-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fetch RAISR internal work with upstream main. #19
base: main
Are you sure you want to change the base?
Conversation
Fetch RAISR internal work with upstream main. Added RockyLinux:9 and RockyLinux:9-mini Added RockyLinux:9: - based on IntelOneApi Dockerfile - big image is downloaded and about 16Gb of space required - runtime image based on RockyLinux9 Added RockyLinux:9-mini: - based on Rocky Linux version 9 Dockerfile - small image used in both stages - takes more time to build and uses yum repositories Added Ubuntu20.04: - based on Ubuntu22.04 Dockerfile - usees IntelOneApi Dockerfile as a based Minor to medium changes made to the repository code and other Dockerfiles. Signed-off-by: Milosz Linkiewicz <milosz.linkiewicz@intel.com>
@@ -0,0 +1,132 @@ | |||
# syntax=docker/dockerfile:1 |
Check failure
Code scanning / Trivy
Image user should not be 'root' High
Type: dockerfile
Vulnerability DS002
Severity: HIGH
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Link: DS002
RUN yum install -y \ | ||
wget bash git make cmake \ | ||
glibc bzip2 \ | ||
zlib-devel \ | ||
texinfo \ | ||
intel-oneapi-ipp-devel \ | ||
gcc-toolset-12-gcc-c++ \ | ||
gcc-toolset-12-gcc \ | ||
gcc-toolset-12-binutils && \ | ||
wget --tries=5 --progress=dot:giga ${NASM_RPM_LINK} && \ | ||
yum localinstall -y nasm-2.15.03-7.el9.x86_64.rpm && \ | ||
rm -f nasm-2.15.03-7.el9.x86_64.rpm |
Check notice
Code scanning / Trivy
RUN using 'wget' and 'curl' Low
Type: dockerfile
Vulnerability DS014
Severity: LOW
Message: Shouldn't use both curl and wget
Link: DS014
RUN yum install -y \ | ||
wget bash git make cmake \ | ||
glibc bzip2 \ | ||
zlib-devel \ | ||
texinfo \ | ||
intel-oneapi-ipp-devel \ | ||
gcc-toolset-12-gcc-c++ \ | ||
gcc-toolset-12-gcc \ | ||
gcc-toolset-12-binutils && \ | ||
wget --tries=5 --progress=dot:giga ${NASM_RPM_LINK} && \ | ||
yum localinstall -y nasm-2.15.03-7.el9.x86_64.rpm && \ | ||
rm -f nasm-2.15.03-7.el9.x86_64.rpm |
Check failure
Code scanning / Trivy
'yum clean all' missing High
Type: dockerfile
Vulnerability DS015
Severity: HIGH
Message: 'yum clean all' is missed: yum install -y wget bash git make cmake glibc bzip2 zlib-devel texinfo intel-oneapi-ipp-devel gcc-toolset-12-gcc-c++ gcc-toolset-12-gcc gcc-toolset-12-binutils && wget --tries=5 --progress=dot:giga ${NASM_RPM_LINK} && yum localinstall -y nasm-2.15.03-7.el9.x86_64.rpm && rm -f nasm-2.15.03-7.el9.x86_64.rpm
Link: DS015
RUN yum group list && \ | ||
yum group install "Development Tools" -y |
Check failure
Code scanning / Trivy
'yum clean all' missing High
Type: dockerfile
Vulnerability DS015
Severity: HIGH
Message: 'yum clean all' is missed: yum group list && yum group install "Development Tools" -y
Link: DS015
RUN yum install -y \ | ||
sudo bash git make |
Check failure
Code scanning / Trivy
'yum clean all' missing High
Type: dockerfile
Vulnerability DS015
Severity: HIGH
Message: 'yum clean all' is missed: yum install -y sudo bash git make
Link: DS015
@@ -0,0 +1,137 @@ | |||
# syntax=docker/dockerfile:1 |
Check failure
Code scanning / Trivy
Image user should not be 'root' High
Type: dockerfile
Vulnerability DS002
Severity: HIGH
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Link: DS002
RUN yum install -y \ | ||
wget bash \ | ||
git make \ | ||
cmake \ | ||
glibc \ | ||
bzip2 \ | ||
zlib-devel && \ | ||
wget --tries=5 --progress=dot:giga ${NASM_RPM_LINK} && \ | ||
yum localinstall -y nasm-2.15.03-7.el9.x86_64.rpm && \ | ||
rm -f nasm-2.15.03-7.el9.x86_64.rpm && \ | ||
yum group list && \ | ||
yum group install "Development Tools" -y && \ | ||
yum clean all && \ | ||
rm -rf /var/cache/yum |
Check notice
Code scanning / Trivy
RUN using 'wget' and 'curl' Low
Type: dockerfile
Vulnerability DS014
Severity: LOW
Message: Shouldn't use both curl and wget
Link: DS014
@@ -0,0 +1,136 @@ | |||
# syntax=docker/dockerfile:1 |
Check failure
Code scanning / Trivy
Image user should not be 'root' High
Type: dockerfile
Vulnerability DS002
Severity: HIGH
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Link: DS002
RUN yum install -y \ | ||
wget bash \ | ||
git make cmake \ | ||
glibc \ | ||
bzip2 \ | ||
zlib-devel \ | ||
intel-oneapi-ipp-devel \ | ||
gcc-toolset-12-gcc-c++ \ | ||
gcc-toolset-12-gcc \ | ||
gcc-toolset-12-binutils && \ | ||
wget --tries=5 --progress=dot:giga ${NASM_RPM_LINK} && \ | ||
yum localinstall -y nasm-2.15.03-7.el9.x86_64.rpm && \ | ||
rm -f nasm-2.15.03-7.el9.x86_64.rpm && \ | ||
yum group list && \ | ||
yum group install "Development Tools" -y && \ | ||
yum clean all && \ | ||
rm -rf /var/cache/yum |
Check notice
Code scanning / Trivy
RUN using 'wget' and 'curl' Low
Type: dockerfile
Vulnerability DS014
Severity: LOW
Message: Shouldn't use both curl and wget
Link: DS014
Fetch RAISR internal work with upstream main.
Added RockyLinux:9 and RockyLinux:9-mini
Added RockyLinux:9:
Added RockyLinux:9-mini:
Added Ubuntu20.04:
Minor to medium changes made to the repository
code and other Dockerfiles.