updating to fit DSOP structure and DCAR requirements

7dfe46d0 · Peter Sigur · 2aaf4196 · 7dfe46d0 · 7dfe46d0 · 7dfe46d0
Commit 7dfe46d0 authored Jan 06, 2020 by Peter Sigur
Hide whitespace changes
Inline Side-by-side

Showing with 68 additions and 18 deletions

5.2.4/Dockerfile 5.2.4/Dockerfile +28 -18

5.2.4/README.md 5.2.4/README.md +2 -0

5.2.4/scripts/prebuild.sh 5.2.4/scripts/prebuild.sh +38 -0

No files found.
--- a/5.2.4/Dockerfile
+++ b/5.2.4/Dockerfile
@@ -3,40 +3,50 @@ ARG BASE_IMAGE=ubi7/ubi
 ARG BASE_TAG=7.7
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+MAINTAINER terrana_steven@bah.com
 ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
-LABEL name="Solutions Delivery Platform: Jenkins Master" \
+LABEL name="Solutions Delivery Platform: OWASP Dependency Checker" \
      maintainer="terrana_steven@bah.com" \
      vendor="Booz Allen Hamilton" \
-      version="1.0" \
+      version="5.2.4" \
-      release="1.0" \
+      release="5.2.4" \
-      summary="A Jenkins Master container" \
+      summary="An OWASP Dependency Checker container" \
      description="The OWASP Dependency Check container image for the Solutions Delivery Platform"
 ### add licenses to this directory
 COPY LICENSE /licenses
 ### Add necessary Red Hat repos and packages here
-RUN echo -e "[centos] \nname=CentOS-7\nbaseurl=http://mirror.vcu.edu/pub/gnu_linux/centos/7/os/x86_64/\nenabled=1\ngpgcheck=1\ngpgkey=http://mirror.vcu.edu/pub/gnu_linux/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7" > /etc/yum.repos.d/centos.repo
+RUN INSTALL_PKGS="java-1.8.0-openjdk-devel mono-devel ruby unzip" && \
-RUN INSTALL_PKGS="java-1.8.0-openjdk-devel mono-devel ruby unzip wget" && \
+    yum update -y \
-    rpmkeys --import "http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x3fa7e0328081bff6a14da29aa6a19b38d3d831ef" && \
+        --nogpgcheck \
-    su -c 'curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo' && \
+        --disablerepo=unified_platform_ubi8_os \
-    yum --nogpgcheck --disablerepo unified_platform_ubi8_appstream --disablerepo unified_platform_ubi8_os --disableplugin=subscription-manager -y update --setopt=tsflags=nodocs \
+        --disablerepo=unified_platform_ubi8_appstream \
-        --security --sec-severity=Important --sec-severity=Critical && \
+        --disableplugin=subscription-manager \
-    yum --nogpgcheck --disablerepo unified_platform_ubi8_appstream --disablerepo unified_platform_ubi8_os --disableplugin=subscription-manager -y install --setopt=tsflags=nodocs ${INSTALL_PKGS}
+        --setopt=tsflags=nodocs \
+        --security \
+        --sec-severity=Important \
+        --sec-severity=Critical && \
+    yum install ${INSTALL_PKGS} -y \
+        --nogpgcheck \
+        --disablerepo=unified_platform_ubi8_os \
+        --disablerepo=unified_platform_ubi8_appstream \
+        --disableplugin=subscription-manager \
+        --setopt=tsflags=nodocs
 ### Install your application here -- add all other necessary items to build your image
+ARG user=dependencycheck
-ENV user=dependencycheck
+ARG OWASP_DEP_CHK_VERSION=5.2.4
-ENV version=5.2.4
-ENV download_url=https://dl.bintray.com/jeremy-long/owasp
 RUN gem install "rubygems-update:<3.0.0" --no-document                      && \
    update_rubygems                                                         && \
    gem install bundle-audit                                                && \
    gem cleanup
-RUN file="dependency-check-${version}-release.zip"                          && \
+RUN file="owaspdepchk-${OWASP_DEP_CHK_VERSION}"                             && \
-    wget "$download_url/$file"                                              && \
+    curl -LOJkfu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} \
+        https://${NEXUS_SERVER}/repository/dsop/solutions-delivery-platform/dependency-check/${file} -O && \
    unzip ${file}                                                           && \
    rm ${file}                                                              && \
    mv dependency-check /usr/share/                                         && \
@@ -53,4 +63,4 @@ VOLUME ["/src" "/usr/share/dependency-check/data" "/report"]
 WORKDIR /src
 CMD ["--help"]
 ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"]
\ No newline at end of file
--- a/5.2.4/README.md
+++ b/5.2.4/README.md
+# dependency-check
--- a/5.2.4/scripts/prebuild.sh
+++ b/5.2.4/scripts/prebuild.sh
+#!/bin/bash
+#OWASP Dependency Checker prebuild script
+set -e
+### Environment Variables ###
+OWASP_DEP_CHK_VERSION=5.2.4
+VENDOR=BAH
+# DSOP Nexus repo
+NEXUS_SERVER=${NEXUS_SERVER}
+NEXUS_USERNAME=${NEXUS_USERNAME}
+NEXUS_PASSWORD=${NEXUS_PASSWORD}
+### Download files/dependencies ###
+# temporarily place binaries locally in /tmp/${VENDOR}/
+curl -LO --create-dirs https://dl.bintray.com/jeremy-long/owasp/dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip \
+    -o /tmp/${VENDOR}/owaspdepchk-${OWASP_DEP_CHK_VERSION}
+### SHA256 Verification ###
+# Verifying the files with the SHA256 is a requirement for all files
+# Make sure to not download the SHA256 from the internet, but create it, check it and upload it to the Nexus repo
+cd /tmp/${VENDOR}
+for file in owaspdepchk-${OWASP_DEP_CHK_VERSION}
+do
+    sha256sum ${file} | awk '{print $1}' > ${file}.sha256 \
+    && echo "$(cat ${file}.sha256) ${file}" | sha256sum --check --status \
+    && if [ $? == '0' ]; then printf "\nSHA256 check for ${file} succeeded\n\n"; \
+    else printf "SHA256 check for ${file} failed\n\n"; fi
+done
+### Nexus Repo Upload ###
+for package in owaspdepchk-${OWASP_DEP_CHK_VERSION} owaspdepchk-${OWASP_DEP_CHK_VERSION}.sha256
+do
+    curl -k -fu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} -T /tmp/${VENDOR}/${package} https://${NEXUS_SERVER}/repository/dsop/solutions-delivery-platform/dependency-check/${package}
+done
+cd -