From 776cc6a43b7b85b7458b36156c385c413c7a15f0 Mon Sep 17 00:00:00 2001
From: Gerald Zamora <geraldzmt@gmail.com>
Date: Tue, 14 Mar 2023 10:58:03 -0600
Subject: [PATCH] feat(security): add security.txt to docker images (#4407)
 (#4440)

Signed-off-by: Gerald Zamora <gerald.zamora.morales@intel.com>
---
 cmd/core-command/Dockerfile                    | 1 +
 cmd/core-common-config-bootstrapper/Dockerfile | 1 +
 cmd/core-data/Dockerfile                       | 1 +
 cmd/core-metadata/Dockerfile                   | 1 +
 cmd/security-bootstrapper/Dockerfile           | 1 +
 cmd/security-proxy-auth/Dockerfile             | 1 +
 cmd/security-proxy-setup/Dockerfile            | 2 ++
 cmd/security-secretstore-setup/Dockerfile      | 2 ++
 cmd/security-spiffe-token-provider/Dockerfile  | 1 +
 cmd/security-spire-agent/Dockerfile            | 3 +++
 cmd/security-spire-config/Dockerfile           | 1 +
 cmd/security-spire-server/Dockerfile           | 2 ++
 cmd/support-notifications/Dockerfile           | 1 +
 cmd/support-scheduler/Dockerfile               | 1 +
 14 files changed, 19 insertions(+)

diff --git a/cmd/core-command/Dockerfile b/cmd/core-command/Dockerfile
index ea2dd6b6d5..b01588ad5e 100644
--- a/cmd/core-command/Dockerfile
+++ b/cmd/core-command/Dockerfile
@@ -44,6 +44,7 @@ EXPOSE $APP_PORT
 
 WORKDIR /
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/core-command/core-command /
 COPY --from=builder /edgex-go/cmd/core-command/res/configuration.toml /res/configuration.toml
 
diff --git a/cmd/core-common-config-bootstrapper/Dockerfile b/cmd/core-common-config-bootstrapper/Dockerfile
index 927819aefa..4dee517746 100644
--- a/cmd/core-common-config-bootstrapper/Dockerfile
+++ b/cmd/core-common-config-bootstrapper/Dockerfile
@@ -41,6 +41,7 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 RUN apk add --update --no-cache dumb-init
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/core-common-config-bootstrapper/core-common-config-bootstrapper /
 COPY --from=builder /edgex-go/cmd/core-common-config-bootstrapper/res/configuration.yaml /res/configuration.yaml
 
diff --git a/cmd/core-data/Dockerfile b/cmd/core-data/Dockerfile
index c52288c6b2..35faf4d6f5 100644
--- a/cmd/core-data/Dockerfile
+++ b/cmd/core-data/Dockerfile
@@ -44,6 +44,7 @@ EXPOSE $APP_PORT
 
 RUN apk add --update --no-cache dumb-init
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/core-data/core-data /
 COPY --from=builder /edgex-go/cmd/core-data/res/configuration.toml /res/configuration.toml
 
diff --git a/cmd/core-metadata/Dockerfile b/cmd/core-metadata/Dockerfile
index 750dd2d1b8..b39e1fe6fa 100644
--- a/cmd/core-metadata/Dockerfile
+++ b/cmd/core-metadata/Dockerfile
@@ -45,6 +45,7 @@ EXPOSE $APP_PORT
 
 WORKDIR /
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/core-metadata/core-metadata /
 COPY --from=builder /edgex-go/cmd/core-metadata/res/configuration.toml /res/configuration.toml
 COPY --from=builder /edgex-go/cmd/core-metadata/res/uom.toml /res/uom.toml
diff --git a/cmd/security-bootstrapper/Dockerfile b/cmd/security-bootstrapper/Dockerfile
index 4d5b77f40c..1d350cd6ce 100644
--- a/cmd/security-bootstrapper/Dockerfile
+++ b/cmd/security-bootstrapper/Dockerfile
@@ -51,6 +51,7 @@ COPY --from=builder /edgex-go/cmd/security-bootstrapper/entrypoint-scripts/ ${SE
 RUN chmod +x ${SECURITY_INIT_STAGING}/*.sh
 
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/security-bootstrapper/security-bootstrapper .
 COPY --from=builder /edgex-go/cmd/security-bootstrapper/res/configuration.toml ./res/
 
diff --git a/cmd/security-proxy-auth/Dockerfile b/cmd/security-proxy-auth/Dockerfile
index 29d31ec990..52530fd6dd 100644
--- a/cmd/security-proxy-auth/Dockerfile
+++ b/cmd/security-proxy-auth/Dockerfile
@@ -40,6 +40,7 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 RUN apk add --update --no-cache dumb-init
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/security-proxy-auth/security-proxy-auth /
 COPY --from=builder /edgex-go/cmd/security-proxy-auth/res/configuration.toml /res/configuration.toml
 
diff --git a/cmd/security-proxy-setup/Dockerfile b/cmd/security-proxy-setup/Dockerfile
index c16eb13da4..b1a735297f 100644
--- a/cmd/security-proxy-setup/Dockerfile
+++ b/cmd/security-proxy-setup/Dockerfile
@@ -38,6 +38,8 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 WORKDIR /edgex
 
+COPY --from=builder /edgex-go/security.txt /
+
 # Note that secrets-config shares the same configuration file as security-proxy-setup
 # as we are splitting security-proxy-setup into two different utilities for ease-of-use.
 COPY --from=builder /edgex-go/cmd/secrets-config/res/configuration.toml res/configuration.toml
diff --git a/cmd/security-secretstore-setup/Dockerfile b/cmd/security-secretstore-setup/Dockerfile
index 13f75a0865..51be402acb 100644
--- a/cmd/security-secretstore-setup/Dockerfile
+++ b/cmd/security-secretstore-setup/Dockerfile
@@ -39,6 +39,8 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 WORKDIR /
 
+COPY --from=builder /edgex-go/security.txt /
+
 COPY --from=builder /edgex-go/cmd/security-file-token-provider/res/token-config.json /res-file-token-provider/token-config.json
 COPY --from=builder /edgex-go/cmd/security-secretstore-setup/res-file-token-provider/configuration.toml  /res-file-token-provider/configuration.toml
 COPY --from=builder /edgex-go/cmd/security-secretstore-setup/res/configuration.toml /res/configuration.toml
diff --git a/cmd/security-spiffe-token-provider/Dockerfile b/cmd/security-spiffe-token-provider/Dockerfile
index 264ffb3e80..f92d97b8fa 100644
--- a/cmd/security-spiffe-token-provider/Dockerfile
+++ b/cmd/security-spiffe-token-provider/Dockerfile
@@ -38,6 +38,7 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 RUN apk update && apk --no-cache --update add dumb-init curl gcompat
 
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/security-spiffe-token-provider/security-spiffe-token-provider /
 COPY --from=builder /edgex-go/cmd/security-spiffe-token-provider/res/configuration.toml /res/configuration.toml
 
diff --git a/cmd/security-spire-agent/Dockerfile b/cmd/security-spire-agent/Dockerfile
index 5d38fd1618..2a68e6b803 100644
--- a/cmd/security-spire-agent/Dockerfile
+++ b/cmd/security-spire-agent/Dockerfile
@@ -53,8 +53,11 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 RUN apk update && apk --no-cache --update add dumb-init openssl gcompat
 
+COPY --from=builder /edgex-go/security.txt /
+
 COPY --from=builder /usr/local/bin/spire-agent /usr/local/bin
 COPY --from=builder /usr/local/bin/spire-server /usr/local/bin
+
 COPY --from=builder /edgex-go/cmd/security-spire-agent/docker-entrypoint.sh /usr/local/bin/
 COPY --from=builder /edgex-go/cmd/security-spire-agent/agent.conf /usr/local/etc/spire/agent.conf.tpl
 COPY --from=builder /edgex-go/cmd/security-spire-agent/openssl.conf /usr/local/etc/
diff --git a/cmd/security-spire-config/Dockerfile b/cmd/security-spire-config/Dockerfile
index 9f8d70fa5e..bd53b1f789 100644
--- a/cmd/security-spire-config/Dockerfile
+++ b/cmd/security-spire-config/Dockerfile
@@ -53,6 +53,7 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 RUN apk update && apk --no-cache --update add dumb-init gcompat
 
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /usr/local/bin/spire-server /usr/local/bin
 COPY --from=builder /edgex-go/cmd/security-spire-config/docker-entrypoint.sh /usr/local/bin/
 
diff --git a/cmd/security-spire-server/Dockerfile b/cmd/security-spire-server/Dockerfile
index 846f2a6a3c..9c7926e6b4 100644
--- a/cmd/security-spire-server/Dockerfile
+++ b/cmd/security-spire-server/Dockerfile
@@ -53,6 +53,8 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 RUN apk update && apk --no-cache --update add dumb-init openssl gcompat
 
+COPY --from=builder /edgex-go/security.txt /
+
 COPY --from=builder /usr/local/bin/spire-server /usr/local/bin
 COPY --from=builder /edgex-go/cmd/security-spire-server/docker-entrypoint.sh /usr/local/bin/
 COPY --from=builder /edgex-go/cmd/security-spire-server/server.conf /usr/local/etc/spire/server.conf.tpl
diff --git a/cmd/support-notifications/Dockerfile b/cmd/support-notifications/Dockerfile
index ea720f0a3f..c243f07b1f 100644
--- a/cmd/support-notifications/Dockerfile
+++ b/cmd/support-notifications/Dockerfile
@@ -42,6 +42,7 @@ ENV APP_PORT=59860
 EXPOSE $APP_PORT
 
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/support-notifications/support-notifications /
 COPY --from=builder /edgex-go/cmd/support-notifications/res/configuration.toml /res/configuration.toml
 
diff --git a/cmd/support-scheduler/Dockerfile b/cmd/support-scheduler/Dockerfile
index 65f5e89948..dbd08f37a2 100644
--- a/cmd/support-scheduler/Dockerfile
+++ b/cmd/support-scheduler/Dockerfile
@@ -43,6 +43,7 @@ ENV APP_PORT=59861
 EXPOSE $APP_PORT
 
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/support-scheduler/support-scheduler /
 COPY --from=builder /edgex-go/cmd/support-scheduler/res/configuration.toml /res/configuration.toml