diff --git a/Dockerfile b/Dockerfile index 1bf3a498e2f3422923c439a897d254d6cdb8ac6f..f40354fde12127111d5706e5ff5e11d2035417c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,14 @@ ARG BASE_REGISTRY=registry.access.redhat.com -ARG BASE_IMAGE=ubi7/ubi -ARG BASE_TAG=7.8 +ARG BASE_IMAGE=ubi8/ubi +ARG BASE_TAG=8.1-406 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \ maintainer="terrana_steven@bah.com" \ vendor="Booz Allen Hamilton" \ - version="5.2.4" \ - release="5.2.4" \ + version="5.3.1" \ + release="5.3.1" \ summary="OWASP Dependency Check container" \ description="The OWASP Dependency Check container image for the Solutions Delivery Platform" @@ -35,24 +35,22 @@ RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby ruby-devel unzip" && \ ### Arguments and Environment variables ENV user dependencycheck -ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.3" -ENV OWASP_DEP_CHK_VERSION 5.2.4 +ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.5" +ENV OWASP_DEP_CHK_VERSION 5.3.1 ### Fetch dependency bundle RUN mkdir /root/tmp COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz -### Install mono-devel +### Install mono-complete RUN cd /root/tmp && \ tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz && \ - rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-devel/*.rpm && \ + rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-complete/*.rpm && \ rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz ### Install ruby dependencies RUN cd /root/tmp && \ - gem install --force --local /root/tmp/dependencies/rubygems-update/*.gem && \ - update_rubygems && \ - gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem && \ + gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem --no-document --no-rdoc --no-ri && \ gem cleanup ### Install OWASP Dependency Check binaries @@ -60,7 +58,7 @@ RUN cd /root/tmp/dependencies/owasp && \ unzip dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip && \ rm dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip && \ mv dependency-check /usr/share/ && \ - rm -rf /root/tmp/dependencies + rm -rf /root/tmp/* # Add user, create required directories and cleanup RUN useradd -ms /bin/bash ${user} && \ diff --git a/README.md b/README.md index c2e17d484f311e37c2c1036e6af44e66de07dcd1..06f159196f8170955f75dd6d4f311744aae18668 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# OWASP Dependency Check Container Version 5.2.4 +# OWASP Dependency Check Container Version 5.3.1 ## Introduction @@ -11,7 +11,7 @@ The following is a list of variables: ARG BASE_REGISTRY = defines the registry portion of the OS image to be used in the FROM command. ARG BASE_IMAGE = defines the image portion of the OS image to be used in the FROM command. ARG BASE_TAG = defines the tag portion of the OS image to be used in the FROM command. -ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.4 +ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.5 ``` Recommended resources for the image: diff --git a/download.yaml b/download.yaml index 1a956e3ce0bc17c1e0d167001527b89675d21dcb..efac202aca1eb948dd0f0c8b18087a09042da569 100644 --- a/download.yaml +++ b/download.yaml @@ -1,6 +1,6 @@ resources: - - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.3/owasp-dep-check-dependencies-dcar-0.3.tar.gz" - filename: "owasp-dep-check-dependencies-dcar-0.3.tar.gz" + - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.5/owasp-dep-check-dependencies-dcar-0.5.tar.gz" + filename: "owasp-dep-check-dependencies-dcar-0.5.tar.gz" validation: type: "sha256" - value: "4e885b2cf44aa7a27dd16727e8e3e01011498ab9b5fca2e27dc1fc6935b0d3f3" + value: "5251f37724e1965ab5e27cfd565b1be4b258c76a1885ab963c0438daf7aa3069"