-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile
More file actions
44 lines (34 loc) · 1.41 KB
/
Dockerfile
File metadata and controls
44 lines (34 loc) · 1.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# This dockerfile builds a container that pulls down and runs the latest version of BenchmarkJava
FROM ubuntu:latest
MAINTAINER "Dave Wichers [email protected]"
RUN apt-get update
RUN DEBIAN_FRONTEND="noninteractive" apt-get -y install tzdata
RUN apt-get install -q -y \
openjdk-11-jre-headless \
openjdk-11-jdk \
git \
maven \
wget \
iputils-ping \
&& apt-get clean
RUN mkdir /owasp
WORKDIR /owasp
# Download, build, install Benchmark Utilities required by crawler and scorecard generation
RUN git clone https://github.com/OWASP-Benchmark/BenchmarkUtils.git
WORKDIR /owasp/BenchmarkUtils
RUN mvn install
# Download, build BenchmarkJava
WORKDIR /owasp
RUN git clone https://github.com/OWASP-Benchmark/BenchmarkJava
# Workaround for security fix for CVE-2022-24765
RUN git config --global --add safe.directory /owasp/BenchmarkJava
WORKDIR /owasp/BenchmarkJava
RUN mvn clean package cargo:install
RUN useradd -d /home/bench -m -s /bin/bash bench
RUN echo bench:bench | chpasswd
RUN chown -R bench /owasp/
ENV PATH /owasp/BenchmarkJava:$PATH
# start up Benchmark once, for 60 seconds, then kill it, so the additional dependencies required to run it are downloaded/cached in the image as well.
# exit 0 is required to return a 'success' code, otherwise the timeout returns a failure code, causing the Docker build to fail.
WORKDIR /owasp/BenchmarkJava
RUN timeout 60 ./runBenchmark.sh; exit 0