feat(security): add security.txt to docker images (edgexfoundry#4407)

Signed-off-by: geraldzm <[email protected]> Signed-off-by: Gerald Zamora <[email protected]>
geraldzm · Mar 13, 2023 · 51ed33e · 51ed33e
1 parent a4ee942
commit 51ed33e
Show file tree

Hide file tree

Showing 14 changed files with 19 additions and 0 deletions.
diff --git a/cmd/core-command/Dockerfile b/cmd/core-command/Dockerfile
@@ -44,6 +44,7 @@ EXPOSE $APP_PORT
 
 WORKDIR /
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/core-command/core-command /
 COPY --from=builder /edgex-go/cmd/core-command/res/configuration.toml /res/configuration.toml
 

diff --git a/cmd/core-common-config-bootstrapper/Dockerfile b/cmd/core-common-config-bootstrapper/Dockerfile
@@ -41,6 +41,7 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 RUN apk add --update --no-cache dumb-init
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/core-common-config-bootstrapper/core-common-config-bootstrapper /
 COPY --from=builder /edgex-go/cmd/core-common-config-bootstrapper/res/configuration.yaml /res/configuration.yaml
 

diff --git a/cmd/core-data/Dockerfile b/cmd/core-data/Dockerfile
@@ -44,6 +44,7 @@ EXPOSE $APP_PORT
 
 RUN apk add --update --no-cache dumb-init
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/core-data/core-data /
 COPY --from=builder /edgex-go/cmd/core-data/res/configuration.toml /res/configuration.toml
 

diff --git a/cmd/core-metadata/Dockerfile b/cmd/core-metadata/Dockerfile
@@ -45,6 +45,7 @@ EXPOSE $APP_PORT
 
 WORKDIR /
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/core-metadata/core-metadata /
 COPY --from=builder /edgex-go/cmd/core-metadata/res/configuration.toml /res/configuration.toml
 COPY --from=builder /edgex-go/cmd/core-metadata/res/uom.toml /res/uom.toml

diff --git a/cmd/security-bootstrapper/Dockerfile b/cmd/security-bootstrapper/Dockerfile
@@ -51,6 +51,7 @@ COPY --from=builder /edgex-go/cmd/security-bootstrapper/entrypoint-scripts/ ${SE
 RUN chmod +x ${SECURITY_INIT_STAGING}/*.sh
 
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/security-bootstrapper/security-bootstrapper .
 COPY --from=builder /edgex-go/cmd/security-bootstrapper/res/configuration.toml ./res/
 

diff --git a/cmd/security-proxy-auth/Dockerfile b/cmd/security-proxy-auth/Dockerfile
@@ -40,6 +40,7 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 RUN apk add --update --no-cache dumb-init
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/security-proxy-auth/security-proxy-auth /
 COPY --from=builder /edgex-go/cmd/security-proxy-auth/res/configuration.toml /res/configuration.toml
 

diff --git a/cmd/security-proxy-setup/Dockerfile b/cmd/security-proxy-setup/Dockerfile
@@ -38,6 +38,8 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 WORKDIR /edgex
 
+COPY --from=builder /edgex-go/security.txt /
+
 # Note that secrets-config shares the same configuration file as security-proxy-setup
 # as we are splitting security-proxy-setup into two different utilities for ease-of-use.
 COPY --from=builder /edgex-go/cmd/secrets-config/res/configuration.toml res/configuration.toml

diff --git a/cmd/security-secretstore-setup/Dockerfile b/cmd/security-secretstore-setup/Dockerfile
@@ -39,6 +39,8 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 WORKDIR /
 
+COPY --from=builder /edgex-go/security.txt /
+
 COPY --from=builder /edgex-go/cmd/security-file-token-provider/res/token-config.json /res-file-token-provider/token-config.json
 COPY --from=builder /edgex-go/cmd/security-secretstore-setup/res-file-token-provider/configuration.toml  /res-file-token-provider/configuration.toml
 COPY --from=builder /edgex-go/cmd/security-secretstore-setup/res/configuration.toml /res/configuration.toml

diff --git a/cmd/security-spiffe-token-provider/Dockerfile b/cmd/security-spiffe-token-provider/Dockerfile
@@ -38,6 +38,7 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 RUN apk update && apk --no-cache --update add dumb-init curl gcompat
 
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/security-spiffe-token-provider/security-spiffe-token-provider /
 COPY --from=builder /edgex-go/cmd/security-spiffe-token-provider/res/configuration.toml /res/configuration.toml
 

diff --git a/cmd/security-spire-agent/Dockerfile b/cmd/security-spire-agent/Dockerfile
@@ -51,8 +51,11 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 RUN apk update && apk --no-cache --update add dumb-init openssl gcompat
 
+COPY --from=builder /edgex-go/security.txt /
+
 COPY --from=builder /usr/local/bin/spire-agent /usr/local/bin
 COPY --from=builder /usr/local/bin/spire-server /usr/local/bin
+
 COPY --from=builder /edgex-go/cmd/security-spire-agent/docker-entrypoint.sh /usr/local/bin/
 COPY --from=builder /edgex-go/cmd/security-spire-agent/agent.conf /usr/local/etc/spire/agent.conf.tpl
 COPY --from=builder /edgex-go/cmd/security-spire-agent/openssl.conf /usr/local/etc/

diff --git a/cmd/security-spire-config/Dockerfile b/cmd/security-spire-config/Dockerfile
@@ -51,6 +51,7 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 RUN apk update && apk --no-cache --update add dumb-init gcompat
 
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /usr/local/bin/spire-server /usr/local/bin
 COPY --from=builder /edgex-go/cmd/security-spire-config/docker-entrypoint.sh /usr/local/bin/
 

diff --git a/cmd/security-spire-server/Dockerfile b/cmd/security-spire-server/Dockerfile
@@ -51,6 +51,8 @@ LABEL license='SPDX-License-Identifier: Apache-2.0' \
 
 RUN apk update && apk --no-cache --update add dumb-init openssl gcompat
 
+COPY --from=builder /edgex-go/security.txt /
+
 COPY --from=builder /usr/local/bin/spire-server /usr/local/bin
 COPY --from=builder /edgex-go/cmd/security-spire-server/docker-entrypoint.sh /usr/local/bin/
 COPY --from=builder /edgex-go/cmd/security-spire-server/server.conf /usr/local/etc/spire/server.conf.tpl

diff --git a/cmd/support-notifications/Dockerfile b/cmd/support-notifications/Dockerfile
@@ -42,6 +42,7 @@ ENV APP_PORT=59860
 EXPOSE $APP_PORT
 
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/support-notifications/support-notifications /
 COPY --from=builder /edgex-go/cmd/support-notifications/res/configuration.toml /res/configuration.toml
 

diff --git a/cmd/support-scheduler/Dockerfile b/cmd/support-scheduler/Dockerfile
@@ -43,6 +43,7 @@ ENV APP_PORT=59861
 EXPOSE $APP_PORT
 
 COPY --from=builder /edgex-go/Attribution.txt /
+COPY --from=builder /edgex-go/security.txt /
 COPY --from=builder /edgex-go/cmd/support-scheduler/support-scheduler /
 COPY --from=builder /edgex-go/cmd/support-scheduler/res/configuration.toml /res/configuration.toml