Added changes to fix repo structure to confirm to current pipeline guidance

8af1da6c · Karpagam Balan · e1828b0e · 8af1da6c · 8af1da6c · 8af1da6c
Commit 8af1da6c authored Mar 09, 2020 by Karpagam Balan
Hide whitespace changes
Inline Side-by-side

Showing with 108 additions and 1 deletion

5.2.4/Dockerfile 5.2.4/Dockerfile +81 -0

5.2.4/README.md 5.2.4/README.md +18 -1

5.2.4/download.json 5.2.4/download.json +9 -0

No files found.
--- a/5.2.4/Dockerfile
+++ b/5.2.4/Dockerfile
+ARG BASE_REGISTRY=registry.access.redhat.com
+ARG BASE_IMAGE=ubi7/ubi
+ARG BASE_TAG=7.8
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
+LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \
+      maintainer="terrana_steven@bah.com" \
+      vendor="Booz Allen Hamilton" \
+      version="5.2.4" \
+      release="5.2.4" \
+      summary="OWASP Dependency Check container" \
+      description="The OWASP Dependency Check container image for the Solutions Delivery Platform"
+### add licenses to this directory
+COPY LICENSE /licenses
+### Install packages from ubi base repo 
+RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby unzip" && \
+    yum update -y \
+        --nogpgcheck \
+        --disablerepo=unified_platform_ubi8_os \
+        --disablerepo=unified_platform_ubi8_appstream \
+        --disableplugin=subscription-manager \
+        --setopt=tsflags=nodocs \
+        --security \
+        --sec-severity=Important \
+        --sec-severity=Critical && \
+    yum install ${INSTALL_PKGS} -y \
+        --nogpgcheck \
+        --disablerepo=unified_platform_ubi8_os \
+        --disablerepo=unified_platform_ubi8_appstream \
+        --disableplugin=subscription-manager \
+        --setopt=tsflags=nodocs
+### Arguments and Environment variables
+ENV user dependencycheck
+ARG SDP_BUILD_DEPENDENCY_VERSION dcar-0.4
+ENV OWASP_DEP_CHECK_VERSION 5.2.4
+### Fetch dependency bundle
+RUN mkdir /root/tmp
+COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz
+### Install mono-devel
+RUN cd /root/tmp && tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz &&  rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-devel/*.rpm && rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz
+### Install ruby dependencies
+RUN cd /root/tmp && \
+    gem install --force --local /root/tmp/dependencies/rubygems-update/*.gem && \
+    update_rubygems && \
+    gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem && \
+    gem cleanup
+### Install OWASP Dependency Check binaries
+RUN cd /root/tmp/dependencies/owasp && \
+    unzip dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip    && \
+    rm dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip       && \
+    mv dependency-check /usr/share/                                         && \
+    rm -rf /root/tmp/dependencies
+# Add user, create required directories  and cleanup
+RUN useradd -ms /bin/bash ${user}                                           && \
+    chown -R ${user}:${user} /usr/share/dependency-check                    && \
+    mkdir /report                                                           && \
+    chown -R ${user}:${user} /report                                        && \
+    yum --nogpgcheck --disableplugin=subscription-manager clean all
+USER ${user}
+VOLUME ["/src" "/usr/share/dependency-check/data" "/report"]
+WORKDIR /src
+CMD ["--help"]
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD stat /usr/share/dependency-check/bin/dependency-check.sh
+ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"]
--- a/5.2.4/README.md
+++ b/5.2.4/README.md
-# dependency-check
+# OWASP Dependency Check  Container
+## Introduction
+This container hosts the OWASP Dependency Check  application to be used as part of the Solution Delivery Platform.
+## Container Variables
+The following is a list of variables:
+```
+ARG BASE_REGISTRY         = defines the registry portion of the OS image to be used in the FROM command.
+ARG BASE_IMAGE            = defines the image portion of the OS image to be used in the FROM command.
+ARG BASE_TAG              = defines the tag portion of the OS image to be used in the FROM command.
+ARG SDP_BUILD_DEPENDENCY_VERSION  = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.4
+```
+Recommended resources for the image:
+The Jenkins agent on the Solutions Delivery Platform will run this container as pasrt of thebuild pipeline. All resources are inherited at runtime from the Jenkins Agent container. 
--- a/5.2.4/download.json
+++ b/5.2.4/download.json
+{ "resources":
+	[
+		{ "url" : "https://github.com/boozallen/sdp-images/releases/download/dcar-0.3/owasp-dep-check-dependencies-dcar-0.3.tar.gz",
+			"filename": "owasp-dep-check-dependencies-dcar-0.3.tar.gz",
+			"sha256": "4e885b2cf44aa7a27dd16727e8e3e01011498ab9b5fca2e27dc1fc6935b0d3f3"
+		}
+] }