Merge pull request #7 from Conjur-Enterprise/kics

CNJR-6428: Clean up Kics warnings
cyberark · Nov 15, 2024 · 7ef9c3c · 7ef9c3c
2 parents 999efc4 + e8c8f92
commit 7ef9c3c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/build.sh b/build.sh
@@ -12,6 +12,12 @@ trap finish EXIT
 
 TAG=$(cat docker/tag)
 
+# When running in Jenkins, a VERSION file is automatically added to the repo root.
+# When running locally, add one here.
+if [ ! -f "$PWD/VERSION" ]; then
+  echo "0.0.0-dev" > "$PWD/VERSION"
+fi
+
 CIDFILE=$(mktemp -u)
 docker run -v "$PWD":/src:ro --cidfile="$CIDFILE" -e WRITE_ARTIFACTORY_USERNAME -e WRITE_ARTIFACTORY_PASSWORD -e WRITE_ARTIFACTORY_URL "$TAG"
 

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -2,7 +2,9 @@ FROM mcr.microsoft.com/dotnet/sdk:6.0
 
 ENV VERSION=""
 
-RUN apt-get update -y && apt-get install -y gnupg2 git osslsigncode
+RUN apt-get update -y && \
+    apt-get install --no-install-recommends -y gnupg2 git osslsigncode && \
+    apt-get clean
 
 RUN ln -s /src/docker/build.sh /
-CMD /build.sh
+CMD ["/build.sh"]
diff --git a/kics.config b/kics.config
@@ -0,0 +1,7 @@
+exclude-queries:
+  # The following queries are not necessary for our Dockerfile since it's only used in build & test processes.
+  - b03a748a-542d-44f4-bb86-9199ab4fd2d5 # Healthcheck Not Set.
+  - fd54f200-402c-4333-a5a4-36ef6709af2f # User not set.
+  # The following queries are related to using unpinned versions. We have decided to stick with "latest" versions for this project.
+  - 965a08d7-ef86-4f14-8792-4a3b2098937e # Apt Get Install Pin Version Not Defined
+  - f45ea400-6bbe-4501-9fc7-1c3d75c32067 # Image Version Using 'latest'