From 3c2219ef87a49a4a5308fee95b2abf229b76a426 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Thu, 7 May 2020 13:53:02 +0000 Subject: [PATCH 1/4] Update download.yaml to change the sha for the modified dependency bundle --- download.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/download.yaml b/download.yaml index 0ad5d8b..727f117 100644 --- a/download.yaml +++ b/download.yaml @@ -3,4 +3,4 @@ resources: filename: "owasp-dep-check-dependencies-dcar-1.1.tar.gz" validation: type: "sha256" - value: "ad03303173e2042adc3177cb397cfe47cfb1134395b4372ffbdc73dae12652f9" + value: "529a82ce2e3c7af77a4f57b1b36604ad2d817a72be08d0ce97ee353bff21e7d5" -- GitLab From 1466598aac59bef26c7bbc4a1cefda02754c6acb Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Thu, 7 May 2020 13:59:33 +0000 Subject: [PATCH 2/4] Update Dockerfile to remove --nogpgcheck --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c8c4a6a..09484ff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,8 @@ COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp ### Install mono-complete RUN cd /root/tmp && \ tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz && \ - yum install -y --nogpgcheck /root/tmp/dependencies/mono-complete/*.rpm && \ + rpm --import /root/tmp/dependencies/mono-complete/gpg.key && \ + yum install -y /root/tmp/dependencies/mono-complete/*.rpm && \ rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz ### Install ruby dependencies -- GitLab From 8d12a460f8703a9536fcfdf652ac9cfae2ee67f6 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Thu, 7 May 2020 15:11:06 +0000 Subject: [PATCH 3/4] Update SHA in download.yaml --- download.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/download.yaml b/download.yaml index 727f117..f8e13bd 100644 --- a/download.yaml +++ b/download.yaml @@ -3,4 +3,4 @@ resources: filename: "owasp-dep-check-dependencies-dcar-1.1.tar.gz" validation: type: "sha256" - value: "529a82ce2e3c7af77a4f57b1b36604ad2d817a72be08d0ce97ee353bff21e7d5" + value: "650c054fba0881434aa50d099fbdf1f0d7bbca7add3eb2aaf6e672158997e448" -- GitLab From 41f1d22d648142d75e60ad8c79aec886a04ff6e6 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Thu, 7 May 2020 15:13:26 +0000 Subject: [PATCH 4/4] Update Dockerfile to solve --nogpgcheck scan --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 09484ff..9b4fb27 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,8 +37,7 @@ COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp ### Install mono-complete RUN cd /root/tmp && \ tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz && \ - rpm --import /root/tmp/dependencies/mono-complete/gpg.key && \ - yum install -y /root/tmp/dependencies/mono-complete/*.rpm && \ + rpm -ivh --replacepkgs --replacefiles --force /root/tmp/dependencies/mono-complete/*.rpm && \ rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz ### Install ruby dependencies -- GitLab