Merge pull request #71 from leanix/feature/CID-2174/upgrade-dockerfile

CID-2174 Updates dockerfile

Dockerfile

@@ -5,7 +5,7 @@ ENV JAVA_HOME=/opt/java/openjdk
 COPY --from=jdk_alpine $JAVA_HOME $JAVA_HOME
 ENV PATH="${JAVA_HOME}/bin:${PATH}"
 
-RUN apk -U add curl ca-certificates && rm -f /var/cache/apk/*
+RUN apk --no-cache upgrade && apk --no-cache add curl ca-certificates
 
 COPY build/libs/*.jar app.jar
 

build.gradle.kts

@@ -2,12 +2,12 @@ import com.expediagroup.graphql.plugin.gradle.tasks.GraphQLGenerateClientTask
 import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
 
 plugins {
-	id("org.springframework.boot") version "3.0.8"
-	id("io.spring.dependency-management") version "1.1.0"
-	id("com.expediagroup.graphql") version "6.5.0"
-	id("io.gitlab.arturbosch.detekt") version "1.21.0"
-	kotlin("jvm") version "1.7.22"
-	kotlin("plugin.spring") version "1.7.22"
+	id("org.springframework.boot") version "3.2.0"
+	id("io.spring.dependency-management") version "1.1.4"
+	id("com.expediagroup.graphql") version "7.0.2"
+	id("io.gitlab.arturbosch.detekt") version "1.23.4"
+	kotlin("jvm") version "1.9.21"
+	kotlin("plugin.spring") version "1.9.21"
 }
 
 group = "net.leanix"
@@ -25,8 +25,11 @@ dependencies {
 	implementation("org.jetbrains.kotlin:kotlin-reflect")
 	implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
 	implementation("org.reactivestreams:reactive-streams:1.0.4")
-	implementation("com.expediagroup:graphql-kotlin-spring-client:6.2.2")
+	implementation("com.expediagroup:graphql-kotlin-spring-client:7.0.2")
 	implementation("org.cyclonedx:cyclonedx-core-java:8.0.3")
+	// Explicitly fetching transitive dependencies to avoid known vulnerabilities
+	implementation("ch.qos.logback:logback-core:1.4.14")
+	implementation("ch.qos.logback:logback-classic:1.4.14")
 	testImplementation("org.springframework.boot:spring-boot-starter-test")
 	testImplementation("com.ninja-squad:springmockk:4.0.2"){
 		exclude(module = "mockito-core")
@@ -68,8 +71,13 @@ detekt {
 	parallel = true
 	buildUponDefaultConfig = true
 	dependencies {
-		detektPlugins("io.gitlab.arturbosch.detekt:detekt-formatting:1.21.0")
+		detektPlugins("io.gitlab.arturbosch.detekt:detekt-formatting:1.23.4")
 	}
 }
 
-ext["snakeyaml.version"] = "2.2"
+configurations.all {
+	resolutionStrategy {
+		force("ch.qos.logback:logback-core:1.4.14")
+		force("ch.qos.logback:logback-classic:1.4.14")
+	}
+}

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradlew

@@ -55,7 +55,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,13 +80,11 @@ do
     esac
 done
 
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-APP_NAME="Gradle"
+# This is normally unused
+# shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -133,22 +131,29 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -193,11 +198,15 @@ if "$cygwin" || "$msys" ; then
     done
 fi
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \

gradlew.bat

@@ -26,6 +26,7 @@ if "%OS%"=="Windows_NT" setlocal
 
 set DIRNAME=%~dp0
 if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 

src/main/kotlin/net/leanix/vsm/sbomBooster/configuration/RestTemplateConfiguration.kt

@@ -9,7 +9,6 @@ class RestTemplateConfiguration {
 
     @Bean
     fun restTemplate(): RestTemplate {
-
         return RestTemplate()
     }
 }

src/main/kotlin/net/leanix/vsm/sbomBooster/service/BitBucketApiService.kt

@@ -45,7 +45,9 @@ class BitBucketApiService(
         val url = pageUrl ?: "https://api.bitbucket.org/2.0/repositories/$organization"
 
         val responseEntity = restTemplate.exchange(
-            url, HttpMethod.GET, httpEntity,
+            url,
+            HttpMethod.GET,
+            httpEntity,
             BitBucketRepositoriesResponse::class.java
         )
         val bbRepositoriesResponse = responseEntity.body?.values ?: emptyList()
@@ -54,10 +56,11 @@ class BitBucketApiService(
         for (bbRepo in bbRepositoriesResponse) {
             val cloneUrl =
                 bbRepo.links.clone.firstOrNull { it.name == "https" }?.href?.replaceFirst("[^/]+@".toRegex(), "")
-            val sourceInstance = if (propertiesConfiguration.sourceInstance.isBlank())
+            val sourceInstance = if (propertiesConfiguration.sourceInstance.isBlank()) {
                 propertiesConfiguration.bitbucketWorkspace
-            else
+            } else {
                 propertiesConfiguration.sourceInstance
+            }
 
             repositories.add(
                 Repository(
@@ -93,7 +96,8 @@ class BitBucketApiService(
             HttpEntity(requestBody, headers)
 
         val responseEntity = restTemplate.postForEntity(
-            "https://bitbucket.org/site/oauth2/access_token", httpEntity,
+            "https://bitbucket.org/site/oauth2/access_token",
+            httpEntity,
             BitBucketAuthResponse::class.java
         )
 

src/main/kotlin/net/leanix/vsm/sbomBooster/service/GitHubApiService.kt

@@ -71,10 +71,11 @@ class GitHubApiService(
                             afterParameter = result.data?.viewer?.organization?.repositories?.edges?.last()?.cursor
                             result.data?.viewer?.organization?.repositories?.edges?.forEach {
                                 // Figure out what sourceInstance to use
-                                val sourceInstance: String = if (propertiesConfiguration.sourceInstance == "")
+                                val sourceInstance: String = if (propertiesConfiguration.sourceInstance == "") {
                                     propertiesConfiguration.githubOrganization
-                                else
+                                } else {
                                     propertiesConfiguration.sourceInstance
+                                }
 
                                 repositoriesList.add(
                                     Repository(

src/main/kotlin/net/leanix/vsm/sbomBooster/service/GitLabApiService.kt

@@ -70,12 +70,12 @@ class GitLabApiService(
                         if (resultscounter != 0) {
                             afterParameter = result.data?.group?.projects?.pageInfo?.endCursor
                             result.data?.group?.projects?.nodes?.forEach {
-
-                                val sourceInstance: String = if (propertiesConfiguration.sourceInstance == "")
+                                val sourceInstance: String = if (propertiesConfiguration.sourceInstance == "") {
                                     it?.fullPath?.substringBeforeLast("/")
                                         ?: propertiesConfiguration.gitlabGroup
-                                else
+                                } else {
                                     propertiesConfiguration.sourceInstance
+                                }
 
                                 repositoriesList.add(
                                     Repository(

src/main/kotlin/net/leanix/vsm/sbomBooster/service/MtMService.kt

@@ -29,7 +29,8 @@ class MtMService(
         val httpEntity: HttpEntity<*> = HttpEntity<MultiValueMap<String, String>>(requestBody, headers)
 
         val responseEntity = restTemplate.postForEntity(
-            "https://$host.leanix.net/services/mtm/v1/oauth2/token ", httpEntity,
+            "https://$host.leanix.net/services/mtm/v1/oauth2/token ",
+            httpEntity,
             MtMResponse::class.java
         )
 

src/main/kotlin/net/leanix/vsm/sbomBooster/service/OrtService.kt

@@ -47,8 +47,10 @@ class OrtService(
             "leanixacrpublic.azurecr.io/ort",
             loggingParameter(),
             "download",
-            "--project-url", projectUrl,
-            "-o", "/project/$downloadFolder"
+            "--project-url",
+            projectUrl,
+            "-o",
+            "/project/$downloadFolder"
         )
         addOrtArgs(args, ortArgs)
 
@@ -65,13 +67,16 @@ class OrtService(
     }
 
     fun analyzeProject(projectUrl: String, downloadFolder: String): String {
-
         val ortFolder = "${projectUrl.substringAfterLast("/")}_ORT_produced_files"
 
         val args = mutableListOf(
-            "docker", "run", "--rm",
-            "-v", "${Paths.get(propertiesConfiguration.mountedVolume).toAbsolutePath()}:/project",
-            "-e", "ORT_CONFIG_DIR=/project/config",
+            "docker",
+            "run",
+            "--rm",
+            "-v",
+            "${Paths.get(propertiesConfiguration.mountedVolume).toAbsolutePath()}:/project",
+            "-e",
+            "ORT_CONFIG_DIR=/project/config",
         )
 
         addProxyEnvValues(args)
@@ -80,8 +85,10 @@ class OrtService(
             "leanixacrpublic.azurecr.io/ort",
             loggingParameter(),
             "analyze",
-            "-i", "/project/$downloadFolder",
-            "-o", "/project/$ortFolder",
+            "-i",
+            "/project/$downloadFolder",
+            "-o",
+            "/project/$ortFolder",
         )
 
         addOrtArgs(args, ortArgs)
@@ -102,9 +109,13 @@ class OrtService(
 
     fun generateSbom(projectUrl: String) {
         val args = mutableListOf(
-            "docker", "run", "--rm",
-            "-v", "${Paths.get(propertiesConfiguration.mountedVolume).toAbsolutePath()}:/project",
-            "-e", "ORT_CONFIG_DIR=/project/config",
+            "docker",
+            "run",
+            "--rm",
+            "-v",
+            "${Paths.get(propertiesConfiguration.mountedVolume).toAbsolutePath()}:/project",
+            "-e",
+            "ORT_CONFIG_DIR=/project/config",
         )
 
         addProxyEnvValues(args)

src/main/kotlin/net/leanix/vsm/sbomBooster/service/VsmDiscoveryService.kt

@@ -104,7 +104,8 @@ class VsmDiscoveryService(
         val httpEntity: HttpEntity<MultiValueMap<String, HttpEntity<*>>> = HttpEntity(multipartBody, headers)
 
         val responseEntity = restTemplate.postForEntity(
-            "https://$region-vsm.leanix.net/services/vsm/discovery/v1/service", httpEntity,
+            "https://$region-vsm.leanix.net/services/vsm/discovery/v1/service",
+            httpEntity,
             String::class.java
         )