Merge pull request #6 from sentoz/feat_dependency_update

Feat dependency update

CHANGELOG.md

@@ -5,6 +5,16 @@ All noticeable changes to this project will be documented in this file.
 The format is based on [changelog][keepachangelog], and this project adheres
 to [semantic versioning][semver].
 
+## [0.1.2][] `2023-12-27`
+
+### Changed
+
+* Update dependency check 9.0.7
+* Update sonar scanner cli 5.0.1.3006
+* Update dotnet-sonarscanner 6.0
+* Update postgres driver 42.7.0
+* Update mysql driver 8.2.0
+
 ## [0.1.1][] `2023-11-16`
 
 ### Fixed
@@ -25,5 +35,6 @@ to [semantic versioning][semver].
 
 <!-- Tags -->
 
+[0.1.2]: https://github.com/sentoz/multi-sonarqube-scanner-cli/tree/0.1.2
 [0.1.1]: https://github.com/sentoz/multi-sonarqube-scanner-cli/tree/0.1.1
 [0.1.0]: https://github.com/sentoz/multi-sonarqube-scanner-cli/tree/0.1.0

Dockerfile.base-focal

@@ -4,15 +4,15 @@ FROM eclipse-temurin:17-jdk-focal
 LABEL org.opencontainers.image.authors="Dmitriy Okladin <sentoz66@gmail.com>"
 LABEL org.opencontainers.image.source="https://github.com/sentoz/multi-sonarqube-scanner-cli"
 
-ARG POSTGRES_DRIVER_VERSION=42.2.19
-ARG MYSQL_DRIVER_VERSION=8.0.23
-ARG DEPENDENCY_CHECK_VERSION=8.1.2
+ARG POSTGRES_DRIVER_VERSION=42.7.0
+ARG MYSQL_DRIVER_VERSION=8.2.0
+ARG DEPENDENCY_CHECK_VERSION=9.0.7
 ARG DEPENDENCY_CHECK_HOME=/opt/dependency-check
 
 ARG SONARQUBE_TOKEN
 ARG SONARQUBE_URL
 
-ARG SONAR_SCANNER_VERSION=4.8.0.2856
+ARG SONAR_SCANNER_VERSION=5.0.1.3006
 
 ARG SONAR_SCANNER_HOME=/opt/sonar-scanner
 
@@ -47,10 +47,10 @@ RUN set -eux; \
     unzip dependency-check.zip; \
     rm dependency-check.zip; \
     wget -U "scannercli" -q -O "$DEPENDENCY_CHECK_HOME/plugins/postgresql-$POSTGRES_DRIVER_VERSION.jar" https://jdbc.postgresql.org/download/postgresql-$POSTGRES_DRIVER_VERSION.jar; \
-    wget -U "scannercli" -q -O /opt/mysql-connector-java-$MYSQL_DRIVER_VERSION.zip https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-$MYSQL_DRIVER_VERSION.zip; \
-    unzip mysql-connector-java-$MYSQL_DRIVER_VERSION.zip; \
-    mv mysql-connector-java-$MYSQL_DRIVER_VERSION/mysql-connector-java-$MYSQL_DRIVER_VERSION.jar $DEPENDENCY_CHECK_HOME/plugins/mysql-connector-java-$MYSQL_DRIVER_VERSION.jar; \
-    rm -rf mysql-connector-java-$MYSQL_DRIVER_VERSION.zip mysql-connector-java-$MYSQL_DRIVER_VERSION; \
+    wget -U "scannercli" -q -O /opt/mysql-connector-j-$MYSQL_DRIVER_VERSION.zip https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-$MYSQL_DRIVER_VERSION.zip; \
+    unzip mysql-connector-j-$MYSQL_DRIVER_VERSION.zip; \
+    mv mysql-connector-j-$MYSQL_DRIVER_VERSION/mysql-connector-j-$MYSQL_DRIVER_VERSION.jar $DEPENDENCY_CHECK_HOME/plugins/mysql-connector-j-$MYSQL_DRIVER_VERSION.jar; \
+    rm -rf mysql-connector-j-$MYSQL_DRIVER_VERSION.zip mysql-connector-j-$MYSQL_DRIVER_VERSION; \
     unzip sonar-scanner-cli.zip; \
     rm sonar-scanner-cli.zip sonar-scanner-cli.zip.asc; \
     mv "sonar-scanner-$SONAR_SCANNER_VERSION" "$SONAR_SCANNER_HOME";

Dockerfile.base-jammy

@@ -4,15 +4,15 @@ FROM eclipse-temurin:17-jdk
 LABEL org.opencontainers.image.authors="Dmitriy Okladin <sentoz66@gmail.com>"
 LABEL org.opencontainers.image.source="https://github.com/sentoz/multi-sonarqube-scanner-cli"
 
-ARG POSTGRES_DRIVER_VERSION=42.2.19
-ARG MYSQL_DRIVER_VERSION=8.0.23
-ARG DEPENDENCY_CHECK_VERSION=8.1.2
+ARG POSTGRES_DRIVER_VERSION=42.7.0
+ARG MYSQL_DRIVER_VERSION=8.2.0
+ARG DEPENDENCY_CHECK_VERSION=9.0.7
 ARG DEPENDENCY_CHECK_HOME=/opt/dependency-check
 
 ARG SONARQUBE_TOKEN
 ARG SONARQUBE_URL
 
-ARG SONAR_SCANNER_VERSION=4.8.0.2856
+ARG SONAR_SCANNER_VERSION=5.0.1.3006
 
 ARG SONAR_SCANNER_HOME=/opt/sonar-scanner
 
@@ -47,10 +47,10 @@ RUN set -eux; \
     unzip dependency-check.zip; \
     rm dependency-check.zip; \
     wget -U "scannercli" -q -O "$DEPENDENCY_CHECK_HOME/plugins/postgresql-$POSTGRES_DRIVER_VERSION.jar" https://jdbc.postgresql.org/download/postgresql-$POSTGRES_DRIVER_VERSION.jar; \
-    wget -U "scannercli" -q -O /opt/mysql-connector-java-$MYSQL_DRIVER_VERSION.zip https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-$MYSQL_DRIVER_VERSION.zip; \
-    unzip mysql-connector-java-$MYSQL_DRIVER_VERSION.zip; \
-    mv mysql-connector-java-$MYSQL_DRIVER_VERSION/mysql-connector-java-$MYSQL_DRIVER_VERSION.jar $DEPENDENCY_CHECK_HOME/plugins/mysql-connector-java-$MYSQL_DRIVER_VERSION.jar; \
-    rm -rf mysql-connector-java-$MYSQL_DRIVER_VERSION.zip mysql-connector-java-$MYSQL_DRIVER_VERSION; \
+    wget -U "scannercli" -q -O /opt/mysql-connector-j-$MYSQL_DRIVER_VERSION.zip https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-$MYSQL_DRIVER_VERSION.zip; \
+    unzip mysql-connector-j-$MYSQL_DRIVER_VERSION.zip; \
+    mv mysql-connector-j-$MYSQL_DRIVER_VERSION/mysql-connector-j-$MYSQL_DRIVER_VERSION.jar $DEPENDENCY_CHECK_HOME/plugins/mysql-connector-j-$MYSQL_DRIVER_VERSION.jar; \
+    rm -rf mysql-connector-j-$MYSQL_DRIVER_VERSION.zip mysql-connector-j-$MYSQL_DRIVER_VERSION; \
     unzip sonar-scanner-cli.zip; \
     rm sonar-scanner-cli.zip sonar-scanner-cli.zip.asc; \
     mv "sonar-scanner-$SONAR_SCANNER_VERSION" "$SONAR_SCANNER_HOME";

Dockerfile.dotnet-3.1

@@ -10,7 +10,7 @@ ARG SONARQUBE_URL
 
 ARG SONAR_SCANNER_HOME=/opt/sonar-scanner
 
-ARG DOTNET_SONARSCANNER_VERSION=5.5.3
+ARG DOTNET_SONARSCANNER_VERSION=6.0
 
 ENV HOME=/tmp
 ENV XDG_CONFIG_HOME=/tmp

Dockerfile.dotnet-5.0

@@ -10,7 +10,7 @@ ARG SONARQUBE_URL
 
 ARG SONAR_SCANNER_HOME=/opt/sonar-scanner
 
-ARG DOTNET_SONARSCANNER_VERSION=5.5.3
+ARG DOTNET_SONARSCANNER_VERSION=6.0
 
 ENV HOME=/tmp
 ENV XDG_CONFIG_HOME=/tmp

Dockerfile.dotnet-6.0

@@ -10,7 +10,7 @@ ARG SONARQUBE_URL
 
 ARG SONAR_SCANNER_HOME=/opt/sonar-scanner
 
-ARG DOTNET_SONARSCANNER_VERSION=5.11
+ARG DOTNET_SONARSCANNER_VERSION=6.0
 
 ENV HOME=/tmp
 ENV XDG_CONFIG_HOME=/tmp

Dockerfile.dotnet-7.0

@@ -10,7 +10,7 @@ ARG SONARQUBE_URL
 
 ARG SONAR_SCANNER_HOME=/opt/sonar-scanner
 
-ARG DOTNET_SONARSCANNER_VERSION=5.11
+ARG DOTNET_SONARSCANNER_VERSION=6.0
 
 ENV HOME=/tmp
 ENV XDG_CONFIG_HOME=/tmp

README.md

@@ -55,13 +55,13 @@ Special thanks to [WoozyMasta][] for the utility [guassp][].
 
 You need to pass arguments to build.:
 
-* **`SONAR_SCANNER_VERSION`**=`4.8.0.2856` - version of the scanner, you can
+* **`SONAR_SCANNER_VERSION`**=`5.0.1.3006` - version of the scanner, you can
   take in project repositories [sonar-scanner-cli][]
-* **`DOTNET_SONARSCANNER_VERSION`**=`5.11` - dotnet-sonarscanner version
+* **`DOTNET_SONARSCANNER_VERSION`**=`6.0` - dotnet-sonarscanner version
 * **`GRADLE_VERSION`**=`8.1.1` - gradle version
-* **`POSTGRES_DRIVER_VERSION`**=`42.2.19` - postgres driver version
-* **`MYSQL_DRIVER_VERSION`**=`8.0.23` - mysql driver version
-* **`DEPENDENCY_CHECK_VERSION`**=`8.1.2` - [DependencyCheck][] version
+* **`POSTGRES_DRIVER_VERSION`**=`42.7.0` - postgres driver version
+* **`MYSQL_DRIVER_VERSION`**=`8.2.0` - mysql driver version
+* **`DEPENDENCY_CHECK_VERSION`**=`9.0.7` - [DependencyCheck][] version
 
 ### Building an Image with a Plugin Cache
 
@@ -198,7 +198,7 @@ data from it, and not download it from the Internet at each start.
 * **`OWASP_DEPENDENCY_CHECK_DB_STRING`** - database connection string
 * **`OWASP_DEPENDENCY_CHECK_DB_PASSWORD`** - database connection password
 * **`OWASP_DEPENDENCY_CHECK_DB_USER`** - username to connect to the database
-* **`OWASP_DEPENDENCY_CHECK_CVE_VALID_HOURS`** - `24` - The number of hours
+* **`OWASP_DEPENDENCY_CHECK_NVD_VALID_HOURS`** - `24` - The number of hours
   after which the NVD will check for a database update.
 
 #### Criteria for evaluation

README_RU.md

@@ -55,13 +55,13 @@
 
 Для сборки необходимо передать аргументы:
 
-* **`SONAR_SCANNER_VERSION`**=`4.8.0.2856` - версия сканера, взять можно в
+* **`SONAR_SCANNER_VERSION`**=`5.0.1.3006` - версия сканера, взять можно в
   репозитории проекта [sonar-scanner-cli][]
-* **`DOTNET_SONARSCANNER_VERSION`**=`5.4.1` - версия dotnet-sonarscanner
+* **`DOTNET_SONARSCANNER_VERSION`**=`6.0` - версия dotnet-sonarscanner
 * **`GRADLE_VERSION`**=`8.1.1` - версия gradle
-* **`POSTGRES_DRIVER_VERSION`**=`42.2.19` - версия драйвера postgres
-* **`MYSQL_DRIVER_VERSION`**=`8.0.23` - версия драйвера mysql
-* **`DEPENDENCY_CHECK_VERSION`**=`8.1.2` - версия [DependencyCheck][]
+* **`POSTGRES_DRIVER_VERSION`**=`42.7.0` - версия драйвера postgres
+* **`MYSQL_DRIVER_VERSION`**=`8.3.0` - версия драйвера mysql
+* **`DEPENDENCY_CHECK_VERSION`**=`9.0.7` - версия [DependencyCheck][]
 
 ### Сборка образа с кэшем плагинов
 
@@ -200,7 +200,7 @@
   данных
 * **`OWASP_DEPENDENCY_CHECK_DB_USER`** - имя пользователя для подключения к
   базе данных
-* **`OWASP_DEPENDENCY_CHECK_CVE_VALID_HOURS`** - `24` - Кол-во часов через
+* **`OWASP_DEPENDENCY_CHECK_NVD_VALID_HOURS`** - `24` - Кол-во часов через
   сколько будет выполняться проверка наличия обновления базы из NVD.
 
 #### Критерии оценки

scripts/dependency_check_run.sh

@@ -5,7 +5,7 @@
 # OWASP Dependency Check
 : "${OWASP_DEPENDENCY_CHECK_SUPPRESSIONS_FILE_PATH:=$PROJECT_DIR/suppression.xml}"
 : "${OWASP_DEPENDENCY_CHECK_DISABLE_OSS_INDEX:=true}"
-: "${OWASP_DEPENDENCY_CHECK_CVE_VALID_HOURS:=24}"
+: "${OWASP_DEPENDENCY_CHECK_NVD_VALID_HOURS:=24}"
 : "${OWASP_DEPENDENCY_CHECK_DB_DRIVER:-}"
 # Version of analyzed project
 version="${REF_NAME:-MR-${MERGE_REQUEST_ID:-0}}"
@@ -43,7 +43,7 @@ if [ -n "${OWASP_DEPENDENCY_CHECK_DB_DRIVER:-}" ] &&
     --connectionString "$OWASP_DEPENDENCY_CHECK_DB_STRING"
     --dbPassword "$OWASP_DEPENDENCY_CHECK_DB_PASSWORD"
     --dbUser "$OWASP_DEPENDENCY_CHECK_DB_USER"
-    --cveValidForHours "$OWASP_DEPENDENCY_CHECK_CVE_VALID_HOURS"
+    --nvdValidForHours "$OWASP_DEPENDENCY_CHECK_NVD_VALID_HOURS"
     --noupdate
   )
 else