forked from dependency-check/DependencyCheck
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
52 lines (39 loc) · 2.96 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
FROM golang:1.14-alpine AS go
FROM azul/zulu-openjdk-alpine:14 AS jlink
RUN $JAVA_HOME/bin/jlink --compress=2 --module-path /opt/java/openjdk/jmods --add-modules java.base,java.compiler,java.datatransfer,jdk.crypto.ec,java.desktop,java.instrument,java.logging,java.management,java.naming,java.rmi,java.scripting,java.security.sasl,java.sql,java.transaction.xa,java.xml,jdk.unsupported --output /jlinked
FROM mcr.microsoft.com/dotnet/core/runtime:3.1-alpine
MAINTAINER Jeremy Long <[email protected]>
ARG VERSION
ARG POSTGRES_DRIVER_VERSION=42.2.6
ARG MYSQL_DRIVER_VERSION=8.0.17
ENV user=dependencycheck
ENV JAVA_HOME=/opt/jdk
ENV JAVA_OPTS="-Danalyzer.assembly.dotnet.path=/usr/bin/dotnet -Danalyzer.bundle.audit.path=/usr/bin/bundle-audit -Danalyzer.golang.path=/usr/local/go/bin/go"
COPY --from=jlink /jlinked /opt/jdk/
COPY --from=go /usr/local/go/ /usr/local/go/
ADD cli/target/dependency-check-${VERSION}-release.zip /
RUN apk update && \
apk add --no-cache --virtual .build-deps curl tar && \
apk add --no-cache git ruby ruby-rdoc && \
gem install bundle-audit && \
bundle audit update && \
unzip dependency-check-${VERSION}-release.zip -d /usr/share/ && \
rm dependency-check-${VERSION}-release.zip && \
cd /usr/share/dependency-check/plugins && \
curl -Os "https://jdbc.postgresql.org/download/postgresql-${POSTGRES_DRIVER_VERSION}.jar" && \
curl -Ls "https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-${MYSQL_DRIVER_VERSION}.tar.gz" \
| tar -xz --directory "/usr/share/dependency-check/plugins" --strip-components=1 --no-same-owner \
"mysql-connector-java-${MYSQL_DRIVER_VERSION}/mysql-connector-java-${MYSQL_DRIVER_VERSION}.jar" && \
addgroup -S ${user} && adduser -S -G ${user} ${user} && \
mkdir /usr/share/dependency-check/data && \
chown -R ${user}:${user} /usr/share/dependency-check && \
mkdir /report && \
chown -R ${user}:${user} /report && \
apk del .build-deps
### remove any suid sgid - we don't need them
RUN for i in `find / -perm +6000 -type f`; do chmod a-s $i; done
USER ${user}
VOLUME ["/src", "/report"]
WORKDIR /src
CMD ["--help"]
ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh"]