diff --git a/Dockerfile b/Dockerfile index fc80b34fedb4d4a209e05f09d05fcdedcdcab7f8..d345503acbf95c0021a523dbe7eb8b9ad6bac88b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 -ARG BASE_TAG=8.2 +ARG BASE_TAG=8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -28,9 +28,6 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ARG VERSION="2020.03-1" ARG HUB_VERSION="2020.6.2" -LABEL com.blackducksoftware.hub.vendor="Black Duck Software, Inc." \ - com.blackducksoftware.hub.version="$HUB_VERSION" \ - com.blackducksoftware.version="$VERSION" ENV BLACKDUCK_RELEASE_INFO "com.blackducksoftware.hub.vendor=Black Duck Software, Inc. \ com.blackducksoftware.hub.version=$HUB_VERSION" diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index d96a36ee640f9e280c5a3d7dede9613a17a72c66..0000000000000000000000000000000000000000 --- a/Jenkinsfile +++ /dev/null @@ -1,2 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: "2020.03-1") diff --git a/download.yaml b/download.yaml deleted file mode 100644 index 9910ea3bba2df0a9d8d54b1a0bfe089a6c1e5899..0000000000000000000000000000000000000000 --- a/download.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -resources: - - url: https://dccscr-projects.s3.amazonaws.com/blackduck/appcheck-worker/2020.03-1/appcheck-worker-2020.03-1.tar.gz - filename: appcheck-worker-2020.03-1.tar.gz - validation: - type: sha256 - value: deb1cd4d51f4851496072e0c9450da5e64b3ab1e30b86858f0355cc2d0c1692e - - url: https://dccscr-projects.s3.amazonaws.com/blackduck/appcheck-worker/2020.03-1/filebeat-7.8.0-x86_64.rpm - filename: filebeat-7.8.0-x86_64.rpm - validation: - type: sha256 - value: 877725b088e010ab11c58c9d5d222dde686a635a77f4798105548102e1e32ba5 diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000000000000000000000000000000000000..97e315a74ac98365fb604ef0ae1bea17e2d14c5b --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "synopsys/blackduck/appcheck-worker" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "2020.03-1" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.3" + +# Docker image labels +labels: + org.opencontainers.image.title: "appcheck-worker" + ## Human-readable description of the software packaged in the image + org.opencontainers.image.description: "Binary scanner container for Blackduck" + ## License(s) under which contained software is distributed + org.opencontainers.image.licenses: "Synopsys proprietary License" + ## URL to find more information on the image + org.opencontainers.image.url: "blackducksoftware/appcheck-worker" + ## Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "Synopsys, Inc." + org.opencontainers.image.version: "2020.03-1" + ## Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "SCA" + ## This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + ## Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "Blackduck" + +# List of resources to make available to the offline build context +resources: +- filename: appcheck-worker-2020.03-1.tar.gz + url: https://dccscr-projects.s3.amazonaws.com/blackduck/appcheck-worker/2020.03-1/appcheck-worker-2020.03-1.tar.gz + validation: + type: sha256 + value: deb1cd4d51f4851496072e0c9450da5e64b3ab1e30b86858f0355cc2d0c1692e +- filename: filebeat-7.8.0-x86_64.rpm + url: https://dccscr-projects.s3.amazonaws.com/blackduck/appcheck-worker/2020.03-1/filebeat-7.8.0-x86_64.rpm + validation: + type: sha256 + value: 877725b088e010ab11c58c9d5d222dde686a635a77f4798105548102e1e32ba5 + +# List of project maintainers +# FIXME: Fill in the following details for the current container owner in the whitelist +# FIXME: Include any other vendor information if applicable +maintainers: +- email: "kumykov@synopsys.com" + name: "Murat Kumykov" + username: "kumykov" + cht_member: false