chore(deps): bump bellsoft/liberica-openjdk-alpine from 17.0.12 to 23-38 in /docker-jans-scim

[dependabot]

Bumps bellsoft/liberica-openjdk-alpine from 17.0.12 to 23-38.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The provided code changes for the docker-jans-scim/Dockerfile file focus on upgrading the Java version, synchronizing necessary assets, and configuring the Janssen SCIM server's environment and dependencies to address several important security considerations.

Expand for full summary

Summary:

The provided code changes for the docker-jans-scim/Dockerfile file focus on upgrading the Java version, synchronizing necessary assets, and configuring the Janssen SCIM (System for Cross-domain Identity Management) server's environment and dependencies. From an application security perspective, these changes address several important security considerations:

1. Java Version Upgrade: Upgrading the Java version from 17 to 23 is a positive step, as it ensures that the application is running on the latest version of Java, which may include important security fixes and improvements. However, it's essential to thoroughly test the application after the upgrade to ensure that there are no compatibility issues or regressions.

2. Asset Synchronization: The synchronization of static files, configuration templates, and resources from the jans-linux-setup and jans-scim repositories helps ensure that the necessary files and configurations are included in the Docker image, which can contribute to the overall security of the application.

3. Environment Variables: The large number of environment variables related to configuration, secrets, and persistence are important from a security perspective. It's crucial to ensure that these environment variables are properly secured and that sensitive information, such as passwords and certificates, are not exposed in the Docker image or at runtime.

4. Jetty Configuration: The Jetty web server configuration, including setting the showContexts property to false and adjusting the ownership and permissions of various directories and files, helps address potential security concerns related to the disclosure of sensitive information and file access.

Files Changed:

• docker-jans-scim/Dockerfile: This file is responsible for building the Docker image for the Janssen SCIM server. The key changes include:
  • Upgrading the base Java version from 17 to 23
  • Synchronizing various static files, configuration templates, and resources from the jans-linux-setup and jans-scim repositories
  • Setting a large number of environment variables related to configuration, secrets, and persistence
  • Configuring the Jetty web server, including setting the showContexts property to false and adjusting file ownership and permissions

Overall, the code changes in this pull request appear to be addressing several important security considerations, such as using the latest Java version, managing sensitive configuration and secrets, and ensuring proper Jetty configuration. However, it's always recommended to thoroughly review the entire codebase and perform comprehensive security testing to identify and address any potential vulnerabilities.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[iromli]

The suggested version is incompatible.

@dependabot ignore this major version

[dependabot]

OK, I won't notify you about version 23-38.x.x again, unless you re-open this PR.