From 9917b339b6203355b8e418e83bfff488a3237b9c Mon Sep 17 00:00:00 2001
From: Karpagam Balan <balan_karpagam@bah.com>
Date: Thu, 26 Mar 2020 22:16:59 +0000
Subject: [PATCH 1/4] Update Dockerfile to pull from dependency bundle release
 dcar-0.7

---
 Dockerfile | 34 +++++++++++++++++++---------------
 1 file changed, 19 insertions(+), 15 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1bf3a49..e4c682b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,8 +7,8 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \
       maintainer="terrana_steven@bah.com" \
       vendor="Booz Allen Hamilton" \
-      version="5.2.4" \
-      release="5.2.4" \
+      version="5.3.1" \
+      release="5.3.1" \
       summary="OWASP Dependency Check container" \
       description="The OWASP Dependency Check container image for the Solutions Delivery Platform"
 
@@ -16,7 +16,7 @@ LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \
 COPY LICENSE /licenses
 
 ### Install packages from ubi base repo 
-RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby ruby-devel unzip" && \
+RUN INSTALL_PKGS="java-1.8.0-openjdk ruby mono-devel unzip" && \
     yum update -y \
         --disablerepo="*" \
         --enablerepo="*ubi-7*" \
@@ -34,33 +34,37 @@ RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby ruby-devel unzip" && \
     [ ! -d /var/cache/yum ] || rm -rf /var/cache/yum
     
 ### Arguments and Environment variables
-ENV user dependencycheck
-ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.3"
-ENV OWASP_DEP_CHK_VERSION 5.2.4
+ARG SDP_BUILD_DEPENDENCY_VERSION="dcar-0.7"
+ENV OWASP_DEP_CHK_VERSION 5.3.1
+ENV HOME /root
+ENV JAVA_HOME /usr/lib/jvm/java
+
+ARG user=dependencycheck
 
 ### Fetch dependency bundle
 RUN mkdir /root/tmp
 COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz
 
-### Install mono-devel
+### Install ruby dependencies
 RUN cd /root/tmp && \
     tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz &&  \
-    rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-devel/*.rpm && \
-    rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHK_VERSION.tar.gz
+    gem install --force --local /root/tmp/dependencies/rubygems-update/*.gem --no-document --no-rdoc --no-ri && \
+    update_rubygems --no-document --no-rdoc --no-ri && \
+    gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem --no-document --no-rdoc --no-ri && \
+    gem cleanup
 
-### Install ruby dependencies
+### Install mono-devel
 RUN cd /root/tmp && \
-    gem install --force --local /root/tmp/dependencies/rubygems-update/*.gem && \
-    update_rubygems && \
-    gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem && \
-    gem cleanup
+    rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-devel/*.rpm 
+
 
 ### Install OWASP Dependency Check binaries
 RUN cd /root/tmp/dependencies/owasp && \
     unzip dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip    && \
     rm dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip       && \
     mv dependency-check /usr/share/                                         && \
-    rm -rf /root/tmp/dependencies
+    rm -rf /root/tmp/* && \
+    rm -rf /usr/local/share/gems/gems/rubygems-update-2.7.10/test
 
 # Add user, create required directories  and cleanup
 RUN useradd -ms /bin/bash ${user}                                           && \
-- 
GitLab


From 43b71ae3b81c97c9288d90f3dc39ea515fd5928a Mon Sep 17 00:00:00 2001
From: Karpagam Balan <balan_karpagam@bah.com>
Date: Thu, 26 Mar 2020 22:18:22 +0000
Subject: [PATCH 2/4] Update download.yaml to reflect pull from dependency
 bundle dcar-0.7

---
 download.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/download.yaml b/download.yaml
index 1a956e3..338507a 100644
--- a/download.yaml
+++ b/download.yaml
@@ -1,6 +1,6 @@
 resources:
-  - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.3/owasp-dep-check-dependencies-dcar-0.3.tar.gz"
-    filename: "owasp-dep-check-dependencies-dcar-0.3.tar.gz" 
+  - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-0.7/owasp-dep-check-dependencies-dcar-0.7.tar.gz"
+    filename: "owasp-dep-check-dependencies-dcar-0.7.tar.gz" 
     validation:
       type: "sha256"
-      value: "4e885b2cf44aa7a27dd16727e8e3e01011498ab9b5fca2e27dc1fc6935b0d3f3"
+      value: "b64e93be6d8864913f201da3c091cbf3a0efc8e0361074d58b371abefd66093a"
-- 
GitLab


From 4c658274d13d16057c11a529d49d1311f1bce978 Mon Sep 17 00:00:00 2001
From: Karpagam Balan <balan_karpagam@bah.com>
Date: Thu, 26 Mar 2020 22:24:35 +0000
Subject: [PATCH 3/4] Update Jenkinsfile

---
 Jenkinsfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index b99324c..50958ff 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,2 +1,2 @@
 @Library('DCCSCR@master') _
-dccscrPipeline(version: "5.2.4")
+dccscrPipeline(version: "5.3.1")
-- 
GitLab


From 2b9363d3d45ddf9f40922533d5a6075c69eaa147 Mon Sep 17 00:00:00 2001
From: Karpagam Balan <balan_karpagam@bah.com>
Date: Thu, 26 Mar 2020 22:27:04 +0000
Subject: [PATCH 4/4] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c2e17d4..8665a2e 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# OWASP Dependency Check  Container Version 5.2.4
+# OWASP Dependency Check  Container Version 5.3.1 (Based on UBI7 base image)
 
 ## Introduction
 
-- 
GitLab