diff --git a/docker-image/Dockerfiles/Dockerfile b/docker-image/Dockerfiles/Dockerfile
index 14ffc4c..d266417 100644
--- a/docker-image/Dockerfiles/Dockerfile
+++ b/docker-image/Dockerfiles/Dockerfile
@@ -1,7 +1,7 @@
ARG JAVA_MINOR_PATCH_VERSION=0.2
# first stage
-FROM registry.access.redhat.com/ubi9/nodejs-18 as builder
+FROM registry.access.redhat.com/ubi9/nodejs-20 as builder
# use privilaged user
USER root
@@ -9,47 +9,37 @@ USER root
# assign token for reading packages from github package registry
ARG PACKAGE_REGISTRY_ACCESS_TOKEN=''
-ARG JAVA_MINOR_PATCH_VERSION
-
-# install Java
-RUN curl -kL https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.tar.gz -o /tmp/java-package.tar.gz \
+# install Java v21.0.1
+RUN curl -kL https://download.oracle.com/java/21/archive/jdk-21.0.1_linux-x64_bin.tar.gz -o /tmp/java-package.tar.gz \
&& tar xvzf /tmp/java-package.tar.gz -C /usr/
-# install Maven package manager
-RUN curl -kL https://dlcdn.apache.org/maven/maven-3/3.9.4/binaries/apache-maven-3.9.4-bin.tar.gz -o /tmp/maven-package.tar.gz \
+# install Maven package manager v3.9.6
+RUN curl -kL https://dlcdn.apache.org/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz -o /tmp/maven-package.tar.gz \
&& tar xvzf /tmp/maven-package.tar.gz -C /usr/
-# install golang package manager
-RUN curl -kL https://go.dev/dl/go1.21.1.linux-amd64.tar.gz -o /tmp/golang-package.tar.gz \
+# install golang package manager v1.21.5
+RUN curl -kL https://go.dev/dl/go1.21.5.linux-amd64.tar.gz -o /tmp/golang-package.tar.gz \
&& tar xvzf /tmp/golang-package.tar.gz -C /usr/
-# install python package manager (pip)
-RUN python3 -m ensurepip --upgrade
-
-# install jq JSON formating tool
-RUN curl -kL https://github.com/jqlang/jq/releases/download/jq-1.6/jq-linux64 -o /usr/bin/jq
-
-# install linux utils Package to enable UUID generation
-RUN yum install util-linux
+# install jq JSON formating tool v1.7.1
+RUN curl -kL https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux64 -o /usr/bin/jq
# copy the .npmrc file
COPY configs/.npmrc .
# replace placeholder with the actual environment variable
RUN sed -i "s/__PACKAGE_REGISTRY_ACCESS_TOKEN__/${PACKAGE_REGISTRY_ACCESS_TOKEN}/g" ./.npmrc
-# install Exhort javascript API
-RUN npm install --global @RHEcosystemAppEng/exhort-javascript-api
+# install Exhort javascript API v0.1.1-ea.14
+RUN npm install --global @RHEcosystemAppEng/exhort-javascript-api@0.1.1-ea.26
# add RHDA script
-COPY scripts/rhda.sh /
+COPY scripts/rhda.sh /rhda.sh
ENV JDK_VERSION=jdk-21.${JAVA_MINOR_PATCH_VERSION}
# assign executable permissions to all installed binaries
-RUN chmod +x /usr/${JDK_VERSION} \
- && chmod +x /usr/apache-maven-3.9.4/bin/mvn \
+RUN chmod +x /usr/jdk-21.0.1/bin/java \
+ && chmod +x /usr/apache-maven-3.9.6/bin/mvn \
&& chmod +x /usr/go/bin/go \
- && chmod +x /usr/local/bin/pip3 \
&& chmod +x /usr/bin/jq \
- && chmod +x /usr/bin/uuidgen \
&& chmod +x /opt/app-root/src/.npm-global/bin/exhort-javascript-api \
&& chmod +x /rhda.sh
@@ -57,29 +47,29 @@ RUN chmod +x /usr/${JDK_VERSION} \
USER default
# second stage
-FROM registry.access.redhat.com/ubi9/nodejs-18-minimal
+FROM registry.access.redhat.com/ubi9/nodejs-20-minimal
LABEL org.opencontainers.image.source https://github.com/RHEcosystemAppEng/exhort-javascript-api
-ARG JAVA_MINOR_PATCH_VERSION
-
-# assign token for exhort authentication with Snyk provider
-ENV EXHORT_SNYK_TOKEN=''
-# assign rhda token for rhda user authentication with exhort
-ENV RHDA_TOKEN=''
# assign rhda source for exhort tracking purposes
ENV RHDA_SOURCE=''
+# contains pip feeze --all data, base64 encrypted
+ENV EXHORT_PIP_FREEZE=''
+# contains pip show data for all packages, base64 encrypted
+ENV EXHORT_PIP_SHOW=''
+# indicate whether to use the Minimal version selection (MVS) algorithm to select a set of module versions to use when building Go packages.
+ENV EXHORT_GO_MVS_LOGIC_ENABLED='false'
ENV JDK_VERSION=jdk-21.${JAVA_MINOR_PATCH_VERSION}
USER root
# Copy java executable from the builder stage
-COPY --from=builder /usr/$JDK_VERSION/ /usr/$JDK_VERSION/
-ENV JAVA_HOME=/usr/$JDK_VERSION
+COPY --from=builder /usr/jdk-21.0.1/ /usr/jdk-21.0.1/
+ENV JAVA_HOME=/usr/jdk-21.0.1
# Copy maven executable from the builder stage
-COPY --from=builder /usr/apache-maven-3.9.4/ /usr/apache-maven-3.9.4/
-ENV MAVEN_HOME=/usr/apache-maven-3.9.4
+COPY --from=builder /usr/apache-maven-3.9.6/ /usr/apache-maven-3.9.6/
+ENV MAVEN_HOME=/usr/apache-maven-3.9.6
# Copy golang executable from the builder stage
COPY --from=builder /usr/go/ /usr/go/
@@ -88,23 +78,9 @@ ENV GOLANG_HOME=/usr/go
# Update PATH
ENV PATH=$PATH:$JAVA_HOME/bin:$MAVEN_HOME/bin:$GOLANG_HOME/bin
-# Copy python executable from the builder stage
-COPY --from=builder /usr/bin/python3 /usr/bin/python3
-COPY --from=builder /usr/local/bin/pip3 /usr/local/bin/pip3
-COPY --from=builder /usr/lib64/python3.9 /usr/lib64/python3.9
-COPY --from=builder /usr/local/lib/python3.9 /usr/local/lib/python3.9
-COPY --from=builder /usr/lib64/libpython3.9.so.1.0 /usr/lib64/libpython3.9.so.1.0
-COPY --from=builder /usr/lib64/libexpat.so.1 /usr/lib64/libexpat.so.1
-
-RUN ln -s /usr/bin/python3 /usr/bin/python \
- && ln -s /usr/local/bin/pip3 /usr/bin/pip
-
# Copy jq executable from the builder stage
COPY --from=builder /usr/bin/jq /usr/bin/jq
-# Copy uuidgen executable from the builder stage
-COPY --from=builder /usr/bin/uuidgen /usr/bin/uuidgen
-
# Copy exhort-javascript-api executable from the builder stage
COPY --from=builder /opt/app-root/src/.npm-global/ /opt/app-root/src/.npm-global/
diff --git a/docker-image/Dockerfiles/Dockerfile.alpha b/docker-image/Dockerfiles/Dockerfile.alpha
new file mode 100644
index 0000000..0628d4a
--- /dev/null
+++ b/docker-image/Dockerfiles/Dockerfile.alpha
@@ -0,0 +1,99 @@
+# first stage
+FROM registry.access.redhat.com/ubi9/nodejs-18 as builder
+
+# use privilaged user
+USER root
+
+# assign token for reading packages from github package registry
+ARG PACKAGE_REGISTRY_ACCESS_TOKEN=''
+
+# install Java
+RUN curl -kL https://download.oracle.com/java/20/latest/jdk-20_linux-x64_bin.tar.gz -o /tmp/java-package.tar.gz \
+ && tar xvzf /tmp/java-package.tar.gz -C /usr/
+
+# install Maven package manager
+RUN curl -kL https://dlcdn.apache.org/maven/maven-3/3.9.4/binaries/apache-maven-3.9.4-bin.tar.gz -o /tmp/maven-package.tar.gz \
+ && tar xvzf /tmp/maven-package.tar.gz -C /usr/
+
+# install golang package manager
+RUN curl -kL https://go.dev/dl/go1.21.1.linux-amd64.tar.gz -o /tmp/golang-package.tar.gz \
+ && tar xvzf /tmp/golang-package.tar.gz -C /usr/
+
+# install python package manager (pip)
+RUN python3 -m ensurepip --upgrade
+
+# install jq JSON formating tool
+RUN curl -kL https://github.com/jqlang/jq/releases/download/jq-1.6/jq-linux64 -o /usr/bin/jq
+
+# install linux utils Package to enable UUID generation
+RUN yum install util-linux
+
+# copy the .npmrc file
+COPY configs/.npmrc .
+# replace placeholder with the actual environment variable
+RUN sed -i "s/__PACKAGE_REGISTRY_ACCESS_TOKEN__/${PACKAGE_REGISTRY_ACCESS_TOKEN}/g" ./.npmrc
+# install Exhort javascript API
+RUN npm install --global @RHEcosystemAppEng/exhort-javascript-api
+
+# add RHDA script
+COPY scripts/rhda-alpha.sh /rhda.sh
+
+# assign executable permissions to all installed binaries
+RUN chmod +x /usr/jdk-20.0.2/bin/java \
+ && chmod +x /usr/apache-maven-3.9.4/bin/mvn \
+ && chmod +x /usr/go/bin/go \
+ && chmod +x /usr/local/bin/pip3 \
+ && chmod +x /usr/bin/jq \
+ && chmod +x /usr/bin/uuidgen \
+ && chmod +x /opt/app-root/src/.npm-global/bin/exhort-javascript-api \
+ && chmod +x /rhda.sh
+
+# use default user
+USER default
+
+# second stage
+FROM registry.access.redhat.com/ubi9/nodejs-18-minimal
+
+LABEL org.opencontainers.image.source https://github.com/RHEcosystemAppEng/exhort-javascript-api
+
+# assign token for exhort authentication with Snyk provider
+ENV EXHORT_SNYK_TOKEN=''
+# assign rhda token for rhda user authentication with exhort
+ENV RHDA_TOKEN=''
+# assign rhda source for exhort tracking purposes
+ENV RHDA_SOURCE=''
+
+# Copy java executable from the builder stage
+COPY --from=builder /usr/jdk-20.0.2/ /usr/jdk-20.0.2/
+ENV JAVA_HOME=/usr/jdk-20.0.2
+
+# Copy maven executable from the builder stage
+COPY --from=builder /usr/apache-maven-3.9.4/ /usr/apache-maven-3.9.4/
+ENV MAVEN_HOME=/usr/apache-maven-3.9.4
+
+# Copy golang executable from the builder stage
+COPY --from=builder /usr/go/ /usr/go/
+ENV GOLANG_HOME=/usr/go
+
+# Update PATH
+ENV PATH=$PATH:$JAVA_HOME/bin:$MAVEN_HOME/bin:$GOLANG_HOME/bin
+
+# Copy python executable from the builder stage
+COPY --from=builder /usr/bin/python3 /usr/bin/python3
+COPY --from=builder /usr/local/bin/pip3 /usr/local/bin/pip3
+COPY --from=builder /usr/lib64/python3.9 /usr/lib64/python3.9
+COPY --from=builder /usr/local/lib/python3.9 /usr/local/lib/python3.9
+COPY --from=builder /usr/lib64/libpython3.9.so.1.0 /usr/lib64/libpython3.9.so.1.0
+COPY --from=builder /usr/lib64/libexpat.so.1 /usr/lib64/libexpat.so.1
+
+# Copy jq executable from the builder stage
+COPY --from=builder /usr/bin/jq /usr/bin/jq
+
+# Copy uuidgen executable from the builder stage
+COPY --from=builder /usr/bin/uuidgen /usr/bin/uuidgen
+
+# Copy exhort-javascript-api executable from the builder stage
+COPY --from=builder /opt/app-root/src/.npm-global/ /opt/app-root/src/.npm-global/
+
+# Copy RHDA executable script from the builder stage
+COPY --from=builder /rhda.sh /rhda.sh
\ No newline at end of file
diff --git a/docker-image/README.md b/docker-image/README.md
index eac343f..7142a2e 100644
--- a/docker-image/README.md
+++ b/docker-image/README.md
@@ -13,7 +13,7 @@ Both Docker and Podman are container runtimes that can be used to build and run
## Images generated for Exhort Javascript API
-Ecosystem | Version | IMAGE | TAG |
-----------------------| ------------------------------------------------------------------ | ----------------------------------------------- |-------------------|
-Maven & NPM | mvn 3.9.4,
npm 9.5.0 | quay.io/ecosystem-appeng/exhort-javascript-api | 0.7.0-alpha |
-Maven, NPM & Golang | mvn 3.9.4,
npm 9.5.0,
go 1.21.1 | quay.io/ecosystem-appeng/exhort-javascript-api | 0.7.3-alpha |
+Ecosystem | Version | IMAGE | TAG |
+------------------------------| ------------------------------------------------------------------ | ----------------------------------------------- |-------------------|
+Maven & NPM | mvn 3.9.4,
npm 9.5.0 | quay.io/ecosystem-appeng/exhort-javascript-api | 0.7.0-alpha |
+Maven, NPM, Golang & Python | mvn 3.9.4,
npm 9.5.0,
go 1.21.1,
python3 3.9.16,
pip3 21.2.3 | quay.io/ecosystem-appeng/exhort-javascript-api | 0.7.3-alpha |
diff --git a/docker-image/scripts/rhda-alpha.sh b/docker-image/scripts/rhda-alpha.sh
new file mode 100644
index 0000000..fdfc914
--- /dev/null
+++ b/docker-image/scripts/rhda-alpha.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+manifest_file_path="$1"
+output_file_path="$2"
+
+printf "Analysing the stack. Please wait..\n\n"
+
+# Getting stack analysis report using exhort Javascript CLI.
+report=$(exhort-javascript-api stack $manifest_file_path 2>error.log)
+
+exit_code=$?
+
+if [ $exit_code != 0 ]
+then
+ # In case of failure save only exit code into output file.
+ jq -n {} | \
+ jq --arg exit_code "$exit_code" '. + {exit_code: $exit_code}' > \
+ $output_file_path
+
+ # Print stderr message to console
+ error_message=$(sed -n '/^Error:/p' error.log)
+ printf "\n[ERROR] Red Hat Dependency Analytics failed with exit code $exit_code.\n$error_message"
+ exit 1
+else
+ # In case of success print details from report into console
+ printf "Red Hat Dependency Analytics task is being executed.\n"
+ printf "=%.0s" {1..50}
+ printf "\nRed Hat Dependency Analytics Report\n"
+ printf "=%.0s" {1..50}
+ printf "\n"
+ printf "Total Scanned Dependencies : %s \n" "$(jq -r '.summary.dependencies.scanned' <<< $report)"
+ printf "Total Scanned Transitive Dependencies : %s \n" "$(jq -r '.summary.dependencies.transitive' <<< $report)"
+ printf "Total Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.total' <<< $report)"
+ printf "Direct Vulnerable Dependencies : %s \n" "$(jq -r '.summary.vulnerabilities.direct' <<< $report)"
+
+ provider_status=$(jq -rc '.summary.providerStatuses[] | select(.provider == "snyk")' <<< $report)
+ message=$(echo $provider_status | jq -r '.message')
+ printf "Snyk Provider Status : "
+ printf "%+40s" $message $'\n' | sed 's/ */ /g'
+ printf "Critical Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.critical' <<< $report)"
+ printf "High Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.high' <<< $report)"
+ printf "Medium Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.medium' <<< $report)"
+ printf "Low Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.low' <<< $report)"
+ printf "=%.0s" {1..50}
+
+ # Save report along with exit code into output file.
+ jq -n {} | \
+ jq --slurpfile report <(echo "$report") '. + {report: $report[0]}' | \
+ jq --arg exit_code "$exit_code" '. + {exit_code: $exit_code}' > \
+ $output_file_path
+
+ printf "\nFull report is saved into file: $output_file_path"
+ printf "\nTask is completed."
+fi
diff --git a/docker-image/scripts/rhda.sh b/docker-image/scripts/rhda.sh
index fdfc914..32e821e 100644
--- a/docker-image/scripts/rhda.sh
+++ b/docker-image/scripts/rhda.sh
@@ -5,7 +5,7 @@ output_file_path="$2"
printf "Analysing the stack. Please wait..\n\n"
-# Getting stack analysis report using exhort Javascript CLI.
+# Getting RHDA stack analysis report using Exhort Javascript CLI.
report=$(exhort-javascript-api stack $manifest_file_path 2>error.log)
exit_code=$?
@@ -22,26 +22,41 @@ then
printf "\n[ERROR] Red Hat Dependency Analytics failed with exit code $exit_code.\n$error_message"
exit 1
else
- # In case of success print details from report into console
- printf "Red Hat Dependency Analytics task is being executed.\n"
- printf "=%.0s" {1..50}
- printf "\nRed Hat Dependency Analytics Report\n"
- printf "=%.0s" {1..50}
- printf "\n"
- printf "Total Scanned Dependencies : %s \n" "$(jq -r '.summary.dependencies.scanned' <<< $report)"
- printf "Total Scanned Transitive Dependencies : %s \n" "$(jq -r '.summary.dependencies.transitive' <<< $report)"
- printf "Total Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.total' <<< $report)"
- printf "Direct Vulnerable Dependencies : %s \n" "$(jq -r '.summary.vulnerabilities.direct' <<< $report)"
-
- provider_status=$(jq -rc '.summary.providerStatuses[] | select(.provider == "snyk")' <<< $report)
+# In case of success print report summary into console
+printf "\nRed Hat Dependency Analytics Report\n"
+printf "=%.0s" {1..50}
+printf "\n"
+printf "Dependencies\n"
+printf " Total Scanned : %s \n" "$(jq -r '.scanned.total' <<< $report)"
+printf " Total Direct : %s \n" "$(jq -r '.scanned.direct' <<< $report)"
+printf " Total Transitive : %s \n" "$(jq -r '.scanned.transitive' <<< $report)"
+
+providers=$(jq -rc '.providers | keys[] | select(. != "trusted-content")' <<< "$report")
+for provider in $providers; do
+ printf "\nProvider: %s\n" "${provider^}"
+
+ provider_status=$(jq -r --arg provider "$provider" '.providers[$provider].status' <<< $report)
message=$(echo $provider_status | jq -r '.message')
- printf "Snyk Provider Status : "
+ printf " Provider Status :"
printf "%+40s" $message $'\n' | sed 's/ */ /g'
- printf "Critical Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.critical' <<< $report)"
- printf "High Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.high' <<< $report)"
- printf "Medium Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.medium' <<< $report)"
- printf "Low Vulnerabilities : %s \n" "$(jq -r '.summary.vulnerabilities.low' <<< $report)"
- printf "=%.0s" {1..50}
+
+ code=$(echo $provider_status | jq -r '.code')
+ if [ "$code" -eq 200 ]; then
+ sources=$(jq -r --arg provider "$provider" '.providers[$provider].sources | keys[]' <<< "$report")
+ for source in $sources; do
+ printf " Source: %s\n" "${source^}"
+ printf " Vulnerabilities\n"
+ printf " Total : %s \n" "$(jq -r --arg provider "$provider" --arg source "$source" '.providers[$provider].sources[$source].summary.total' <<< $report)"
+ printf " Direct : %s \n" "$(jq -r --arg provider "$provider" --arg source "$source" '.providers[$provider].sources[$source].summary.direct' <<< $report)"
+ printf " Transitive : %s \n" "$(jq -r --arg provider "$provider" --arg source "$source" '.providers[$provider].sources[$source].summary.transitive' <<< $report)"
+ printf " Critical : %s \n" "$(jq -r --arg provider "$provider" --arg source "$source" '.providers[$provider].sources[$source].summary.critical' <<< $report)"
+ printf " High : %s \n" "$(jq -r --arg provider "$provider" --arg source "$source" '.providers[$provider].sources[$source].summary.high' <<< $report)"
+ printf " Medium : %s \n" "$(jq -r --arg provider "$provider" --arg source "$source" '.providers[$provider].sources[$source].summary.medium' <<< $report)"
+ printf " Low : %s \n" "$(jq -r --arg provider "$provider" --arg source "$source" '.providers[$provider].sources[$source].summary.low' <<< $report)"
+ done
+ fi
+done
+printf "=%.0s" {1..50}
# Save report along with exit code into output file.
jq -n {} | \