Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(cloud-native): sync assets to OCI images #8834

Merged
merged 7 commits into from
Jul 3, 2024

Merge branch 'main' into cn-sync-images

9d57e22
Select commit
Loading
Failed to load commit list.
Merged

chore(cloud-native): sync assets to OCI images #8834

Merge branch 'main' into cn-sync-images
9d57e22
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Sensitive Files Analyzer succeeded Jul 2, 2024 in 1s

DryRun Security

Details

Sensitive Files Analyzer Findings: 12 detected

⚠️ Potential Sensitive File docker-jans-all-in-one/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-all-in-one/Dockerfile
CodeLink

jans/docker-jans-all-in-one/Dockerfile

Lines 58 to 64 in 9d57e22

# Assets sync
# ===========
ENV JANS_SOURCE_VERSION=51101e4c65f838853f6bbc9c3f50961bacad6f7f
# note that as we're pulling from a monorepo (with multiple project in it)
# we are using partial-clone and sparse-checkout to get the assets
⚠️ Potential Sensitive File docker-jans-auth-server/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-auth-server/Dockerfile
CodeLink

jans/docker-jans-auth-server/Dockerfile

Lines 51 to 57 in 9d57e22

# ===========
ENV CN_VERSION=1.1.3-SNAPSHOT
ENV CN_BUILD_DATE='2024-06-28 08:33'
ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war
⚠️ Potential Sensitive File docker-jans-casa/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-casa/Dockerfile
CodeLink

jans/docker-jans-casa/Dockerfile

Lines 56 to 62 in 9d57e22

# Assets sync
# ===========
ENV JANS_SOURCE_VERSION=51101e4c65f838853f6bbc9c3f50961bacad6f7f
ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
ARG JANS_CASA_EXTRAS_DIR=jans-casa/extras
⚠️ Potential Sensitive File docker-jans-certmanager/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-certmanager/Dockerfile
CodeLink

jans/docker-jans-certmanager/Dockerfile

Lines 25 to 31 in 9d57e22

# Assets sync
# ===========
ENV JANS_SOURCE_VERSION=51101e4c65f838853f6bbc9c3f50961bacad6f7f
# note that as we're pulling from a monorepo (with multiple project in it)
# we are using partial-clone and sparse-checkout to get the assets
⚠️ Potential Sensitive File docker-jans-config-api/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-config-api/Dockerfile
CodeLink

jans/docker-jans-config-api/Dockerfile

Lines 78 to 84 in 9d57e22

# Assets sync
# ===========
ENV JANS_SOURCE_VERSION=51101e4c65f838853f6bbc9c3f50961bacad6f7f
ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources
⚠️ Potential Sensitive File docker-jans-configurator/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-configurator/Dockerfile
CodeLink

jans/docker-jans-configurator/Dockerfile

Lines 27 to 33 in 9d57e22

# Assets sync
# ===========
ENV JANS_SOURCE_VERSION=51101e4c65f838853f6bbc9c3f50961bacad6f7f
RUN git clone --depth 500 --filter blob:none --no-checkout https://github.com/janssenproject/jans /tmp/jans \
&& cd /tmp/jans \
⚠️ Potential Sensitive File docker-jans-fido2/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-fido2/Dockerfile
CodeLink

jans/docker-jans-fido2/Dockerfile

Lines 61 to 67 in 9d57e22

# Assets sync
# ===========
ENV JANS_SOURCE_VERSION=51101e4c65f838853f6bbc9c3f50961bacad6f7f
ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
# note that as we're pulling from a monorepo (with multiple project in it)
⚠️ Potential Sensitive File docker-jans-kc-scheduler/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-kc-scheduler/Dockerfile
CodeLink

jans/docker-jans-kc-scheduler/Dockerfile

Lines 38 to 44 in 9d57e22

# Assets sync
# ===========
ENV JANS_SOURCE_VERSION=51101e4c65f838853f6bbc9c3f50961bacad6f7f
# note that as we're pulling from a monorepo (with multiple project in it)
# we are using partial-clone and sparse-checkout to get the assets
⚠️ Potential Sensitive File docker-jans-keycloak-link/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-keycloak-link/Dockerfile
CodeLink

jans/docker-jans-keycloak-link/Dockerfile

Lines 61 to 67 in 9d57e22

# Assets sync
# ===========
ENV JANS_SOURCE_VERSION=51101e4c65f838853f6bbc9c3f50961bacad6f7f
ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
# note that as we're pulling from a monorepo (with multiple project in it)
⚠️ Potential Sensitive File docker-jans-link/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-link/Dockerfile
CodeLink

jans/docker-jans-link/Dockerfile

Lines 61 to 67 in 9d57e22

# Assets sync
# ===========
ENV JANS_SOURCE_VERSION=51101e4c65f838853f6bbc9c3f50961bacad6f7f
ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
# note that as we're pulling from a monorepo (with multiple project in it)
⚠️ Potential Sensitive File docker-jans-persistence-loader/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-persistence-loader/Dockerfile
CodeLink

jans/docker-jans-persistence-loader/Dockerfile

Lines 16 to 22 in 9d57e22

# ===========
# janssenproject/jans SHA commit
ENV JANS_SOURCE_VERSION=51101e4c65f838853f6bbc9c3f50961bacad6f7f
ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
ARG JANS_SCRIPT_CATALOG_DIR=docs/script-catalog
ARG JANS_CONFIG_API_RESOURCES=jans-config-api/server/src/main/resources
⚠️ Potential Sensitive File docker-jans-saml/Dockerfile (click for details)
Type Potential Sensitive File
Description Dockerfile changes can introduce security issues such as insecure base images, insecure file permissions, untrusted packages, etc.
Filename docker-jans-saml/Dockerfile
CodeLink

jans/docker-jans-saml/Dockerfile

Lines 24 to 41 in 9d57e22

# ==============
ENV CN_VERSION=1.1.3-SNAPSHOT
ENV CN_BUILD_DATE='2024-06-26 09:02'
RUN wget -q https://jenkins.jans.io/maven/io/jans/kc-jans-spi/${CN_VERSION}/kc-jans-spi-${CN_VERSION}.jar -P /opt/keycloak/providers \
&& wget -q https://jenkins.jans.io/maven/io/jans/kc-jans-spi/${CN_VERSION}/kc-jans-spi-${CN_VERSION}-deps.zip -O /tmp/kc-jans-spi.zip \
&& unzip /tmp/kc-jans-spi.zip -d /opt/keycloak/providers \
&& rm -rf /tmp/kc-jans-spi.zip
# ===========
# Assets sync
# ===========
ENV JANS_SOURCE_VERSION=51101e4c65f838853f6bbc9c3f50961bacad6f7f
ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
# note that as we're pulling from a monorepo (with multiple project in it)
View more details on DryRunSecurity