-
Notifications
You must be signed in to change notification settings - Fork 26
/
Dockerfile
125 lines (99 loc) · 3.78 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
FROM jenkins/jenkins:latest
USER root
RUN apt-get update \
&& apt-get -y upgrade
RUN apt-get -y install \
build-essential \
software-properties-common \
git vim \
python \
python-dev \
python3 \
python3-dev \
python-setuptools \
python-virtualenv \
python-pip \
net-tools \
gcc \
vim \
openssl \
libssl-dev \
make \
cmake \
autoconf \
mono-runtime \
mono-devel \
libcurl4-openssl-dev \
libffi6 \
libffi-dev \
ruby \
curl \
php-cli \
php-mbstring \
unzip
RUN curl -s https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
# https://jeremylong.github.io/DependencyCheck/analyzers/bundle-audit.html
&& gem install bundler-audit \
&& bundle-audit update
# Install ansible in the system's pips for jenkins
# and in the virtual env for python3
RUN mkdir -p -m 777 /opt/owasp \
&& pip install --upgrade pip \
&& pip install --upgrade setuptools \
&& pip install --upgrade cryptography>=2.1.4 \
&& pip install --upgrade ansible \
&& virtualenv -p python3 /opt/owasp/venv \
&& . /opt/owasp/venv/bin/activate \
&& pip install --upgrade pip \
&& pip install --upgrade setuptools \
&& pip install --upgrade cryptography>=2.1.4 \
&& pip install --upgrade ansible \
&& pip list
ENV PROJECT_NAME owasp
ENV LOG_DIR /opt/logs
ENV CONFIG_DIR /opt/logs
ENV DATA_DIR /opt/logs
ENV PATH="/opt/tools/apache-maven/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin:/sbin:/bin"
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
RUN mkdir -p -m 777 /opt/owasp /opt/shared /opt/logs /opt/data /opt/configs /opt/nvd /opt/depchecker /opt/jenkins /opt/certs /opt/reports /opt/scanthisdir
RUN /bin/echo "Installing Plugins"
COPY ./docker/data/jenkins/ref/plugins.txt /usr/share/jenkins/ref/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
WORKDIR /opt/owasp/ansible
COPY ./ansible /opt/owasp/ansible
RUN chmod 777 /opt/owasp/ansible \
&& ls -l /opt/owasp/ansible
RUN /bin/echo "Starting OWASP build"
# default user is jenkins with home dir in /var/jenkins_home
RUN /bin/echo 'PATH="/opt/tools/apache-maven/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin:/sbin:/bin"' >> /var/jenkins_home/.bashrc
RUN /bin/echo "Installing Maven using Ansible" \
&& . /opt/owasp/venv/bin/activate \
&& cd /opt/owasp/ansible \
&& ansible-playbook -i inventories/inventory_dev install-maven.yml -e install_maven=1 -vvvv
RUN /bin/echo "Installing NIST National Vulnerability Database and NVD Dependency Checker using Ansible and Maven" \
&& . /opt/owasp/venv/bin/activate \
&& cd /opt/owasp/ansible \
&& ansible-playbook -i inventories/inventory_dev install-tools.yml -e clone_depchecker=1 -e clone_nvd_dl=1 -vvvv
RUN /bin/echo "Downloading NIST National Vulnerability Database file" \
&& . /opt/owasp/venv/bin/activate \
&& cd /opt/owasp/ansible \
&& ansible-playbook -i inventories/inventory_dev download-nvd.yml -vvvv
RUN /bin/echo "Generating National Vulnerability H2 Database for increasing OWASP analysis performance" \
&& . /opt/owasp/venv/bin/activate \
&& cd /opt/owasp/ansible \
&& ansible-playbook -i inventories/inventory_dev run-owasp-analysis.yml -e rebuild_nvd=1 -e owasp_scan_dir="/opt/owasp/venv/bin" -vvvv
RUN /bin/echo "Installing ZAP community scripts in: /opt/zapscripts" \
&& git clone https://github.com/zaproxy/community-scripts.git /opt/zapscripts
RUN /bin/echo "Installing Certs"
COPY ./docker/bashrc /root/.bashrc
ADD docker/certs /opt/certs
RUN /bin/echo "Installing Python Utilities"
COPY owasp-jenkins-latest.tgz /opt/owasp
RUN cd /opt/owasp \
&& tar xvf owasp-jenkins-latest.tgz \
&& ls /opt/owasp
RUN cd /opt/owasp \
&& . /opt/owasp/venv/bin/activate \
&& pip install -e . \
&& pip list
ENTRYPOINT /opt/owasp/owasp_jenkins/scripts/start-container.sh