From cda81315d2de59d4c3dc06050b8e9f1a869f1671 Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Fri, 23 Sep 2016 12:25:58 +0200 Subject: [PATCH 1/3] Add Dockerfile with own user --- Dockerfile | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..28aa529a6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,14 @@ +FROM java:8 + +MAINTAINER Timo Pagel + +RUN wget http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.3-release.zip && unzip dependency-check-1.4.3-release.zip && mv dependency-check /usr/share/ + +RUN useradd -ms /bin/bash dockeruser && chown -R dockeruser:dockeruser /usr/share/dependency-check && mkdir /report && chown -R dockeruser:dockeruser /report +USER dockeruser + +VOLUME "/src /usr/share/dependency-check/data /report" + +WORKDIR /report + +ENTRYPOINT ["/usr/share/dependency-check/bin/dependency-check.sh", "--scan", "/src"] From 1a5e9884fc6e372a6cd740c4d40250647b410c5b Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Fri, 23 Sep 2016 12:26:17 +0200 Subject: [PATCH 2/3] Add usage for docker to the Readme --- README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/README.md b/README.md index 5b5a0c5f1..f5d6033fd 100644 --- a/README.md +++ b/README.md @@ -97,6 +97,37 @@ On Windows Then load the resulting 'DependencyCheck-Report.html' into your favorite browser. +### Docker + +In the following example it is assumed that the source to be checked is in the actual directory. A persistent data directory and a persistent report directory is used so that the container can be destroyed after running it to make sure that you use the newst version, always. +``` +# After the first run, feel free to change the owner of the directories to the owner of the creted files and the permissions to 744 +DATA_DIRECTORY=$HOME/OWASP-Dependency-Check/data +REPORT_DIRECTORY=/$HOME/OWASP-Dependency-Check/reports + +if [ ! -d $DATA_DIRECTORY ]; then + echo "Initially creating persistent directories" + mkdir -p $DATA_DIRECTORY + chmod -R 777 $DATA_DIRECTORY + + mkdir -p $REPORT_DIRECTORY + chmod -R 777 $REPORT_DIRECTORY +fi + +docker pull owasp/dependency-check # Make sure it is the actual version + +docker run --rm \ + --volume $(pwd):/src \ + --volume $DATA_DIRECTORY:/usr/share/dependency-check/data \ + --volume $REPORT_DIRECTORY:/report \ + --name dependency-check \ + dc \ + --suppression "/src/security/dependency-check-suppression.xml"\ + --format "ALL" \ + --project "My OWASP Dependency Check Projekt" \ +``` + + Mailing List ------------ From f84aea004084a832dd73292dc3a277edce5c8300 Mon Sep 17 00:00:00 2001 From: Timo Pagel Date: Thu, 6 Oct 2016 19:38:22 +0200 Subject: [PATCH 3/3] MOD: Use https over http and fetch current release --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 28aa529a6..c311a3b6b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM java:8 MAINTAINER Timo Pagel -RUN wget http://dl.bintray.com/jeremy-long/owasp/dependency-check-1.4.3-release.zip && unzip dependency-check-1.4.3-release.zip && mv dependency-check /usr/share/ +RUN wget -O /tmp/current.txt http://jeremylong.github.io/DependencyCheck/current.txt && current=$(cat /tmp/current.txt) && wget https://dl.bintray.com/jeremy-long/owasp/dependency-check-$current-release.zip && unzip dependency-check-$current-release.zip && mv dependency-check /usr/share/ RUN useradd -ms /bin/bash dockeruser && chown -R dockeruser:dockeruser /usr/share/dependency-check && mkdir /report && chown -R dockeruser:dockeruser /report USER dockeruser