_version=5.11.27 +ARG sde_version=5.13.30qa + COPY /"sde-reporting-${sde_version}.tgz" / USER root @@ -15,18 +16,19 @@ RUN set -x \ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ARG sde_version=5.11.27 - -USER root +ARG sde_version=5.13.30qa -COPY --from=extractor /sde/package/schema /reporting/schema -COPY --from=extractor /sde/package/package.json /reporting/package.json -COPY --from=extractor /sde/package/node_modules /reporting/node_modules +COPY --from=extractor /sde/package/environmentVariables.js /reporting/environmentVariables.js COPY --from=extractor /sde/package/index.js /reporting/index.js +COPY --from=extractor /sde/package/node_modules /reporting/node_modules +COPY --from=extractor /sde/package/package.json /reporting/package.json +COPY --from=extractor /sde/package/schema /reporting/schema WORKDIR /reporting +USER root RUN set -x \ + && dnf --assumeyes upgrade \ && echo "sde_${sde_version}" >> /.IMAGE_TAG COPY /scripts/run_cube.sh /bin/run_cube.sh diff --git a/README.md b/README.md index dd86b64..81d39b9 100644 --- a/README.md +++ b/README.md @@ -10,14 +10,14 @@ This container hosts the SDElements Reporting module using CubeJS to serve repor ```bash # SDE - wget --http-user=user --ask-password https://artifact.sdelements.com/reporting/prod/sde-reporting-5.11.27.tgz + wget --http-user=user --ask-password https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.30qa.tgz ``` 2. Use this command to build locally: ```bash clear && \ - export sde_version='5.11.27' && \ + export sde_version='5.13.30qa' && \ docker build . -t localhost/security-compass/sd-elements/reporting:"local" \ --build-arg sde_version="${sde_version}" ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index ca1e2a4..f7b37ab 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "security-compass/sd-elements/mod_wsgi" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.11.27" +- "5.13.30qa" - "latest" # Build args passed to Dockerfile ARGs @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Security Compass Ltd." # Authoritative version of the software - org.opencontainers.image.version: "5.11.27" + org.opencontainers.image.version: "5.13.30qa" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "webserver,cubejs,nodejs,security,appsec,code,secure" # This value can be "opensource" or "commercial" @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://artifact.sdelements.com/reporting/prod/sde-reporting-5.11.27.tgz" - filename: "sde-reporting-5.11.27.tgz" + - url: "https://anvil.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde/reporting/sde-reporting-5.13.30qa.tgz" + filename: "sde-reporting-5.13.30qa.tgz" validation: type: sha256 - value: "1ba06ac25fd52e55d222e4b59d59c51e4bcbe5b6307125d250c590b857817026" + value: "b12ff1d4005e3584a097835f3f71df129046b2ef0a532ace7aab96e1a9ce56ae" auth: type: "basic" id: "scompass-credential" diff --git a/scripts/run_cube.sh b/scripts/run_cube.sh index d2823e2..7b9ce4d 100755 --- a/scripts/run_cube.sh +++ b/scripts/run_cube.sh @@ -21,8 +21,6 @@ set -eu # Version version='0.0.1' -# Not using shtdlib because it uses bash and I don't feel like installing it on alpine - # Bootstrap database name like `run_wsgi.sh` # NOTE: if this bootstrapping changes, ensure you change `bin/run_wsgi.sh` as well if [ -z "${CUBEJS_DB_NAME:-}" ]; then -- GitLab From b0f07cc93227fefba594dc8e0932fcf8118f25b2 Mon Sep 17 00:00:00 2001 From: Hrdayesh Patel Date: Tue, 20 Apr 2021 10:58:05 -0400 Subject: [PATCH 08/17] Bump to fixed version --- Dockerfile | 4 ++-- README.md | 4 ++-- hardening_manifest.yaml | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2b0117b..53ca331 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ ARG BASE_TAG=14.16.0 # Friends don't let friends bloat containers FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor -ARG sde_version=5.13.30qa +ARG sde_version=5.13.31qa COPY /"sde-reporting-${sde_version}.tgz" / @@ -16,7 +16,7 @@ RUN set -x \ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ARG sde_version=5.13.30qa +ARG sde_version=5.13.31qa COPY --from=extractor /sde/package/environmentVariables.js /reporting/environmentVariables.js COPY --from=extractor /sde/package/index.js /reporting/index.js diff --git a/README.md b/README.md index 81d39b9..23c8bb9 100644 --- a/README.md +++ b/README.md @@ -10,14 +10,14 @@ This container hosts the SDElements Reporting module using CubeJS to serve repor ```bash # SDE - wget --http-user=user --ask-password https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.30qa.tgz + wget --http-user=user --ask-password https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.31qa.tgz ``` 2. Use this command to build locally: ```bash clear && \ - export sde_version='5.13.30qa' && \ + export sde_version='5.13.31qa' && \ docker build . -t localhost/security-compass/sd-elements/reporting:"local" \ --build-arg sde_version="${sde_version}" ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index f7b37ab..5d7c7dd 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "security-compass/sd-elements/mod_wsgi" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.13.30qa" +- "5.13.31qa" - "latest" # Build args passed to Dockerfile ARGs @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Security Compass Ltd." # Authoritative version of the software - org.opencontainers.image.version: "5.13.30qa" + org.opencontainers.image.version: "5.13.31qa" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "webserver,cubejs,nodejs,security,appsec,code,secure" # This value can be "opensource" or "commercial" @@ -39,8 +39,8 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://anvil.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde/reporting/sde-reporting-5.13.30qa.tgz" - filename: "sde-reporting-5.13.30qa.tgz" + - url: "https://anvil.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde/reporting/sde-reporting-5.13.31qa.tgz" + filename: "sde-reporting-5.13.31qa.tgz" validation: type: sha256 value: "b12ff1d4005e3584a097835f3f71df129046b2ef0a532ace7aab96e1a9ce56ae" -- GitLab From b8943a8916f4a82a4c8eca33275dfb94127f3900 Mon Sep 17 00:00:00 2001 From: Hrdayesh Patel Date: Tue, 20 Apr 2021 11:01:39 -0400 Subject: [PATCH 09/17] Forgot checksum --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 5d7c7dd..3026e1d 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -43,7 +43,7 @@ resources: filename: "sde-reporting-5.13.31qa.tgz" validation: type: sha256 - value: "b12ff1d4005e3584a097835f3f71df129046b2ef0a532ace7aab96e1a9ce56ae" + value: "5c5b372d9a116b101efca03604c7b905cabf528f9458f4c44be4bbbe88eb736f" auth: type: "basic" id: "scompass-credential" -- GitLab From 858134564bd75a64494aeced7e00371d34869e9f Mon Sep 17 00:00:00 2001 From: Kevin Patel Date: Wed, 21 Apr 2021 15:39:35 -0400 Subject: [PATCH 10/17] added entrypoint to run cube --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 53ca331..472cb90 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,4 +34,8 @@ RUN set -x \ COPY /scripts/run_cube.sh /bin/run_cube.sh USER node + +ENTRYPOINT ["/bin/run_cube.sh"] +CMD ["yarn", "start"] + HEALTHCHECK --interval=15s --timeout=10s --retries=3 CMD which node -- GitLab From 76c3714f06ab8a8f9bbbcb5daa46ee019d12f8a4 Mon Sep 17 00:00:00 2001 From: Matthew Chum Date: Mon, 10 May 2021 13:39:42 -0400 Subject: [PATCH 11/17] updating version to sde GA --- Dockerfile | 4 ++-- README.md | 4 ++-- hardening_manifest.yaml | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 472cb90..cc013d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ ARG BASE_TAG=14.16.0 # Friends don't let friends bloat containers FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor -ARG sde_version=5.13.31qa +ARG sde_version=5.13.35 COPY /"sde-reporting-${sde_version}.tgz" / @@ -16,7 +16,7 @@ RUN set -x \ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ARG sde_version=5.13.31qa +ARG sde_version=5.13.35 COPY --from=extractor /sde/package/environmentVariables.js /reporting/environmentVariables.js COPY --from=extractor /sde/package/index.js /reporting/index.js diff --git a/README.md b/README.md index 23c8bb9..18b20db 100644 --- a/README.md +++ b/README.md @@ -10,14 +10,14 @@ This container hosts the SDElements Reporting module using CubeJS to serve repor ```bash # SDE - wget --http-user=user --ask-password https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.31qa.tgz + wget --http-user=user --ask-password https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.35.tgz ``` 2. Use this command to build locally: ```bash clear && \ - export sde_version='5.13.31qa' && \ + export sde_version='5.13.35' && \ docker build . -t localhost/security-compass/sd-elements/reporting:"local" \ --build-arg sde_version="${sde_version}" ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 3026e1d..b62796c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "security-compass/sd-elements/mod_wsgi" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.13.31qa" +- "5.13.35" - "latest" # Build args passed to Dockerfile ARGs @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Security Compass Ltd." # Authoritative version of the software - org.opencontainers.image.version: "5.13.31qa" + org.opencontainers.image.version: "5.13.35" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "webserver,cubejs,nodejs,security,appsec,code,secure" # This value can be "opensource" or "commercial" @@ -39,8 +39,8 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://anvil.sdelements.com/pulp/isos/Default_Organization/Library/custom/sde/reporting/sde-reporting-5.13.31qa.tgz" - filename: "sde-reporting-5.13.31qa.tgz" + - url: "https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.35.tgz" + filename: "sde-reporting-5.13.35.tgz" validation: type: sha256 value: "5c5b372d9a116b101efca03604c7b905cabf528f9458f4c44be4bbbe88eb736f" -- GitLab From 8b4c58d99ad0ebe5c10a0ad7b44f9eff0feff746 Mon Sep 17 00:00:00 2001 From: Matthew Chum Date: Tue, 25 May 2021 21:10:53 -0400 Subject: [PATCH 12/17] Addressing findings --- Dockerfile | 4 ++-- README.md | 4 ++-- hardening_manifest.yaml | 10 +++++----- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index cc013d6..51b7bc4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ ARG BASE_TAG=14.16.0 # Friends don't let friends bloat containers FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor -ARG sde_version=5.13.35 +ARG sde_version=5.13.38 COPY /"sde-reporting-${sde_version}.tgz" / @@ -16,7 +16,7 @@ RUN set -x \ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ARG sde_version=5.13.35 +ARG sde_version=5.13.38 COPY --from=extractor /sde/package/environmentVariables.js /reporting/environmentVariables.js COPY --from=extractor /sde/package/index.js /reporting/index.js diff --git a/README.md b/README.md index 18b20db..86096a0 100644 --- a/README.md +++ b/README.md @@ -10,14 +10,14 @@ This container hosts the SDElements Reporting module using CubeJS to serve repor ```bash # SDE - wget --http-user=user --ask-password https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.35.tgz + wget --http-user=user --ask-password https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.38.tgz ``` 2. Use this command to build locally: ```bash clear && \ - export sde_version='5.13.35' && \ + export sde_version='5.13.38' && \ docker build . -t localhost/security-compass/sd-elements/reporting:"local" \ --build-arg sde_version="${sde_version}" ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index b62796c..1954129 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "security-compass/sd-elements/mod_wsgi" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.13.35" +- "5.13.38" - "latest" # Build args passed to Dockerfile ARGs @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Security Compass Ltd." # Authoritative version of the software - org.opencontainers.image.version: "5.13.35" + org.opencontainers.image.version: "5.13.38" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "webserver,cubejs,nodejs,security,appsec,code,secure" # This value can be "opensource" or "commercial" @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.35.tgz" - filename: "sde-reporting-5.13.35.tgz" + - url: "https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.38.tgz" + filename: "sde-reporting-5.13.38.tgz" validation: type: sha256 - value: "5c5b372d9a116b101efca03604c7b905cabf528f9458f4c44be4bbbe88eb736f" + value: "3ed328fd4f9ebafc01cb44b91abc29466af9bd8c42c6069bbaa6d142d878bf11" auth: type: "basic" id: "scompass-credential" -- GitLab From f5227a27754fc2beb6cb9fff65af3ac91cba5a3c Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Wed, 26 May 2021 19:21:15 +0000 Subject: [PATCH 13/17] Update hardening_manifest.yaml --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 1954129..2773dcd 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -2,7 +2,7 @@ apiVersion: v1 # The repository name in registry1, excluding /ironbank/ -name: "security-compass/sd-elements/mod_wsgi" +name: "security-compass/sd-elements/reporting" # List of tags to push for the repository in registry1 # The most specific version should be the first tag and will be shown -- GitLab From e4b974304883792c302a4431fdf1d2442d37ab64 Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Thu, 27 May 2021 14:46:56 +0000 Subject: [PATCH 14/17] Update hardening_manifest.yaml --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 2773dcd..6d1141c 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -14,7 +14,7 @@ tags: # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "opensource/nodejs/nodejs14" - BASE_TAG: "14.16.0" + BASE_TAG: "14.17.0" # Docker image labels labels: -- GitLab From ac5766ad1fad13ed71167514072f0cbef389ef94 Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Thu, 27 May 2021 14:47:09 +0000 Subject: [PATCH 15/17] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 51b7bc4..c8ddc6d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/opensource/nodejs/nodejs14 -ARG BASE_TAG=14.16.0 +ARG BASE_TAG=14.17.0 # Friends don't let friends bloat containers FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor -- GitLab From b5e6adf898adcf7841b7d3e08bfeb6f7ccfb5768 Mon Sep 17 00:00:00 2001 From: Hrdayesh Patel Date: Fri, 11 Jun 2021 11:48:36 -0400 Subject: [PATCH 16/17] SDE 5.14 Update --- Dockerfile | 4 ++-- README.md | 4 ++-- hardening_manifest.yaml | 10 +++++----- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index c8ddc6d..f25eb87 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ ARG BASE_TAG=14.17.0 # Friends don't let friends bloat containers FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as extractor -ARG sde_version=5.13.38 +ARG sde_version=5.14.14 COPY /"sde-reporting-${sde_version}.tgz" / @@ -16,7 +16,7 @@ RUN set -x \ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -ARG sde_version=5.13.38 +ARG sde_version=5.14.14 COPY --from=extractor /sde/package/environmentVariables.js /reporting/environmentVariables.js COPY --from=extractor /sde/package/index.js /reporting/index.js diff --git a/README.md b/README.md index 86096a0..858e693 100644 --- a/README.md +++ b/README.md @@ -10,14 +10,14 @@ This container hosts the SDElements Reporting module using CubeJS to serve repor ```bash # SDE - wget --http-user=user --ask-password https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.38.tgz + wget --http-user=user --ask-password https://artifact.sdelements.com/prod/reporting/sde-reporting-5.14.14.tgz ``` 2. Use this command to build locally: ```bash clear && \ - export sde_version='5.13.38' && \ + export sde_version='5.14.14' && \ docker build . -t localhost/security-compass/sd-elements/reporting:"local" \ --build-arg sde_version="${sde_version}" ``` diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 6d1141c..d9378e9 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "security-compass/sd-elements/reporting" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "5.13.38" +- "5.14.14" - "latest" # Build args passed to Dockerfile ARGs @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Security Compass Ltd." # Authoritative version of the software - org.opencontainers.image.version: "5.13.38" + org.opencontainers.image.version: "5.14.14" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "webserver,cubejs,nodejs,security,appsec,code,secure" # This value can be "opensource" or "commercial" @@ -39,11 +39,11 @@ labels: # List of resources to make available to the offline build context resources: - - url: "https://artifact.sdelements.com/prod/reporting/sde-reporting-5.13.38.tgz" - filename: "sde-reporting-5.13.38.tgz" + - url: "https://artifact.sdelements.com/prod/reporting/sde-reporting-5.14.14.tgz" + filename: "sde-reporting-5.14.14.tgz" validation: type: sha256 - value: "3ed328fd4f9ebafc01cb44b91abc29466af9bd8c42c6069bbaa6d142d878bf11" + value: "9afdc7a125464d738be6fc14ac8b9613a0346c23304ff3378efd3eb599e4983a" auth: type: "basic" id: "scompass-credential" -- GitLab From 3d6cf14e31dfe7ad18a8fc7c3ce8a984e99047fe Mon Sep 17 00:00:00 2001 From: Hrdayesh Patel Date: Fri, 11 Jun 2021 11:55:30 -0400 Subject: [PATCH 17/17] Update maintainer --- hardening_manifest.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index d9378e9..8d95d05 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -56,3 +56,9 @@ maintainers: - name: "Matthew Chum" username: "mchum" email: "mchum@securitycompass.com" +- name: "Adam Gilbert" + username: "agilbert" + email: "agilbert@securitycompass.com" +- name: "Kevinkumar Patel" + username: "kevinptl4" + email: "kevinptl4@securitycompass.com" -- GitLab