Merge branch 'hardening_manifest' into 'development'

Migrate to hardening_manifest.yaml

See merge request !35

Dockerfile

@@ -5,13 +5,6 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
 
 ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
-LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \
-      maintainer="terrana_steven@bah.com" \
-      vendor="Booz Allen Hamilton" \
-      version="6.0.3" \
-      release="6.0.3" \
-      summary="OWASP Dependency Check container" \
-      description="The OWASP Dependency Check container image for the Solutions Delivery Platform"
 
 USER root
 

Jenkinsfile

-@Library('DCCSCR@master') _
-dccscrPipeline(version: "6.0.3")

download.yaml

-resources:
-  - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-1.7/owasp-dep-check-dependencies-dcar-1.7.tar.gz"
-    filename: "owasp-dep-check-dependencies-dcar-1.7.tar.gz"
-    validation:
-      type: "sha256"
-      value: "5149b91bbb24ea18da7e692e15aa1cd0c61262072125830d263ccc1be43f54ad"

hardening_manifest.yaml

+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "solutions-delivery-platform/dependency-check/dependency-check"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "6.0.3"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "redhat/openjdk/openjdk8"
+  BASE_TAG: "1.8.0"
+
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "dependency-check"
+  ## Human-readable description of the software packaged in the image
+  org.opencontainers.image.description: "OWASP Dependency Check for vulnerability scanning code dependency files"
+  ## License(s) under which contained software is distributed
+  org.opencontainers.image.licenses: "Booz Allen Public License v1.0"
+  ## URL to find more information on the image
+  org.opencontainers.image.url: "https://github.com/boozallen/sdp-images"
+  ## Name of the distributing entity, organization or individual
+  org.opencontainers.image.vendor: "Booz Allen Hamilton"
+  org.opencontainers.image.version: "6.0.3"
+  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  mil.dso.ironbank.image.keywords: "OWASP, dependency, check, dependency-check, SDP, cve, scanner, scan"
+  ## This value can be "opensource" or "commercial"
+  mil.dso.ironbank.image.type: "opensource"
+  ## Product the image belongs to for grouping multiple images
+  mil.dso.ironbank.product.name: "Solutions Delivery Platform"
+
+# List of resources to make available to the offline build context
+resources:
+- filename: owasp-dep-check-dependencies-dcar-1.7.tar.gz
+  url: https://github.com/boozallen/sdp-images/releases/download/dcar-1.7/owasp-dep-check-dependencies-dcar-1.7.tar.gz
+  validation:
+    type: sha256
+    value: 5149b91bbb24ea18da7e692e15aa1cd0c61262072125830d263ccc1be43f54ad
+
+# List of project maintainers
+# FIXME: Fill in the following details for the current container owner in the whitelist
+# FIXME: Include any other vendor information if applicable
+maintainers:
+- email: "spicer_casey@bah.com"
+#   # The name of the current container owner
+  name: "Casey Spicer"
+#   # The gitlab username of the current container owner
+  username: "cspicer"
+#   cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
+- name: "Al Fontaine"
+  username: "alfontaine"
+  email: "alan.fontaine@centauricorp.com"