From 71bb559d3c862ebef67d7d9cf67a5cededf68a68 Mon Sep 17 00:00:00 2001 From: ironbank-bot Date: Thu, 10 Dec 2020 01:24:45 +0000 Subject: [PATCH 1/6] Migrate to hardening_manifest.yaml --- Dockerfile | 7 ----- Jenkinsfile | 2 -- download.yaml | 6 ----- hardening_manifest.yaml | 58 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 58 insertions(+), 15 deletions(-) delete mode 100644 Jenkinsfile delete mode 100644 download.yaml create mode 100644 hardening_manifest.yaml diff --git a/Dockerfile b/Dockerfile index db9399e..47750b7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,13 +5,6 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels -LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \ - maintainer="terrana_steven@bah.com" \ - vendor="Booz Allen Hamilton" \ - version="6.0.3" \ - release="6.0.3" \ - summary="OWASP Dependency Check container" \ - description="The OWASP Dependency Check container image for the Solutions Delivery Platform" USER root diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index bc0fefd..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,2 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: "6.0.3") diff --git a/download.yaml b/download.yaml deleted file mode 100644 index 68b3941..0000000 --- a/download.yaml +++ /dev/null @@ -1,6 +0,0 @@ -resources: - - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-1.7/owasp-dep-check-dependencies-dcar-1.7.tar.gz" - filename: "owasp-dep-check-dependencies-dcar-1.7.tar.gz" - validation: - type: "sha256" - value: "5149b91bbb24ea18da7e692e15aa1cd0c61262072125830d263ccc1be43f54ad" diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..69cd941 --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "solutions-delivery-platform/dependency-check/dependency-check" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "6.0.3" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.3" + +# Docker image labels +labels: + org.opencontainers.image.title: "dependency-check" + ## Human-readable description of the software packaged in the image + # org.opencontainers.image.description: "FIXME" + ## License(s) under which contained software is distributed + # org.opencontainers.image.licenses: "FIXME" + ## URL to find more information on the image + # org.opencontainers.image.url: "FIXME" + ## Name of the distributing entity, organization or individual + # org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.version: "6.0.3" + ## Keywords to help with search (ex. "cicd,gitops,golang") + # mil.dso.ironbank.image.keywords: "FIXME" + ## This value can be "opensource" or "commercial" + # mil.dso.ironbank.image.type: "FIXME" + ## Product the image belongs to for grouping multiple images + # mil.dso.ironbank.product.name: "FIXME" + +# List of resources to make available to the offline build context +resources: +- filename: owasp-dep-check-dependencies-dcar-1.7.tar.gz + url: https://github.com/boozallen/sdp-images/releases/download/dcar-1.7/owasp-dep-check-dependencies-dcar-1.7.tar.gz + validation: + type: sha256 + value: 5149b91bbb24ea18da7e692e15aa1cd0c61262072125830d263ccc1be43f54ad + +# List of project maintainers +# FIXME: Fill in the following details for the current container owner in the whitelist +# FIXME: Include any other vendor information if applicable +maintainers: +- email: "hojeda@redhat.com" +# # The name of the current container owner +# name: "FIXME" +# # The gitlab username of the current container owner +# username: "FIXME" +# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT +# - name: "FIXME" +# username: "FIXME" +# email: "FIXME" -- GitLab From 2f11021ce092d6ca5df7b73c18756774f1946474 Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Fri, 11 Dec 2020 17:58:42 +0000 Subject: [PATCH 2/6] Update hardening_manifest.yaml --- hardening_manifest.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 69cd941..2e68eb3 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -47,12 +47,12 @@ resources: # FIXME: Fill in the following details for the current container owner in the whitelist # FIXME: Include any other vendor information if applicable maintainers: -- email: "hojeda@redhat.com" +- email: "spicer_casey@bah.com" # # The name of the current container owner -# name: "FIXME" + name: "Casey Spicer" # # The gitlab username of the current container owner -# username: "FIXME" + username: "cspicer" # cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT -# - name: "FIXME" -# username: "FIXME" -# email: "FIXME" +- name: "Al Fontaine" + username: "alfontaine" + email: "alan.fontaine@centauricorp.com" -- GitLab From cdbddff27c6ae073bd6764089ccc2fa70967b526 Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Fri, 11 Dec 2020 17:59:02 +0000 Subject: [PATCH 3/6] Update hardening_manifest.yaml --- hardening_manifest.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 2e68eb3..295a1bb 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -20,13 +20,13 @@ args: labels: org.opencontainers.image.title: "dependency-check" ## Human-readable description of the software packaged in the image - # org.opencontainers.image.description: "FIXME" + org.opencontainers.image.description: "FIXME" ## License(s) under which contained software is distributed - # org.opencontainers.image.licenses: "FIXME" + org.opencontainers.image.licenses: "FIXME" ## URL to find more information on the image # org.opencontainers.image.url: "FIXME" ## Name of the distributing entity, organization or individual - # org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.vendor: "FIXME" org.opencontainers.image.version: "6.0.3" ## Keywords to help with search (ex. "cicd,gitops,golang") # mil.dso.ironbank.image.keywords: "FIXME" -- GitLab From 53ad5b8e24a71e75f296d2da98a640592e732bc0 Mon Sep 17 00:00:00 2001 From: cspicer Date: Mon, 11 Jan 2021 17:00:23 -0500 Subject: [PATCH 4/6] updated hardening_manifest.yaml --- hardening_manifest.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 295a1bb..c581575 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -13,20 +13,20 @@ tags: # Build args passed to Dockerfile ARGs args: - BASE_IMAGE: "redhat/ubi/ubi8" - BASE_TAG: "8.3" + BASE_IMAGE: "redhat/openjdk/openjdk8" + BASE_TAG: "1.8.0" # Docker image labels labels: org.opencontainers.image.title: "dependency-check" ## Human-readable description of the software packaged in the image - org.opencontainers.image.description: "FIXME" + org.opencontainers.image.description: "OWASP Dependency Check for vulnerability scanning code dependency files" ## License(s) under which contained software is distributed - org.opencontainers.image.licenses: "FIXME" + org.opencontainers.image.licenses: "https://github.com/boozallen/sdp-images/blob/master/LICENSE.md" ## URL to find more information on the image # org.opencontainers.image.url: "FIXME" ## Name of the distributing entity, organization or individual - org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.vendor: "Booz Allen Hamilton" org.opencontainers.image.version: "6.0.3" ## Keywords to help with search (ex. "cicd,gitops,golang") # mil.dso.ironbank.image.keywords: "FIXME" -- GitLab From 8d2dd6874b31ffe57869cce3c6fba83b37afc724 Mon Sep 17 00:00:00 2001 From: cspicer Date: Mon, 25 Jan 2021 14:58:02 -0500 Subject: [PATCH 5/6] updated hardening_manifest.yaml --- hardening_manifest.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index c581575..5744d64 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -24,16 +24,16 @@ labels: ## License(s) under which contained software is distributed org.opencontainers.image.licenses: "https://github.com/boozallen/sdp-images/blob/master/LICENSE.md" ## URL to find more information on the image - # org.opencontainers.image.url: "FIXME" + org.opencontainers.image.url: "https://github.com/boozallen/sdp-images" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Booz Allen Hamilton" org.opencontainers.image.version: "6.0.3" ## Keywords to help with search (ex. "cicd,gitops,golang") - # mil.dso.ironbank.image.keywords: "FIXME" + mil.dso.ironbank.image.keywords: "OWASP, dependency, check, dependency-check, SDP, cve, scanner, scan" ## This value can be "opensource" or "commercial" - # mil.dso.ironbank.image.type: "FIXME" + mil.dso.ironbank.image.type: "opensource" ## Product the image belongs to for grouping multiple images - # mil.dso.ironbank.product.name: "FIXME" + mil.dso.ironbank.product.name: "Solutions Delivery Platform" # List of resources to make available to the offline build context resources: -- GitLab From e9058675ba345c3285bc2165c1798b9bd0291986 Mon Sep 17 00:00:00 2001 From: cspicer Date: Mon, 25 Jan 2021 15:12:35 -0500 Subject: [PATCH 6/6] corrected license in manifest --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 5744d64..1b478c4 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -22,7 +22,7 @@ labels: ## Human-readable description of the software packaged in the image org.opencontainers.image.description: "OWASP Dependency Check for vulnerability scanning code dependency files" ## License(s) under which contained software is distributed - org.opencontainers.image.licenses: "https://github.com/boozallen/sdp-images/blob/master/LICENSE.md" + org.opencontainers.image.licenses: "Booz Allen Public License v1.0" ## URL to find more information on the image org.opencontainers.image.url: "https://github.com/boozallen/sdp-images" ## Name of the distributing entity, organization or individual -- GitLab