From dfb1052a99cfd16dc6f8e7bb6f08a1259f3ea81f Mon Sep 17 00:00:00 2001 From: Michael Desantis Date: Wed, 19 May 2021 21:44:09 +0000 Subject: [PATCH 1/2] Updated to version 6.1.6 --- Dockerfile | 4 ++-- README.md | 4 ++-- hardening_manifest.yaml | 10 +++++----- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 21c901e..b4955b6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,8 +17,8 @@ RUN INSTALL_PKGS="ruby unzip" && \ ### Arguments and Environment variables ENV user dependencycheck -ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-1.8" -ENV OWASP_DEP_CHK_VERSION 6.1.1 +ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-2.0" +ENV OWASP_DEP_CHK_VERSION 6.1.6 ### Fetch dependency bundle RUN mkdir /root/tmp diff --git a/README.md b/README.md index 7bfb7b5..75df5ed 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# OWASP Dependency Check Container Version 6.1.1 +# OWASP Dependency Check Container Version 6.1.6 ## Introduction @@ -11,7 +11,7 @@ The following is a list of variables: ARG BASE_REGISTRY = defines the registry portion of the OS image to be used in the FROM command. ARG BASE_IMAGE = defines the image portion of the OS image to be used in the FROM command. ARG BASE_TAG = defines the tag portion of the OS image to be used in the FROM command. -ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled from - default dcar-1.8 +ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled from - default dcar-2.0 ``` Recommended resources for the image: diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 21aa9e6..fdcde91 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "solutions-delivery-platform/dependency-check/dependency-check" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "6.1.1" +- "6.1.6" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://github.com/boozallen/sdp-images" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Booz Allen Hamilton" - org.opencontainers.image.version: "6.1.1" + org.opencontainers.image.version: "6.1.6" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "OWASP, dependency, check, dependency-check, SDP, cve, scanner, scan" ## This value can be "opensource" or "commercial" @@ -37,11 +37,11 @@ labels: # List of resources to make available to the offline build context resources: -- filename: owasp-dep-check-dependencies-dcar-1.8.tar.gz - url: https://github.com/boozallen/sdp-images/releases/download/dcar-1.8/owasp-dep-check-dependencies-dcar-1.8.tar.gz +- filename: owasp-dep-check-dependencies-dcar-2.0.tar.gz + url: https://github.com/boozallen/sdp-images/releases/download/dcar-2.0/owasp-dep-check-dependencies-dcar-2.0.tar.gz validation: type: sha256 - value: 70031abeaf417204a50333269c2c6cd51926bb4734c4fef9d62bcd4f4808c40d + value: d7b63bd74d7e916f0dd43d297dc393138452d2a0cef458ae4a4109093979e86d # List of project maintainers # FIXME: Fill in the following details for the current container owner in the whitelist -- GitLab From 3f21d16098ffab9d8f0325d9c017147e0510f947 Mon Sep 17 00:00:00 2001 From: Michael Desantis Date: Thu, 20 May 2021 19:08:00 +0000 Subject: [PATCH 2/2] Updating dependency tar file --- hardening_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index fdcde91..0a2e699 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -41,7 +41,7 @@ resources: url: https://github.com/boozallen/sdp-images/releases/download/dcar-2.0/owasp-dep-check-dependencies-dcar-2.0.tar.gz validation: type: sha256 - value: d7b63bd74d7e916f0dd43d297dc393138452d2a0cef458ae4a4109093979e86d + value: bd913f06fe82cc09cb9dc882397fdc921a04caf4ebc8479ec5772f2ff932c444 # List of project maintainers # FIXME: Fill in the following details for the current container owner in the whitelist -- GitLab