Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fetch RAISR internal work with upstream main. #19

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Mionsz
Copy link
Collaborator

@Mionsz Mionsz commented Dec 20, 2024

Fetch RAISR internal work with upstream main.

Added RockyLinux:9 and RockyLinux:9-mini
Added RockyLinux:9:

  • based on IntelOneApi Dockerfile
  • big image is downloaded and about 16Gb of space required
  • runtime image based on RockyLinux9

Added RockyLinux:9-mini:

  • based on Rocky Linux version 9 Dockerfile
  • small image used in both stages
  • takes more time to build and uses yum repositories

Added Ubuntu20.04:

  • based on Ubuntu22.04 Dockerfile
  • usees IntelOneApi Dockerfile as a based

Minor to medium changes made to the repository
code and other Dockerfiles.

Fetch RAISR internal work with upstream main.

Added RockyLinux:9 and RockyLinux:9-mini
Added RockyLinux:9:
- based on IntelOneApi Dockerfile
- big image is downloaded and about 16Gb of space required
- runtime image based on RockyLinux9

Added RockyLinux:9-mini:
- based on Rocky Linux version 9 Dockerfile
- small image used in both stages
- takes more time to build and uses yum repositories

Added Ubuntu20.04:
- based on Ubuntu22.04 Dockerfile
- usees IntelOneApi Dockerfile as a based

Minor to medium changes made to  the repository
code and other Dockerfiles.

Signed-off-by: Milosz Linkiewicz <milosz.linkiewicz@intel.com>
@@ -0,0 +1,132 @@
# syntax=docker/dockerfile:1

Check failure

Code scanning / Trivy

Image user should not be &#39;root&#39; High

Artifact: docker/Xeon/Dockerfile.centos9
Type: dockerfile
Vulnerability DS002
Severity: HIGH
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Link: DS002
Comment on lines +25 to +36
RUN yum install -y \
wget bash git make cmake \
glibc bzip2 \
zlib-devel \
texinfo \
intel-oneapi-ipp-devel \
gcc-toolset-12-gcc-c++ \
gcc-toolset-12-gcc \
gcc-toolset-12-binutils && \
wget --tries=5 --progress=dot:giga ${NASM_RPM_LINK} && \
yum localinstall -y nasm-2.15.03-7.el9.x86_64.rpm && \
rm -f nasm-2.15.03-7.el9.x86_64.rpm

Check notice

Code scanning / Trivy

RUN using &#39;wget&#39; and &#39;curl&#39; Low

Artifact: docker/Xeon/Dockerfile.centos9
Type: dockerfile
Vulnerability DS014
Severity: LOW
Message: Shouldn't use both curl and wget
Link: DS014
Comment on lines +25 to +36
RUN yum install -y \
wget bash git make cmake \
glibc bzip2 \
zlib-devel \
texinfo \
intel-oneapi-ipp-devel \
gcc-toolset-12-gcc-c++ \
gcc-toolset-12-gcc \
gcc-toolset-12-binutils && \
wget --tries=5 --progress=dot:giga ${NASM_RPM_LINK} && \
yum localinstall -y nasm-2.15.03-7.el9.x86_64.rpm && \
rm -f nasm-2.15.03-7.el9.x86_64.rpm

Check failure

Code scanning / Trivy

&#39;yum clean all&#39; missing High

Artifact: docker/Xeon/Dockerfile.centos9
Type: dockerfile
Vulnerability DS015
Severity: HIGH
Message: 'yum clean all' is missed: yum install -y wget bash git make cmake glibc bzip2 zlib-devel texinfo intel-oneapi-ipp-devel gcc-toolset-12-gcc-c++ gcc-toolset-12-gcc gcc-toolset-12-binutils && wget --tries=5 --progress=dot:giga ${NASM_RPM_LINK} && yum localinstall -y nasm-2.15.03-7.el9.x86_64.rpm && rm -f nasm-2.15.03-7.el9.x86_64.rpm
Link: DS015
Comment on lines +38 to +39
RUN yum group list && \
yum group install "Development Tools" -y

Check failure

Code scanning / Trivy

&#39;yum clean all&#39; missing High

Artifact: docker/Xeon/Dockerfile.centos9
Type: dockerfile
Vulnerability DS015
Severity: HIGH
Message: 'yum clean all' is missed: yum group list && yum group install "Development Tools" -y
Link: DS015
Comment on lines +116 to +117
RUN yum install -y \
sudo bash git make

Check failure

Code scanning / Trivy

&#39;yum clean all&#39; missing High

Artifact: docker/Xeon/Dockerfile.centos9
Type: dockerfile
Vulnerability DS015
Severity: HIGH
Message: 'yum clean all' is missed: yum install -y sudo bash git make
Link: DS015
@@ -0,0 +1,137 @@
# syntax=docker/dockerfile:1

Check failure

Code scanning / Trivy

Image user should not be &#39;root&#39; High

Artifact: docker/Xeon/Dockerfile.rockylinux9
Type: dockerfile
Vulnerability DS002
Severity: HIGH
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Link: DS002
Comment on lines +30 to +43
RUN yum install -y \
wget bash \
git make \
cmake \
glibc \
bzip2 \
zlib-devel && \
wget --tries=5 --progress=dot:giga ${NASM_RPM_LINK} && \
yum localinstall -y nasm-2.15.03-7.el9.x86_64.rpm && \
rm -f nasm-2.15.03-7.el9.x86_64.rpm && \
yum group list && \
yum group install "Development Tools" -y && \
yum clean all && \
rm -rf /var/cache/yum

Check notice

Code scanning / Trivy

RUN using &#39;wget&#39; and &#39;curl&#39; Low

Artifact: docker/Xeon/Dockerfile.rockylinux9
Type: dockerfile
Vulnerability DS014
Severity: LOW
Message: Shouldn't use both curl and wget
Link: DS014
@@ -0,0 +1,136 @@
# syntax=docker/dockerfile:1

Check failure

Code scanning / Trivy

Image user should not be &#39;root&#39; High

Artifact: docker/Xeon/Dockerfile.rockylinux9-mini
Type: dockerfile
Vulnerability DS002
Severity: HIGH
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Link: DS002
Comment on lines +26 to +42
RUN yum install -y \
wget bash \
git make cmake \
glibc \
bzip2 \
zlib-devel \
intel-oneapi-ipp-devel \
gcc-toolset-12-gcc-c++ \
gcc-toolset-12-gcc \
gcc-toolset-12-binutils && \
wget --tries=5 --progress=dot:giga ${NASM_RPM_LINK} && \
yum localinstall -y nasm-2.15.03-7.el9.x86_64.rpm && \
rm -f nasm-2.15.03-7.el9.x86_64.rpm && \
yum group list && \
yum group install "Development Tools" -y && \
yum clean all && \
rm -rf /var/cache/yum

Check notice

Code scanning / Trivy

RUN using &#39;wget&#39; and &#39;curl&#39; Low

Artifact: docker/Xeon/Dockerfile.rockylinux9-mini
Type: dockerfile
Vulnerability DS014
Severity: LOW
Message: Shouldn't use both curl and wget
Link: DS014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant