Initial commit

60b1d9d3 · Aaron Weaver · 3ba12637 · 60b1d9d3 · 60b1d9d3 · 60b1d9d3
Commit 60b1d9d3 authored 7 years ago by Aaron Weaver
--- a/.travis.yml
+++ b/.travis.yml
+sudo: required
+language: python
+install: true
+
+services:
+  - docker
+
+env:
+  global:
+    - VERSION=1.${TRAVIS_BUILD_NUMBER}
+  matrix:
+    - PIPELINE_BUILD='base'
+      DOCKER_FILE='base/dockerfile-base'
+      REPO='appsecpipeline/base'
+    - PIPELINE_BUILD='basetools'
+      DOCKER_FILE='base/dockerfile-base-tools'
+      REPO='appsecpipeline/base-tools'
+    - PIPELINE_BUILD=sast
+      DOCKER_FILE='base/dockerfile-sast'
+      REPO='appsecpipeline/sast'
+    - PIPELINE_BUILD=node
+      DOCKER_FILE='base/dockerfile-node'
+      REPO='appsecpipeline/node'
+    - PIPELINE_BUILD=ruby
+      DOCKER_FILE='base/dockerfile-ruby'
+      REPO='appsecpipeline/ruby'
+    - PIPELINE_BUILD=zap
+      DOCKER_FILE='base/dockerfile-zap'
+      REPO='appsecpipeline/zap'
+
+script:
+  - |
+    echo "Running PipelineBuild=$PIPELINE_BUILD"
+    bash build/docker-hub.sh $TRAVIS_BRANCH $REPO $VERSION $DOCKER_FILE
--- a/README.md
+++ b/README.md
+# AppSecPipeline
--- a/build.sh
+++ b/build.sh
+echo "Building Jenkins Jobs"
+sh jenkins.sh
+echo
+echo "Creating global tool yaml"
+python build/combine-yaml.py
+echo "Complete\n"
--- a/build/build-dockers.sh
+++ b/build/build-dockers.sh
+echo "Keeping it tidy."
+docker rmi $(docker images | grep "none" | awk '/ / { print $3 }')
+#docker volume rm $(docker volume ls -qf dangling=true)
+#docker rmi $(docker images -q)
+echo "Building dockers"
+#--no-cache
+docker build -f dockers/base/dockerfile-base . -t appsecpipeline/base
+docker build -f dockers/base/dockerfile-base-tools . -t appsecpipeline/base-tools
+docker build -f dockers/base/dockerfile-sast . -t appsecpipeline/sast
+docker build -f dockers/base/dockerfile-node . -t appsecpipeline/node
+docker build -f dockers/base/dockerfile-ruby . -t appsecpipeline/ruby
+docker build -f dockers/base/dockerfile-zap . -t appsecpipeline/zap
+docker build -f pipelines/jenkins/jenkins-local-dockerfile . -t appsecpipeline/jenkins
+
+echo
+echo "Command Shortcuts"
+echo 'docker run --rm -ti appsecpipeline/base /bin/bash'
+echo 'docker run --rm -ti appsecpipeline/base-tools /bin/bash'
+echo 'docker run --rm -ti appsecpipeline/sast /bin/bash'
+echo 'docker run --rm -ti appsecpipeline/node /bin/bash'
+echo 'docker run --rm -ti appsecpipeline/ruby /bin/bash'
+echo 'docker run --rm -ti appsecpipeline/zap /bin/bash'
--- a/build/combine-yaml.py
+++ b/build/combine-yaml.py
+import os
+import yaml
+
+secPipelineFile = "controller/secpipeline-config.yaml"
+
+def createSecPipeLine():
+    #Re-create the pipeline config file
+    os.remove(secPipelineFile)
+
+    for subdir, dirs, files in os.walk("tools"):
+        for file in files:
+            if file.lower().endswith("yaml"):
+                yamlFile = os.path.join(subdir, file)
+
+                #Read tool YAML
+                with open(yamlFile, 'r') as toolYaml:
+                    yamlContent = toolYaml.read()
+
+                #Write to secpipeline-config.yaml
+                with open(secPipelineFile, 'a+') as file:
+                    file.write(yamlContent)
+
+def quoted_presenter(dumper, data):
+    return dumper.represent_scalar('tag:yaml.org,2002:str', data, style='"')
+
+yaml.add_representer(str, quoted_presenter)
+
+def readYAML():
+    #Read tool YAML
+    with open(secPipelineFile, 'r') as stream:
+        try:
+            tools = yaml.safe_load(stream)
+            data = {}
+            parameters = {}
+            parameters_details = {}
+
+            for tool in tools:
+                toolParms = tools[tool]["parameters"]
+                parameters_key = {}
+                for parameter in toolParms:
+                    if toolParms[parameter]["type"] == "config":
+                        parameters_key["type"] = toolParms[parameter]["type"]
+                        parameters_key["data_type"] = toolParms[parameter]["data_type"]
+                        parameters_key["description"] = toolParms[parameter]["description"]
+                        parameters_key["value"] = '{replace-me}'
+                        parameters_details[parameter] = parameters_key
+                        parameters_key = {}
+
+                if parameters_details:
+                    parameters["parameters"] = parameters_details
+                    data[tool] = parameters
+
+                parameters = {}
+                parameters_details = {}
+
+            yamlLoc = "controller/tool-config-template.config"
+            with open(yamlLoc, 'w') as outfile:
+                yaml.dump(data, outfile, default_flow_style=False)
+
+        except yaml.YAMLError as exc:
+            print(exc)
+
+
+createSecPipeLine()
+readYAML()
+print "Complete!"
--- a/build/docker-hub.sh
+++ b/build/docker-hub.sh
+#!/bin/bash
+set -ev
+
+TRAVIS_BRANCH=$1
+REPO=$2
+VERSION=$3
+DOCKER_FILE=$4
+
+if [ "$TRAVIS_BRANCH" == "master" ]; then
+  TAG="latest";
+else
+  TAG=$TRAVIS_BRANCH;
+fi
+
+docker build -f dockers/$DOCKER_FILE . -t $REPO
+
+docker tag $REPO $REPO:$TAG
+docker tag $REPO $REPO:$VERSION
+if [ "$TRAVIS_BRANCH" == "master" ] && [ "$DOCKER_USER" != "" ] && [  "$DOCKER_PASS" != "" ]; then
+  docker login -u "$DOCKER_USER" -p "$DOCKER_PASS";
+  docker push $REPO ;
+fi
--- a/controller/.DS_Store
+++ b/controller/.DS_Store
--- a/controller/appsec.pipeline
+++ b/controller/appsec.pipeline
+version: AppSecPipeline 0.5.0
+
+#Sample appsec.pipeline file that could reside in an app repo
+profiles:
+  production:
+   - tool: "nmap"
+     profile: "all"
+   - tool: "zap"
+     profile: "quick"
+   - tool: "ssllabs"
+     profile: "all"
+   - tool: "defectdojo"
+     profile: "all"
+
+  dynamic:
+   - tool: "nikto"
+     profile: "tuned"
+   - tool: "arachni"
+     profile: "xss"
+   - tool: "defectdojo"
+     profile: "all"
+
+  static:
+   - tool: "cloc"
+     profile: "all"
+   - tool: "bandit"
+     profile: "tuned"
+   - tool: "brakeman"
+     profile: "tuned"
+   - tool: "retirejs"
+     profile: "all"
+     finding-severity: #Only import issues from retireJs with a severity of Critical
+       - "Critical"
+   - tool: "snyk"
+     profile: "all"
+   - tool: "dependency-check"
+     profile: "all"
+   - tool: "defectdojo"
+     profile: "all"
+
+  analyze-code:
+   - tool: "cloc"
+     profile: "all"
+
+#Define which profile to run based off of a code checkin
+deployment:
+  master: fast
+  devel: sast
+  pre-prod: standard
--- a/controller/master.yaml
+++ b/controller/master.yaml
+version: AppSecPipeline 0.6.0
+
+# Global configuration settings
+global:
+  min-severity: low
+  max-tool-run: 720 #Maximum time to run a tool before terminating the container, specified in minutes
+  max-parallel: 3 #Maximum number of concurrent docker containers to run per Pipeline
+  max-dynamic: 1 #Maximum number of dynamic containers to run at once
+
+#Profile definition of what tools to run for a particular application
+profiles:
+  sourcecode:
+    pipeline:
+      - tool: "git"
+        tool-profile: "tags"
+        on-failure: "fail" #continue / fail / tool?
+      - tool: "cloc"
+        tool-profile: "all"
+        on-failure:
+      - tool: "checkmarx"
+        tool-profile: "all"
+      - tool: "bandit"
+        tool-profile: "tuned"
+      - tool: "brakeman"
+        tool-profile: "tuned"
+      - tool: "retirejs"
+        tool-profile: "all"
+      - tool: "defectdojo"
+        tool-profile: "all"
+
+  gitcloc:
+    pipeline:
+      - tool: "git"
+        tool-profile: "clone"
+      - tool: "cloc"
+        tool-profile: "all"
+
+  standard:
+    pipeline:
+      - tool: "cloc"
+        tool-profile: "all"
+      - tool: "nikto"
+        tool-profile: "fast"
+      - tool: "arachni"
+        tool-profile: "xss"
+      - tool: "bandit"
+        tool-profile: "tuned"
+      - tool: "brakeman"
+        tool-profile: "tuned"
+      - tool: "retirejs"
+        tool-profile: "all"
+      - tool: "defectdojo"
+        tool-profile: "all"
+
+  production:
+    pipeline:
+      - tool: "zap"
+        tool-profile: "quick"
+      - tool: "nmap"
+        tool-profile: "quick"
+      - tool: "ssllabs"
+        tool-profile: "all"
+    startup:
+      tool: prepenv
+      tool-profile: all
+    runevery:
+      tool: defectdojo
+      tool-profile: engagement
+    final:
+      tool: defectdojo
+      tool-profile: close_engagement
+
+  ssllabs:
+    pipeline:
+     - tool: "ssllabs"
+       tool-profile: "all"
+
+  tenableio:
+    pipeline:
+     - tool: "tenableio"
+       tool-profile: "all"
+
+  wpscan:
+    pipeline:
+     - tool: "wpscan"
+       tool-profile: "all_enumeration"
+
+  nmap:
+    pipeline:
+     - tool: "nmap"
+       tool-profile: "quick"
+
+  defectdojonmap:
+    pipeline:
+     - tool: "nmap"
+       tool-profile: "quick"
+     - tool: "defectdojo"
+       tool-profile: "all"
+
+  appspider:
+    pipeline:
+     - tool: "appspider"
+       tool-profile: "all"
+
+  defectdojo:
+    pipeline:
+     - tool: "defectdojo"
+       tool-profile: "all"
+
+  dynamic:
+    pipeline:
+     - tool: "nikto"
+       tool-profile: "tuned"
+     - tool: "arachni"
+       tool-profile: "xss"
+     - tool: "defectdojo"
+       tool-profile: "all"
+
+  static:
+    pipeline:
+     - tool: "cloc"
+       tool-profile: "all"
+     - tool: "bandit"
+       tool-profile: "tuned"
+     - tool: "brakeman"
+       tool-profile: "tuned"
+     - tool: "retirejs"
+       tool-profile: "all"
+     - tool: "snyk"
+       tool-profile: "all"
+     - tool: "dependency-check"
+       tool-profile: "all"
+     - tool: "defectdojo"
+       tool-profile: "all"
+
+  analyze-code:
+    pipeline:
+     - tool: "cloc"
+       tool-profile: "all"
+
+#Define which profile to run based off of a code checkin
+deployment:
+  master: fast
+  devel: sast
+  pre-prod: standard
--- a/controller/secpipeline-config.yaml
+++ b/controller/secpipeline-config.yaml
--- a/controller/tool-config-template.config
+++ b/controller/tool-config-template.config
+"appspider":
+  "parameters":
+    "APPSPIDER_ADMIN_PASSWORD":
+      "data_type": "password"
+      "description": "AppSpider Admin API Password"
+      "type": "config"
+      "value": "{replace-me}"
+    "APPSPIDER_ADMIN_USERNAME":
+      "data_type": "username"
+      "description": "AppSpider Admin API Username"
+      "type": "config"
+      "value": "{replace-me}"
+    "APPSPIDER_PASSWORD":
+      "data_type": "password"
+      "description": "AppSpider API Password"
+      "type": "config"
+      "value": "{replace-me}"
+    "APPSPIDER_URL":
+      "data_type": "url"
+      "description": "AppSpider Enterprise URL."
+      "type": "config"
+      "value": "{replace-me}"
+    "APPSPIDER_USERNAME":
+      "data_type": "username"
+      "description": "AppSpider API Username"
+      "type": "config"
+      "value": "{replace-me}"
+"checkmarx":
+  "parameters":
+    "CHECKMARX_PASSWORD":
+      "data_type": "password"
+      "description": "Checkmarx password."
+      "type": "config"
+      "value": "{replace-me}"
+    "CHECKMARX_URL":
+      "data_type": "url"
+      "description": "Checkmarx web URL."
+      "type": "config"
+      "value": "{replace-me}"
+    "CHECKMARX_USERNAME":
+      "data_type": "username"
+      "description": "Checkmarx username."
+      "type": "config"
+      "value": "{replace-me}"
+"defectdojo":
+  "parameters":
+    "DOJO_API_KEY":
+      "data_type": "key"
+      "description": "Dojo API key."
+      "type": "config"
+      "value": "{replace-me}"
+    "DOJO_HOST":
+      "data_type": "string"
+      "description": "DefectDojo host."
+      "type": "config"
+      "value": "{replace-me}"
+    "DOJO_PROXY":
+      "data_type": "url"
+      "description": "Optional proxy for connecting to DefectDojo."
+      "type": "config"
+      "value": "{replace-me}"
+"prepenv":
+  "parameters":
+    "DOJO_API_KEY":
+      "data_type": "key"
+      "description": "Dojo API key."
+      "type": "config"
+      "value": "{replace-me}"
+    "DOJO_HOST":
+      "data_type": "string"
+      "description": "DefectDojo host."
+      "type": "config"
+      "value": "{replace-me}"
+    "DOJO_PROXY":
+      "data_type": "url"
+      "description": "Optional proxy for connecting to DefectDojo."
+      "type": "config"
+      "value": "{replace-me}"
+"snyk":
+  "parameters":
+    "SNYK_API_TOKEN":
+      "data_type": "api"
+      "description": "Synk API token"
+      "type": "config"
+      "value": "{replace-me}"
+"tenableio":
+  "parameters":
+    "TENABLE_ACCESS_KEY":
+      "data_type": "key"
+      "description": "Access key, generated in the TenableIO GUI."
+      "type": "config"
+      "value": "{replace-me}"
+    "TENABLE_SECRET_KEY":
+      "data_type": "key"
+      "description": "Secret key, generated in the TenableIO GUI."
+      "type": "config"
+      "value": "{replace-me}"
--- a/dockers/appsecpipeline/docker-compose.yml
+++ b/dockers/appsecpipeline/docker-compose.yml
+version: "3"
+services:
+  bodgeit:
+    image: psiinon/bodgeit
+    ports:
+      - "9000:8080"
+    networks:
+      appsec:
+        aliases:
+          - bodgeit.appsec.pipeline
+  defectdojo:
+    image: appsecpipeline/django-defectdojo:latest
+    ports:
+      - "8000:8000"
+    networks:
+      appsec:
+        aliases:
+          - defectdojo.appsec.pipeline
+  jenkins-pipeline:
+    image: appsecpipeline/jenkins
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - jenkins_home:/var/jenkins_home
+    ports:
+      - "8080:8080"
+      - "50000:50000"
+    networks:
+      appsec:
+        aliases:
+          - jenkins.appsec.pipeline
+
+networks:
+  appsec:
+      external:
+          name: appsecpipeline_default
+
+volumes:
+  jenkins_home:
--- a/dockers/appsecpipeline/launchenv.sh
+++ b/dockers/appsecpipeline/launchenv.sh
+if [ ! "$(docker network ls -f name=appsecpipeline_default | grep appsecpipeline_default)" ]; then
+        docker network create --driver bridge appsecpipeline_default
+fi
+docker-compose up -d
+echo "Adding allowed hosts to DefectDojo, assuming name: appsecpipeline_defectdojo_1. If the command fails double check the DefectDojo container name."
+docker exec -ti appsecpipeline_defectdojo_1 sed -i  "s/ALLOWED_HOSTS = \[\]/ALLOWED_HOSTS = ['defectdojo.appsec.pipeline', 'localhost']/g" /opt/django-DefectDojo/dojo/settings.py
--- a/dockers/base/dockerfile-base
+++ b/dockers/base/dockerfile-base
+FROM kalilinux/kali-linux-docker
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install -y \
+    build-essential \
+    ca-certificates \
+    git \
+    python-pip \
+    python2.7 \
+    python2.7-dev \
+    csvtool \
+    openjdk-9-jre-headless \
+    nmap
+
+########## AppSecPipeline Install ##########
+COPY tools /usr/bin/appsecpipeline/tools
+COPY dockers/base/setupdocker.sh /tmp
+ENV PATH="/usr/bin/appsecpipeline/tools:${PATH}"
+RUN sh /tmp/setupdocker.sh
+RUN rm /tmp/setupdocker.sh
+
+########## Checkmarx Install ##########
+RUN pip install -r /usr/bin/appsecpipeline/tools/checkmarx/requirements.txt
+
+ENTRYPOINT ["launch.py"]
+
+HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
--- a/dockers/base/dockerfile-base-tools
+++ b/dockers/base/dockerfile-base-tools
+FROM kalilinux/kali-linux-docker
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install -y \
+    build-essential \
+    ca-certificates \
+    git \
+    python-pip \
+    python2.7 \
+    python2.7-dev \
+    csvtool \
+    openjdk-9-jre-headless \
+    nikto \
+    cloc \
+    unzip \
+    nmap
+
+########## AppSecPipeline Install ##########
+COPY tools /usr/bin/appsecpipeline/tools
+COPY dockers/base/setupdocker.sh /tmp
+ENV PATH="/usr/bin/appsecpipeline/tools:${PATH}"
+RUN sh /tmp/setupdocker.sh
+RUN rm /tmp/setupdocker.sh
+
+########## Tenable Install ##########
+RUN pip install -U tenable_io
+
+########## Bandit Install ##########
+RUN pip install -U bandit
+
+########## Arachni Install ##########
+#Install Arachni, packaged apt-get install Arachni doesn't work for some reason, hangs on BrowserCluster
+ARG VERSION=1.5.1
+ARG WEB_VERSION=0.5.12
+
+RUN mkdir /usr/share/arachni && \
+          wget -qO- https://github.com/Arachni/arachni/releases/download/v${VERSION}/arachni-${VERSION}-${WEB_VERSION}-linux-x86_64.tar.gz | tar xvz -C /usr/share/arachni --strip-components=1
+
+RUN echo '#!/bin/bash\n\ncd /usr/share/arachni/bin/ && ./arachni "$@"' > /usr/bin/arachni
+RUN echo '#!/bin/bash\n\ncd /usr/share/arachni/bin/ && ./arachni_reporter "$@"' > /usr/bin/arachni_reporter
+
+RUN chmod +x /usr/bin/arachni
+RUN chmod +x /usr/bin/arachni_reporter
+
+#For Arachni to run properly the appsecpipeline user needs write permissions on component cache
+RUN chown -R appsecpipeline: /usr/share/arachni/system/
+
+########## SSLLabs Scanner Install ##########
+ARG SSLLAB=1.4.0
+
+RUN wget -qO- https://github.com/ssllabs/ssllabs-scan/releases/download/v${SSLLAB}/ssllabs-scan_${SSLLAB}-linux64.tgz | tar xvz -C /usr/bin --strip-components=1
+
+########## Change to appsecpipeline user ##########
+USER appsecpipeline
+
+ENTRYPOINT ["launch.py"]
+
+HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
--- a/dockers/base/dockerfile-node
+++ b/dockers/base/dockerfile-node
+FROM node
+
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install -y \
+    build-essential \
+    ca-certificates \
+    git \
+    python-pip \
+    python2.7 \
+    python2.7-dev
+
+########## AppSecPipeline Install ##########
+COPY tools /usr/bin/appsecpipeline/tools
+COPY dockers/base/setupdocker.sh /tmp
+ENV PATH="/usr/bin/appsecpipeline/tools:${PATH}"
+RUN sh /tmp/setupdocker.sh
+RUN rm /tmp/setupdocker.sh
+    
+########## Retire.js Install ##########
+RUN npm install -g retire
+
+########## Install Synk Install ##########
+RUN npm install -g snyk
+
+ENTRYPOINT ["launch.py"]
+
+HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
--- a/dockers/base/dockerfile-ruby
+++ b/dockers/base/dockerfile-ruby
+FROM ruby:2.4
+
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install -y \
+    build-essential \
+    ca-certificates \
+    git \
+    python-pip \
+    python2.7 \
+    python2.7-dev
+
+########## AppSecPipeline Install ##########
+COPY tools /usr/bin/appsecpipeline/tools
+COPY dockers/base/setupdocker.sh /tmp
+ENV PATH="/usr/bin/appsecpipeline/tools:${PATH}"
+RUN sh /tmp/setupdocker.sh
+RUN rm /tmp/setupdocker.sh
+
+########## AppSecPipeline Install ##########
+ENV BRAKEMAN_VERSION=4.0
+RUN gem install brakeman --version ${BRAKEMAN_VERSION} --no-format-exec
+
+########## WPScan Install ##########
+#RUN cd /tmp && git clone https://github.com/wpscanteam/wpscan-v3
+#RUN cd /tmp/wpscan-v3 && bundle install && rake install && cd ../
+RUN gem install wpscan
+
+#Update WPScanner DB
+RUN wpscan --update
+
+ENTRYPOINT ["launch.py"]
+
+HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
--- a/dockers/base/dockerfile-sast
+++ b/dockers/base/dockerfile-sast
+FROM kalilinux/kali-linux-docker
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install -y \
+    build-essential \
+    ca-certificates \
+    git \
+    python-pip \
+    python2.7 \
+    python2.7-dev \
+    openjdk-9-jre-headless \
+    cloc \
+    unzip
+
+########## AppSecPipeline Install ##########
+COPY tools /usr/bin/appsecpipeline/tools
+COPY dockers/base/setupdocker.sh /tmp
+ENV PATH="/usr/bin/appsecpipeline/tools:${PATH}"
+RUN sh /tmp/setupdocker.sh
+RUN rm /tmp/setupdocker.sh
+
+########## Bandit Install ##########
+RUN pip install -U bandit
+
+########## Dependency Checker Install ##########
+RUN wget -O /tmp/dependency-check.zip https://bintray.com/jeremy-long/owasp/download_file?file_path=dependency-check-3.0.2-release.zip && \
+    unzip /tmp/dependency-check.zip -d /usr/bin/ && \
+    rm /tmp/dependency-check.zip
+
+#Update the NVD local database for dependency checker
+RUN /usr/bin/dependency-check/bin/dependency-check.sh --updateonly
+
+RUN chown -R appsecpipeline: /usr/bin/dependency-check
+
+#Dependency check needs write permission on the data directory
+RUN chmod -R u=rwx /usr/bin/dependency-check/data
+
+USER appsecpipeline
+
+ENTRYPOINT ["launch.py"]
+
+HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
--- a/dockers/base/dockerfile-zap
+++ b/dockers/base/dockerfile-zap
+FROM owasp/zap2docker-stable
+
+USER root
+
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install -y \
+    build-essential \
+    ca-certificates \
+    python-pip \
+    python2.7 \
+    python2.7-dev
+
+########## AppSecPipeline Install ##########
+COPY tools /usr/bin/appsecpipeline/tools
+ENV PATH="/usr/bin/appsecpipeline/tools:${PATH}"
+
+#Python dependency installs
+RUN pip install -U requests
+RUN pip install -U junit_xml_output
+RUN pip install -U defectdojo_api
+RUN pip install -U cryptography
+
+RUN chmod +x /usr/bin/appsecpipeline/tools/launch.py
+RUN chmod +x /usr/bin/appsecpipeline/tools/junit.py
+
+########## Zap Baseline Install ##########
+#Override the baseline zap python script
+COPY tools/zap/zap-baseline.py /zap/
+
+RUN usermod -u 1000 zap
+RUN groupmod -g 1000 zap
+
+USER zap
+
+ENTRYPOINT ["launch.py"]
+
+HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
--- a/dockers/base/setupdocker.sh
+++ b/dockers/base/setupdocker.sh
+#Python dependency installs
+pip install -U pyyaml
+pip install -U requests
+pip install -U junit_xml_output
+pip install -U defectdojo_api
+pip install -U cryptography
+
+chmod +x /usr/bin/appsecpipeline/tools/launch.py
+chmod +x /usr/bin/appsecpipeline/tools/junit.py
+
+useradd -m -d /home/appsecpipeline appsecpipeline -u 1000