diff --git a/controller/secpipeline-config.yaml b/controller/secpipeline-config.yaml
index a39ff3dde25865c0f315c3de579d7d46c38dbff5..2fa50fc5a3157ab2191b37e8e801e6ad43f7baa3 100644
--- a/controller/secpipeline-config.yaml
+++ b/controller/secpipeline-config.yaml
@@ -183,7 +183,7 @@ checkmarx:
description: "Checkmarx is a source code analysis product that allows organization to scan uncompiled code and identify vulnerabilities."
url: https://www.checkmarx.com/technology/static-code-analysis-sca/
documentation: https://checkmarx.atlassian.net/wiki/spaces/KC/overview
- docker: appsecpipeline/base:1.0
+ docker: "appsecpipeline/base-tools:1.0"
parameters:
LOC:
type: runtime
diff --git a/dockers/base/dockerfile-base-tools b/dockers/base/dockerfile-base-tools
index 20847c565b3bbae3d886c07312746367504e21b9..2e0e134dbd2c49df48c7d62ec86d756c4af1a205 100644
--- a/dockers/base/dockerfile-base-tools
+++ b/dockers/base/dockerfile-base-tools
@@ -63,6 +63,9 @@ ARG SSLLAB=1.4.0
RUN wget -qO- https://github.com/ssllabs/ssllabs-scan/releases/download/v${SSLLAB}/ssllabs-scan_${SSLLAB}-linux64.tgz | tar xvz -C /usr/bin --strip-components=1
+########## Checkmarx Install ##########
+RUN pip install -r /usr/bin/appsecpipeline/tools/checkmarx/requirements.txt
+
########## Change to appsecpipeline user ##########
USER appsecpipeline
diff --git a/dockers/base/dockerfile-node b/dockers/base/dockerfile-node
index 50b1316ce1f104bfc82881216ed330ae462f15b4..5a667a5fe9af88512b86b1cda449bb286302f9c0 100644
--- a/dockers/base/dockerfile-node
+++ b/dockers/base/dockerfile-node
@@ -2,6 +2,8 @@ FROM node:9.4.0
# ASPTAG = appsecpipeline/node:1.0
+USER root
+
RUN apt-get update \
&& apt-get upgrade -y \
&& apt-get install -y \
@@ -11,6 +13,8 @@ RUN apt-get update \
python-pip \
python2.7 \
python2.7-dev \
+ && apt-get remove python-pip -y \
+ && easy_install pip \
&& usermod -u 2000 node \
&& groupmod -g 2000 node \
&& find / /proc -prune -group 1000 -exec chgrp -h node {} \; \
@@ -22,13 +26,16 @@ COPY dockers/base/setupdocker.sh /tmp
ENV PATH="/usr/bin/appsecpipeline/tools:${PATH}"
RUN sh /tmp/setupdocker.sh
RUN rm /tmp/setupdocker.sh
-
+
########## Retire.js Install ##########
RUN npm install -g retire
########## Install Synk Install ##########
RUN npm install -g snyk
+########## Change to appsecpipeline user ##########
+USER appsecpipeline
+
ENTRYPOINT ["launch.py"]
HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
diff --git a/dockers/base/dockerfile-ruby b/dockers/base/dockerfile-ruby
index f2dfa2d887c3e07a206d22b768d4c58a42c83f4b..521a6585f6d570be655662428566490867d37898 100644
--- a/dockers/base/dockerfile-ruby
+++ b/dockers/base/dockerfile-ruby
@@ -31,6 +31,9 @@ RUN gem install wpscan
#Update WPScanner DB
RUN wpscan --update
+########## Change to appsecpipeline user ##########
+USER appsecpipeline
+
ENTRYPOINT ["launch.py"]
HEALTHCHECK --interval=1m --retries=2 --timeout=5s CMD python /usr/bin/appsecpipeline/tools/health.py
diff --git a/tools/checkmarx/config.yaml b/tools/checkmarx/config.yaml
index e08eec8984b617d616d8b3ed1b2db84ddbef22b8..affa826268ffc80effccf924e0954d39e5a608ee 100644
--- a/tools/checkmarx/config.yaml
+++ b/tools/checkmarx/config.yaml
@@ -9,7 +9,7 @@ checkmarx:
description: "Checkmarx is a source code analysis product that allows organization to scan uncompiled code and identify vulnerabilities."
url: https://www.checkmarx.com/technology/static-code-analysis-sca/
documentation: https://checkmarx.atlassian.net/wiki/spaces/KC/overview
- docker: "appsecpipeline/base:1.0"
+ docker: "appsecpipeline/base-tools:1.0"
parameters:
LOC:
type: runtime
diff --git a/tools/git/config.yaml b/tools/git/config.yaml
index e938ff51b3ef42fff6cbc2cc67034153060eb620..c2cb23878d8f30448c20f4744cd02bfba11c7e0f 100644
--- a/tools/git/config.yaml
+++ b/tools/git/config.yaml
@@ -4,7 +4,7 @@ git:
- "Utility"
type: "utility"
description: "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency."
- docker: "appsecpipeline/base:1.0"
+ docker: "appsecpipeline/base:1.1"
url: https://git-scm.com/
documentation: https://git-scm.com/docs/git
parameters:
diff --git a/tools/launch.py b/tools/launch.py
index c9dadc27c4ee434fcf984fef0e851bddc93f4077..ed5689b0dbab8258f50f6f682b284c37453ef9c6 100644
--- a/tools/launch.py
+++ b/tools/launch.py
@@ -35,6 +35,7 @@ def getYamlConfig(toolName):
return yamlLoc
def getParameterAttribs(toolName, command, authFile, key):
+ toolYaml = None
with open(authFile, 'r') as stream:
try:
#Tool configuration
@@ -45,16 +46,16 @@ def getParameterAttribs(toolName, command, authFile, key):
if toolName in config:
#Set the object to the tool yaml section
- tool = config[toolName]
- toolParms = tool["parameters"]
- for parameter in toolParms:
- if parameter in command:
- command = command.replace("$" + parameter, f.decrypt(toolParms[parameter]["value"]))
+ toolYaml = config[toolName]
+ #toolParms = tool["parameters"]
+ #for parameter in toolParms:
+ # if parameter in command:
+ # command = command.replace("$" + parameter, f.decrypt(toolParms[parameter]["value"]))
except yaml.YAMLError as exc:
logging.warning(exc)
- return command
+ return toolYaml
#Allow for dynamic arguments to support a wide variety of tools
#Format URL=Value, YAML Definition for substitution $URL
@@ -267,20 +268,26 @@ def executeTool(toolName, profile_run, credentialedScan, test_mode, auth=None, k
return toolStatus
def webhook(url, tool, toolStatus, runeveryTool, runeveryToolStatus):
- logging.info("Launching webhook for URL: " + url)
- logging.info("Tool" + tool)
- logging.info("toolStatus" + str(toolStatus))
+ logging.info("Launching Webhook for URL: " + url)
method = "POST"
params = {}
+ if toolStatus == None:
+ toolStatus = 99 #Unknown error occured
+
params['tool'] = tool
params['toolStatus'] = toolStatus
if runeveryTool:
params['runeveryTool'] = runeveryTool
+ if runeveryToolStatus == None:
+ runeveryToolStatus = 99
params['runeveryToolStatus'] = runeveryToolStatus
+ logging.info("Tool" + tool)
+ logging.info("toolStatus" + str(toolStatus))
+
headers = {
'User-Agent': 'AppSecPipeline_Container_Tool',
'Content-Type': 'application/json',