refactor dependency-check

91ea0bfc · Jose Raul Barreras · da74e99b · 91ea0bfc · 91ea0bfc · 91ea0bfc
Commit 91ea0bfc authored 5 years ago by Jose Raul Barreras
--- a/README.md
+++ b/README.md
@@ -25,4 +25,4 @@ This file is automatically updated after execute `git commit` based on the conte
 - its-registry.unl.edu/unl-its/docker-ci/static-code-analysis:android
 - its-registry.unl.edu/unl-its/docker-ci/static-code-analysis:latest
 - its-registry.unl.edu/unl-its/docker-ci/static-code-analysis:php
- its-registry.unl.edu/unl-its/docker-ci/static-code-analysis:python \n    \n\n\r_Last update: Thu Sep 19 16:28:10 CDT 2019_\n
+- its-registry.unl.edu/unl-its/docker-ci/static-code-analysis:python \n    \n\n\r_Last update: Fri Sep 20 09:15:46 CDT 2019_\n
--- a/dependency-check/Dockerfile
+++ b/dependency-check/Dockerfile
@@ -17,7 +17,7 @@ ENV DEPENDENCY_CHECK_VERSION 5.2.1-release

 WORKDIR /opt

-RUN apk add --no-cache curl jq su-exec && \
+RUN apk add --no-cache curl jq su-exec bash && \
    curl --insecure -o ./dependency-check.zip -L https://dl.bintray.com/jeremy-long/owasp/dependency-check-${DEPENDENCY_CHECK_VERSION}.zip  && \
    unzip dependency-check.zip  && \
    rm dependency-check.zip && \
@@ -31,6 +31,6 @@ WORKDIR /work

 COPY docker-entrypoint.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker-entrypoint.sh
-ENTRYPOINT ["docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]

-CMD ["/bin/sh"]
+CMD ["/bin/bash"]
--- a/dependency-check/docker-entrypoint.sh
+++ b/dependency-check/docker-entrypoint.sh
-#!/bin/sh
+#!/bin/bash
 set -e

-if [ "${1#-}" != "$1" ]; then
-  echo "OK"
-  set -- dependency-check "$@"
-fi
+USER_ID=${LOCAL_USER_ID:-9001}

-exec "$@"
+su-exec user "$@"


-#VERSION=0.1
-
-#echo ${VERSION}
-
-#if [ $1 == '-v' ]; then
-#  dependency-check.sh -v
-#  exit 0
-#fi
-
-#DEPENDENCY_CHECK_OUT_DIR=${DEPENDENCY_CHECK_OUT_DIR-"`pwd`/dependency-check-report/"}
-#SRC_DIR=${SRC_DIR-"./"}
-
-#mkdir -p ${DEPENDENCY_CHECK_OUT_DIR}
-#dependency-check.sh --format ALL -s ${SRC_DIR} --out ${DEPENDENCY_CHECK_OUT_DIR} --project ${CI_PROJECT_NAMESPACE} -n
-
-#cat ${DEPENDENCY_CHECK_OUT_DIR}/dependency-check-report.json | jq '.dependencies | .[] | select (.vulnerabilities) | [.fileName, .filePath, .vulnerabilities]' | sed -e "s/\"\/work\///g"
-#RESULT=`cat ${DEPENDENCY_CHECK_OUT_DIR}/dependency-check-report.json | jq '.dependencies | .[] | select (.vulnerabilities) | [.fileName, .filePath, .vulnerabilities] | length == 0' | sed -e "s/\"\/work\///g"`
-
-#if [ "${RESULT}" = "" ]; then
-#  exit 0
-#else
-#  exit 1
-#fi
--- a/dependency-check/entrypoint.sh
+++ b/dependency-check/entrypoint.sh
-#!/bin/sh
-set -e
-
-if [ $1 == '-v' ]; then
-	dependency-check.sh -v
-	exit 0
-fi
-
-DEPENDENCY_CHECK_OUT_DIR=${DEPENDENCY_CHECK_OUT_DIR-"`pwd`/dependency-check-report/"}
-
-mkdir -p ${DEPENDENCY_CHECK_OUT_DIR}
-dependency-check.sh --format ALL -s ./ --out ${DEPENDENCY_CHECK_OUT_DIR} --project ${CI_PROJECT_NAMESPACE} -n
-
-cat ${DEPENDENCY_CHECK_OUT_DIR}/dependency-check-report.json | jq '.dependencies | .[] | select (.vulnerabilities) | [.fileName, .filePath, .vulnerabilities]' | sed -e "s/\"\/work\///g"
-RESULT=`cat ${DEPENDENCY_CHECK_OUT_DIR}/dependency-check-report.json | jq '.dependencies | .[] | select (.vulnerabilities) | [.fileName, .filePath, .vulnerabilities] | length == 0' | sed -e "s/\"\/work\///g"`
-
-if [ "${RESULT}" = "" ]; then
-	exit 0
-else
-    exit 1
-fi