Generate open source notice for scanner (#489)

stackrox · Sep 27, 2021 · 87f9970 · 87f9970
1 parent 7e68302
commit 87f9970
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 2 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -343,6 +343,8 @@ commands:
             unzip -d image/scanner/dump /tmp/k8s-definitions.zip
             unzip -d image/scanner/dump /tmp/repo2cpe.zip
 
+      - install-ossls
+
       - run:
           name: Build images
           command: make << parameters.make-image-target >>
@@ -636,6 +638,19 @@ commands:
           path: /tmp/metrics
           destination: metrics
 
+  install-ossls:
+    steps:
+    - run:
+        name: Install ossls
+        working_directory: /tmp
+        command: |
+          wget --quiet https://github.com/gruntwork-io/fetch/releases/download/v0.3.5/fetch_linux_amd64
+          sudo install fetch_linux_amd64 /usr/bin/fetch
+          export GITHUB_OAUTH_TOKEN="$GITHUB_TOKEN"
+          fetch --repo="https://github.com/stackrox/ossls" --tag="0.10.1" --release-asset="ossls_linux_amd64" .
+          sudo install ossls_linux_amd64 /usr/bin/ossls
+          ossls version
+
 jobs:
   unit-tests:
     <<: *defaults

diff --git a/.ossls.yml b/.ossls.yml
@@ -0,0 +1,17 @@
+gomod:
+  mod-file: go.mod
+
+patterns:
+- "*AUTHOR*"
+- "*COPYING*"
+- "*LICENSE*"
+- "*LICENCE*"
+- "*NOTICE*"
+- '~^.*(?i:notice|licen[cs]e).*\.(?i:txt|md)$'
+- "package.json"
+
+excludePatterns:
+- "*.go"
+- "*.js"
+- "*.ts"
+- "*.sh"
diff --git a/Makefile b/Makefile
@@ -168,7 +168,7 @@ $(CURDIR)/image/db/rhel/bundle.tar.gz:
 	$(CURDIR)/image/db/rhel/create-bundle.sh $(CURDIR)/image/db $(CURDIR)/image/db/rhel
 
 .PHONY: scanner-image
-scanner-image: scanner-build-dockerized $(CURDIR)/image/scanner/rhel/bundle.tar.gz
+scanner-image: scanner-build-dockerized ossls-notice $(CURDIR)/image/scanner/rhel/bundle.tar.gz
 	@echo "+ $@"
 	@docker build -t us.gcr.io/stackrox-ci/scanner:$(TAG) -f image/scanner/rhel/Dockerfile image/scanner/rhel
 
@@ -192,6 +192,11 @@ deploy-dockerhub: clean-helm-rendered
 	helm template scanner chart/ --set tag=$(TAG),logLevel=$(LOGLEVEL),updateInterval=2m,scannerImage=stackrox/scanner,scannerDBImage=stackrox/scanner-db --output-dir rendered-chart
 	kubectl apply -R -f rendered-chart
 
+.PHONY: ossls-notice
+ossls-notice: deps
+	ossls version
+	ossls audit --export image/scanner/rhel/THIRD_PARTY_NOTICES
+
 ###########
 ## Tests ##
 ###########

diff --git a/image/scanner/rhel/.gitignore b/image/scanner/rhel/.gitignore
@@ -2,4 +2,4 @@ bundle.tar.gz
 bundle.tar.gz.sha512
 prebuild.sh
 scripts
-
+/THIRD_PARTY_NOTICES/
diff --git a/image/scanner/rhel/Dockerfile b/image/scanner/rhel/Dockerfile
@@ -29,6 +29,8 @@ COPY --from=extracted_bundle "/bundle${NVD_DEFINITIONS_DIR}/" ".${NVD_DEFINITION
 COPY --from=extracted_bundle "/bundle${K8S_DEFINITIONS_DIR}/" ".${K8S_DEFINITIONS_DIR}/"
 COPY --from=extracted_bundle "/bundle${REPO_TO_CPE_DIR}/" ".${REPO_TO_CPE_DIR}/"
 
+COPY ./THIRD_PARTY_NOTICES/ /THIRD_PARTY_NOTICES/
+
 RUN dnf upgrade -y && \
     dnf install -y ca-certificates xz && \
     dnf clean all && \