Merge branch 'master' into sbomMapper

.github/workflows/push-lite-to-docker.yml

@@ -8,21 +8,21 @@ jobs:
   docker:
     runs-on: ubuntu-22.04
     steps:
+      - name: Checkout the Heimdall Repository
+        uses: actions/checkout@v4
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Checkout the Heimdall Repository
-        uses: actions/checkout@v4
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile.lite
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall-lite:latest

.github/workflows/push-server-to-docker.yml

@@ -21,9 +21,9 @@ jobs:
           fetch-depth: 0
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall2:latest

.github/workflows/release-lite-to-docker.yml

@@ -8,8 +8,6 @@ jobs:
   docker:
     runs-on: ubuntu-22.04
     steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
       - name: Run string replace # remove the v from the version number before using it in the docker tag
         uses: frabert/replace-string-action@v2
         id: format-tag
@@ -18,19 +16,21 @@ jobs:
           string: '${{ github.event.release.tag_name }}'
           replace-with: ''
           flags: 'g'
+      - name: Checkout the Heimdall Repository
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Checkout the Heimdall Repository
-        uses: actions/checkout@v4
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile.lite
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall-lite:release-latest,mitre/heimdall-lite:${{ steps.format-tag.outputs.replaced }}

.github/workflows/release-server-to-docker.yml

@@ -13,13 +13,6 @@ jobs:
   docker:
     runs-on: ubuntu-22.04
     steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Run string replace # remove the v from the version number before using it in the docker tag
         uses: frabert/replace-string-action@v2
         id: format-tag
@@ -30,13 +23,20 @@ jobs:
           flags: 'g'
       - name: Checkout the Heimdall Repository
         uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: true
-          platforms: 'linux/amd64'
+          platforms: linux/amd64
           tags: mitre/heimdall2:release-latest,mitre/heimdall2:${{ steps.format-tag.outputs.replaced }}
       - name: Get Docker SHA
         shell: bash

CHANGELOG

@@ -1,3 +1,31 @@
+v2.10.13
+
+- Docker improvements @Amndeep7 (#6075)
+- Convert Microsoft Secure Score to OHDF @meme112233 (#6007)
+
+## Dependency Updates
+
+- Bump core-js from 3.37.1 to 3.38.0 @dependabot (#6072)
+- Bump @aws-sdk/client-s3 from 3.623.0 to 3.624.0 @dependabot (#6071)
+- Bump luxon from 3.4.4 to 3.5.0 @dependabot (#6068)
+- Bump ts-jest from 29.2.3 to 29.2.4 @dependabot (#6058)
+- Bump @aws-sdk/client-config-service from 3.623.0 to 3.624.0 @dependabot (#6069)
+- Bump apexcharts from 3.51.0 to 3.52.0 @dependabot (#6073)
+- Bump lerna from 8.1.7 to 8.1.8 @dependabot (#6070)
+- Bump @aws-sdk/client-sts from 3.623.0 to 3.624.0 @dependabot (#6067)
+- Bump @aws-sdk/client-s3 from 3.622.0 to 3.623.0 @dependabot (#6063)
+- Bump @types/node from 22.0.2 to 22.1.0 @dependabot (#6065)
+- Bump tsx from 4.16.3 to 4.16.5 @dependabot (#6057)
+- Bump @aws-sdk/client-config-service from 3.621.0 to 3.623.0 @dependabot (#6062)
+- Bump cypress from 13.13.1 to 13.13.2 @dependabot (#6049)
+- Bump axios from 1.7.2 to 1.7.3 @dependabot (#6059)
+- Bump @aws-sdk/client-sts from 3.622.0 to 3.623.0 @dependabot (#6064)
+- Bump rexml from 3.2.8 to 3.3.3 in /libs/inspecjs @dependabot (#6061)
+- Bump @aws-sdk/client-s3 from 3.621.0 to 3.622.0 @dependabot (#6055)
+- Bump tsx from 4.16.2 to 4.16.3 @dependabot (#6051)
+- Bump @types/node from 22.0.0 to 22.0.2 @dependabot (#6050)
+- Bump @aws-sdk/client-s3 from 3.620.1 to 3.621.0 @dependabot (#6048)
+
 v2.10.12
 
 - Hdf2ckl severity @kemley76 (#5866)

Dockerfile

@@ -41,25 +41,22 @@ WORKDIR /app
 
 RUN curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo && microdnf install -y yarn && microdnf clean all && rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.*
 
-COPY --from=builder /src/package.json ./
-COPY --from=builder /src/apps/backend/package.json apps/backend/
+COPY --from=builder --chown=1001 /src/package.json ./
+COPY --from=builder --chown=1001 /src/apps/backend/package.json apps/backend/
 
-COPY --from=builder /src/apps/backend/node_modules apps/backend/node_modules
-COPY --from=builder /src/apps/backend/.sequelizerc apps/backend/
-COPY --from=builder /src/apps/backend/db apps/backend/db
-COPY --from=builder /src/apps/backend/config apps/backend/config
-COPY --from=builder /src/apps/backend/migrations apps/backend/migrations
-COPY --from=builder /src/apps/backend/seeders apps/backend/seeders
+COPY --from=builder --chown=1001 /src/apps/backend/node_modules apps/backend/node_modules
+COPY --from=builder --chown=1001 /src/apps/backend/.sequelizerc apps/backend/
+COPY --from=builder --chown=1001 /src/apps/backend/db apps/backend/db
+COPY --from=builder --chown=1001 /src/apps/backend/config apps/backend/config
+COPY --from=builder --chown=1001 /src/apps/backend/migrations apps/backend/migrations
+COPY --from=builder --chown=1001 /src/apps/backend/seeders apps/backend/seeders
 
-COPY --from=builder /src/libs/password-complexity/ libs/password-complexity
+COPY --from=builder --chown=1001 /src/libs/password-complexity/ libs/password-complexity
 
-COPY --from=builder /src/apps/backend/dist apps/backend/dist
-COPY --from=builder /src/dist/ dist/
+COPY --from=builder --chown=1001 /src/apps/backend/dist apps/backend/dist
+COPY --from=builder --chown=1001 /src/dist/ dist/
 
-RUN chown -R 1001 .
-
-COPY cmd.sh /usr/local/bin/
-RUN chmod 755 /usr/local/bin/cmd.sh
+COPY --chmod=755 cmd.sh /usr/local/bin/
 
 USER 1001
 

Dockerfile.lite

@@ -1,7 +1,7 @@
 ARG BUILD_CONTAINER=registry.access.redhat.com/ubi8/nodejs-18-minimal:1
 ARG BASE_CONTAINER=nginx:alpine
 
-FROM $BUILD_CONTAINER as builder
+FROM $BUILD_CONTAINER AS builder
 
 ARG NODE_ENV=production
 ENV NODE_ENV=$NODE_ENV
@@ -30,7 +30,7 @@ COPY libs ./libs
 
 RUN yarn frontend build
 
-FROM $BASE_CONTAINER as production-stage
+FROM $BASE_CONTAINER AS production-stage
 
 EXPOSE 80
 

VERSION

@@ -1 +1 @@
-v2.10.12
+v2.10.13

apps/frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mitre/heimdall-lite",
-  "version": "2.10.12",
+  "version": "2.10.13",
   "description": "Heimdall-Lite 2 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally or from S3 and other data sources.",
   "repository": {
     "type": "git",
@@ -76,7 +76,7 @@
     "file-saver": "^2.0.2",
     "highlight.js": "^11.0.0",
     "html-loader": "^5.0.0",
-    "inspecjs": "^2.10.11",
+    "inspecjs": "^2.10.13",
     "lodash": "4.17.21",
     "lru-cache": "^10.1.0",
     "luxon": "^3.0.1",

apps/frontend/src/components/global/upload_tabs/FileReader.vue

@@ -39,6 +39,7 @@
                   <li>Golang Security Checker (gosec)</li>
                   <li>Ion Channel</li>
                   <li>JFrog Xray</li>
+                  <li>Microsoft Secure Score</li>
                   <li>Nessus</li>
                   <li>Netsparker</li>
                   <li>Nikto</li>

apps/frontend/src/store/report_intake.ts

@@ -18,6 +18,7 @@ import {
   INPUT_TYPES,
   IonChannelMapper,
   JfrogXrayMapper,
+  MsftSecureScoreResults,
   NessusResults,
   NetsparkerMapper,
   NiktoMapper,
@@ -231,6 +232,8 @@ export class InspecIntake extends VuexModule {
     switch (typeGuess) {
       case INPUT_TYPES.JFROG:
         return new JfrogXrayMapper(convertOptions.data).toHdf();
+      case INPUT_TYPES.MSFT_SEC_SCORE:
+        return new MsftSecureScoreResults(convertOptions.data).toHdf();
       case INPUT_TYPES.ASFF:
         return Object.values(
           new ASFFResultsMapper(convertOptions.data).toHdf()

lerna.json

@@ -1,5 +1,5 @@
 {
   "packages": ["apps/*", "libs/*", "test"],
-  "version": "2.10.12",
-  "npmClient": "yarn"
+  "version": "2.10.13",
+  "npmClient": "npx yarn"
 }

libs/hdf-converters/README.md

@@ -16,21 +16,22 @@ OHDF Converters supplies several methods to convert various types of security to
 9.  [**gosec-mapper**] - gosec results JSON file
 10. [**ionchannel-mapper**] - SBOM data from Ion Channel
 11. [**jfrog-xray-mapper**] - JFrog Xray results JSON file
-12. [**nessus-mapper**] - Nessus XML results file
-13. [**netsparker-mapper**] - Netsparker XML results file
-14. [**nikto-mapper**] - Nikto results JSON file
-15. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
-16. [**sarif-mapper**] - SARIF JSON file
-17. [**sbom-mapper**] - CycloneDX SBOM JSON file
-18. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
-19. [**snyk-mapper**] - Snyk results JSON file
-20. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
-21. [**splunk-mapper**] - Splunk instance
-22. [**trufflehog-mapper**] - Trufflehog results json file 
-23. [**twistlock-mapper**] - Twistlock CLI output file
-24. [**veracode-mapper**] - Veracode Scan Results XML file
-25. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
-26. [**zap-mapper**] - OWASP ZAP results JSON
+12. [**msft-secure-mapper**] - Microsoft Secure Score results file
+13. [**nessus-mapper**] - Nessus XML results file
+14. [**netsparker-mapper**] - Netsparker XML results file
+15. [**nikto-mapper**] - Nikto results JSON file
+16. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
+17. [**sarif-mapper**] - SARIF JSON file
+18. [**sbom-mapper**] - CycloneDX SBOM JSON file
+19. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
+20. [**snyk-mapper**] - Snyk results JSON file
+21. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
+22. [**splunk-mapper**] - Splunk instance
+23. [**trufflehog-mapper**] - Trufflehog results json file 
+24. [**twistlock-mapper**] - Twistlock CLI output file
+25. [**veracode-mapper**] - Veracode Scan Results XML file
+26. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
+27. [**zap-mapper**] - OWASP ZAP results JSON
 
 ### NOTICE
 

libs/hdf-converters/index.ts

@@ -24,6 +24,7 @@ export * as NiktoNistMappingData from './src/mappings/NiktoNistMappingData';
 export * as NistCciMappingData from './src/mappings/NistCciMappingData';
 export * as OWaspNistMappingData from './src/mappings/OWaspNistMappingData';
 export * as ScoutsuiteNistMappingData from './src/mappings/ScoutsuiteNistMappingData';
+export * from './src/msft-secure-score-mapper';
 export * from './src/nessus-mapper';
 export * from './src/netsparker-mapper';
 export * from './src/nikto-mapper';

libs/hdf-converters/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mitre/hdf-converters",
-  "version": "2.10.12",
+  "version": "2.10.13",
   "license": "Apache-2.0",
   "description": "Converter util library used to transform various scan results into HDF format",
   "files": [
@@ -28,6 +28,7 @@
     "@aws-sdk/client-config-service": "^3.95.0",
     "@e965/xlsx": "^0.20.0",
     "@mdi/js": "^7.0.96",
+    "@microsoft/microsoft-graph-types": "^2.40.0",
     "@mitre/jsonix": "^3.0.7",
     "@smithy/node-http-handler": "^3.0.0",
     "@types/csv2json": "^1.4.2",
@@ -44,7 +45,7 @@
     "fast-xml-parser": "^4.2.0",
     "html-entities": "^2.3.2",
     "htmlparser2": "^9.1.0",
-    "inspecjs": "^2.10.11",
+    "inspecjs": "^2.10.13",
     "lodash": "^4.17.21",
     "moment": "^2.29.1",
     "ms": "^2.1.3",