From ff6c104e8cfac3f48a75e18a666742199c527788 Mon Sep 17 00:00:00 2001
From: Karpagam Balan <balan_karpagam@bah.com>
Date: Thu, 19 Mar 2020 11:32:44 -0400
Subject: [PATCH 1/2] Changes to upgrade to version 5.3.1 and ubi8 base image

---
 Dockerfile    | 22 ++++++++++------------
 download.yaml |  6 +++---
 2 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1bf3a49..f40354f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,14 @@
 ARG BASE_REGISTRY=registry.access.redhat.com
-ARG BASE_IMAGE=ubi7/ubi
-ARG BASE_TAG=7.8
+ARG BASE_IMAGE=ubi8/ubi
+ARG BASE_TAG=8.1-406
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
 ### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
 LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \
       maintainer="terrana_steven@bah.com" \
       vendor="Booz Allen Hamilton" \
-      version="5.2.4" \
-      release="5.2.4" \
+      version="5.3.1" \
+      release="5.3.1" \
       summary="OWASP Dependency Check container" \
       description="The OWASP Dependency Check container image for the Solutions Delivery Platform"
 
@@ -35,24 +35,22 @@ RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby ruby-devel unzip" && \
     
 ### Arguments and Environment variables
 ENV user dependencycheck
-ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.3"
-ENV OWASP_DEP_CHK_VERSION 5.2.4
+ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.5"
+ENV OWASP_DEP_CHK_VERSION 5.3.1
 
 ### Fetch dependency bundle
 RUN mkdir /root/tmp
 COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz
 
-### Install mono-devel
+### Install mono-complete
 RUN cd /root/tmp && \
     tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz &&  \
-    rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-devel/*.rpm && \
+    rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-complete/*.rpm && \
     rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz
 
 ### Install ruby dependencies
 RUN cd /root/tmp && \
-    gem install --force --local /root/tmp/dependencies/rubygems-update/*.gem && \
-    update_rubygems && \
-    gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem && \
+    gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem --no-document --no-rdoc --no-ri && \
     gem cleanup
 
 ### Install OWASP Dependency Check binaries
@@ -60,7 +58,7 @@ RUN cd /root/tmp/dependencies/owasp && \
     unzip dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip    && \
     rm dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip       && \
     mv dependency-check /usr/share/                                         && \
-    rm -rf /root/tmp/dependencies
+    rm -rf /root/tmp/*
 
 # Add user, create required directories  and cleanup
 RUN useradd -ms /bin/bash ${user}                                           && \
diff --git a/download.yaml b/download.yaml
index 1a956e3..efac202 100644
--- a/download.yaml
+++ b/download.yaml
@@ -1,6 +1,6 @@
 resources:
-  - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.3/owasp-dep-check-dependencies-dcar-0.3.tar.gz"
-    filename: "owasp-dep-check-dependencies-dcar-0.3.tar.gz" 
+  - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.5/owasp-dep-check-dependencies-dcar-0.5.tar.gz"
+    filename: "owasp-dep-check-dependencies-dcar-0.5.tar.gz" 
     validation:
       type: "sha256"
-      value: "4e885b2cf44aa7a27dd16727e8e3e01011498ab9b5fca2e27dc1fc6935b0d3f3"
+      value: "5251f37724e1965ab5e27cfd565b1be4b258c76a1885ab963c0438daf7aa3069"
-- 
GitLab


From 13b99ccaecf67e5cb7ad354ab02af11b5839d33c Mon Sep 17 00:00:00 2001
From: Karpagam Balan <balan_karpagam@bah.com>
Date: Thu, 19 Mar 2020 11:51:45 -0400
Subject: [PATCH 2/2] Fixed version values in the README file

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c2e17d4..06f1591 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# OWASP Dependency Check  Container Version 5.2.4
+# OWASP Dependency Check  Container Version 5.3.1
 
 ## Introduction
 
@@ -11,7 +11,7 @@ The following is a list of variables:
 ARG BASE_REGISTRY         = defines the registry portion of the OS image to be used in the FROM command.
 ARG BASE_IMAGE            = defines the image portion of the OS image to be used in the FROM command.
 ARG BASE_TAG              = defines the tag portion of the OS image to be used in the FROM command.
-ARG SDP_BUILD_DEPENDENCY_VERSION  = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.4
+ARG SDP_BUILD_DEPENDENCY_VERSION  = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.5
 ```
 
 Recommended resources for the image:
-- 
GitLab