merge

Signed-off-by: Amndeep Singh Mann <[email protected]>

.github/workflows/push-lite-to-docker.yml

@@ -8,21 +8,21 @@ jobs:
   docker:
     runs-on: ubuntu-22.04
     steps:
+      - name: Checkout the Heimdall Repository
+        uses: actions/checkout@v4
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Checkout the Heimdall Repository
-        uses: actions/checkout@v4
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile.lite
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall-lite:latest

.github/workflows/push-server-to-docker.yml

@@ -21,9 +21,9 @@ jobs:
           fetch-depth: 0
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall2:latest

.github/workflows/release-lite-to-docker.yml

@@ -8,8 +8,6 @@ jobs:
   docker:
     runs-on: ubuntu-22.04
     steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
       - name: Run string replace # remove the v from the version number before using it in the docker tag
         uses: frabert/replace-string-action@v2
         id: format-tag
@@ -18,19 +16,21 @@ jobs:
           string: '${{ github.event.release.tag_name }}'
           replace-with: ''
           flags: 'g'
+      - name: Checkout the Heimdall Repository
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Checkout the Heimdall Repository
-        uses: actions/checkout@v4
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile.lite
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall-lite:release-latest,mitre/heimdall-lite:${{ steps.format-tag.outputs.replaced }}

.github/workflows/release-server-to-docker.yml

@@ -13,13 +13,6 @@ jobs:
   docker:
     runs-on: ubuntu-22.04
     steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Run string replace # remove the v from the version number before using it in the docker tag
         uses: frabert/replace-string-action@v2
         id: format-tag
@@ -30,13 +23,20 @@ jobs:
           flags: 'g'
       - name: Checkout the Heimdall Repository
         uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall2:release-latest,mitre/heimdall2:${{ steps.format-tag.outputs.replaced }}
       - name: Get Docker SHA
         shell: bash

CHANGELOG

@@ -1,3 +1,189 @@
+v2.10.15
+
+## Bug Fixes
+- Remove passport openid @Amndeep7 (#6112)
+- SBOM Mapper @charleshu-8 (#5986)
+
+## Dependency Updates
+- Bump @aws-sdk/client-s3 from 3.632.0 to 3.633.0 @dependabot (#6113)
+- Bump elliptic from 6.5.5 to 6.5.7 @dependabot (#6110)
+- Bump @aws-sdk/client-config-service from 3.629.0 to 3.632.0 @dependabot (#6108)
+- Bump @aws-sdk/client-s3 from 3.631.0 to 3.632.0 @dependabot (#6109)
+- Bump @aws-sdk/client-sts from 3.631.0 to 3.632.0 @dependabot (#6107)
+- Bump cypress from 13.13.2 to 13.13.3 @dependabot (#6105)
+- Bump @aws-sdk/client-s3 from 3.629.0 to 3.631.0 @dependabot (#6102)
+- Bump winston from 3.14.1 to 3.14.2 @dependabot (#6104)
+- Bump @types/node from 22.2.0 to 22.3.0 @dependabot (#6101)
+
+v2.10.14
+
+## Bug Fixes
+
+- Twistlock Mapper Tweaks @charleshu-8 (#6054)
+
+## Dependency Updates
+
+- Bump tailwindcss from 3.4.9 to 3.4.10 @dependabot (#6099)
+- Bump axios from 1.7.3 to 1.7.4 @dependabot (#6100)
+- Bump @nestjs/testing from 10.4.0 to 10.4.1 @dependabot (#6096)
+- Bump @nestjs/platform-express from 10.3.10 to 10.4.1 @dependabot (#6095)
+- Bump @nestjs/common from 10.4.0 to 10.4.1 @dependabot (#6098)
+- Bump @nestjs/core from 10.4.0 to 10.4.1 @dependabot (#6097)
+- Bump @nestjs/testing from 10.3.10 to 10.4.0 @dependabot (#6089)
+- Bump @aws-sdk/client-s3 from 3.627.0 to 3.629.0 @dependabot (#6091)
+- Bump @nestjs/common from 10.3.10 to 10.4.0 @dependabot (#6090)
+- Bump @nestjs/core from 10.3.10 to 10.4.0 @dependabot (#6088)
+- Bump @aws-sdk/client-config-service from 3.624.0 to 3.629.0 @dependabot (#6094)
+- Bump eslint-plugin-cypress from 3.4.0 to 3.5.0 @dependabot (#6093)
+- Bump @aws-sdk/client-sts from 3.624.0 to 3.629.0 @dependabot (#6087)
+- Bump winston from 3.13.1 to 3.14.1 @dependabot (#6081)
+- Bump tsx from 4.16.5 to 4.17.0 @dependabot (#6080)
+- Bump @types/node from 22.1.0 to 22.2.0 @dependabot (#6084)
+- Bump @aws-sdk/client-s3 from 3.626.0 to 3.627.0 @dependabot (#6079)
+- Bump @nestjs/cli from 10.4.2 to 10.4.4 @dependabot (#6085)
+- Bump tailwindcss from 3.4.8 to 3.4.9 @dependabot (#6078)
+- Bump tailwindcss from 3.4.7 to 3.4.8 @dependabot (#6077)
+- Bump @aws-sdk/client-s3 from 3.624.0 to 3.626.0 @dependabot (#6076)
+
+v2.10.13
+
+- Docker improvements @Amndeep7 (#6075)
+- Convert Microsoft Secure Score to OHDF @meme112233 (#6007)
+
+## Dependency Updates
+
+- Bump core-js from 3.37.1 to 3.38.0 @dependabot (#6072)
+- Bump @aws-sdk/client-s3 from 3.623.0 to 3.624.0 @dependabot (#6071)
+- Bump luxon from 3.4.4 to 3.5.0 @dependabot (#6068)
+- Bump ts-jest from 29.2.3 to 29.2.4 @dependabot (#6058)
+- Bump @aws-sdk/client-config-service from 3.623.0 to 3.624.0 @dependabot (#6069)
+- Bump apexcharts from 3.51.0 to 3.52.0 @dependabot (#6073)
+- Bump lerna from 8.1.7 to 8.1.8 @dependabot (#6070)
+- Bump @aws-sdk/client-sts from 3.623.0 to 3.624.0 @dependabot (#6067)
+- Bump @aws-sdk/client-s3 from 3.622.0 to 3.623.0 @dependabot (#6063)
+- Bump @types/node from 22.0.2 to 22.1.0 @dependabot (#6065)
+- Bump tsx from 4.16.3 to 4.16.5 @dependabot (#6057)
+- Bump @aws-sdk/client-config-service from 3.621.0 to 3.623.0 @dependabot (#6062)
+- Bump cypress from 13.13.1 to 13.13.2 @dependabot (#6049)
+- Bump axios from 1.7.2 to 1.7.3 @dependabot (#6059)
+- Bump @aws-sdk/client-sts from 3.622.0 to 3.623.0 @dependabot (#6064)
+- Bump rexml from 3.2.8 to 3.3.3 in /libs/inspecjs @dependabot (#6061)
+- Bump @aws-sdk/client-s3 from 3.621.0 to 3.622.0 @dependabot (#6055)
+- Bump tsx from 4.16.2 to 4.16.3 @dependabot (#6051)
+- Bump @types/node from 22.0.0 to 22.0.2 @dependabot (#6050)
+- Bump @aws-sdk/client-s3 from 3.620.1 to 3.621.0 @dependabot (#6048)
+
+v2.10.12
+
+- Hdf2ckl severity @kemley76 (#5866)
+- checklist metadata input validation on export @kemley76 (#5902)
+- gosec Mapper Rework @charleshu-8 (#5982)
+- Trufflehog mapper @andytang99 (#6013)
+- Format error message when validating checklist metadata @kemley76 (#6023)
+- gosec Mapper Rework @charleshu-8 (#5982)
+- GoSec Mapper `impact` Fix @charleshu-8 (#5952)
+
+## Dependency Updates
+
+- Bump cypress-wait-until from 1.7.2 to 3.0.2 @dependabot (#6046)
+- Bump @aws-sdk/client-config-service from 3.620.1 to 3.621.0 @dependabot (#6044)
+- Bump @types/lodash from 4.17.5 to 4.17.7 @dependabot (#6001)
+- Bump @types/node from 20.14.12 to 22.0.0 @dependabot (#6043)
+- Bump @aws-sdk/client-config-service from 3.620.0 to 3.620.1 @dependabot (#6042)
+- Bump csv-stringify from 6.5.0 to 6.5.1 @dependabot (#6041)
+- Bump @aws-sdk/client-s3 from 3.620.0 to 3.620.1 @dependabot (#6039)
+- Bump fast-xml-parser from 4.4.0 to 4.4.1 @dependabot (#6037)
+- Bump sass-loader from 15.0.0 to 16.0.0 @dependabot (#6036)
+- Bump html-loader from 5.0.0 to 5.1.0 @dependabot (#6034)
+- Bump @aws-sdk/client-config-service from 3.616.0 to 3.620.0 @dependabot (#6033)
+- Bump tailwindcss from 3.4.6 to 3.4.7 @dependabot (#6031)
+- Bump @aws-sdk/client-s3 from 3.617.0 to 3.620.0 @dependabot (#6029)
+- Bump chai and @types/chai @dependabot (#6032)
+- Bump @aws-sdk/client-sts from 3.616.0 to 3.620.0 @dependabot (#6030)
+- Bump eslint-plugin-cypress from 3.3.0 to 3.4.0 @dependabot (#6027)
+- Bump @smithy/node-http-handler from 3.1.3 to 3.1.4 @dependabot (#6025)
+- Bump yaml from 2.4.5 to 2.5.0 @dependabot (#6026)
+- Bump @nestjs/schematics from 10.1.2 to 10.1.3 @dependabot (#6024)
+- Bump @types/node from 20.14.11 to 20.14.12 @dependabot (#6020)
+- Bump @aws-sdk/client-s3 from 3.616.0 to 3.617.0 @dependabot (#6017)
+- Bump @e965/xlsx from 0.20.2 to 0.20.3 @dependabot (#6012)
+- Bump sass-loader from 14.2.1 to 15.0.0 @dependabot (#6022)
+- Bump apexcharts from 3.50.0 to 3.51.0 @dependabot (#6015)
+- Bump express-rate-limit from 7.3.1 to 7.4.0 @dependabot (#6021)
+- Bump typedoc from 0.26.4 to 0.26.5 @dependabot (#6014)
+- Bump lerna from 8.1.6 to 8.1.7 @dependabot (#6016)
+- Bump @aws-sdk/client-s3 from 3.614.0 to 3.616.0 @dependabot (#6010)
+- Bump @aws-sdk/client-config-service from 3.614.0 to 3.616.0 @dependabot (#6009)
+- Bump ts-jest from 29.2.2 to 29.2.3 @dependabot (#6008)
+- Bump @aws-sdk/client-sts from 3.614.0 to 3.616.0 @dependabot (#6011)
+- Bump eslint-plugin-prettier from 5.1.3 to 5.2.1 @dependabot (#6006)
+- Bump tailwindcss from 3.4.5 to 3.4.6 @dependabot (#6003)
+- Bump @types/node from 20.14.10 to 20.14.11 @dependabot (#6000)
+- Bump cypress from 13.13.0 to 13.13.1 @dependabot (#6002)
+- Bump semver from 7.6.2 to 7.6.3 @dependabot (#5999)
+- Bump compare-versions from 6.1.0 to 6.1.1 @dependabot (#5998)
+- Bump prettier from 3.3.2 to 3.3.3 @dependabot (#5997)
+- Bump @smithy/node-http-handler from 3.1.2 to 3.1.3 @dependabot (#5996)
+- Bump tailwindcss from 3.4.4 to 3.4.5 @dependabot (#5995)
+- Bump @aws-sdk/client-config-service from 3.609.0 to 3.614.0 @dependabot (#5991)
+- Bump winston from 3.13.0 to 3.13.1 @dependabot (#5989)
+- Bump ts-jest from 29.2.0 to 29.2.2 @dependabot (#5990)
+- Bump typedoc from 0.26.3 to 0.26.4 @dependabot (#5992)
+- Bump @aws-sdk/client-s3 from 3.613.0 to 3.614.0 @dependabot (#5993)
+- Bump @aws-sdk/client-sts from 3.613.0 to 3.614.0 @dependabot (#5988)
+- Bump @aws-sdk/client-s3 from 3.609.0 to 3.613.0 @dependabot (#5983)
+- Bump xml-formatter from 3.6.2 to 3.6.3 @dependabot (#5981)
+- Bump xml-parser-xo from 4.1.1 to 4.1.2 @dependabot (#5980)
+- Bump highlight.js from 11.9.0 to 11.10.0 @dependabot (#5978)
+- Bump @nestjs/testing from 10.3.9 to 10.3.10 @dependabot (#5956)
+- Bump @smithy/node-http-handler from 3.1.1 to 3.1.2 @dependabot (#5979)
+- Bump ts-jest from 29.1.5 to 29.2.0 @dependabot (#5977)
+- Bump tsx from 4.16.0 to 4.16.2 @dependabot (#5969)
+- Bump @nestjs/cli from 10.4.0 to 10.4.2 @dependabot (#5973)
+- Bump @types/node from 20.14.9 to 20.14.10 @dependabot (#5972)
+- Bump lerna from 8.1.5 to 8.1.6 @dependabot (#5974)
+- Bump apexcharts from 3.49.2 to 3.50.0 @dependabot (#5971)
+- Bump @aws-sdk/client-config-service from 3.606.0 to 3.609.0 @dependabot (#5966)
+- Bump eslint-plugin-vue from 9.26.0 to 9.27.0 @dependabot (#5967)
+- Bump @aws-sdk/client-s3 from 3.608.0 to 3.609.0 @dependabot (#5964)
+- Bump @nestjs/schematics from 10.1.1 to 10.1.2 @dependabot (#5968)
+- Bump @aws-sdk/client-sts from 3.606.0 to 3.609.0 @dependabot (#5963)
+- Bump @nestjs/cli from 10.3.2 to 10.4.0 @dependabot (#5965)
+- Bump @nestjs/core from 10.3.9 to 10.3.10 @dependabot (#5960)
+- Bump prettier-plugin-organize-imports from 3.2.4 to 4.0.0 @dependabot (#5958)
+- Bump tsx from 4.15.7 to 4.16.0 @dependabot (#5959)
+- Bump @nestjs/platform-express from 10.3.9 to 10.3.10 @dependabot (#5957)
+- Bump cypress from 13.12.0 to 13.13.0 @dependabot (#5954)
+- Bump @nestjs/common from 10.3.9 to 10.3.10 @dependabot (#5955)
+- Bump @aws-sdk/client-s3 from 3.606.0 to 3.608.0 @dependabot (#5953)
+- Bump typedoc from 0.26.2 to 0.26.3 @dependabot (#5947)
+- Bump lru-cache from 10.2.2 to 10.3.0 @dependabot (#5948)
+- Bump @aws-sdk/client-config-service from 3.600.0 to 3.606.0 @dependabot (#5950)
+- Bump @aws-sdk/client-s3 from 3.600.0 to 3.606.0 @dependabot (#5946)
+- Bump @smithy/node-http-handler from 3.1.0 to 3.1.1 @dependabot (#5945)
+- Bump @aws-sdk/client-sts from 3.600.0 to 3.606.0 @dependabot (#5943)
+- Bump apexcharts from 3.49.1 to 3.49.2 @dependabot (#5941)
+- Bump @types/node from 20.14.8 to 20.14.9 @dependabot (#5942)
+- Bump typedoc from 0.25.13 to 0.26.2 @dependabot (#5939)
+- Bump lerna from 8.1.3 to 8.1.5 @dependabot (#5940)
+- Bump tsx from 4.15.6 to 4.15.7 @dependabot (#5937)
+- Bump @types/node from 20.14.7 to 20.14.8 @dependabot (#5938)
+- Bump @types/node from 20.14.6 to 20.14.7 @dependabot (#5936)
+- Bump @types/uuid from 9.0.8 to 10.0.0 @dependabot (#5935)
+- Bump @types/node from 20.14.4 to 20.14.6 @dependabot (#5934)
+- Bump @aws-sdk/client-config-service from 3.598.0 to 3.600.0 @dependabot (#5931)
+- Bump cypress from 13.11.0 to 13.12.0 @dependabot (#5933)
+- Bump @aws-sdk/client-s3 from 3.596.0 to 3.600.0 @dependabot (#5929)
+- Bump @smithy/node-http-handler from 3.0.1 to 3.1.0 @dependabot (#5928)
+- Bump @types/node from 20.14.2 to 20.14.4 @dependabot (#5924)
+- Bump ts-jest from 29.1.4 to 29.1.5 @dependabot (#5925)
+- Bump tsx from 4.15.5 to 4.15.6 @dependabot (#5926)
+- Bump @aws-sdk/client-config-service from 3.596.0 to 3.598.0 @dependabot (#5922)
+- Bump ws from 7.5.9 to 7.5.10 @dependabot (#5927)
+- Bump @types/validator from 13.11.10 to 13.12.0 @dependabot (#5923)
+- Bump @aws-sdk/client-sts from 3.596.0 to 3.598.0 @dependabot (#5920)
+- Bump tsx from 4.15.2 to 4.15.5 @dependabot (#5919)
+
 v2.10.10
 
 - Revert "Bump tw-elements from 1.1.0 to 2.0.0" @charleshu-8 (#5894)

Dockerfile

@@ -41,25 +41,22 @@ WORKDIR /app
 
 RUN curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo && microdnf install -y yarn && microdnf clean all && rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.*
 
-COPY --from=builder /src/package.json ./
-COPY --from=builder /src/apps/backend/package.json apps/backend/
+COPY --from=builder --chown=1001 /src/package.json ./
+COPY --from=builder --chown=1001 /src/apps/backend/package.json apps/backend/
 
-COPY --from=builder /src/apps/backend/node_modules apps/backend/node_modules
-COPY --from=builder /src/apps/backend/.sequelizerc apps/backend/
-COPY --from=builder /src/apps/backend/db apps/backend/db
-COPY --from=builder /src/apps/backend/config apps/backend/config
-COPY --from=builder /src/apps/backend/migrations apps/backend/migrations
-COPY --from=builder /src/apps/backend/seeders apps/backend/seeders
+COPY --from=builder --chown=1001 /src/apps/backend/node_modules apps/backend/node_modules
+COPY --from=builder --chown=1001 /src/apps/backend/.sequelizerc apps/backend/
+COPY --from=builder --chown=1001 /src/apps/backend/db apps/backend/db
+COPY --from=builder --chown=1001 /src/apps/backend/config apps/backend/config
+COPY --from=builder --chown=1001 /src/apps/backend/migrations apps/backend/migrations
+COPY --from=builder --chown=1001 /src/apps/backend/seeders apps/backend/seeders
 
-COPY --from=builder /src/libs/password-complexity/ libs/password-complexity
+COPY --from=builder --chown=1001 /src/libs/password-complexity/ libs/password-complexity
 
-COPY --from=builder /src/apps/backend/dist apps/backend/dist
-COPY --from=builder /src/dist/ dist/
+COPY --from=builder --chown=1001 /src/apps/backend/dist apps/backend/dist
+COPY --from=builder --chown=1001 /src/dist/ dist/
 
-RUN chown -R 1001 .
-
-COPY cmd.sh /usr/local/bin/
-RUN chmod 755 /usr/local/bin/cmd.sh
+COPY --chmod=755 cmd.sh /usr/local/bin/
 
 USER 1001
 

Dockerfile.lite

@@ -1,7 +1,7 @@
 ARG BUILD_CONTAINER=registry.access.redhat.com/ubi8/nodejs-18-minimal:1
 ARG BASE_CONTAINER=nginx:alpine
 
-FROM $BUILD_CONTAINER as builder
+FROM $BUILD_CONTAINER AS builder
 
 ARG NODE_ENV=production
 ENV NODE_ENV=$NODE_ENV
@@ -30,7 +30,7 @@ COPY libs ./libs
 
 RUN yarn frontend build
 
-FROM $BASE_CONTAINER as production-stage
+FROM $BASE_CONTAINER AS production-stage
 
 EXPOSE 80
 

VERSION

@@ -1 +1 @@
-v2.10.10
+v2.10.15

apps/backend/.env-example

@@ -38,6 +38,10 @@ DATABASE_SSL_CA=<Full path to SSL certificate authority OR the certificate autho
 ## Reverse proxy
 NGINX_HOST=<Templated out as the 'server_name' for the NGINX configuration (no default, must be set if using the provided example NGINX configuration)>
 
+## External interfaces 
+SPLUNK_HOST_URL=<The full Uniform Resource Locator (URL) without the port for the Splunk host (no default, must be set if connecting to Splunk)>
+TENABLE_HOST_URL=<The full Uniform Resource Locator (URL) without the port for the Tenable.SC host (no default, must be set if connecting to Tenable)>
+
 # Authentication
 
 EXTERNAL_URL=<The external URL for your Heimdall deployment, for example https://heimdall.mitre.org>

apps/backend/config/app_config.ts

@@ -35,6 +35,24 @@ export default class AppConfig {
     return process.env[key] || this.envConfig[key];
   }
 
+  getSplunkHostUrl(): string {
+    const splunk_host_url = this.get('SPLUNK_HOST_URL');
+    if (splunk_host_url !== undefined) {
+      return splunk_host_url;
+    } else {
+      return '';
+    }
+  }
+
+  getTenableHostUrl(): string {
+    const tenable_host_url = this.get('TENABLE_HOST_URL');
+    if (tenable_host_url !== undefined) {
+      return tenable_host_url;
+    } else {
+      return '';
+    }
+  }
+
   getDatabaseName(): string {
     const databaseName = this.get('DATABASE_NAME');
     const nodeEnvironment = this.get('NODE_ENV');