From 520c489d2163ad29ce088a8bd9ca15cfa4688778 Mon Sep 17 00:00:00 2001 From: Peter Sigur Date: Tue, 7 Jan 2020 18:47:36 -0500 Subject: [PATCH 01/34] adding pgrep to install and adding a healthcheck --- 5.2.4/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/5.2.4/Dockerfile b/5.2.4/Dockerfile index 5a0d6c0..570267c 100644 --- a/5.2.4/Dockerfile +++ b/5.2.4/Dockerfile @@ -19,7 +19,7 @@ LABEL name="Solutions Delivery Platform: OWASP Dependency Checker" \ COPY LICENSE /licenses ### Add necessary Red Hat repos and packages here -RUN INSTALL_PKGS="java-1.8.0-openjdk-devel mono-devel ruby unzip" && \ +RUN INSTALL_PKGS="java-1.8.0-openjdk-devel mono-devel pgrep ruby unzip" && \ yum update -y \ --nogpgcheck \ --disablerepo=unified_platform_ubi8_os \ @@ -62,5 +62,6 @@ VOLUME ["/src" "/usr/share/dependency-check/data" "/report"] WORKDIR /src +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD pgrep -f "dependency-check.sh" CMD ["--help"] ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"] \ No newline at end of file -- GitLab From e32926dc3a5490e6122bf6dec469d2b8e89973c8 Mon Sep 17 00:00:00 2001 From: Peter Sigur Date: Thu, 23 Jan 2020 14:41:12 -0500 Subject: [PATCH 02/34] removing O flag causing problems --- 5.2.4/scripts/prebuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/5.2.4/scripts/prebuild.sh b/5.2.4/scripts/prebuild.sh index 83ccc4d..538eacd 100644 --- a/5.2.4/scripts/prebuild.sh +++ b/5.2.4/scripts/prebuild.sh @@ -14,7 +14,7 @@ NEXUS_PASSWORD=${NEXUS_PASSWORD} ### Download files/dependencies ### # temporarily place binaries locally in /tmp/${VENDOR}/ -curl -LO --create-dirs https://dl.bintray.com/jeremy-long/owasp/dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip \ +curl -L --create-dirs https://dl.bintray.com/jeremy-long/owasp/dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip \ -o /tmp/${VENDOR}/owaspdepchk-${OWASP_DEP_CHK_VERSION} ### SHA256 Verification ### -- GitLab From 8af1da6cfffaa5d60f9e0dcef1d12c599e62ff26 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Mon, 9 Mar 2020 11:33:36 -0400 Subject: [PATCH 03/34] Added changes to fix repo structure to confirm to current pipeline guidance --- 5.2.4/Dockerfile | 81 +++++++++++++++++++++++++++++++++++++++++++++ 5.2.4/README.md | 19 ++++++++++- 5.2.4/download.json | 9 +++++ 3 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 5.2.4/Dockerfile create mode 100644 5.2.4/download.json diff --git a/5.2.4/Dockerfile b/5.2.4/Dockerfile new file mode 100644 index 0000000..5bf4d45 --- /dev/null +++ b/5.2.4/Dockerfile @@ -0,0 +1,81 @@ +ARG BASE_REGISTRY=registry.access.redhat.com +ARG BASE_IMAGE=ubi7/ubi +ARG BASE_TAG=7.8 +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels +LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \ + maintainer="terrana_steven@bah.com" \ + vendor="Booz Allen Hamilton" \ + version="5.2.4" \ + release="5.2.4" \ + summary="OWASP Dependency Check container" \ + description="The OWASP Dependency Check container image for the Solutions Delivery Platform" + +### add licenses to this directory +COPY LICENSE /licenses + +### Install packages from ubi base repo +RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby unzip" && \ + yum update -y \ + --nogpgcheck \ + --disablerepo=unified_platform_ubi8_os \ + --disablerepo=unified_platform_ubi8_appstream \ + --disableplugin=subscription-manager \ + --setopt=tsflags=nodocs \ + --security \ + --sec-severity=Important \ + --sec-severity=Critical && \ + yum install ${INSTALL_PKGS} -y \ + --nogpgcheck \ + --disablerepo=unified_platform_ubi8_os \ + --disablerepo=unified_platform_ubi8_appstream \ + --disableplugin=subscription-manager \ + --setopt=tsflags=nodocs + +### Arguments and Environment variables +ENV user dependencycheck +ARG SDP_BUILD_DEPENDENCY_VERSION dcar-0.4 +ENV OWASP_DEP_CHECK_VERSION 5.2.4 + +### Fetch dependency bundle + +RUN mkdir /root/tmp +COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz + +### Install mono-devel +RUN cd /root/tmp && tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz && rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-devel/*.rpm && rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz + +### Install ruby dependencies +RUN cd /root/tmp && \ + gem install --force --local /root/tmp/dependencies/rubygems-update/*.gem && \ + update_rubygems && \ + gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem && \ + gem cleanup + +### Install OWASP Dependency Check binaries +RUN cd /root/tmp/dependencies/owasp && \ + unzip dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip && \ + rm dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip && \ + mv dependency-check /usr/share/ && \ + rm -rf /root/tmp/dependencies + +# Add user, create required directories and cleanup +RUN useradd -ms /bin/bash ${user} && \ + chown -R ${user}:${user} /usr/share/dependency-check && \ + mkdir /report && \ + chown -R ${user}:${user} /report && \ + yum --nogpgcheck --disableplugin=subscription-manager clean all + +USER ${user} + +VOLUME ["/src" "/usr/share/dependency-check/data" "/report"] +WORKDIR /src + +CMD ["--help"] +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD stat /usr/share/dependency-check/bin/dependency-check.sh +ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"] + + + + diff --git a/5.2.4/README.md b/5.2.4/README.md index 0200ed3..8957c33 100644 --- a/5.2.4/README.md +++ b/5.2.4/README.md @@ -1,2 +1,19 @@ -# dependency-check +# OWASP Dependency Check Container +## Introduction + +This container hosts the OWASP Dependency Check application to be used as part of the Solution Delivery Platform. + +## Container Variables + +The following is a list of variables: +``` +ARG BASE_REGISTRY = defines the registry portion of the OS image to be used in the FROM command. +ARG BASE_IMAGE = defines the image portion of the OS image to be used in the FROM command. +ARG BASE_TAG = defines the tag portion of the OS image to be used in the FROM command. +ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.4 +``` + +Recommended resources for the image: + +The Jenkins agent on the Solutions Delivery Platform will run this container as pasrt of thebuild pipeline. All resources are inherited at runtime from the Jenkins Agent container. diff --git a/5.2.4/download.json b/5.2.4/download.json new file mode 100644 index 0000000..19bfd1f --- /dev/null +++ b/5.2.4/download.json @@ -0,0 +1,9 @@ +{ "resources": + [ + { "url" : "https://github.com/boozallen/sdp-images/releases/download/dcar-0.3/owasp-dep-check-dependencies-dcar-0.3.tar.gz", + "filename": "owasp-dep-check-dependencies-dcar-0.3.tar.gz", + "sha256": "4e885b2cf44aa7a27dd16727e8e3e01011498ab9b5fca2e27dc1fc6935b0d3f3" + } +] } + + -- GitLab From c6a24004006fc634eed16d0646a32d1a55a3b6b9 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Mon, 9 Mar 2020 14:21:21 -0400 Subject: [PATCH 04/34] Staretd a feature branch amd moved contents to root folder and added version into the README file --- 5.2.4/README.md | 19 ------------------- 5.2.4/Dockerfile => Dockerfile | 0 5.2.4/LICENSE => LICENSE | 0 README.md | 19 ++++++++++++++++++- 5.2.4/download.json => download.json | 0 5 files changed, 18 insertions(+), 20 deletions(-) delete mode 100644 5.2.4/README.md rename 5.2.4/Dockerfile => Dockerfile (100%) rename 5.2.4/LICENSE => LICENSE (100%) rename 5.2.4/download.json => download.json (100%) diff --git a/5.2.4/README.md b/5.2.4/README.md deleted file mode 100644 index 8957c33..0000000 --- a/5.2.4/README.md +++ /dev/null @@ -1,19 +0,0 @@ -# OWASP Dependency Check Container - -## Introduction - -This container hosts the OWASP Dependency Check application to be used as part of the Solution Delivery Platform. - -## Container Variables - -The following is a list of variables: -``` -ARG BASE_REGISTRY = defines the registry portion of the OS image to be used in the FROM command. -ARG BASE_IMAGE = defines the image portion of the OS image to be used in the FROM command. -ARG BASE_TAG = defines the tag portion of the OS image to be used in the FROM command. -ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.4 -``` - -Recommended resources for the image: - -The Jenkins agent on the Solutions Delivery Platform will run this container as pasrt of thebuild pipeline. All resources are inherited at runtime from the Jenkins Agent container. diff --git a/5.2.4/Dockerfile b/Dockerfile similarity index 100% rename from 5.2.4/Dockerfile rename to Dockerfile diff --git a/5.2.4/LICENSE b/LICENSE similarity index 100% rename from 5.2.4/LICENSE rename to LICENSE diff --git a/README.md b/README.md index 0200ed3..c2e17d4 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,19 @@ -# dependency-check +# OWASP Dependency Check Container Version 5.2.4 +## Introduction + +This container hosts the OWASP Dependency Check application to be used as part of the Solution Delivery Platform. + +## Container Variables + +The following is a list of variables: +``` +ARG BASE_REGISTRY = defines the registry portion of the OS image to be used in the FROM command. +ARG BASE_IMAGE = defines the image portion of the OS image to be used in the FROM command. +ARG BASE_TAG = defines the tag portion of the OS image to be used in the FROM command. +ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.4 +``` + +Recommended resources for the image: + +The Jenkins agent on the Solutions Delivery Platform will run this container as pasrt of thebuild pipeline. All resources are inherited at runtime from the Jenkins Agent container. diff --git a/5.2.4/download.json b/download.json similarity index 100% rename from 5.2.4/download.json rename to download.json -- GitLab From 27a1e353600de4c8eecbb4b53e9868dfcb0dc269 Mon Sep 17 00:00:00 2001 From: Gerard Fulton Date: Mon, 9 Mar 2020 21:03:15 +0000 Subject: [PATCH 05/34] Need to add missing Jenkinsfile --- Jenkinsfile | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 Jenkinsfile diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..b99324c --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,2 @@ +@Library('DCCSCR@master') _ +dccscrPipeline(version: "5.2.4") -- GitLab From e259742086d96293169e33ba7b56b94332800485 Mon Sep 17 00:00:00 2001 From: Gerard Fulton Date: Mon, 9 Mar 2020 22:57:46 +0000 Subject: [PATCH 06/34] updated the download file to yaml --- download.json | 9 --------- download.yaml | 6 ++++++ 2 files changed, 6 insertions(+), 9 deletions(-) delete mode 100644 download.json create mode 100644 download.yaml diff --git a/download.json b/download.json deleted file mode 100644 index 19bfd1f..0000000 --- a/download.json +++ /dev/null @@ -1,9 +0,0 @@ -{ "resources": - [ - { "url" : "https://github.com/boozallen/sdp-images/releases/download/dcar-0.3/owasp-dep-check-dependencies-dcar-0.3.tar.gz", - "filename": "owasp-dep-check-dependencies-dcar-0.3.tar.gz", - "sha256": "4e885b2cf44aa7a27dd16727e8e3e01011498ab9b5fca2e27dc1fc6935b0d3f3" - } -] } - - diff --git a/download.yaml b/download.yaml new file mode 100644 index 0000000..1a956e3 --- /dev/null +++ b/download.yaml @@ -0,0 +1,6 @@ +resources: + - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.3/owasp-dep-check-dependencies-dcar-0.3.tar.gz" + filename: "owasp-dep-check-dependencies-dcar-0.3.tar.gz" + validation: + type: "sha256" + value: "4e885b2cf44aa7a27dd16727e8e3e01011498ab9b5fca2e27dc1fc6935b0d3f3" -- GitLab From fd366a46575354c0fc9b4423d4d14ca7413d4298 Mon Sep 17 00:00:00 2001 From: Gerard Fulton Date: Mon, 9 Mar 2020 23:07:51 +0000 Subject: [PATCH 07/34] Removed nogpgcheck and ubi8 repos --- Dockerfile | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5bf4d45..8e2182f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,18 +18,16 @@ COPY LICENSE /licenses ### Install packages from ubi base repo RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby unzip" && \ yum update -y \ - --nogpgcheck \ - --disablerepo=unified_platform_ubi8_os \ - --disablerepo=unified_platform_ubi8_appstream \ + --disablerepo="*" \ + --enablerepo="*ubi-7*" \ --disableplugin=subscription-manager \ --setopt=tsflags=nodocs \ --security \ --sec-severity=Important \ --sec-severity=Critical && \ yum install ${INSTALL_PKGS} -y \ - --nogpgcheck \ - --disablerepo=unified_platform_ubi8_os \ - --disablerepo=unified_platform_ubi8_appstream \ + --disablerepo="*" \ + --enablerepo="*ubi-7*" \ --disableplugin=subscription-manager \ --setopt=tsflags=nodocs -- GitLab From 131c34d897ea519ec1504bc8b49bb66501a4dd8c Mon Sep 17 00:00:00 2001 From: Gerard Fulton Date: Tue, 10 Mar 2020 20:57:56 +0000 Subject: [PATCH 08/34] Update Dockerfile --- Dockerfile | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8e2182f..1bf3a49 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \ COPY LICENSE /licenses ### Install packages from ubi base repo -RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby unzip" && \ +RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby ruby-devel unzip" && \ yum update -y \ --disablerepo="*" \ --enablerepo="*ubi-7*" \ @@ -25,24 +25,28 @@ RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby unzip" && \ --security \ --sec-severity=Important \ --sec-severity=Critical && \ - yum install ${INSTALL_PKGS} -y \ + yum install -y ${INSTALL_PKGS} \ --disablerepo="*" \ --enablerepo="*ubi-7*" \ --disableplugin=subscription-manager \ - --setopt=tsflags=nodocs - + --setopt=tsflags=nodocs && \ + yum -y -v clean all && \ + [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum + ### Arguments and Environment variables ENV user dependencycheck -ARG SDP_BUILD_DEPENDENCY_VERSION dcar-0.4 -ENV OWASP_DEP_CHECK_VERSION 5.2.4 +ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.3" +ENV OWASP_DEP_CHK_VERSION 5.2.4 ### Fetch dependency bundle - RUN mkdir /root/tmp -COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz +COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz ### Install mono-devel -RUN cd /root/tmp && tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz && rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-devel/*.rpm && rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz +RUN cd /root/tmp && \ + tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz && \ + rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-devel/*.rpm && \ + rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz ### Install ruby dependencies RUN cd /root/tmp && \ -- GitLab From 575006d0d988f4be9410a3f25047b83979949812 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Fri, 27 Mar 2020 20:00:15 +0000 Subject: [PATCH 09/34] Changes to upgrade to version 5.3.1 and ubi8 base image --- Dockerfile | 43 +++++++++++++++++-------------------------- Jenkinsfile | 4 ++-- README.md | 4 ++-- download.yaml | 6 +++--- 4 files changed, 24 insertions(+), 33 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1bf3a49..950bc41 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,14 @@ ARG BASE_REGISTRY=registry.access.redhat.com -ARG BASE_IMAGE=ubi7/ubi -ARG BASE_TAG=7.8 +ARG BASE_IMAGE=ubi8/ubi +ARG BASE_TAG=8.1-406 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \ maintainer="terrana_steven@bah.com" \ vendor="Booz Allen Hamilton" \ - version="5.2.4" \ - release="5.2.4" \ + version="5.3.1" \ + release="5.3.1" \ summary="OWASP Dependency Check container" \ description="The OWASP Dependency Check container image for the Solutions Delivery Platform" @@ -16,43 +16,34 @@ LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \ COPY LICENSE /licenses ### Install packages from ubi base repo -RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby ruby-devel unzip" && \ - yum update -y \ - --disablerepo="*" \ - --enablerepo="*ubi-7*" \ - --disableplugin=subscription-manager \ - --setopt=tsflags=nodocs \ - --security \ - --sec-severity=Important \ - --sec-severity=Critical && \ - yum install -y ${INSTALL_PKGS} \ - --disablerepo="*" \ - --enablerepo="*ubi-7*" \ - --disableplugin=subscription-manager \ - --setopt=tsflags=nodocs && \ +RUN INSTALL_PKGS="java-1.8.0-openjdk ruby unzip" && \ + yum clean metadata && \ + yum --disableplugin=subscription-manager -y update-minimal --setopt=tsflags=nodocs \ + --security --sec-severity=Important --sec-severity=Critical && \ + yum --disableplugin=subscription-manager -y install --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ yum -y -v clean all && \ [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum + + ### Arguments and Environment variables ENV user dependencycheck -ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.3" -ENV OWASP_DEP_CHK_VERSION 5.2.4 +ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.5" +ENV OWASP_DEP_CHK_VERSION 5.3.1 ### Fetch dependency bundle RUN mkdir /root/tmp COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz -### Install mono-devel +### Install mono-complete RUN cd /root/tmp && \ tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz && \ - rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-devel/*.rpm && \ + rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-complete/*.rpm && \ rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz ### Install ruby dependencies RUN cd /root/tmp && \ - gem install --force --local /root/tmp/dependencies/rubygems-update/*.gem && \ - update_rubygems && \ - gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem && \ + gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem --no-document --no-rdoc --no-ri && \ gem cleanup ### Install OWASP Dependency Check binaries @@ -60,7 +51,7 @@ RUN cd /root/tmp/dependencies/owasp && \ unzip dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip && \ rm dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip && \ mv dependency-check /usr/share/ && \ - rm -rf /root/tmp/dependencies + rm -rf /root/tmp/* # Add user, create required directories and cleanup RUN useradd -ms /bin/bash ${user} && \ diff --git a/Jenkinsfile b/Jenkinsfile index b99324c..13dc61e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: "5.2.4") +@Library('DCCSCR@23-contributor-status-report') _ +dccscrPipeline(version: "5.3.1") diff --git a/README.md b/README.md index c2e17d4..06f1591 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# OWASP Dependency Check Container Version 5.2.4 +# OWASP Dependency Check Container Version 5.3.1 ## Introduction @@ -11,7 +11,7 @@ The following is a list of variables: ARG BASE_REGISTRY = defines the registry portion of the OS image to be used in the FROM command. ARG BASE_IMAGE = defines the image portion of the OS image to be used in the FROM command. ARG BASE_TAG = defines the tag portion of the OS image to be used in the FROM command. -ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.4 +ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.5 ``` Recommended resources for the image: diff --git a/download.yaml b/download.yaml index 1a956e3..efac202 100644 --- a/download.yaml +++ b/download.yaml @@ -1,6 +1,6 @@ resources: - - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.3/owasp-dep-check-dependencies-dcar-0.3.tar.gz" - filename: "owasp-dep-check-dependencies-dcar-0.3.tar.gz" + - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.5/owasp-dep-check-dependencies-dcar-0.5.tar.gz" + filename: "owasp-dep-check-dependencies-dcar-0.5.tar.gz" validation: type: "sha256" - value: "4e885b2cf44aa7a27dd16727e8e3e01011498ab9b5fca2e27dc1fc6935b0d3f3" + value: "5251f37724e1965ab5e27cfd565b1be4b258c76a1885ab963c0438daf7aa3069" -- GitLab From dce7bf0ae3b9ac127cf53969a74d2bc1885c9867 Mon Sep 17 00:00:00 2001 From: Hayden Date: Fri, 27 Mar 2020 22:26:15 +0000 Subject: [PATCH 10/34] Update Jenkinsfile --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 13dc61e..26d361a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ -@Library('DCCSCR@23-contributor-status-report') _ -dccscrPipeline(version: "5.3.1") +@Library('DCCSCR@master') _ +dccscrPipeline("5.3.1") -- GitLab From 419705fd600f4262c09cec77f572b09a076d1ef6 Mon Sep 17 00:00:00 2001 From: Hayden Date: Fri, 27 Mar 2020 22:27:15 +0000 Subject: [PATCH 11/34] Update Jenkinsfile --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 26d361a..50958ff 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline("5.3.1") +dccscrPipeline(version: "5.3.1") -- GitLab From 98760acc5669c48ccffb3708379fbe162c3ab491 Mon Sep 17 00:00:00 2001 From: Hayden Date: Fri, 27 Mar 2020 22:31:07 +0000 Subject: [PATCH 12/34] Update Jenkinsfile --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 50958ff..b99324c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: "5.3.1") +dccscrPipeline(version: "5.2.4") -- GitLab From 16ad9817a7238fbca52b0780e9e329710d35516a Mon Sep 17 00:00:00 2001 From: CSpicer Date: Wed, 8 Apr 2020 18:18:46 -0400 Subject: [PATCH 13/34] Updated Dockerfile --- Dockerfile | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 950bc41..d052687 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,17 +15,17 @@ LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \ ### add licenses to this directory COPY LICENSE /licenses -### Install packages from ubi base repo +### Install packages from ubi base repo RUN INSTALL_PKGS="java-1.8.0-openjdk ruby unzip" && \ yum clean metadata && \ - yum --disableplugin=subscription-manager -y update-minimal --setopt=tsflags=nodocs \ + yum -y update-minimal --setopt=tsflags=nodocs \ --security --sec-severity=Important --sec-severity=Critical && \ - yum --disableplugin=subscription-manager -y install --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ + yum -y install --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ yum -y -v clean all && \ [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum - + ### Arguments and Environment variables ENV user dependencycheck ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.5" @@ -59,7 +59,7 @@ RUN useradd -ms /bin/bash ${user} && \ mkdir /report && \ chown -R ${user}:${user} /report && \ yum --nogpgcheck --disableplugin=subscription-manager clean all - + USER ${user} VOLUME ["/src" "/usr/share/dependency-check/data" "/report"] @@ -68,7 +68,3 @@ WORKDIR /src CMD ["--help"] HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD stat /usr/share/dependency-check/bin/dependency-check.sh ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"] - - - - -- GitLab From 663b58f471732513de75692a9b9b5e20b744cea3 Mon Sep 17 00:00:00 2001 From: Hayden Date: Thu, 9 Apr 2020 16:02:00 +0000 Subject: [PATCH 14/34] Update Jenkinsfile --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index b99324c..50958ff 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: "5.2.4") +dccscrPipeline(version: "5.3.1") -- GitLab From 98397dddbeb7abc76ee2c6f487dedec798c53989 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Mon, 13 Apr 2020 22:57:20 +0000 Subject: [PATCH 15/34] Upgrade to 5.3.2 --- Dockerfile | 14 +++++++------- Jenkinsfile | 2 +- README.md | 6 +++--- download.yaml | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index d052687..5a4585e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,14 @@ ARG BASE_REGISTRY=registry.access.redhat.com ARG BASE_IMAGE=ubi8/ubi -ARG BASE_TAG=8.1-406 +ARG BASE_TAG=8.1-408 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \ maintainer="terrana_steven@bah.com" \ vendor="Booz Allen Hamilton" \ - version="5.3.1" \ - release="5.3.1" \ + version="5.3.2" \ + release="5.3.2" \ summary="OWASP Dependency Check container" \ description="The OWASP Dependency Check container image for the Solutions Delivery Platform" @@ -18,8 +18,7 @@ COPY LICENSE /licenses ### Install packages from ubi base repo RUN INSTALL_PKGS="java-1.8.0-openjdk ruby unzip" && \ yum clean metadata && \ - yum -y update-minimal --setopt=tsflags=nodocs \ - --security --sec-severity=Important --sec-severity=Critical && \ + yum -y update-minimal --setopt=tsflags=nodocs --security && \ yum -y install --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ yum -y -v clean all && \ [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum @@ -28,8 +27,8 @@ RUN INSTALL_PKGS="java-1.8.0-openjdk ruby unzip" && \ ### Arguments and Environment variables ENV user dependencycheck -ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.5" -ENV OWASP_DEP_CHK_VERSION 5.3.1 +ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.9" +ENV OWASP_DEP_CHK_VERSION 5.3.2 ### Fetch dependency bundle RUN mkdir /root/tmp @@ -68,3 +67,4 @@ WORKDIR /src CMD ["--help"] HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD stat /usr/share/dependency-check/bin/dependency-check.sh ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"] + diff --git a/Jenkinsfile b/Jenkinsfile index 50958ff..9490995 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: "5.3.1") +dccscrPipeline(version: "5.3.2") diff --git a/README.md b/README.md index 06f1591..0378ce5 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# OWASP Dependency Check Container Version 5.3.1 +# OWASP Dependency Check Container Version 5.3.2 ## Introduction @@ -11,9 +11,9 @@ The following is a list of variables: ARG BASE_REGISTRY = defines the registry portion of the OS image to be used in the FROM command. ARG BASE_IMAGE = defines the image portion of the OS image to be used in the FROM command. ARG BASE_TAG = defines the tag portion of the OS image to be used in the FROM command. -ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.5 +ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled from - default dcar-0.9 ``` Recommended resources for the image: -The Jenkins agent on the Solutions Delivery Platform will run this container as pasrt of thebuild pipeline. All resources are inherited at runtime from the Jenkins Agent container. +The Jenkins agent on the Solutions Delivery Platform will run this container as pasrt of thebuild pipeline. All resources are inherited at runtime from the Jenkins Agent container. diff --git a/download.yaml b/download.yaml index efac202..9dafc7b 100644 --- a/download.yaml +++ b/download.yaml @@ -1,6 +1,6 @@ resources: - - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.5/owasp-dep-check-dependencies-dcar-0.5.tar.gz" - filename: "owasp-dep-check-dependencies-dcar-0.5.tar.gz" + - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.9/owasp-dep-check-dependencies-dcar-0.9.tar.gz" + filename: "owasp-dep-check-dependencies-dcar-0.9.tar.gz" validation: type: "sha256" - value: "5251f37724e1965ab5e27cfd565b1be4b258c76a1885ab963c0438daf7aa3069" + value: "c8171d2736d5b9ba96ae5601439151768081125f1f5b5c640c8603c00a8e6d75" -- GitLab From be2dc3082898280acb4bfcf271bcd85b2d76ea5a Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Tue, 28 Apr 2020 19:07:22 +0000 Subject: [PATCH 16/34] Removed HEALTHCHECK --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5a4585e..4fdfbc5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -65,6 +65,5 @@ VOLUME ["/src" "/usr/share/dependency-check/data" "/report"] WORKDIR /src CMD ["--help"] -HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD stat /usr/share/dependency-check/bin/dependency-check.sh ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"] -- GitLab From 2961193ff30f981111bf09515048a5e392db0551 Mon Sep 17 00:00:00 2001 From: CSpicer Date: Wed, 29 Apr 2020 10:14:32 -0400 Subject: [PATCH 17/34] added scripts folder --- Dockerfile | 6 +- scripts/dependency-check.sh | 125 ++++++++++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+), 2 deletions(-) create mode 100755 scripts/dependency-check.sh diff --git a/Dockerfile b/Dockerfile index 4fdfbc5..3d68b2a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,7 @@ COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp ### Install mono-complete RUN cd /root/tmp && \ tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz && \ - rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-complete/*.rpm && \ + rpm -ivh --replacepkgs --replacefiles --force /root/tmp/dependencies/mono-complete/*.rpm && \ rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz ### Install ruby dependencies @@ -52,6 +52,9 @@ RUN cd /root/tmp/dependencies/owasp && \ mv dependency-check /usr/share/ && \ rm -rf /root/tmp/* +###Insert Dependency Check Script +COPY /scripts/dependency-check.sh /usr/share/dependency-check/bin/ + # Add user, create required directories and cleanup RUN useradd -ms /bin/bash ${user} && \ chown -R ${user}:${user} /usr/share/dependency-check && \ @@ -66,4 +69,3 @@ WORKDIR /src CMD ["--help"] ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"] - diff --git a/scripts/dependency-check.sh b/scripts/dependency-check.sh new file mode 100755 index 0000000..9a5daf8 --- /dev/null +++ b/scripts/dependency-check.sh @@ -0,0 +1,125 @@ +#!/usr/bin/env sh +# +# Copyright (c) 2012-2013 Jeremy Long. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ---------------------------------------------------------------------------- + + +# resolve links - $0 may be a softlink +PRG="$0" + +while [ -h "$PRG" ]; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`/"$link" + fi +done + +PRGDIR=`dirname "$PRG"` +BASEDIR=`cd "$PRGDIR/.." >/dev/null; pwd` + +# Reset the REPO variable. If you need to influence this use the environment setup file. +REPO= + + +# OS specific support. $var _must_ be set to either true or false. +cygwin=false; +darwin=false; +case "`uname`" in + CYGWIN*) cygwin=true ;; + Darwin*) darwin=true + if [ -z "$JAVA_VERSION" ] ; then + JAVA_VERSION="CurrentJDK" + else + echo "Using Java version: $JAVA_VERSION" + fi + if [ -z "$JAVA_HOME" ]; then + if [ -x "/usr/libexec/java_home" ]; then + JAVA_HOME=`/usr/libexec/java_home` + else + JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/${JAVA_VERSION}/Home + fi + fi + ;; +esac + +if [ -z "$JAVA_HOME" ] ; then + if [ -r /etc/gentoo-release ] ; then + JAVA_HOME=`java-config --jre-home` + fi +fi + +# For Cygwin, ensure paths are in UNIX format before anything is touched +if $cygwin ; then + [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && CLASSPATH=`cygpath --path --unix "$CLASSPATH"` +fi + +# If a specific java binary isn't specified search for the standard 'java' binary +if [ -z "$JAVACMD" ] ; then + if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + else + JAVACMD=`which java` + fi +fi + +if [ ! -x "$JAVACMD" ] ; then + echo "Error: JAVA_HOME is not defined correctly." 1>&2 + echo " We cannot execute $JAVACMD" 1>&2 + exit 1 +fi + +if [ -z "$REPO" ] +then + REPO="$BASEDIR"/lib +fi + +CLASSPATH="$BASEDIR"/plugins/*:"$REPO"/* + +ENDORSED_DIR= +if [ -n "$ENDORSED_DIR" ] ; then + CLASSPATH=$BASEDIR/$ENDORSED_DIR/*:$CLASSPATH +fi + +if [ -n "$CLASSPATH_PREFIX" ] ; then + CLASSPATH=$CLASSPATH_PREFIX:$CLASSPATH +fi + +# For Cygwin, switch paths to Windows format before running java +if $cygwin; then + [ -n "$CLASSPATH" ] && CLASSPATH=`cygpath --path --windows "$CLASSPATH"` + [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` + [ -n "$HOME" ] && HOME=`cygpath --path --windows "$HOME"` + [ -n "$BASEDIR" ] && BASEDIR=`cygpath --path --windows "$BASEDIR"` + [ -n "$REPO" ] && REPO=`cygpath --path --windows "$REPO"` +fi + +exec "$JAVACMD" $JAVA_OPTS \ + -classpath "$CLASSPATH" \ + -Dapp.name="dependency-check" \ + -Dapp.pid="$$" \ + -Dapp.repo="$REPO" \ + -Dapp.home="$BASEDIR" \ + -Dbasedir="$BASEDIR" \ + org.owasp.dependencycheck.App \ + "$@" -- GitLab From 6dd1d663e485741036a8754ba98721bb093420c8 Mon Sep 17 00:00:00 2001 From: CSpicer Date: Wed, 29 Apr 2020 10:43:23 -0400 Subject: [PATCH 18/34] explicitly declare script executable --- Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3d68b2a..161efd3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -52,8 +52,11 @@ RUN cd /root/tmp/dependencies/owasp && \ mv dependency-check /usr/share/ && \ rm -rf /root/tmp/* -###Insert Dependency Check Script -COPY /scripts/dependency-check.sh /usr/share/dependency-check/bin/ +### Insert Dependency Check Script +COPY scripts/dependency-check.sh /usr/share/dependency-check/bin/ + +### Set script as executable +RUN chmod +x /usr/share/dependency-check/bin/dependency-check.sh # Add user, create required directories and cleanup RUN useradd -ms /bin/bash ${user} && \ -- GitLab From d1f6dcfb96ff935253a136f02429bb457b3cf296 Mon Sep 17 00:00:00 2001 From: balan-karpagam Date: Fri, 1 May 2020 13:26:51 -0400 Subject: [PATCH 19/34] Changed the entrypoint script --- Dockerfile | 11 +-- scripts/container-entrypoint.sh | 4 + scripts/dependency-check.sh | 125 -------------------------------- 3 files changed, 10 insertions(+), 130 deletions(-) create mode 100644 scripts/container-entrypoint.sh delete mode 100755 scripts/dependency-check.sh diff --git a/Dockerfile b/Dockerfile index 161efd3..9774563 100644 --- a/Dockerfile +++ b/Dockerfile @@ -52,17 +52,18 @@ RUN cd /root/tmp/dependencies/owasp && \ mv dependency-check /usr/share/ && \ rm -rf /root/tmp/* -### Insert Dependency Check Script -COPY scripts/dependency-check.sh /usr/share/dependency-check/bin/ +### Insert Container Entry Point Script +COPY scripts/container-entrypoint.sh /src/container-entrypoint.sh ### Set script as executable -RUN chmod +x /usr/share/dependency-check/bin/dependency-check.sh +RUN chmod +x /src/container-entrypoint.sh # Add user, create required directories and cleanup RUN useradd -ms /bin/bash ${user} && \ chown -R ${user}:${user} /usr/share/dependency-check && \ mkdir /report && \ chown -R ${user}:${user} /report && \ + chown -R ${user}:${user} /src && \ yum --nogpgcheck --disableplugin=subscription-manager clean all USER ${user} @@ -70,5 +71,5 @@ USER ${user} VOLUME ["/src" "/usr/share/dependency-check/data" "/report"] WORKDIR /src -CMD ["--help"] -ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"] +CMD [] +ENTRYPOINT [ "/bin/sh", "container-entrypoint.sh" ] diff --git a/scripts/container-entrypoint.sh b/scripts/container-entrypoint.sh new file mode 100644 index 0000000..ad2f08e --- /dev/null +++ b/scripts/container-entrypoint.sh @@ -0,0 +1,4 @@ + #!/bin/bash +set -e + +exec "$@" diff --git a/scripts/dependency-check.sh b/scripts/dependency-check.sh deleted file mode 100755 index 9a5daf8..0000000 --- a/scripts/dependency-check.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/usr/bin/env sh -# -# Copyright (c) 2012-2013 Jeremy Long. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ---------------------------------------------------------------------------- - - -# resolve links - $0 may be a softlink -PRG="$0" - -while [ -h "$PRG" ]; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`/"$link" - fi -done - -PRGDIR=`dirname "$PRG"` -BASEDIR=`cd "$PRGDIR/.." >/dev/null; pwd` - -# Reset the REPO variable. If you need to influence this use the environment setup file. -REPO= - - -# OS specific support. $var _must_ be set to either true or false. -cygwin=false; -darwin=false; -case "`uname`" in - CYGWIN*) cygwin=true ;; - Darwin*) darwin=true - if [ -z "$JAVA_VERSION" ] ; then - JAVA_VERSION="CurrentJDK" - else - echo "Using Java version: $JAVA_VERSION" - fi - if [ -z "$JAVA_HOME" ]; then - if [ -x "/usr/libexec/java_home" ]; then - JAVA_HOME=`/usr/libexec/java_home` - else - JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/${JAVA_VERSION}/Home - fi - fi - ;; -esac - -if [ -z "$JAVA_HOME" ] ; then - if [ -r /etc/gentoo-release ] ; then - JAVA_HOME=`java-config --jre-home` - fi -fi - -# For Cygwin, ensure paths are in UNIX format before anything is touched -if $cygwin ; then - [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` - [ -n "$CLASSPATH" ] && CLASSPATH=`cygpath --path --unix "$CLASSPATH"` -fi - -# If a specific java binary isn't specified search for the standard 'java' binary -if [ -z "$JAVACMD" ] ; then - if [ -n "$JAVA_HOME" ] ; then - if [ -x "$JAVA_HOME/jre/sh/java" ] ; then - # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" - else - JAVACMD="$JAVA_HOME/bin/java" - fi - else - JAVACMD=`which java` - fi -fi - -if [ ! -x "$JAVACMD" ] ; then - echo "Error: JAVA_HOME is not defined correctly." 1>&2 - echo " We cannot execute $JAVACMD" 1>&2 - exit 1 -fi - -if [ -z "$REPO" ] -then - REPO="$BASEDIR"/lib -fi - -CLASSPATH="$BASEDIR"/plugins/*:"$REPO"/* - -ENDORSED_DIR= -if [ -n "$ENDORSED_DIR" ] ; then - CLASSPATH=$BASEDIR/$ENDORSED_DIR/*:$CLASSPATH -fi - -if [ -n "$CLASSPATH_PREFIX" ] ; then - CLASSPATH=$CLASSPATH_PREFIX:$CLASSPATH -fi - -# For Cygwin, switch paths to Windows format before running java -if $cygwin; then - [ -n "$CLASSPATH" ] && CLASSPATH=`cygpath --path --windows "$CLASSPATH"` - [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` - [ -n "$HOME" ] && HOME=`cygpath --path --windows "$HOME"` - [ -n "$BASEDIR" ] && BASEDIR=`cygpath --path --windows "$BASEDIR"` - [ -n "$REPO" ] && REPO=`cygpath --path --windows "$REPO"` -fi - -exec "$JAVACMD" $JAVA_OPTS \ - -classpath "$CLASSPATH" \ - -Dapp.name="dependency-check" \ - -Dapp.pid="$$" \ - -Dapp.repo="$REPO" \ - -Dapp.home="$BASEDIR" \ - -Dbasedir="$BASEDIR" \ - org.owasp.dependencycheck.App \ - "$@" -- GitLab From 57ff58e8020b9cdb0773541e86ca5a4e1e3eccee Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Fri, 1 May 2020 19:37:06 +0000 Subject: [PATCH 20/34] Moved location of entrypoint script --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9774563..d43781d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,17 +53,17 @@ RUN cd /root/tmp/dependencies/owasp && \ rm -rf /root/tmp/* ### Insert Container Entry Point Script -COPY scripts/container-entrypoint.sh /src/container-entrypoint.sh +COPY scripts/container-entrypoint.sh /usr/share/dependency-check/bin/container-entrypoint.sh ### Set script as executable -RUN chmod +x /src/container-entrypoint.sh +RUN chmod +x /usr/share/dependency-check/bin/container-entrypoint.sh # Add user, create required directories and cleanup RUN useradd -ms /bin/bash ${user} && \ chown -R ${user}:${user} /usr/share/dependency-check && \ mkdir /report && \ chown -R ${user}:${user} /report && \ - chown -R ${user}:${user} /src && \ + mkdir /src && chown -R ${user}:${user} /src && \ yum --nogpgcheck --disableplugin=subscription-manager clean all USER ${user} @@ -72,4 +72,4 @@ VOLUME ["/src" "/usr/share/dependency-check/data" "/report"] WORKDIR /src CMD [] -ENTRYPOINT [ "/bin/sh", "container-entrypoint.sh" ] +ENTRYPOINT [ "/bin/sh", "/usr/share/dependency-check/bin/container-entrypoint.sh" ] -- GitLab From 2db5a9588458565a52cfa4784d47c75b913d35b4 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Fri, 1 May 2020 20:07:05 +0000 Subject: [PATCH 21/34] Update permissions --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d43781d..a1a3e03 100644 --- a/Dockerfile +++ b/Dockerfile @@ -63,7 +63,6 @@ RUN useradd -ms /bin/bash ${user} && \ chown -R ${user}:${user} /usr/share/dependency-check && \ mkdir /report && \ chown -R ${user}:${user} /report && \ - mkdir /src && chown -R ${user}:${user} /src && \ yum --nogpgcheck --disableplugin=subscription-manager clean all USER ${user} -- GitLab From 02f25707c9702421d2d605c5e760662358cbc768 Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Mon, 4 May 2020 18:07:59 +0000 Subject: [PATCH 22/34] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a1a3e03..86e2887 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_REGISTRY=registry.access.redhat.com ARG BASE_IMAGE=ubi8/ubi -ARG BASE_TAG=8.1-408 +ARG BASE_TAG=8.2 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels -- GitLab From 46e288ff0311445682844e48cb58bb2ed0d447b3 Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Mon, 4 May 2020 18:54:54 +0000 Subject: [PATCH 23/34] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 86e2887..f0b1bce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ COPY LICENSE /licenses ### Install packages from ubi base repo RUN INSTALL_PKGS="java-1.8.0-openjdk ruby unzip" && \ yum clean metadata && \ - yum -y update-minimal --setopt=tsflags=nodocs --security && \ + yum -y update-minimal --setopt=tsflags=nodocs && \ yum -y install --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ yum -y -v clean all && \ [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum -- GitLab From 5596cc047740000a991a57ff17a42e13cc853ac8 Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Mon, 4 May 2020 20:31:42 +0000 Subject: [PATCH 24/34] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f0b1bce..fb037c4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ COPY LICENSE /licenses ### Install packages from ubi base repo RUN INSTALL_PKGS="java-1.8.0-openjdk ruby unzip" && \ yum clean metadata && \ - yum -y update-minimal --setopt=tsflags=nodocs && \ + yum -y update --setopt=tsflags=nodocs && \ yum -y install --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ yum -y -v clean all && \ [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum -- GitLab From b1aba661a7eb9ba80337d62ca88ebc4a611c7915 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Mon, 4 May 2020 21:53:15 +0000 Subject: [PATCH 25/34] Update dependency version in Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fb037c4..6af9972 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ RUN INSTALL_PKGS="java-1.8.0-openjdk ruby unzip" && \ ### Arguments and Environment variables ENV user dependencycheck -ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.9" +ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-1.1" ENV OWASP_DEP_CHK_VERSION 5.3.2 ### Fetch dependency bundle -- GitLab From e076c0bb32c8d8a00ea7702bfec158b26da5b65f Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Mon, 4 May 2020 21:54:21 +0000 Subject: [PATCH 26/34] Update download.yaml to pull updated dependency bundle --- download.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/download.yaml b/download.yaml index 9dafc7b..c06c739 100644 --- a/download.yaml +++ b/download.yaml @@ -1,6 +1,6 @@ resources: - - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.9/owasp-dep-check-dependencies-dcar-0.9.tar.gz" - filename: "owasp-dep-check-dependencies-dcar-0.9.tar.gz" + - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-1.1/owasp-dep-check-dependencies-dcar-1.1.tar.gz" + filename: "owasp-dep-check-dependencies-dcar-1.1.tar.gz" validation: type: "sha256" - value: "c8171d2736d5b9ba96ae5601439151768081125f1f5b5c640c8603c00a8e6d75" + value: "5f8313632c442d700301edc5c72ee492f377fe4f72eb98d1907e7c9cdb403a0f" -- GitLab From 1da3f148ba86bf04df125d126731c323690b9fec Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Tue, 5 May 2020 15:20:17 +0000 Subject: [PATCH 27/34] Update Dockerfile to change rpm into yum --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6af9972..ab7566a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,7 @@ COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp ### Install mono-complete RUN cd /root/tmp && \ tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz && \ - rpm -ivh --replacepkgs --replacefiles --force /root/tmp/dependencies/mono-complete/*.rpm && \ + yum install -y /root/tmp/dependencies/mono-complete/*.rpm && \ rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz ### Install ruby dependencies -- GitLab From b898560aa7fa6182fa976becbdee5daf4e954a50 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Tue, 5 May 2020 15:21:01 +0000 Subject: [PATCH 28/34] Update SHA in download.yaml --- download.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/download.yaml b/download.yaml index c06c739..0ad5d8b 100644 --- a/download.yaml +++ b/download.yaml @@ -3,4 +3,4 @@ resources: filename: "owasp-dep-check-dependencies-dcar-1.1.tar.gz" validation: type: "sha256" - value: "5f8313632c442d700301edc5c72ee492f377fe4f72eb98d1907e7c9cdb403a0f" + value: "ad03303173e2042adc3177cb397cfe47cfb1134395b4372ffbdc73dae12652f9" -- GitLab From 2e932c43a1ccd9a0df74cd9f030b431d7f9173bc Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Tue, 5 May 2020 15:26:29 +0000 Subject: [PATCH 29/34] Update Dockerfile to modify yum flag --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ab7566a..34562f2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,7 @@ COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp ### Install mono-complete RUN cd /root/tmp && \ tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz && \ - yum install -y /root/tmp/dependencies/mono-complete/*.rpm && \ + yum install -y --nogpgcheck /root/tmp/dependencies/mono-complete/*.rpm && \ rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz ### Install ruby dependencies -- GitLab From 2a9997596a603b9978818367888771f2b8d7cfaf Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Wed, 6 May 2020 17:42:11 +0000 Subject: [PATCH 30/34] Update Dockerfile to remove --nogpgcheck from yum clean all --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 34562f2..c8c4a6a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -63,7 +63,8 @@ RUN useradd -ms /bin/bash ${user} && \ chown -R ${user}:${user} /usr/share/dependency-check && \ mkdir /report && \ chown -R ${user}:${user} /report && \ - yum --nogpgcheck --disableplugin=subscription-manager clean all + yum -y -v clean all && \ + [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum USER ${user} -- GitLab From 3c2219ef87a49a4a5308fee95b2abf229b76a426 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Thu, 7 May 2020 13:53:02 +0000 Subject: [PATCH 31/34] Update download.yaml to change the sha for the modified dependency bundle --- download.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/download.yaml b/download.yaml index 0ad5d8b..727f117 100644 --- a/download.yaml +++ b/download.yaml @@ -3,4 +3,4 @@ resources: filename: "owasp-dep-check-dependencies-dcar-1.1.tar.gz" validation: type: "sha256" - value: "ad03303173e2042adc3177cb397cfe47cfb1134395b4372ffbdc73dae12652f9" + value: "529a82ce2e3c7af77a4f57b1b36604ad2d817a72be08d0ce97ee353bff21e7d5" -- GitLab From 1466598aac59bef26c7bbc4a1cefda02754c6acb Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Thu, 7 May 2020 13:59:33 +0000 Subject: [PATCH 32/34] Update Dockerfile to remove --nogpgcheck --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c8c4a6a..09484ff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,8 @@ COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp ### Install mono-complete RUN cd /root/tmp && \ tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz && \ - yum install -y --nogpgcheck /root/tmp/dependencies/mono-complete/*.rpm && \ + rpm --import /root/tmp/dependencies/mono-complete/gpg.key && \ + yum install -y /root/tmp/dependencies/mono-complete/*.rpm && \ rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz ### Install ruby dependencies -- GitLab From 8d12a460f8703a9536fcfdf652ac9cfae2ee67f6 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Thu, 7 May 2020 15:11:06 +0000 Subject: [PATCH 33/34] Update SHA in download.yaml --- download.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/download.yaml b/download.yaml index 727f117..f8e13bd 100644 --- a/download.yaml +++ b/download.yaml @@ -3,4 +3,4 @@ resources: filename: "owasp-dep-check-dependencies-dcar-1.1.tar.gz" validation: type: "sha256" - value: "529a82ce2e3c7af77a4f57b1b36604ad2d817a72be08d0ce97ee353bff21e7d5" + value: "650c054fba0881434aa50d099fbdf1f0d7bbca7add3eb2aaf6e672158997e448" -- GitLab From 41f1d22d648142d75e60ad8c79aec886a04ff6e6 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Thu, 7 May 2020 15:13:26 +0000 Subject: [PATCH 34/34] Update Dockerfile to solve --nogpgcheck scan --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 09484ff..9b4fb27 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,8 +37,7 @@ COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp ### Install mono-complete RUN cd /root/tmp && \ tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz && \ - rpm --import /root/tmp/dependencies/mono-complete/gpg.key && \ - yum install -y /root/tmp/dependencies/mono-complete/*.rpm && \ + rpm -ivh --replacepkgs --replacefiles --force /root/tmp/dependencies/mono-complete/*.rpm && \ rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz ### Install ruby dependencies -- GitLab