Merge branch 'development' into 'master'

updating to fit DSOP structure and DCAR requirements See merge request !1

Merge branch 'development' into 'master'
updating to fit DSOP structure and DCAR requirements See merge request !1
4720920a · Karpagam Balan · 2aaf4196 · 7dfe46d0 · 4720920a · 4720920a
Commit 4720920a authored Jan 07, 2020 by Karpagam Balan
Hide whitespace changes
Inline Side-by-side

Showing with 68 additions and 18 deletions

5.2.4/Dockerfile 5.2.4/Dockerfile +28 -18

5.2.4/README.md 5.2.4/README.md +2 -0

5.2.4/scripts/prebuild.sh 5.2.4/scripts/prebuild.sh +38 -0

No files found.
--- a/5.2.4/Dockerfile
+++ b/5.2.4/Dockerfile
@@ -3,40 +3,50 @@ ARG BASE_IMAGE=ubi7/ubi
 ARG BASE_TAG=7.7
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+MAINTAINER terrana_steven@bah.com
 ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
-LABEL name="Solutions Delivery Platform: Jenkins Master" \
+LABEL name="Solutions Delivery Platform: OWASP Dependency Checker" \
      maintainer="terrana_steven@bah.com" \
      vendor="Booz Allen Hamilton" \
-      version="1.0" \
+      version="5.2.4" \
-      release="1.0" \
+      release="5.2.4" \
-      summary="A Jenkins Master container" \
+      summary="An OWASP Dependency Checker container" \
      description="The OWASP Dependency Check container image for the Solutions Delivery Platform"
 ### add licenses to this directory
 COPY LICENSE /licenses
 ### Add necessary Red Hat repos and packages here
-RUN echo -e "[centos] \nname=CentOS-7\nbaseurl=http://mirror.vcu.edu/pub/gnu_linux/centos/7/os/x86_64/\nenabled=1\ngpgcheck=1\ngpgkey=http://mirror.vcu.edu/pub/gnu_linux/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7" > /etc/yum.repos.d/centos.repo
+RUN INSTALL_PKGS="java-1.8.0-openjdk-devel mono-devel ruby unzip" && \
-RUN INSTALL_PKGS="java-1.8.0-openjdk-devel mono-devel ruby unzip wget" && \
+    yum update -y \
-    rpmkeys --import "http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x3fa7e0328081bff6a14da29aa6a19b38d3d831ef" && \
+        --nogpgcheck \
-    su -c 'curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo' && \
+        --disablerepo=unified_platform_ubi8_os \
-    yum --nogpgcheck --disablerepo unified_platform_ubi8_appstream --disablerepo unified_platform_ubi8_os --disableplugin=subscription-manager -y update --setopt=tsflags=nodocs \
+        --disablerepo=unified_platform_ubi8_appstream \
-        --security --sec-severity=Important --sec-severity=Critical && \
+        --disableplugin=subscription-manager \
-    yum --nogpgcheck --disablerepo unified_platform_ubi8_appstream --disablerepo unified_platform_ubi8_os --disableplugin=subscription-manager -y install --setopt=tsflags=nodocs ${INSTALL_PKGS}
+        --setopt=tsflags=nodocs \
+        --security \
+        --sec-severity=Important \
+        --sec-severity=Critical && \
+    yum install ${INSTALL_PKGS} -y \
+        --nogpgcheck \
+        --disablerepo=unified_platform_ubi8_os \
+        --disablerepo=unified_platform_ubi8_appstream \
+        --disableplugin=subscription-manager \
+        --setopt=tsflags=nodocs
 ### Install your application here -- add all other necessary items to build your image
+ARG user=dependencycheck
-ENV user=dependencycheck
+ARG OWASP_DEP_CHK_VERSION=5.2.4
-ENV version=5.2.4
-ENV download_url=https://dl.bintray.com/jeremy-long/owasp
 RUN gem install "rubygems-update:<3.0.0" --no-document                      && \
    update_rubygems                                                         && \
    gem install bundle-audit                                                && \
    gem cleanup
-RUN file="dependency-check-${version}-release.zip"                          && \
+RUN file="owaspdepchk-${OWASP_DEP_CHK_VERSION}"                             && \
-    wget "$download_url/$file"                                              && \
+    curl -LOJkfu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} \
+        https://${NEXUS_SERVER}/repository/dsop/solutions-delivery-platform/dependency-check/${file} -O && \
    unzip ${file}                                                           && \
    rm ${file}                                                              && \
    mv dependency-check /usr/share/                                         && \
@@ -53,4 +63,4 @@ VOLUME ["/src" "/usr/share/dependency-check/data" "/report"]
 WORKDIR /src
 CMD ["--help"]
 ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"]
\ No newline at end of file
--- a/5.2.4/README.md
+++ b/5.2.4/README.md
+# dependency-check
--- a/5.2.4/scripts/prebuild.sh
+++ b/5.2.4/scripts/prebuild.sh
+#!/bin/bash
+#OWASP Dependency Checker prebuild script
+set -e
+### Environment Variables ###
+OWASP_DEP_CHK_VERSION=5.2.4
+VENDOR=BAH
+# DSOP Nexus repo
+NEXUS_SERVER=${NEXUS_SERVER}
+NEXUS_USERNAME=${NEXUS_USERNAME}
+NEXUS_PASSWORD=${NEXUS_PASSWORD}
+### Download files/dependencies ###
+# temporarily place binaries locally in /tmp/${VENDOR}/
+curl -LO --create-dirs https://dl.bintray.com/jeremy-long/owasp/dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip \
+    -o /tmp/${VENDOR}/owaspdepchk-${OWASP_DEP_CHK_VERSION}
+### SHA256 Verification ###
+# Verifying the files with the SHA256 is a requirement for all files
+# Make sure to not download the SHA256 from the internet, but create it, check it and upload it to the Nexus repo
+cd /tmp/${VENDOR}
+for file in owaspdepchk-${OWASP_DEP_CHK_VERSION}
+do
+    sha256sum ${file} | awk '{print $1}' > ${file}.sha256 \
+    && echo "$(cat ${file}.sha256) ${file}" | sha256sum --check --status \
+    && if [ $? == '0' ]; then printf "\nSHA256 check for ${file} succeeded\n\n"; \
+    else printf "SHA256 check for ${file} failed\n\n"; fi
+done
+### Nexus Repo Upload ###
+for package in owaspdepchk-${OWASP_DEP_CHK_VERSION} owaspdepchk-${OWASP_DEP_CHK_VERSION}.sha256
+do
+    curl -k -fu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} -T /tmp/${VENDOR}/${package} https://${NEXUS_SERVER}/repository/dsop/solutions-delivery-platform/dependency-check/${package}
+done
+cd -