From cf5ac665cae40f5b0a9e3d16788da85d752c39d1 Mon Sep 17 00:00:00 2001
From: ironbank-bot <ironbank-bot@dsop.io>
Date: Thu, 10 Dec 2020 01:02:14 +0000
Subject: [PATCH 1/5] Migrate to hardening_manifest.yaml

---
 Dockerfile              |  3 --
 Jenkinsfile             |  2 --
 download.yaml           | 12 --------
 hardening_manifest.yaml | 63 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 63 insertions(+), 17 deletions(-)
 delete mode 100644 Jenkinsfile
 delete mode 100644 download.yaml
 create mode 100644 hardening_manifest.yaml

diff --git a/Dockerfile b/Dockerfile
index fc80b34..3a89831 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,9 +28,6 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 ARG VERSION="2020.03-1"
 ARG HUB_VERSION="2020.6.2"
 
-LABEL com.blackducksoftware.hub.vendor="Black Duck Software, Inc." \
-      com.blackducksoftware.hub.version="$HUB_VERSION" \
-      com.blackducksoftware.version="$VERSION"
 
 ENV BLACKDUCK_RELEASE_INFO "com.blackducksoftware.hub.vendor=Black Duck Software, Inc. \
 com.blackducksoftware.hub.version=$HUB_VERSION"
diff --git a/Jenkinsfile b/Jenkinsfile
deleted file mode 100644
index d96a36e..0000000
--- a/Jenkinsfile
+++ /dev/null
@@ -1,2 +0,0 @@
-@Library('DCCSCR@master') _
-dccscrPipeline(version: "2020.03-1")
diff --git a/download.yaml b/download.yaml
deleted file mode 100644
index 9910ea3..0000000
--- a/download.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-resources:
-  - url: https://dccscr-projects.s3.amazonaws.com/blackduck/appcheck-worker/2020.03-1/appcheck-worker-2020.03-1.tar.gz
-    filename: appcheck-worker-2020.03-1.tar.gz
-    validation:
-      type: sha256
-      value: deb1cd4d51f4851496072e0c9450da5e64b3ab1e30b86858f0355cc2d0c1692e
-  - url: https://dccscr-projects.s3.amazonaws.com/blackduck/appcheck-worker/2020.03-1/filebeat-7.8.0-x86_64.rpm
-    filename: filebeat-7.8.0-x86_64.rpm
-    validation:
-      type: sha256
-      value: 877725b088e010ab11c58c9d5d222dde686a635a77f4798105548102e1e32ba5
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
new file mode 100644
index 0000000..6053975
--- /dev/null
+++ b/hardening_manifest.yaml
@@ -0,0 +1,63 @@
+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "synopsys/blackduck/appcheck-worker"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "2020.03-1"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "redhat/ubi/ubi8"
+  BASE_TAG: "8.3"
+
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "appcheck-worker"
+  ## Human-readable description of the software packaged in the image
+  # org.opencontainers.image.description: "FIXME"
+  ## License(s) under which contained software is distributed
+  # org.opencontainers.image.licenses: "FIXME"
+  ## URL to find more information on the image
+  # org.opencontainers.image.url: "FIXME"
+  ## Name of the distributing entity, organization or individual
+  # org.opencontainers.image.vendor: "FIXME"
+  org.opencontainers.image.version: "2020.03-1"
+  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  # mil.dso.ironbank.image.keywords: "FIXME"
+  ## This value can be "opensource" or "commercial"
+  # mil.dso.ironbank.image.type: "FIXME"
+  ## Product the image belongs to for grouping multiple images
+  # mil.dso.ironbank.product.name: "FIXME"
+
+# List of resources to make available to the offline build context
+resources:
+- filename: appcheck-worker-2020.03-1.tar.gz
+  url: https://dccscr-projects.s3.amazonaws.com/blackduck/appcheck-worker/2020.03-1/appcheck-worker-2020.03-1.tar.gz
+  validation:
+    type: sha256
+    value: deb1cd4d51f4851496072e0c9450da5e64b3ab1e30b86858f0355cc2d0c1692e
+- filename: filebeat-7.8.0-x86_64.rpm
+  url: https://dccscr-projects.s3.amazonaws.com/blackduck/appcheck-worker/2020.03-1/filebeat-7.8.0-x86_64.rpm
+  validation:
+    type: sha256
+    value: 877725b088e010ab11c58c9d5d222dde686a635a77f4798105548102e1e32ba5
+
+# List of project maintainers
+# FIXME: Fill in the following details for the current container owner in the whitelist
+# FIXME: Include any other vendor information if applicable
+maintainers:
+- email: "kumykov@synopsys.com"
+#   # The name of the current container owner
+#   name: "FIXME"
+#   # The gitlab username of the current container owner
+#   username: "FIXME"
+#   cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
+# - name: "FIXME"
+#   username: "FIXME"
+#   email: "FIXME"
-- 
GitLab


From 358c3927d6a1bda2b856fd65bf81b56b836f20d8 Mon Sep 17 00:00:00 2001
From: Murat Kumykov <kumykov@synopsys.com>
Date: Wed, 24 Feb 2021 13:31:39 +0000
Subject: [PATCH 2/5] Update Dockerfile

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 3a89831..30d80da 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 ARG BASE_REGISTRY=registry1.dsop.io
 ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
-ARG BASE_TAG=8.2
+ARG BASE_TAG=8.3
 
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
-- 
GitLab


From b2b9e53bbf42cf637aeb694a439b05ecb9569d41 Mon Sep 17 00:00:00 2001
From: Murat Kumykov <kumykov@synopsys.com>
Date: Wed, 24 Feb 2021 13:32:59 +0000
Subject: [PATCH 3/5] Update hardening_manifest.yaml

---
 hardening_manifest.yaml | 25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 6053975..bbce278 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -20,20 +20,20 @@ args:
 labels:
   org.opencontainers.image.title: "appcheck-worker"
   ## Human-readable description of the software packaged in the image
-  # org.opencontainers.image.description: "FIXME"
+  org.opencontainers.image.description: "Binary scanner container for Blackduck"
   ## License(s) under which contained software is distributed
-  # org.opencontainers.image.licenses: "FIXME"
+  org.opencontainers.image.licenses: "Synopsys proprietary License"
   ## URL to find more information on the image
-  # org.opencontainers.image.url: "FIXME"
+  org.opencontainers.image.url: "blackducksoftware/blackduck-worker"
   ## Name of the distributing entity, organization or individual
-  # org.opencontainers.image.vendor: "FIXME"
+  org.opencontainers.image.vendor: "Synopsys, Inc."
   org.opencontainers.image.version: "2020.03-1"
   ## Keywords to help with search (ex. "cicd,gitops,golang")
-  # mil.dso.ironbank.image.keywords: "FIXME"
+  mil.dso.ironbank.image.keywords: "SCA"
   ## This value can be "opensource" or "commercial"
-  # mil.dso.ironbank.image.type: "FIXME"
+  mil.dso.ironbank.image.type: "commercial"
   ## Product the image belongs to for grouping multiple images
-  # mil.dso.ironbank.product.name: "FIXME"
+  mil.dso.ironbank.product.name: "Blackduck"
 
 # List of resources to make available to the offline build context
 resources:
@@ -53,11 +53,6 @@ resources:
 # FIXME: Include any other vendor information if applicable
 maintainers:
 - email: "kumykov@synopsys.com"
-#   # The name of the current container owner
-#   name: "FIXME"
-#   # The gitlab username of the current container owner
-#   username: "FIXME"
-#   cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
-# - name: "FIXME"
-#   username: "FIXME"
-#   email: "FIXME"
+  name: "Murat Kumykov"
+  username: "kumykov"
+  cht_member: false
-- 
GitLab


From f6743e04f840ff6e0c284f7a7f687ac788e84bd6 Mon Sep 17 00:00:00 2001
From: Murat Kumykov <kumykov@synopsys.com>
Date: Wed, 24 Feb 2021 13:35:39 +0000
Subject: [PATCH 4/5] Update hardening_manifest.yaml

---
 hardening_manifest.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index bbce278..97e315a 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -24,7 +24,7 @@ labels:
   ## License(s) under which contained software is distributed
   org.opencontainers.image.licenses: "Synopsys proprietary License"
   ## URL to find more information on the image
-  org.opencontainers.image.url: "blackducksoftware/blackduck-worker"
+  org.opencontainers.image.url: "blackducksoftware/appcheck-worker"
   ## Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "Synopsys, Inc."
   org.opencontainers.image.version: "2020.03-1"
-- 
GitLab


From 123570fb7c5e4f9ce90f700c2c9b044b7c71e454 Mon Sep 17 00:00:00 2001
From: Murat Kumykov <kumykov@synopsys.com>
Date: Wed, 24 Feb 2021 20:19:35 +0000
Subject: [PATCH 5/5] Dockerfile update

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 30d80da..d345503 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-ARG BASE_REGISTRY=registry1.dsop.io
+ARG BASE_REGISTRY=registry1.dso.mil
 ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8
 ARG BASE_TAG=8.3
 
-- 
GitLab