chore(cloud-native): sync assets to OCI images

[iromli]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #8678

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	14 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code changes cover various Dockerfiles for different components of the Janssen (Jans) project. The changes primarily focus on updating the versions of the Jans project source code, dependencies, and configuration settings across multiple components, including the Auth Server, Config API, Configurator, Persistence Loader, SCIM, FIDO2, and Keycloak Link server.

From an application security perspective, the key areas to review and consider are:

1. Dependency Management: Ensure that all updated dependencies, including libraries, frameworks, and base images, are from trusted sources and do not contain any known security vulnerabilities.

2. Configuration and Secrets Management: Review the environment variables and configurations to verify that sensitive information, such as credentials, API keys, and other secrets, are properly secured and not exposed in the Docker images.

3. Permissions and User Management: Ensure that the Docker images are running with the least amount of privileges required, using non-root users and appropriate file permissions.

4. Asset Synchronization: Verify the integrity and security of any assets (e.g., configuration files, schemas, templates) that are synchronized from external sources, such as Git repositories.

5. Logging and Monitoring: Ensure that the Docker images are properly configured for logging and monitoring, which can help detect and respond to any security-related issues.

6. Secure Configurations: Review the specific configurations for each component, such as the Jetty server settings, Prometheus integration, and Keycloak Link server, to ensure they are properly secured.

Overall, the code changes appear to be focused on maintaining the security and reliability of the Jans project components by updating dependencies, configurations, and other related aspects. However, it's essential to thoroughly review the changes and the resulting Docker images to identify and address any potential security vulnerabilities or misconfigurations.

Files Changed:

The code changes were made to the following files:

• docker-jans-auth-server/scripts/upgrade.py: Updates the dynamic configuration for the Jans Lock feature.
• docker-jans-all-in-one/Dockerfile: Updates the JANS_SOURCE_VERSION environment variable.
• docker-jans-auth-server/Dockerfile: Updates the build date and source version.
• docker-jans-casa/Dockerfile: Updates the CN_VERSION, CN_BUILD_DATE, and JANS_SOURCE_VERSION.
• docker-jans-config-api/scripts/upgrade.py: Adds a new configuration parameter and handles the renamed "jansModules" parameter.
• docker-jans-fido2/Dockerfile: Installs dependencies, sets secure configurations, and synchronizes external assets.
• docker-jans-certmanager/Dockerfile: Updates the build date and source version.
• docker-jans-config-api/Dockerfile: Updates the build date and source version.
• docker-jans-configurator/Dockerfile: Updates the CN_VERSION, CN_BUILD_DATE, and JANS_SOURCE_VERSION.
• docker-jans-kc-scheduler/Dockerfile: Updates the build date and source version.
• docker-jans-monolith/Dockerfile: Updates the JANS_SOURCE_VERSION.
• docker-jans-keycloak-link/Dockerfile: Updates the build date and source version.
• docker-jans-link/Dockerfile: Updates the build date and source version.
• docker-jans-saml/Dockerfile: Updates the CN_VERSION and CN_BUILD_DATE.
• docker-jans-persistence-loader/Dockerfile: Updates the JANS_SOURCE_VERSION and synchronizes assets.
• docker-jans-scim/Dockerfile: Updates the CN_VERSION, CN_BUILD_DATE, and JANS_SOURCE_VERSION.

Powered by DryRun Security