Changes to upgrade to version 5.3.1 and ubi8 base image

575006d0 · Karpagam Balan · Hayden · cd7c2ae7 · 575006d0 · 575006d0
Commit 575006d0 authored Mar 27, 2020 by Karpagam Balan Committed by Hayden Mar 27, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 33 deletions

Dockerfile Dockerfile +17 -26

Jenkinsfile Jenkinsfile +2 -2

README.md README.md +2 -2

download.yaml download.yaml +3 -3

No files found.
--- a/Dockerfile
+++ b/Dockerfile
 ARG BASE_REGISTRY=registry.access.redhat.com
-ARG BASE_IMAGE=ubi7/ubi
+ARG BASE_IMAGE=ubi8/ubi
-ARG BASE_TAG=7.8
+ARG BASE_TAG=8.1-406
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
 LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \
      maintainer="terrana_steven@bah.com" \
      vendor="Booz Allen Hamilton" \
-      version="5.2.4" \
+      version="5.3.1" \
-      release="5.2.4" \
+      release="5.3.1" \
      summary="OWASP Dependency Check container" \
      description="The OWASP Dependency Check container image for the Solutions Delivery Platform"
@@ -16,43 +16,34 @@ LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \
 COPY LICENSE /licenses
 ### Install packages from ubi base repo 
-RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby ruby-devel unzip" && \
+RUN INSTALL_PKGS="java-1.8.0-openjdk ruby unzip" && \
-    yum update -y \
+    yum clean metadata && \
-        --disablerepo="*" \
+    yum --disableplugin=subscription-manager -y update-minimal --setopt=tsflags=nodocs \
-        --enablerepo="*ubi-7*" \
+        --security --sec-severity=Important --sec-severity=Critical && \
-        --disableplugin=subscription-manager \
+    yum --disableplugin=subscription-manager -y install --setopt=tsflags=nodocs ${INSTALL_PKGS} && \
-        --setopt=tsflags=nodocs \
-        --security \
-        --sec-severity=Important \
-        --sec-severity=Critical && \
-    yum install -y ${INSTALL_PKGS} \
-        --disablerepo="*" \
-        --enablerepo="*ubi-7*" \
-        --disableplugin=subscription-manager \
-        --setopt=tsflags=nodocs && \
    yum -y -v clean all && \
    [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum
 ### Arguments and Environment variables
 ENV user dependencycheck
-ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.3"
+ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.5"
-ENV OWASP_DEP_CHK_VERSION 5.2.4
+ENV OWASP_DEP_CHK_VERSION 5.3.1
 ### Fetch dependency bundle
 RUN mkdir /root/tmp
 COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz
-### Install mono-devel
+### Install mono-complete
 RUN cd /root/tmp && \
    tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz &&  \
-    rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-devel/*.rpm && \
+    rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-complete/*.rpm && \
    rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz
 ### Install ruby dependencies
 RUN cd /root/tmp && \
-    gem install --force --local /root/tmp/dependencies/rubygems-update/*.gem && \
+    gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem --no-document --no-rdoc --no-ri && \
-    update_rubygems && \
-    gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem && \
    gem cleanup
 ### Install OWASP Dependency Check binaries
@@ -60,7 +51,7 @@ RUN cd /root/tmp/dependencies/owasp && \
    unzip dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip    && \
    rm dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip       && \
    mv dependency-check /usr/share/                                         && \
-    rm -rf /root/tmp/dependencies
+    rm -rf /root/tmp/*
 # Add user, create required directories  and cleanup
 RUN useradd -ms /bin/bash ${user}                                           && \

--- a/Jenkinsfile
+++ b/Jenkinsfile
-@Library('DCCSCR@master') _
+@Library('DCCSCR@23-contributor-status-report') _
-dccscrPipeline(version: "5.2.4")
+dccscrPipeline(version: "5.3.1")
--- a/README.md
+++ b/README.md
-# OWASP Dependency Check  Container Version 5.2.4
+# OWASP Dependency Check  Container Version 5.3.1
 ## Introduction
@@ -11,7 +11,7 @@ The following is a list of variables:
 ARG BASE_REGISTRY         = defines the registry portion of the OS image to be used in the FROM command.
 ARG BASE_IMAGE            = defines the image portion of the OS image to be used in the FROM command.
 ARG BASE_TAG              = defines the tag portion of the OS image to be used in the FROM command.
-ARG SDP_BUILD_DEPENDENCY_VERSION  = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.4
+ARG SDP_BUILD_DEPENDENCY_VERSION  = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.5
 ```
 Recommended resources for the image:

--- a/download.yaml
+++ b/download.yaml
 resources:
-  - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.3/owasp-dep-check-dependencies-dcar-0.3.tar.gz"
+  - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.5/owasp-dep-check-dependencies-dcar-0.5.tar.gz"
-    filename: "owasp-dep-check-dependencies-dcar-0.3.tar.gz" 
+    filename: "owasp-dep-check-dependencies-dcar-0.5.tar.gz" 
    validation:
      type: "sha256"
-      value: "4e885b2cf44aa7a27dd16727e8e3e01011498ab9b5fca2e27dc1fc6935b0d3f3"
+      value: "5251f37724e1965ab5e27cfd565b1be4b258c76a1885ab963c0438daf7aa3069"