update messaging packages and package scanning

Signed-off-by: Neil South <neil.south@answerdigital.com>
Project-MONAI · Mar 13, 2024 · a8a0be6 · a8a0be6
1 parent 79eeb1b
commit a8a0be6
Show file tree

Hide file tree

Showing 32 changed files with 285 additions and 246 deletions.
diff --git a/.dockleignore b/.dockleignore
@@ -0,0 +1,17 @@
+# Copyright 2023 MONAI Consortium
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Checked and no actual secrets found in dockerfile, just some environment variables for compatibility
+CIS-DI-0010
+
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -433,13 +433,26 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
-      - name: Scan image with Azure Container Scan
-        env:
-          TRIVY_TIMEOUT_SEC: 360s
-        uses: Azure/container-scan@v0.1
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
         if: ${{ (matrix.os == 'ubuntu-latest') }}
         with:
-          image-name: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+          image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL'
+
+      - name: Run dockle scan
+        id: dockle-scan
+        uses: goodwithtech/dockle-action@main
+        if: ${{ (matrix.os == 'ubuntu-latest') }}
+        with:
+          image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+          format: 'list'
+          exit-code: '1'
+          exit-level: 'warn'
 
       - name: Anchore container scan
         id: anchore-scan
@@ -450,7 +463,7 @@ jobs:
           fail-build: true
           severity-cutoff: critical
 
-      - name: Upload Anchore scan SARIF report
+      - name: Upload scan SARIF report
         uses: github/codeql-action/upload-sarif@v2
         if: ${{ (matrix.os == 'ubuntu-latest') }}
         with:

diff --git a/Dockerfile b/Dockerfile
@@ -27,6 +27,7 @@ RUN dotnet publish -c Release -o out --nologo src/InformaticsGateway/Monai.Deplo
 
 # Build runtime image
 FROM mcr.microsoft.com/dotnet/aspnet:8.0-jammy
+RUN adduser --system --group --no-create-home appuser
 
 # Enable elastic client compatibility mode
 ENV ELASTIC_CLIENT_APIVERSIONING=true
@@ -35,13 +36,16 @@ ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get clean \
  && apt-get update \
  && apt-get install -y --no-install-recommends curl \
- && apt-get install -y libc6-dev=2.35-0ubuntu3.6                          # this is a workaround for Mongo encryption library
-RUN rm -rf /var/lib/apt/lists
+ && apt-get install -y libc6-dev=2.35-0ubuntu3.6 \
+ && rm -rf /var/lib/apt/lists                           # this is a workaround for Mongo encryption library
+
 
 
 
 WORKDIR /opt/monai/ig
 
+RUN chown -R appuser:appuser /opt/monai/ig
+
 COPY --from=build /app/out .
 COPY --from=build /tools /opt/dotnetcore-tools
 COPY LICENSE ./
@@ -58,4 +62,6 @@ HEALTHCHECK --interval=10s --retries=10 CMD curl --fail http://localhost:5000/he
 RUN ls -lR /opt/monai/ig
 ENV PATH="/opt/dotnetcore-tools:${PATH}"
 
+USER appuser
+
 ENTRYPOINT ["/opt/monai/ig/Monai.Deploy.InformaticsGateway"]
diff --git a/doc/dependency_decisions.yml b/doc/dependency_decisions.yml
@@ -584,6 +584,8 @@
   - :versions:
       - 8.0.0
       - 8.0.1
+      - 8.0.2
+      - 8.0.3
     :when: 2022-10-14T23:37:16.793Z
     :who: mocsharp
     :why: MIT (https://github.com/dotnet/runtime/raw/main/LICENSE.TXT)
@@ -660,14 +662,14 @@
 - - :approve
   - Monai.Deploy.Messaging
   - :versions:
-      - 2.0.0
+      - 2.0.2
     :when: 2023-10-13T18:06:21.511Z
     :who: neilsouth
     :why: Apache-2.0 (https://github.com/Project-MONAI/monai-deploy-messaging/raw/main/LICENSE)
 - - :approve
   - Monai.Deploy.Messaging.RabbitMQ
   - :versions:
-      - 2.0.0
+      - 2.0.2
     :when: 2023-10-13T18:06:21.511Z
     :who: neilsouth
     :why: Apache-2.0 (https://github.com/Project-MONAI/monai-deploy-messaging/raw/main/LICENSE)

diff --git a/src/Api/Monai.Deploy.InformaticsGateway.Api.csproj b/src/Api/Monai.Deploy.InformaticsGateway.Api.csproj
@@ -51,8 +51,8 @@
     <PackageReference Include="fo-dicom" Version="5.1.2" />
     <PackageReference Include="HL7-dotnetcore" Version="2.36.0" />
     <PackageReference Include="Macross.Json.Extensions" Version="3.0.0" />
-    <PackageReference Include="Monai.Deploy.Messaging" Version="2.0.0" />
-    <PackageReference Include="Monai.Deploy.Messaging.RabbitMQ" Version="2.0.0" />
+    <PackageReference Include="Monai.Deploy.Messaging" Version="2.0.2" />
+    <PackageReference Include="Monai.Deploy.Messaging.RabbitMQ" Version="2.0.2" />
     <PackageReference Include="Monai.Deploy.Storage" Version="1.0.0" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Abstractions" Version="8.0.0" />
   </ItemGroup>

diff --git a/src/Api/Test/packages.lock.json b/src/Api/Test/packages.lock.json
@@ -266,8 +266,8 @@
       },
       "Monai.Deploy.Messaging": {
         "type": "Transitive",
-        "resolved": "2.0.0",
-        "contentHash": "LcerCeHWDSB3Q1Vw0La9pYvXdNNDu4nGUie2bvVlL8lCkxbVNx+rtDorV5cA8KSKW9GZd/RD6SAsIzcjMXqP6Q==",
+        "resolved": "2.0.2",
+        "contentHash": "iQsD13BAnpbkv1xIVS4cRT2ZXjtcvHJFXlzvTaXjSEEtgGRR7f/IW/9smM2mZlPAyjmRdzk6hyye2vw6rl/tTw==",
         "dependencies": {
           "Ardalis.GuardClauses": "4.3.0",
           "Microsoft.Extensions.Diagnostics.HealthChecks": "8.0.0",
@@ -277,11 +277,11 @@
       },
       "Monai.Deploy.Messaging.RabbitMQ": {
         "type": "Transitive",
-        "resolved": "2.0.0",
-        "contentHash": "J5dXjOBqA59irTcFbfwxIQnLxUXGcMCA/cuk1+TJgscMeb2WTVks3esZmcs3pOY2OIBmOROvBl/6KaL9cYFPmg==",
+        "resolved": "2.0.2",
+        "contentHash": "nrMwCJloWpOpPJaYvKJzZIWb3B0B5+Ktz4SP2NApbmreiEI88m9Gab+Q6GuwNvFB+nrtJFDAl/gtdHwV251rcw==",
         "dependencies": {
-          "Monai.Deploy.Messaging": "2.0.0",
-          "Polly": "8.2.0",
+          "Monai.Deploy.Messaging": "2.0.2",
+          "Polly": "8.2.1",
           "RabbitMQ.Client": "6.8.1"
         }
       },
@@ -368,16 +368,16 @@
       },
       "Polly": {
         "type": "Transitive",
-        "resolved": "8.2.0",
-        "contentHash": "KZm8iG29y6Mse7YntYYJSf5fGWuhYLliWgZaG/8NcuXS4gN7SPdtPYpjCxQlHqxvMGubkWVrGp3MvUaI7SkyKA==",
+        "resolved": "8.2.1",
+        "contentHash": "tVHvP5Z0fNoZCE9mpKAsh0IaValwsTGPrqjlWqkWR/Gpl5jL05HWC/AVGSL+jkAqkl1Jn7uBUOArnRD+dK5PfQ==",
         "dependencies": {
-          "Polly.Core": "8.2.0"
+          "Polly.Core": "8.2.1"
         }
       },
       "Polly.Core": {
         "type": "Transitive",
-        "resolved": "8.2.0",
-        "contentHash": "gnKp3+mxGFmkFs4eHcD9aex0JOF8zS1Y18c2A5ckXXTVqbs6XLcDyLKgSa/mUFqAnH3mn9+uVIM0RhAec/d3kA=="
+        "resolved": "8.2.1",
+        "contentHash": "/Z3EspfWBdTla4I9IAcQn32/7kB5WS3rSnOYloz8YlVyClu8h7uuYf4pfUvffOYVbxmDX/mFRfxwzqW2Zs96ZA=="
       },
       "RabbitMQ.Client": {
         "type": "Transitive",
@@ -1326,8 +1326,8 @@
           "Macross.Json.Extensions": "[3.0.0, )",
           "Microsoft.EntityFrameworkCore.Abstractions": "[8.0.0, )",
           "Monai.Deploy.InformaticsGateway.Common": "[1.0.0, )",
-          "Monai.Deploy.Messaging": "[2.0.0, )",
-          "Monai.Deploy.Messaging.RabbitMQ": "[2.0.0, )",
+          "Monai.Deploy.Messaging": "[2.0.2, )",
+          "Monai.Deploy.Messaging.RabbitMQ": "[2.0.2, )",
           "Monai.Deploy.Storage": "[1.0.0, )",
           "fo-dicom": "[5.1.2, )"
         }

diff --git a/src/Api/packages.lock.json b/src/Api/packages.lock.json
@@ -41,15 +41,15 @@
       },
       "Microsoft.NET.ILLink.Tasks": {
         "type": "Direct",
-        "requested": "[8.0.1, )",
-        "resolved": "8.0.1",
-        "contentHash": "ADdJXuKNjwZDfBmybMnpvwd5CK3gp92WkWqqeQhW4W+q4MO3Qaa9QyW2DcFLAvCDMcCWxT5hRXqGdv13oon7nA=="
+        "requested": "[8.0.2, )",
+        "resolved": "8.0.2",
+        "contentHash": "hKTrehpfVzOhAz0mreaTAZgbz0DrMEbWq4n3hAo8Ks6WdxdqQhNPvzOqn9VygKuWf1bmxPdraqzTaXriO/sn0A=="
       },
       "Monai.Deploy.Messaging": {
         "type": "Direct",
-        "requested": "[2.0.0, )",
-        "resolved": "2.0.0",
-        "contentHash": "LcerCeHWDSB3Q1Vw0La9pYvXdNNDu4nGUie2bvVlL8lCkxbVNx+rtDorV5cA8KSKW9GZd/RD6SAsIzcjMXqP6Q==",
+        "requested": "[2.0.2, )",
+        "resolved": "2.0.2",
+        "contentHash": "iQsD13BAnpbkv1xIVS4cRT2ZXjtcvHJFXlzvTaXjSEEtgGRR7f/IW/9smM2mZlPAyjmRdzk6hyye2vw6rl/tTw==",
         "dependencies": {
           "Ardalis.GuardClauses": "4.3.0",
           "Microsoft.Extensions.Diagnostics.HealthChecks": "8.0.0",
@@ -59,12 +59,12 @@
       },
       "Monai.Deploy.Messaging.RabbitMQ": {
         "type": "Direct",
-        "requested": "[2.0.0, )",
-        "resolved": "2.0.0",
-        "contentHash": "J5dXjOBqA59irTcFbfwxIQnLxUXGcMCA/cuk1+TJgscMeb2WTVks3esZmcs3pOY2OIBmOROvBl/6KaL9cYFPmg==",
+        "requested": "[2.0.2, )",
+        "resolved": "2.0.2",
+        "contentHash": "nrMwCJloWpOpPJaYvKJzZIWb3B0B5+Ktz4SP2NApbmreiEI88m9Gab+Q6GuwNvFB+nrtJFDAl/gtdHwV251rcw==",
         "dependencies": {
-          "Monai.Deploy.Messaging": "2.0.0",
-          "Polly": "8.2.0",
+          "Monai.Deploy.Messaging": "2.0.2",
+          "Polly": "8.2.1",
           "RabbitMQ.Client": "6.8.1"
         }
       },
@@ -231,16 +231,16 @@
       },
       "Polly": {
         "type": "Transitive",
-        "resolved": "8.2.0",
-        "contentHash": "KZm8iG29y6Mse7YntYYJSf5fGWuhYLliWgZaG/8NcuXS4gN7SPdtPYpjCxQlHqxvMGubkWVrGp3MvUaI7SkyKA==",
+        "resolved": "8.2.1",
+        "contentHash": "tVHvP5Z0fNoZCE9mpKAsh0IaValwsTGPrqjlWqkWR/Gpl5jL05HWC/AVGSL+jkAqkl1Jn7uBUOArnRD+dK5PfQ==",
         "dependencies": {
-          "Polly.Core": "8.2.0"
+          "Polly.Core": "8.2.1"
         }
       },
       "Polly.Core": {
         "type": "Transitive",
-        "resolved": "8.2.0",
-        "contentHash": "gnKp3+mxGFmkFs4eHcD9aex0JOF8zS1Y18c2A5ckXXTVqbs6XLcDyLKgSa/mUFqAnH3mn9+uVIM0RhAec/d3kA=="
+        "resolved": "8.2.1",
+        "contentHash": "/Z3EspfWBdTla4I9IAcQn32/7kB5WS3rSnOYloz8YlVyClu8h7uuYf4pfUvffOYVbxmDX/mFRfxwzqW2Zs96ZA=="
       },
       "RabbitMQ.Client": {
         "type": "Transitive",

diff --git a/src/CLI/Test/packages.lock.json b/src/CLI/Test/packages.lock.json
@@ -523,8 +523,8 @@
       },
       "Monai.Deploy.Messaging": {
         "type": "Transitive",
-        "resolved": "2.0.0",
-        "contentHash": "LcerCeHWDSB3Q1Vw0La9pYvXdNNDu4nGUie2bvVlL8lCkxbVNx+rtDorV5cA8KSKW9GZd/RD6SAsIzcjMXqP6Q==",
+        "resolved": "2.0.2",
+        "contentHash": "iQsD13BAnpbkv1xIVS4cRT2ZXjtcvHJFXlzvTaXjSEEtgGRR7f/IW/9smM2mZlPAyjmRdzk6hyye2vw6rl/tTw==",
         "dependencies": {
           "Ardalis.GuardClauses": "4.3.0",
           "Microsoft.Extensions.Diagnostics.HealthChecks": "8.0.0",
@@ -534,11 +534,11 @@
       },
       "Monai.Deploy.Messaging.RabbitMQ": {
         "type": "Transitive",
-        "resolved": "2.0.0",
-        "contentHash": "J5dXjOBqA59irTcFbfwxIQnLxUXGcMCA/cuk1+TJgscMeb2WTVks3esZmcs3pOY2OIBmOROvBl/6KaL9cYFPmg==",
+        "resolved": "2.0.2",
+        "contentHash": "nrMwCJloWpOpPJaYvKJzZIWb3B0B5+Ktz4SP2NApbmreiEI88m9Gab+Q6GuwNvFB+nrtJFDAl/gtdHwV251rcw==",
         "dependencies": {
-          "Monai.Deploy.Messaging": "2.0.0",
-          "Polly": "8.2.0",
+          "Monai.Deploy.Messaging": "2.0.2",
+          "Polly": "8.2.1",
           "RabbitMQ.Client": "6.8.1"
         }
       },
@@ -625,16 +625,16 @@
       },
       "Polly": {
         "type": "Transitive",
-        "resolved": "8.2.0",
-        "contentHash": "KZm8iG29y6Mse7YntYYJSf5fGWuhYLliWgZaG/8NcuXS4gN7SPdtPYpjCxQlHqxvMGubkWVrGp3MvUaI7SkyKA==",
+        "resolved": "8.2.1",
+        "contentHash": "tVHvP5Z0fNoZCE9mpKAsh0IaValwsTGPrqjlWqkWR/Gpl5jL05HWC/AVGSL+jkAqkl1Jn7uBUOArnRD+dK5PfQ==",
         "dependencies": {
-          "Polly.Core": "8.2.0"
+          "Polly.Core": "8.2.1"
         }
       },
       "Polly.Core": {
         "type": "Transitive",
-        "resolved": "8.2.0",
-        "contentHash": "gnKp3+mxGFmkFs4eHcD9aex0JOF8zS1Y18c2A5ckXXTVqbs6XLcDyLKgSa/mUFqAnH3mn9+uVIM0RhAec/d3kA=="
+        "resolved": "8.2.1",
+        "contentHash": "/Z3EspfWBdTla4I9IAcQn32/7kB5WS3rSnOYloz8YlVyClu8h7uuYf4pfUvffOYVbxmDX/mFRfxwzqW2Zs96ZA=="
       },
       "RabbitMQ.Client": {
         "type": "Transitive",
@@ -1618,8 +1618,8 @@
           "Macross.Json.Extensions": "[3.0.0, )",
           "Microsoft.EntityFrameworkCore.Abstractions": "[8.0.0, )",
           "Monai.Deploy.InformaticsGateway.Common": "[1.0.0, )",
-          "Monai.Deploy.Messaging": "[2.0.0, )",
-          "Monai.Deploy.Messaging.RabbitMQ": "[2.0.0, )",
+          "Monai.Deploy.Messaging": "[2.0.2, )",
+          "Monai.Deploy.Messaging.RabbitMQ": "[2.0.2, )",
           "Monai.Deploy.Storage": "[1.0.0, )",
           "fo-dicom": "[5.1.2, )"
         }

diff --git a/src/CLI/packages.lock.json b/src/CLI/packages.lock.json
@@ -35,9 +35,9 @@
       },
       "Microsoft.NET.ILLink.Tasks": {
         "type": "Direct",
-        "requested": "[8.0.1, )",
-        "resolved": "8.0.1",
-        "contentHash": "ADdJXuKNjwZDfBmybMnpvwd5CK3gp92WkWqqeQhW4W+q4MO3Qaa9QyW2DcFLAvCDMcCWxT5hRXqGdv13oon7nA=="
+        "requested": "[8.0.2, )",
+        "resolved": "8.0.2",
+        "contentHash": "hKTrehpfVzOhAz0mreaTAZgbz0DrMEbWq4n3hAo8Ks6WdxdqQhNPvzOqn9VygKuWf1bmxPdraqzTaXriO/sn0A=="
       },
       "System.CommandLine.Hosting": {
         "type": "Direct",
@@ -431,8 +431,8 @@
       },
       "Monai.Deploy.Messaging": {
         "type": "Transitive",
-        "resolved": "2.0.0",
-        "contentHash": "LcerCeHWDSB3Q1Vw0La9pYvXdNNDu4nGUie2bvVlL8lCkxbVNx+rtDorV5cA8KSKW9GZd/RD6SAsIzcjMXqP6Q==",
+        "resolved": "2.0.2",
+        "contentHash": "iQsD13BAnpbkv1xIVS4cRT2ZXjtcvHJFXlzvTaXjSEEtgGRR7f/IW/9smM2mZlPAyjmRdzk6hyye2vw6rl/tTw==",
         "dependencies": {
           "Ardalis.GuardClauses": "4.3.0",
           "Microsoft.Extensions.Diagnostics.HealthChecks": "8.0.0",
@@ -442,11 +442,11 @@
       },
       "Monai.Deploy.Messaging.RabbitMQ": {
         "type": "Transitive",
-        "resolved": "2.0.0",
-        "contentHash": "J5dXjOBqA59irTcFbfwxIQnLxUXGcMCA/cuk1+TJgscMeb2WTVks3esZmcs3pOY2OIBmOROvBl/6KaL9cYFPmg==",
+        "resolved": "2.0.2",
+        "contentHash": "nrMwCJloWpOpPJaYvKJzZIWb3B0B5+Ktz4SP2NApbmreiEI88m9Gab+Q6GuwNvFB+nrtJFDAl/gtdHwV251rcw==",
         "dependencies": {
-          "Monai.Deploy.Messaging": "2.0.0",
-          "Polly": "8.2.0",
+          "Monai.Deploy.Messaging": "2.0.2",
+          "Polly": "8.2.1",
           "RabbitMQ.Client": "6.8.1"
         }
       },
@@ -477,16 +477,16 @@
       },
       "Polly": {
         "type": "Transitive",
-        "resolved": "8.2.0",
-        "contentHash": "KZm8iG29y6Mse7YntYYJSf5fGWuhYLliWgZaG/8NcuXS4gN7SPdtPYpjCxQlHqxvMGubkWVrGp3MvUaI7SkyKA==",
+        "resolved": "8.2.1",
+        "contentHash": "tVHvP5Z0fNoZCE9mpKAsh0IaValwsTGPrqjlWqkWR/Gpl5jL05HWC/AVGSL+jkAqkl1Jn7uBUOArnRD+dK5PfQ==",
         "dependencies": {
-          "Polly.Core": "8.2.0"
+          "Polly.Core": "8.2.1"
         }
       },
       "Polly.Core": {
         "type": "Transitive",
-        "resolved": "8.2.0",
-        "contentHash": "gnKp3+mxGFmkFs4eHcD9aex0JOF8zS1Y18c2A5ckXXTVqbs6XLcDyLKgSa/mUFqAnH3mn9+uVIM0RhAec/d3kA=="
+        "resolved": "8.2.1",
+        "contentHash": "/Z3EspfWBdTla4I9IAcQn32/7kB5WS3rSnOYloz8YlVyClu8h7uuYf4pfUvffOYVbxmDX/mFRfxwzqW2Zs96ZA=="
       },
       "RabbitMQ.Client": {
         "type": "Transitive",
@@ -599,8 +599,8 @@
           "Macross.Json.Extensions": "[3.0.0, )",
           "Microsoft.EntityFrameworkCore.Abstractions": "[8.0.0, )",
           "Monai.Deploy.InformaticsGateway.Common": "[1.0.0, )",
-          "Monai.Deploy.Messaging": "[2.0.0, )",
-          "Monai.Deploy.Messaging.RabbitMQ": "[2.0.0, )",
+          "Monai.Deploy.Messaging": "[2.0.2, )",
+          "Monai.Deploy.Messaging.RabbitMQ": "[2.0.2, )",
           "Monai.Deploy.Storage": "[1.0.0, )",
           "fo-dicom": "[5.1.2, )"
         }

diff --git a/src/Client.Common/packages.lock.json b/src/Client.Common/packages.lock.json
@@ -10,9 +10,9 @@
       },
       "Microsoft.NET.ILLink.Tasks": {
         "type": "Direct",
-        "requested": "[8.0.1, )",
-        "resolved": "8.0.1",
-        "contentHash": "ADdJXuKNjwZDfBmybMnpvwd5CK3gp92WkWqqeQhW4W+q4MO3Qaa9QyW2DcFLAvCDMcCWxT5hRXqGdv13oon7nA=="
+        "requested": "[8.0.2, )",
+        "resolved": "8.0.2",
+        "contentHash": "hKTrehpfVzOhAz0mreaTAZgbz0DrMEbWq4n3hAo8Ks6WdxdqQhNPvzOqn9VygKuWf1bmxPdraqzTaXriO/sn0A=="
       }
     }
   }