From ea0eea1e70516fcb796a42014f0646cee6c83a92 Mon Sep 17 00:00:00 2001 From: Troy Havelock Date: Fri, 2 Jun 2023 13:36:44 -0400 Subject: [PATCH 01/13] Adding k8s --- k8s-src/juice-shop-deploy.yaml | 24 +++++++++++++++++++++++ k8s-src/juice-shop-service.yaml | 34 +++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 k8s-src/juice-shop-deploy.yaml create mode 100644 k8s-src/juice-shop-service.yaml diff --git a/k8s-src/juice-shop-deploy.yaml b/k8s-src/juice-shop-deploy.yaml new file mode 100644 index 00000000000..e688060cd35 --- /dev/null +++ b/k8s-src/juice-shop-deploy.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: snyk-juice-shop + labels: + app: snyk-juice-shop +spec: + selector: + matchLabels: + app: snyk-juice-shop + replicas: 1 + template: + metadata: + labels: + app: snyk-juice-shop + spec: + containers: + - name: juice-shop + image: troysnyk/snyk-juice-shop:1.0.0 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 3000 + securityContext: + privileged: true diff --git a/k8s-src/juice-shop-service.yaml b/k8s-src/juice-shop-service.yaml new file mode 100644 index 00000000000..3146b0154e5 --- /dev/null +++ b/k8s-src/juice-shop-service.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: snyk-juice-shop + labels: + app: snyk-juice-shop +spec: + type: ClusterIP + ports: + - port: 1337 + targetPort: 3000 + protocol: TCP + selector: + app: snyk-juice-shop +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: juice-ingress + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + ingressClassName: juice-example + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: snyk-juice-shop + port: + number: 1337 \ No newline at end of file From 0e86c290bf5c1c8bed3e3f6722da43ae1f345e47 Mon Sep 17 00:00:00 2001 From: Troy Havelock Date: Tue, 29 Aug 2023 09:06:43 -0400 Subject: [PATCH 02/13] Updates to dockerfile and k8s config --- Dockerfile | 3 ++- k8s-src/juice-shop-deploy.yaml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 69c555827b1..e71504de871 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,7 @@ FROM node:18 as installer COPY . /juice-shop WORKDIR /juice-shop +RUN rm -rf node_modules RUN npm i -g typescript ts-node RUN npm install --omit=dev --unsafe-perm RUN npm dedupe @@ -15,7 +16,7 @@ RUN rm data/chatbot/botDefaultTrainingData.json || true RUN rm ftp/legal.md || true RUN rm i18n/*.json || true -FROM gcr.io/distroless/nodejs:18 +FROM node:18 ARG BUILD_DATE ARG VCS_REF LABEL maintainer="Bjoern Kimminich " \ diff --git a/k8s-src/juice-shop-deploy.yaml b/k8s-src/juice-shop-deploy.yaml index e688060cd35..49fb4dac6ae 100644 --- a/k8s-src/juice-shop-deploy.yaml +++ b/k8s-src/juice-shop-deploy.yaml @@ -17,7 +17,7 @@ spec: containers: - name: juice-shop image: troysnyk/snyk-juice-shop:1.0.0 - imagePullPolicy: IfNotPresent + imagePullPolicy: Always ports: - containerPort: 3000 securityContext: From df8f8989a077aaad8e46440a92c38094fb09747b Mon Sep 17 00:00:00 2001 From: thavelock <103456846+thavelock@users.noreply.github.com> Date: Wed, 27 Sep 2023 10:10:48 -0400 Subject: [PATCH 03/13] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 408174dd00d..285404c5fdd 100644 --- a/README.md +++ b/README.md @@ -325,3 +325,4 @@ OWASP Juice Shop and any contributions are Copyright © by Bjoern Kimminich & th 2014-2023. ![Juice Shop Logo](https://raw.githubusercontent.com/bkimminich/juice-shop/master/frontend/src/assets/public/images/JuiceShop_Logo_400px.png) + From 91bc1abc3216d87dd45f8888358e5b55836f98b6 Mon Sep 17 00:00:00 2001 From: Troy Havelock Date: Wed, 4 Oct 2023 11:29:02 -0400 Subject: [PATCH 04/13] Workflows clean up --- .github/CODEOWNERS | 3 +- .github/workflows/generate-sbom.yml | 26 ++++++ .github/workflows/lint-fixer.yml | 31 ------- .github/workflows/lock.yml | 22 ----- .github/workflows/rebase.yml | 26 ------ .github/workflows/release.yml | 92 --------------------- .github/workflows/stale.yml | 24 ------ .github/workflows/update-challenges-www.yml | 34 -------- .github/workflows/update-news-www.yml | 29 ------- .github/workflows/zap_scan.yml | 22 ----- k8s-src/juice-shop-deploy.yaml | 1 + 11 files changed, 28 insertions(+), 282 deletions(-) create mode 100644 .github/workflows/generate-sbom.yml delete mode 100644 .github/workflows/lint-fixer.yml delete mode 100644 .github/workflows/lock.yml delete mode 100644 .github/workflows/rebase.yml delete mode 100644 .github/workflows/release.yml delete mode 100644 .github/workflows/stale.yml delete mode 100644 .github/workflows/update-challenges-www.yml delete mode 100644 .github/workflows/update-news-www.yml delete mode 100644 .github/workflows/zap_scan.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index a27a89de4b5..78af42876b8 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1 @@ -/vagrant/ @wurstbrot -/test/cypress/ @ShubhamPalriwala +@thavelock \ No newline at end of file diff --git a/.github/workflows/generate-sbom.yml b/.github/workflows/generate-sbom.yml new file mode 100644 index 00000000000..6ea4a04afd9 --- /dev/null +++ b/.github/workflows/generate-sbom.yml @@ -0,0 +1,26 @@ +name: Snyk SBOM Generation + +on: + workflow_dispatch: + workflow_call: + +jobs: + security-open-source: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - name: Use Node.js + uses: actions/setup-node@v1 + with: + node-version: 18.4 + - uses: snyk/actions/setup@master + - name: Snyk SBOM Generate + run: snyk sbom --all-projects --exclude=build --format=cyclonedx1.4+json --json-file-output=sbom-cyclonedx.json # Exclude the 'build' directory + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + - name: 'Upload SBOM' + uses: actions/upload-artifact@v3 + with: + name: sbom-cyclonedx + path: sbom-cyclonedx.json + retention-days: 5 \ No newline at end of file diff --git a/.github/workflows/lint-fixer.yml b/.github/workflows/lint-fixer.yml deleted file mode 100644 index 04d7fe760a9..00000000000 --- a/.github/workflows/lint-fixer.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: "Let me lint:fix that for you" - -on: [push] - -jobs: - LMLFTFY: - runs-on: ubuntu-latest - steps: - - name: "Check out Git repository" - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f #v2: v2.3.4 available - - name: "Use Node.js 14" - uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e #v1: v2.x available - with: - node-version: 16 - - name: "Install CLI tools" - run: npm install -g @angular/cli - - name: "Install application" - run: | - npm install --ignore-scripts - cd frontend - npm install --ignore-scripts --legacy-peer-deps - - name: "Fix everything which can be fixed" - run: 'npm run lint:fix' - - uses: stefanzweifel/git-auto-commit-action@v4.0.0 - with: - commit_message: "Auto-fix linting issues" - branch: ${{ github.head_ref }} - commit_options: '--signoff' - commit_user_name: JuiceShopBot - commit_user_email: 61591748+JuiceShopBot@users.noreply.github.com - commit_author: JuiceShopBot <61591748+JuiceShopBot@users.noreply.github.com> \ No newline at end of file diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml deleted file mode 100644 index 9d10e79c2f7..00000000000 --- a/.github/workflows/lock.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: 'Lock Threads' - -on: - schedule: - - cron: '0 0 * * *' - -permissions: - issues: write - pull-requests: write - -jobs: - action: - runs-on: ubuntu-latest - steps: - - uses: dessant/lock-threads@f1a42f0f44eb83361d617a014663e1a76cf282d2 #note newer is available - with: - issue-lock-comment: > - This thread has been automatically locked because it has not had - recent activity after it was closed. :lock: Please open a new issue - for regressions or related bugs. - issue-lock-reason: '' - pr-lock-reason: '' \ No newline at end of file diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml deleted file mode 100644 index 06880289535..00000000000 --- a/.github/workflows/rebase.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Automatic Rebase - -on: - issue_comment: - types: [created] - -jobs: - rebase: - name: Rebase - if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - with: - fetch-depth: 0 - - name: Automatic Rebase - uses: cirrus-actions/rebase@1.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # https://github.community/t5/GitHub-Actions/Workflow-is-failing-if-no-job-can-be-ran-due-to-condition/m-p/38186#M3250 - always_job: - name: Always run job - runs-on: ubuntu-latest - steps: - - name: Always run - run: echo "This job is used to prevent the workflow to fail when all other jobs are skipped." \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 7e79dd9a7b6..00000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,92 +0,0 @@ -name: "Release Pipeline" -on: - push: - tags: - - v* -jobs: - package: - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-latest, windows-latest, macos-latest] - node-version: [16, 18, 20] - steps: - - name: "Check out Git repository" - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f #v2: v2.3.4 available - - name: "Use Node.js ${{ matrix.node-version }}" - uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e #v1: v2.x available - with: - node-version: ${{ matrix.node-version }} - - name: "Install CLI tools" - run: | - npm install -g @angular/cli - npm install -g grunt-cli - - name: "Set packaging options for Grunt" - run: | - if [ "$RUNNER_OS" == "Windows" ]; then - echo "PCKG_OS_NAME=win32" >> $GITHUB_ENV - elif [ "$RUNNER_OS" == "macOS" ]; then - echo "PCKG_OS_NAME=darwin" >> $GITHUB_ENV - else - echo "PCKG_OS_NAME=linux" >> $GITHUB_ENV - fi - echo "PCKG_CPU_ARCH=x64" >> $GITHUB_ENV - echo "PCKG_NODE_VERSION=${{ matrix.node-version }}" >> $GITHUB_ENV - shell: bash - - name: "Package application" - run: | - npm install --production - npm install -g grunt-cli - npm run package:ci - - name: 'Attach packaged archive to tag release' - uses: softprops/action-gh-release@v1 - with: - draft: true - files: dist/* - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - docker: - runs-on: ubuntu-latest - steps: - - name: "Check out Git repository" - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f #v2: v2.3.4 available - - name: "Set up QEMU" - uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 #v1: V1.2.0 available - - name: "Set up Docker Buildx" - uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 #v1 - - name: "Login to DockerHub" - uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 #v1.10 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: "Get tag name" - id: tag - uses: dawidd6/action-get-tag@v1 - - name: "Set labels for ${{ github.ref }}" - run: | - echo "VCS_REF=`git rev-parse --short HEAD`" >> $GITHUB_ENV - echo "BUILD_DATE=`date -u +”%Y-%m-%dT%H:%M:%SZ”`" >> $GITHUB_ENV - - name: "Build and push for AMD64 and ARM64 processors" - uses: docker/build-push-action@a66e35b9cbcf4ad0ea91ffcaf7bbad63ad9e0229 #note: newer is available - with: - context: . - file: ./Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: | - bkimminich/juice-shop:${{ steps.tag.outputs.tag }} - build-args: | - VCS_REF=${{ env.VCS_REF }} - BUILD_DATE=${{ env.BUILD_DATE }} - notify-slack: - if: always() - needs: - - package - - docker - runs-on: ubuntu-latest - steps: - - name: "Slack workflow notification" - uses: Gamesight/slack-workflow-status@master - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index 41e4ce06c26..00000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: 'Close stale issues and PR' -on: - schedule: - - cron: '30 1 * * *' - -jobs: - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@v6 - with: - stale-issue-message: > - This issue has been automatically marked as `stale` because it has not had - recent activity. :calendar: It will be _closed automatically_ in one week if no further activity occurs. - stale-pr-message: > - This PR has been automatically marked as `stale` because it has not had - recent activity. :calendar: It will be _closed automatically_ in two weeks if no further activity occurs. - close-issue-message: This issue was closed because it has been stalled for 7 days with no activity. - close-pr-message: This PR was closed because it has been stalled for 14 days with no activity. - days-before-stale: 14 - days-before-close: 7 - days-before-pr-close: 14 - exempt-issue-labels: 'critical,technical debt' - exempt-assignees: bkimminich diff --git a/.github/workflows/update-challenges-www.yml b/.github/workflows/update-challenges-www.yml deleted file mode 100644 index eb901c0ab1c..00000000000 --- a/.github/workflows/update-challenges-www.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: "Update challenges on owasp-juice.shop" - -on: - push: - branches: [ master ] - paths: - - 'data/static/challenges.yml' - -jobs: - UpdateChallengesOnWebsite: - if: github.repository == 'juice-shop/juice-shop' - runs-on: ubuntu-latest - steps: - - name: Check out Git repository - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f #v2: v2.3.4 available - with: - token: ${{ secrets.BOT_TOKEN }} - repository: OWASP/www-project-juice-shop - branch: master - - name: Update challenges.yml - run: | - cd _data/ - rm challenges.yml - wget https://raw.githubusercontent.com/juice-shop/juice-shop/master/data/static/challenges.yml - - uses: stefanzweifel/git-auto-commit-action@v4.0.0 - with: - commit_message: "Auto-update challenges.yml from ${{ github.sha }}" - branch: master - commit_options: '--signoff' - - # Optional commit user and author settings - commit_user_name: JuiceShopBot - commit_user_email: 61591748+JuiceShopBot@users.noreply.github.com - commit_author: JuiceShopBot <61591748+JuiceShopBot@users.noreply.github.com> diff --git a/.github/workflows/update-news-www.yml b/.github/workflows/update-news-www.yml deleted file mode 100644 index 37741cdfc14..00000000000 --- a/.github/workflows/update-news-www.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: "Update news on owasp-juice.shop" - -on: - release: - types: [ published ] - -jobs: - UpdateNewsOnWebsite: - runs-on: ubuntu-latest - steps: - - name: Check out Git repository - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f #v2: v2.3.4 available - with: - token: ${{ secrets.BOT_TOKEN }} - repository: OWASP/www-project-juice-shop - branch: master - - name: Update tab_news.md - run: | - sed -i 's//\n* ${{ github.event.release.published_at }}: juice-shop [`${{ github.event.release.tag_name }}`](https:\/\/github.com\/juice-shop\/juice-shop\/releases\/tag\/${{ github.event.release.tag_name }})/' tab_news.md - - uses: stefanzweifel/git-auto-commit-action@v4.0.0 - with: - commit_message: "Add juice-shop ${{ github.event.release.tag_name }} release notes to tab_news.md" - branch: master - commit_options: '--signoff' - - # Optional commit user and author settings - commit_user_name: JuiceShopBot - commit_user_email: 61591748+JuiceShopBot@users.noreply.github.com - commit_author: JuiceShopBot <61591748+JuiceShopBot@users.noreply.github.com> diff --git a/.github/workflows/zap_scan.yml b/.github/workflows/zap_scan.yml deleted file mode 100644 index a9c122c47c4..00000000000 --- a/.github/workflows/zap_scan.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: "ZAP Baseline Scan" - -on: - schedule: - - cron: '0 18 * * 6' - -jobs: - zap_scan: - runs-on: ubuntu-latest - name: Scan Juice Shop preview instance on Heroku - steps: - - name: Check out Git repository - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f #v2: v2.3.4 available - with: - ref: develop - - name: ZAP Scan - uses: zaproxy/action-baseline@v0.3.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - target: 'https://preview.owasp-juice.shop' - rules_file_name: '.zap/rules.tsv' - cmd_options: '-a -j' diff --git a/k8s-src/juice-shop-deploy.yaml b/k8s-src/juice-shop-deploy.yaml index 49fb4dac6ae..11ddaedced1 100644 --- a/k8s-src/juice-shop-deploy.yaml +++ b/k8s-src/juice-shop-deploy.yaml @@ -9,6 +9,7 @@ spec: matchLabels: app: snyk-juice-shop replicas: 1 + revisionHistoryLimit: 0 template: metadata: labels: From 6f2855ded28b61c94eee902a2e529f8473ea3bfd Mon Sep 17 00:00:00 2001 From: Troy Havelock Date: Wed, 4 Oct 2023 11:36:22 -0400 Subject: [PATCH 05/13] updates to actions --- .github/workflows/generate-sbom.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/generate-sbom.yml b/.github/workflows/generate-sbom.yml index 6ea4a04afd9..d1be18e9d63 100644 --- a/.github/workflows/generate-sbom.yml +++ b/.github/workflows/generate-sbom.yml @@ -5,19 +5,19 @@ on: workflow_call: jobs: - security-open-source: + sbom-open-source: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - name: Use Node.js - uses: actions/setup-node@v1 + uses: actions/setup-node@v3 with: node-version: 18.4 - uses: snyk/actions/setup@master - name: Snyk SBOM Generate run: snyk sbom --all-projects --exclude=build --format=cyclonedx1.4+json --json-file-output=sbom-cyclonedx.json # Exclude the 'build' directory env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }} - name: 'Upload SBOM' uses: actions/upload-artifact@v3 with: From 6423ca6cb8d43685629569b524e780dd15e13dca Mon Sep 17 00:00:00 2001 From: Troy Havelock Date: Wed, 4 Oct 2023 11:39:43 -0400 Subject: [PATCH 06/13] Updates to actions --- .github/workflows/generate-sbom.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/generate-sbom.yml b/.github/workflows/generate-sbom.yml index d1be18e9d63..31c4b325c09 100644 --- a/.github/workflows/generate-sbom.yml +++ b/.github/workflows/generate-sbom.yml @@ -17,7 +17,7 @@ jobs: - name: Snyk SBOM Generate run: snyk sbom --all-projects --exclude=build --format=cyclonedx1.4+json --json-file-output=sbom-cyclonedx.json # Exclude the 'build' directory env: - SNYK_TOKEN: ${{ secrets.SNYK_API_TOKEN }} + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - name: 'Upload SBOM' uses: actions/upload-artifact@v3 with: From 06edfcf2f0f6759dee7fad9cf48d634c76c0c2fa Mon Sep 17 00:00:00 2001 From: Troy Havelock Date: Wed, 4 Oct 2023 11:46:01 -0400 Subject: [PATCH 07/13] Updates to actions --- .github/workflows/generate-sbom.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/generate-sbom.yml b/.github/workflows/generate-sbom.yml index 31c4b325c09..94b070f3b55 100644 --- a/.github/workflows/generate-sbom.yml +++ b/.github/workflows/generate-sbom.yml @@ -13,6 +13,11 @@ jobs: uses: actions/setup-node@v3 with: node-version: 18.4 + cache: 'npm' + - run: | + npm install --ignore-scripts + cd frontend + npm install --ignore-scripts --legacy-peer-deps - uses: snyk/actions/setup@master - name: Snyk SBOM Generate run: snyk sbom --all-projects --exclude=build --format=cyclonedx1.4+json --json-file-output=sbom-cyclonedx.json # Exclude the 'build' directory From c3c169fa7f217018b889dc81fd55abc9f8396659 Mon Sep 17 00:00:00 2001 From: Troy Havelock Date: Wed, 4 Oct 2023 11:55:24 -0400 Subject: [PATCH 08/13] Updates to actions --- .github/workflows/generate-sbom.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/generate-sbom.yml b/.github/workflows/generate-sbom.yml index 94b070f3b55..d369b655419 100644 --- a/.github/workflows/generate-sbom.yml +++ b/.github/workflows/generate-sbom.yml @@ -10,11 +10,14 @@ jobs: steps: - uses: actions/checkout@master - name: Use Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v2 with: node-version: 18.4 cache: 'npm' - - run: | + - name: "Install CLI tools" + run: npm install -g @angular/cli@$ANGULAR_CLI_VERSION + - name: Install minimalistically + run: | npm install --ignore-scripts cd frontend npm install --ignore-scripts --legacy-peer-deps From ef40ced542e66e3e7759312b4f2f9846f6f8f4b7 Mon Sep 17 00:00:00 2001 From: Troy Havelock Date: Wed, 4 Oct 2023 11:58:25 -0400 Subject: [PATCH 09/13] Updates to actions --- .github/workflows/generate-sbom.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/generate-sbom.yml b/.github/workflows/generate-sbom.yml index d369b655419..dcf75fe0b33 100644 --- a/.github/workflows/generate-sbom.yml +++ b/.github/workflows/generate-sbom.yml @@ -10,10 +10,9 @@ jobs: steps: - uses: actions/checkout@master - name: Use Node.js - uses: actions/setup-node@v2 + uses: actions/setup-node@v1 with: node-version: 18.4 - cache: 'npm' - name: "Install CLI tools" run: npm install -g @angular/cli@$ANGULAR_CLI_VERSION - name: Install minimalistically From 0cfeb6b96cabe7842cbb8fd6f6f14581a104b8fe Mon Sep 17 00:00:00 2001 From: Troy Havelock Date: Wed, 4 Oct 2023 12:03:37 -0400 Subject: [PATCH 10/13] Updates to actions --- .github/workflows/generate-sbom.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/generate-sbom.yml b/.github/workflows/generate-sbom.yml index dcf75fe0b33..a3f57588e93 100644 --- a/.github/workflows/generate-sbom.yml +++ b/.github/workflows/generate-sbom.yml @@ -4,28 +4,38 @@ on: workflow_dispatch: workflow_call: +env: + ANGULAR_CLI_VERSION: 13 jobs: sbom-open-source: runs-on: ubuntu-latest steps: - - uses: actions/checkout@master + - name: Checkout Repo + uses: actions/checkout@master + - name: Use Node.js uses: actions/setup-node@v1 with: node-version: 18.4 + - name: "Install CLI tools" run: npm install -g @angular/cli@$ANGULAR_CLI_VERSION + - name: Install minimalistically run: | npm install --ignore-scripts cd frontend npm install --ignore-scripts --legacy-peer-deps - - uses: snyk/actions/setup@master + + - name: Setup Snyk + uses: snyk/actions/setup@master + - name: Snyk SBOM Generate run: snyk sbom --all-projects --exclude=build --format=cyclonedx1.4+json --json-file-output=sbom-cyclonedx.json # Exclude the 'build' directory env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - name: 'Upload SBOM' + + - name: Upload SBOM uses: actions/upload-artifact@v3 with: name: sbom-cyclonedx From 6d6ad05ffdf22c20d18ea53361694e3053d1db90 Mon Sep 17 00:00:00 2001 From: Troy Havelock Date: Mon, 23 Oct 2023 13:09:07 -0400 Subject: [PATCH 11/13] updates to Dockerfile --- Dockerfile | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index e71504de871..4e8c9da9f02 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,16 +19,9 @@ RUN rm i18n/*.json || true FROM node:18 ARG BUILD_DATE ARG VCS_REF -LABEL maintainer="Bjoern Kimminich " \ - org.opencontainers.image.title="OWASP Juice Shop" \ - org.opencontainers.image.description="Probably the most modern and sophisticated insecure web application" \ - org.opencontainers.image.authors="Bjoern Kimminich " \ - org.opencontainers.image.vendor="Open Web Application Security Project" \ - org.opencontainers.image.documentation="https://help.owasp-juice.shop" \ - org.opencontainers.image.licenses="MIT" \ - org.opencontainers.image.version="15.0.0" \ - org.opencontainers.image.url="https://owasp-juice.shop" \ - org.opencontainers.image.source="https://github.com/juice-shop/juice-shop" \ +LABEL org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.version="1.0.0" \ + org.opencontainers.image.source="https://github.com/somerset-inc/juice-shop-goof" \ org.opencontainers.image.revision=$VCS_REF \ org.opencontainers.image.created=$BUILD_DATE WORKDIR /juice-shop From a95c51a7cc4de66178fdcc19ff9be3cd67940d77 Mon Sep 17 00:00:00 2001 From: Troy Havelock Date: Mon, 23 Oct 2023 16:05:10 -0400 Subject: [PATCH 12/13] updates to Dockerfile --- Dockerfile | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4e8c9da9f02..119328e2f36 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,11 +19,10 @@ RUN rm i18n/*.json || true FROM node:18 ARG BUILD_DATE ARG VCS_REF -LABEL org.opencontainers.image.licenses="MIT" \ - org.opencontainers.image.version="1.0.0" \ - org.opencontainers.image.source="https://github.com/somerset-inc/juice-shop-goof" \ - org.opencontainers.image.revision=$VCS_REF \ - org.opencontainers.image.created=$BUILD_DATE +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.version="1.0.0" +LABEL org.opencontainers.image.source="https://github.com/somerset-inc/juice-shop-goof" +LABEL io.snyk.containers.image.dockerfile="/Dockerfile" WORKDIR /juice-shop COPY --from=installer --chown=65532:0 /juice-shop . USER 65532 From 109e6f9cc62c2718c8387348961239512a0a8289 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Nov 2023 19:26:47 +0000 Subject: [PATCH 13/13] fix: frontend/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 --- frontend/package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frontend/package.json b/frontend/package.json index eda32a4ccdb..66aff50dbd4 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -12,11 +12,11 @@ }, "private": true, "dependencies": { - "@angular-devkit/build-angular": "^15.0.4", + "@angular-devkit/build-angular": "^16.1.0", "@angular-material-extensions/password-strength": "^6.0.0", "@angular/animations": "^15.0.4", "@angular/cdk": "^14.0.4", - "@angular/cli": "^15.0.4", + "@angular/cli": "^17.0.0", "@angular/common": "^15.0.4", "@angular/compiler": "^15.0.4", "@angular/compiler-cli": "^15.0.4",