Skip to content

Commit

Permalink
dotnet framework deep improvements (#1572)
Browse files Browse the repository at this point in the history 
* Adds dosai full binary to all dotnet 6-8 images

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Update nuget version in debian dotnet6 image. Improves troubleshooting messages for dotnet.

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Update nuget version in debian dotnet6 image. Improves troubleshooting messages for dotnet.

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

* Improve messages.

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>

---------

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
  • Loading branch information
@prabhu
prabhu authored Jan 16, 2025
1 parent a1025e6 commit 3657f5c
Show file tree
Hide file tree
Showing 21 changed files with 231 additions and 123 deletions.
11 changes: 6 additions & 5 deletions .github/workflows/build-base-images.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ jobs:
labels: ${{ steps.meta-bci-lang.outputs.labels }}

sle-dotnet-image:
if: github.repository == 'CycloneDX/cdxgen'
if: false
runs-on: ubuntu-latest
permissions:
contents: read
Expand All @@ -83,19 +83,20 @@ jobs:
with:
images: |
ghcr.io/cyclonedx/bci-dotnet
ghcr.io/cyclonedx/bci-dotnet6
- name: Build and push Docker images
uses: docker/build-push-action@v5
with:
context: .
file: ci/base-images/sle/Dockerfile.dotnet6
platforms: linux/amd64,linux/arm64
platforms: linux/amd64
push: true
tags: ${{ steps.meta-bci-dotnet.outputs.tags }}
labels: ${{ steps.meta-bci-dotnet.outputs.labels }}

cdxgen-dotnet-image:
if: github.repository == 'CycloneDX/cdxgen'
if: false
runs-on: ubuntu-latest
needs: sle-dotnet-image
permissions:
Expand Down Expand Up @@ -129,7 +130,7 @@ jobs:
with:
context: .
file: ci/base-images/cdxgen/Dockerfile.dotnet6
platforms: linux/amd64,linux/arm64
platforms: linux/amd64
push: true
tags: ghcr.io/cyclonedx/cdxgen-dotnet:v11,ghcr.io/cyclonedx/cdxgen-dotnet6:v11
labels: ${{ steps.meta-cdxgen-dotnet.outputs.labels }}
Expand All @@ -140,7 +141,7 @@ jobs:
with:
context: .
file: ci/base-images/cdxgen/Dockerfile.dotnet6
platforms: linux/amd64,linux/arm64
platforms: linux/amd64
push: true
tags: ${{ steps.meta-cdxgen-dotnet.outputs.tags }}
labels: ${{ steps.meta-cdxgen-dotnet.outputs.labels }}
Expand Down
58 changes: 26 additions & 32 deletions ci/base-images/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,30 +6,30 @@ Custom language specific base images contributed by AppThreat from this [repo](h

Below table summarizes all available container image versions. These images include additional language-specific build tools and development libraries to enable automatic restore and build operations.

| Language | Version | Container Image Tags | Comments |
| -------- | ------------------------ | --------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
| Java | 23 | ghcr.io/cyclonedx/cdxgen:master | Default all-in-one container image with all the latest and greatest tools with Node 23 runtime. |
| Java | 23 | ghcr.io/cyclonedx/cdxgen-deno:master | Default all-in-one container image with all the latest and greatest tools with deno runtime. |
| Java | 11 | ghcr.io/cyclonedx/cdxgen-java11-slim:v11, ghcr.io/cyclonedx/cdxgen-java11:v11 | Java 11 version with and without Android 33 SDK. |
| Java | 17 | ghcr.io/cyclonedx/cdxgen-java17-slim:v11, ghcr.io/cyclonedx/cdxgen-java17:v11 | Java 17 version with and without Android 34 SDK. |
| Dotnet | .Net Framework 4.6 - 4.8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net Framework. --deep mode unsupported. |
| Dotnet | .Net Core 3.1 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net Core 3.1. --deep mode unsupported. |
| Dotnet | .Net 6 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11, ghcr.io/cyclonedx/cdxgen-dotnet6:v11 | .Net 6. --deep mode unsupported. |
| Dotnet | .Net 7 | ghcr.io/cyclonedx/cdxgen-dotnet7:v11 | .Net 7. --deep mode unsupported. |
| Dotnet | .Net 8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11, ghcr.io/cyclonedx/cdxgen-dotnet8:v11 | .Net 8. --deep mode unsupported. |
| Dotnet | .Net 9 | ghcr.io/cyclonedx/cdxgen-debian-dotnet9:v11, ghcr.io/cyclonedx/cdxgen-dotnet9:v11 | .Net 9 |
| Python | 3.6 | ghcr.io/cyclonedx/cdxgen-python36:v11 | No dependency tree |
| Python | 3.9 | ghcr.io/cyclonedx/cdxgen-python39:v11 | |
| Python | 3.10 | ghcr.io/cyclonedx/cdxgen-python310:v11 | |
| Python | 3.11 | ghcr.io/cyclonedx/cdxgen-python311:v11 | |
| Python | 3.12 | ghcr.io/cyclonedx/cdxgen-python312:v11 | |
| Node.js | 20 | ghcr.io/cyclonedx/cdxgen-node20:v11 | Use `--platform=linux/amd64` in case of `npm install` errors. |
| Node.js | 23 | ghcr.io/cyclonedx/cdxgen:master | Supports automatic node installation. Example: Pass `-t node20` to install node 20. |
| Ruby | 3.3.6 | ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11 | Supports automatic Ruby installation for 3.3.x. Example: Pass `-t ruby3.3.1` to install Ruby 3.3.1. |
| Ruby | 3.4.1 | ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11 | Supports automatic Ruby installation for 3.4.x. Example: Pass `-t ruby3.4.0` to install Ruby 3.4.0. |
| Ruby | 2.5.0 | ghcr.io/cyclonedx/cdxgen-ruby25:v11 | Supports automatic Ruby installation for 2.5.x. Example: Pass `-t ruby2.5.1` to install Ruby 2.5.1. |
| Ruby | 2.6.10 | ghcr.io/cyclonedx/cdxgen-debian-ruby26:v11 | Supports automatic Ruby installation for 2.6.x. Example: Pass `-t ruby2.6.1` to install Ruby 2.6.1. |
| Ruby | 1.8.x | ghcr.io/cyclonedx/debian-ruby18:master | Base image for `bundle install` only. No cdxgen equivalent with Ruby 1.8.x. `--deep` mode and research profile unsupported. |
| Language | Version | Container Image Tags | Comments |
| -------- | ---------------------------- | --------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
| Java | 23 | ghcr.io/cyclonedx/cdxgen:master | Default all-in-one container image with all the latest and greatest tools with Node 23 runtime. |
| Java | 23 | ghcr.io/cyclonedx/cdxgen-deno:master | Default all-in-one container image with all the latest and greatest tools with deno runtime. |
| Java | 11 | ghcr.io/cyclonedx/cdxgen-java11-slim:v11, ghcr.io/cyclonedx/cdxgen-java11:v11 | Java 11 version with and without Android 33 SDK. |
| Java | 17 | ghcr.io/cyclonedx/cdxgen-java17-slim:v11, ghcr.io/cyclonedx/cdxgen-java17:v11 | Java 17 version with and without Android 34 SDK. |
| Dotnet | .Net Framework 4.6 - 4.8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | .Net Framework |
| Dotnet | .Net Core 2.1, 3.1, .Net 5.0 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | Invoke with --platform=linux/amd64 for better compatibility. |
| Dotnet | .Net 6 | ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 | .Net 6 |
| Dotnet | .Net 7 | ghcr.io/cyclonedx/cdxgen-dotnet7:v11 | .Net 7 |
| Dotnet | .Net 8 | ghcr.io/cyclonedx/cdxgen-debian-dotnet8:v11, ghcr.io/cyclonedx/cdxgen-dotnet8:v11 | .Net 8 |
| Dotnet | .Net 9 | ghcr.io/cyclonedx/cdxgen-debian-dotnet9:v11, ghcr.io/cyclonedx/cdxgen-dotnet9:v11 | .Net 9 |
| Python | 3.6 | ghcr.io/cyclonedx/cdxgen-python36:v11 | No dependency tree |
| Python | 3.9 | ghcr.io/cyclonedx/cdxgen-python39:v11 | |
| Python | 3.10 | ghcr.io/cyclonedx/cdxgen-python310:v11 | |
| Python | 3.11 | ghcr.io/cyclonedx/cdxgen-python311:v11 | |
| Python | 3.12 | ghcr.io/cyclonedx/cdxgen-python312:v11 | |
| Node.js | 20 | ghcr.io/cyclonedx/cdxgen-node20:v11 | Use `--platform=linux/amd64` in case of `npm install` errors. |
| Node.js | 23 | ghcr.io/cyclonedx/cdxgen:master | Supports automatic node installation. Example: Pass `-t node20` to install node 20. |
| Ruby | 3.3.6 | ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11 | Supports automatic Ruby installation for 3.3.x. Example: Pass `-t ruby3.3.1` to install Ruby 3.3.1. |
| Ruby | 3.4.1 | ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11 | Supports automatic Ruby installation for 3.4.x. Example: Pass `-t ruby3.4.0` to install Ruby 3.4.0. |
| Ruby | 2.5.0 | ghcr.io/cyclonedx/cdxgen-ruby25:v11 | Supports automatic Ruby installation for 2.5.x. Example: Pass `-t ruby2.5.1` to install Ruby 2.5.1. |
| Ruby | 2.6.10 | ghcr.io/cyclonedx/cdxgen-debian-ruby26:v11 | Supports automatic Ruby installation for 2.6.x. Example: Pass `-t ruby2.6.1` to install Ruby 2.6.1. |
| Ruby | 1.8.x | ghcr.io/cyclonedx/debian-ruby18:master | Base image for `bundle install` only. No cdxgen equivalent with Ruby 1.8.x. `--deep` mode and research profile unsupported. |

Replace `:v11` with a release version tag or sha256 hash for fine-grained control over the image tag.

Expand Down Expand Up @@ -76,19 +76,13 @@ Example invocation:
A bundled version of [nuget](./nuget/) and mono is used to support .Net framework apps.

```shell
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet6:v11 -r /app -o /app/bom.json -t dotnet-framework
```

Dotnet 3.1 or Dotnet 6.0

```shell
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-dotnet6:v11 -r /app -o /app/bom.json -t dotnet
docker run --rm --platform=linux/amd64 -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 -r /app -o /app/bom.json -t dotnet
```

Dotnet 3.1 or Dotnet 6.0 (debian)

```shell
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 -r /app -o /app/bom.json -t dotnet
docker run --rm --platform=linux/amd64 -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-dotnet6:v11 -r /app -o /app/bom.json -t dotnet
```

Dotnet 7.0
Expand Down
23 changes: 21 additions & 2 deletions ci/base-images/cdxgen/Dockerfile.dotnet6
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,31 @@ LABEL maintainer="CycloneDX" \

ENV CDXGEN_IN_CONTAINER=true \
NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \
PYTHONPATH=/opt/pypi
PYTHONPATH=/opt/pypi \
DOSAI_CMD=/usr/local/bin/dosai
ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:/opt/cdxgen/node_modules/.bin:

COPY . /opt/cdxgen

RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \
RUN set -e; \
ARCH_NAME="$(rpm --eval '%{_arch}')"; \
url=; \
case "${ARCH_NAME##*-}" in \
'x86_64') \
DOSAI_ARCH_SUFFIX='-full'; \
;; \
'arm64') \
DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \
;; \
'aarch64') \
DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \
;; \
*) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \
esac \
&& cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \
&& curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai${DOSAI_ARCH_SUFFIX} -o /usr/local/bin/dosai \
&& chmod +x /usr/local/bin/dosai \
&& dosai --help \
&& mkdir -p /opt/cdxgen-node-cache \
&& node /opt/cdxgen/bin/cdxgen.js --help \
&& pip install --upgrade --no-cache-dir blint atom-tools --target /opt/pypi \
Expand Down
23 changes: 21 additions & 2 deletions ci/base-images/cdxgen/Dockerfile.dotnet7
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,31 @@ LABEL maintainer="CycloneDX" \

ENV CDXGEN_IN_CONTAINER=true \
NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \
PYTHONPATH=/opt/pypi
PYTHONPATH=/opt/pypi \
DOSAI_CMD=/usr/local/bin/dosai
ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:/opt/cdxgen/node_modules/.bin:

COPY . /opt/cdxgen

RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \
RUN set -e; \
ARCH_NAME="$(rpm --eval '%{_arch}')"; \
url=; \
case "${ARCH_NAME##*-}" in \
'x86_64') \
DOSAI_ARCH_SUFFIX='-full'; \
;; \
'arm64') \
DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \
;; \
'aarch64') \
DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \
;; \
*) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \
esac \
&& cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \
&& curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai${DOSAI_ARCH_SUFFIX} -o /usr/local/bin/dosai \
&& chmod +x /usr/local/bin/dosai \
&& dosai --help \
&& mkdir -p /opt/cdxgen-node-cache \
&& node /opt/cdxgen/bin/cdxgen.js --help \
&& pip install --upgrade --no-cache-dir blint atom-tools --target /opt/pypi \
Expand Down
23 changes: 21 additions & 2 deletions ci/base-images/cdxgen/Dockerfile.dotnet8
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,31 @@ LABEL maintainer="CycloneDX" \

ENV CDXGEN_IN_CONTAINER=true \
NODE_COMPILE_CACHE="/opt/cdxgen-node-cache" \
PYTHONPATH=/opt/pypi
PYTHONPATH=/opt/pypi \
DOSAI_CMD=/usr/local/bin/dosai
ENV PATH=${PATH}:/usr/local/bin:/opt/pypi/bin:/opt/cdxgen/node_modules/.bin:

COPY . /opt/cdxgen

RUN cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \
RUN set -e; \
ARCH_NAME="$(rpm --eval '%{_arch}')"; \
url=; \
case "${ARCH_NAME##*-}" in \
'x86_64') \
DOSAI_ARCH_SUFFIX='-full'; \
;; \
'arm64') \
DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \
;; \
'aarch64') \
DOSAI_ARCH_SUFFIX='-linux-arm64-full'; \
;; \
*) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \
esac \
&& cd /opt/cdxgen && corepack enable && corepack pnpm install --prod --package-import-method copy && corepack pnpm cache delete \
&& curl -L https://github.com/owasp-dep-scan/dosai/releases/latest/download/Dosai${DOSAI_ARCH_SUFFIX} -o /usr/local/bin/dosai \
&& chmod +x /usr/local/bin/dosai \
&& dosai --help \
&& mkdir -p /opt/cdxgen-node-cache \
&& node /opt/cdxgen/bin/cdxgen.js --help \
&& pip install --upgrade --no-cache-dir blint atom-tools --target /opt/pypi \
Expand Down
Loading

0 comments on commit 3657f5c

Please sign in to comment.