Dockerfile.dotnet

FROM amazonlinux:2.0.20210721.2

RUN touch $HOME/.bashrc

RUN yum -y update
RUN yum -y install tar gzip unzip


RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
    && unzip awscliv2.zip \
    && ./aws/install

RUN rpm -Uvh https://packages.microsoft.com/config/centos/7/packages-microsoft-prod.rpm \
    && yum install -y dotnet-sdk-5.0 

COPY scripts/dotnet_scan.sh /scripts/dotnet_scan.sh 

ENTRYPOINT ["bash", "/scripts/dotnet_scan.sh"]

Dockerfile.node

FROM amazonlinux:2.0.20210721.2

RUN touch $HOME/.bashrc

RUN yum -y update
RUN yum -y install tar gzip unzip


RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
    && unzip awscliv2.zip \
    && ./aws/install

RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash \
    && export NVM_DIR=$HOME/.nvm \
    && [ -s $NVM_DIR/nvm.sh ] && \. $NVM_DIR/nvm.sh \
    && nvm install 10 \
    && nvm install 12 \
    && nvm install 14 

COPY scripts/node_scan.sh /scripts/node_scan.sh 

ENTRYPOINT ["bash", "/scripts/node_scan.sh"]

Dockerfile.python

FROM amazonlinux:2.0.20210721.2

RUN touch $HOME/.bashrc

RUN yum -y update
RUN yum -y install tar unzip gcc zlib-devel bzip2 bzip2-devel readline-devel sqlite \
    sqlite-devel openssl-devel xz xz-devel libffi-devel git make

RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
    && unzip awscliv2.zip \
    && ./aws/install

RUN git clone --depth=1 https://github.com/pyenv/pyenv.git .pyenv
ENV PYENV_ROOT $HOME/.pyenv
ENV PATH $PYENV_ROOT/shims:$PYENV_ROOT/bin:$PATH

RUN pyenv install 3.6.0 \
    && pyenv install 3.7.0 \
    && pyenv install 3.8.0 

COPY scripts/py_scan.sh /scripts/py_scan.sh 

ENTRYPOINT ["bash", "/scripts/py_scan.sh"]

dotnet_scan.sh

#!/bin/bash
. ~/.bashrc
echo 'Starting scan...'
echo "searching in $BUCKET/$FUNCTION_NAME"
mkdir scanning && cd scanning

curl $CODE_LOCATION --output dotnet.zip
unzip dotnet.zip && rm -rf dotnet.zip

echo $RUNTIME
rm -rf obj/
echo "Running dotnet restore..."
dotnet restore
echo "Running dotnet list package"
dotnet list package > packages.txt
cat packages.txt
dotnet list package --vulnerable > report.txt
cat report.txt

curl -v --upload-file report.txt $REPORT_PRESIGNED_URL
curl -v --upload-file packages.txt $PACKAGE_PRESIGNED_URL
# aws s3 cp report.txt "s3://${BUCKET}/${FUNCTION_NAME}/"
# aws s3 cp packages.txt "s3://${BUCKET}/${FUNCTION_NAME}/"
echo 'Finished scanning.'

node_scan.sh

#!/bin/bash
. ~/.bashrc
echo 'Starting scan...'
echo "searching in $BUCKET/$S3_PATH"
mkdir scanning && cd scanning

curl $CODE_LOCATION --output node.zip
unzip node.zip && rm -rf node.zip

echo $RUNTIME
echo "$RUNTIME" == "nodejs14.x"
if [ "$RUNTIME" == "nodejs14.x" ];then
    echo 'Testing a Node JS v14 function'
    nvm use 14
    npm audit > report.txt
    npm list > packages.txt

    echo 'Sending results of Node JS v14 function to buckets...'
    curl -v --upload-file report.txt $REPORT_PRESIGNED_URL
    curl -v --upload-file packages.txt $PACKAGE_PRESIGNED_URL
    # aws s3 cp report.txt "s3://${BUCKET}/${FUNCTION_NAME}/"
    # aws s3 cp packages.txt "s3://${BUCKET}/${FUNCTION_NAME}/"
    echo 'Sent!'
fi
echo 'Finished scanning.'

py_scan.sh

#!/bin/bash
. ~/.bashrc
mkdir scanning && cd scanning

curl $CODE_LOCATION --output py.zip
unzip py.zip && rm -rf py.zip
cd $FUNCTION_NAME

if [ "$RUNTIME" == "python3.8" ];then
    echo 'Scanning a Python 3.8 function package'
    pyenv global 3.8.0

    pip3 freeze > packages.txt
    pip3 install safety
    safety check > report.txt

    curl -v --upload-file report.txt $REPORT_PRESIGNED_URL
    curl -v --upload-file packages.txt $PACKAGE_PRESIGNED_URL
    # aws s3 cp report.txt "s3://${BUCKET}/${FUNCTION_NAME}/"
    # aws s3 cp packages.txt "s3://${BUCKET}/${FUNCTION_NAME}/"
fi
echo 'Finished scanning.'
echo $RUNTIME