From 520c489d2163ad29ce088a8bd9ca15cfa4688778 Mon Sep 17 00:00:00 2001 From: Peter Sigur Date: Tue, 7 Jan 2020 18:47:36 -0500 Subject: [PATCH 1/3] adding pgrep to install and adding a healthcheck --- 5.2.4/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/5.2.4/Dockerfile b/5.2.4/Dockerfile index 5a0d6c0..570267c 100644 --- a/5.2.4/Dockerfile +++ b/5.2.4/Dockerfile @@ -19,7 +19,7 @@ LABEL name="Solutions Delivery Platform: OWASP Dependency Checker" \ COPY LICENSE /licenses ### Add necessary Red Hat repos and packages here -RUN INSTALL_PKGS="java-1.8.0-openjdk-devel mono-devel ruby unzip" && \ +RUN INSTALL_PKGS="java-1.8.0-openjdk-devel mono-devel pgrep ruby unzip" && \ yum update -y \ --nogpgcheck \ --disablerepo=unified_platform_ubi8_os \ @@ -62,5 +62,6 @@ VOLUME ["/src" "/usr/share/dependency-check/data" "/report"] WORKDIR /src +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD pgrep -f "dependency-check.sh" CMD ["--help"] ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"] \ No newline at end of file -- GitLab From e32926dc3a5490e6122bf6dec469d2b8e89973c8 Mon Sep 17 00:00:00 2001 From: Peter Sigur Date: Thu, 23 Jan 2020 14:41:12 -0500 Subject: [PATCH 2/3] removing O flag causing problems --- 5.2.4/scripts/prebuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/5.2.4/scripts/prebuild.sh b/5.2.4/scripts/prebuild.sh index 83ccc4d..538eacd 100644 --- a/5.2.4/scripts/prebuild.sh +++ b/5.2.4/scripts/prebuild.sh @@ -14,7 +14,7 @@ NEXUS_PASSWORD=${NEXUS_PASSWORD} ### Download files/dependencies ### # temporarily place binaries locally in /tmp/${VENDOR}/ -curl -LO --create-dirs https://dl.bintray.com/jeremy-long/owasp/dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip \ +curl -L --create-dirs https://dl.bintray.com/jeremy-long/owasp/dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip \ -o /tmp/${VENDOR}/owaspdepchk-${OWASP_DEP_CHK_VERSION} ### SHA256 Verification ### -- GitLab From 8af1da6cfffaa5d60f9e0dcef1d12c599e62ff26 Mon Sep 17 00:00:00 2001 From: Karpagam Balan Date: Mon, 9 Mar 2020 11:33:36 -0400 Subject: [PATCH 3/3] Added changes to fix repo structure to confirm to current pipeline guidance --- 5.2.4/Dockerfile | 81 +++++++++++++++++++++++++++++++++++++++++++++ 5.2.4/README.md | 19 ++++++++++- 5.2.4/download.json | 9 +++++ 3 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 5.2.4/Dockerfile create mode 100644 5.2.4/download.json diff --git a/5.2.4/Dockerfile b/5.2.4/Dockerfile new file mode 100644 index 0000000..5bf4d45 --- /dev/null +++ b/5.2.4/Dockerfile @@ -0,0 +1,81 @@ +ARG BASE_REGISTRY=registry.access.redhat.com +ARG BASE_IMAGE=ubi7/ubi +ARG BASE_TAG=7.8 +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +### Required Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels +LABEL name="Solutions Delivery Platform: OWASP Dependency Check" \ + maintainer="terrana_steven@bah.com" \ + vendor="Booz Allen Hamilton" \ + version="5.2.4" \ + release="5.2.4" \ + summary="OWASP Dependency Check container" \ + description="The OWASP Dependency Check container image for the Solutions Delivery Platform" + +### add licenses to this directory +COPY LICENSE /licenses + +### Install packages from ubi base repo +RUN INSTALL_PKGS="java-1.8.0-openjdk-devel ruby unzip" && \ + yum update -y \ + --nogpgcheck \ + --disablerepo=unified_platform_ubi8_os \ + --disablerepo=unified_platform_ubi8_appstream \ + --disableplugin=subscription-manager \ + --setopt=tsflags=nodocs \ + --security \ + --sec-severity=Important \ + --sec-severity=Critical && \ + yum install ${INSTALL_PKGS} -y \ + --nogpgcheck \ + --disablerepo=unified_platform_ubi8_os \ + --disablerepo=unified_platform_ubi8_appstream \ + --disableplugin=subscription-manager \ + --setopt=tsflags=nodocs + +### Arguments and Environment variables +ENV user dependencycheck +ARG SDP_BUILD_DEPENDENCY_VERSION dcar-0.4 +ENV OWASP_DEP_CHECK_VERSION 5.2.4 + +### Fetch dependency bundle + +RUN mkdir /root/tmp +COPY owasp-dep-check-dependencies-$SDP_BUILD_DEPENDENCY_VERSION.tar.gz /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz + +### Install mono-devel +RUN cd /root/tmp && tar -xzf owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz && rpm -ivh --replacepkgs --replacefiles /root/tmp/dependencies/mono-devel/*.rpm && rm /root/tmp/owasp-dep-check-dependencies-$OWASP_DEP_CHECK_VERSION.tar.gz + +### Install ruby dependencies +RUN cd /root/tmp && \ + gem install --force --local /root/tmp/dependencies/rubygems-update/*.gem && \ + update_rubygems && \ + gem install --force --local /root/tmp/dependencies/bundle-audit/*.gem && \ + gem cleanup + +### Install OWASP Dependency Check binaries +RUN cd /root/tmp/dependencies/owasp && \ + unzip dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip && \ + rm dependency-check-${OWASP_DEP_CHK_VERSION}-release.zip && \ + mv dependency-check /usr/share/ && \ + rm -rf /root/tmp/dependencies + +# Add user, create required directories and cleanup +RUN useradd -ms /bin/bash ${user} && \ + chown -R ${user}:${user} /usr/share/dependency-check && \ + mkdir /report && \ + chown -R ${user}:${user} /report && \ + yum --nogpgcheck --disableplugin=subscription-manager clean all + +USER ${user} + +VOLUME ["/src" "/usr/share/dependency-check/data" "/report"] +WORKDIR /src + +CMD ["--help"] +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD stat /usr/share/dependency-check/bin/dependency-check.sh +ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"] + + + + diff --git a/5.2.4/README.md b/5.2.4/README.md index 0200ed3..8957c33 100644 --- a/5.2.4/README.md +++ b/5.2.4/README.md @@ -1,2 +1,19 @@ -# dependency-check +# OWASP Dependency Check Container +## Introduction + +This container hosts the OWASP Dependency Check application to be used as part of the Solution Delivery Platform. + +## Container Variables + +The following is a list of variables: +``` +ARG BASE_REGISTRY = defines the registry portion of the OS image to be used in the FROM command. +ARG BASE_IMAGE = defines the image portion of the OS image to be used in the FROM command. +ARG BASE_TAG = defines the tag portion of the OS image to be used in the FROM command. +ARG SDP_BUILD_DEPENDENCY_VERSION = defines the release in https://github.com/boozallen/sdp-images/releases that the dependency bundle should be pulled form - default dcar-0.4 +``` + +Recommended resources for the image: + +The Jenkins agent on the Solutions Delivery Platform will run this container as pasrt of thebuild pipeline. All resources are inherited at runtime from the Jenkins Agent container. diff --git a/5.2.4/download.json b/5.2.4/download.json new file mode 100644 index 0000000..19bfd1f --- /dev/null +++ b/5.2.4/download.json @@ -0,0 +1,9 @@ +{ "resources": + [ + { "url" : "https://github.com/boozallen/sdp-images/releases/download/dcar-0.3/owasp-dep-check-dependencies-dcar-0.3.tar.gz", + "filename": "owasp-dep-check-dependencies-dcar-0.3.tar.gz", + "sha256": "4e885b2cf44aa7a27dd16727e8e3e01011498ab9b5fca2e27dc1fc6935b0d3f3" + } +] } + + -- GitLab