How to build a Windows-based Docker image for CAST Highlight code scans

23 April 2020

Our Docker image allows you to run the command line to scan your apps, as a Linux-based container. While it woks for most of organizations, some users may need to run it as a Windows-based container. This article details the few steps required to build your own Windows-based image, run the container and scan your first application with CAST Highlight.

First off, get Docker

First, you’ll need Docker installed on your machine. Depending on your OS, you can get it from here: https://www.docker.com/ In order to check everything you need is installed, simply run this command:

> docker version

This should return something like this:

Client: Docker Engine – Community
Version: 19.03.5
API version: 1.40
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:22:37 2019
OS/Arch: windows/amd64
Experimental: false

Server: Docker Engine – Community
Engine:
Version: 19.03.5
API version: 1.40 (minimum version 1.12)
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:29:19 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683

Define your Windows image

Create a directory where the image will be built.

mkdir win-hl

Copy the JAR of the CAST Highlight command line to this directory

copy Highlight-Automation-Command-5.1.17.tar.gz win-hl

Create a Dockerfile in the same directory and add the code below:

FROM adoptopenjdk:8-jdk-hotspot-windowsservercore-1809

ENV PERL_VERSION 5.26.1.1

ENV PERL_SHA256 1bb54d7f5e487ff468bf980dbfd9962fb9d83ff1f10ccde008e0bee1f1f5b6ce

RUN powershell -Command $ErrorActionPreference = 'Stop' ; $ProgressPreference = 'SilentlyContinue' ; \

    Invoke-WebRequest $('http://strawberryperl.com/download/{0}/strawberry-perl-{0}-64bit-portable.zip' 

    -f $env:PERL_VERSION) -OutFile 'perl.zip' -UseBasicParsing ; \

    if ((Get-FileHash perl.zip -Algorithm sha256).Hash -ne $env:PERL_SHA256) { Write-Error 'SHA256 mismatch' } ; \

    Expand-Archive -Path perl.zip -DestinationPath C:\ -Force ; \

    rm perl.zip ; \

    setx /M PATH $('C:\perl\site\bin;C:\perl\bin;C:\c\bin;{0}' -f $env:PATH)

ADD *.tar.gz /

WORKDIR /Highlight-Automation-Command

ENTRYPOINT [ "java", "-jar", "HighlightAutomation.jar", "--perlInstallDir", "c:/perl", "--analyzerDir", "./perl" ]

Launch the build command as follows:

> docker build -t casthighlight/hl-agent-cli-win .

You’re now ready to run this image as a container and scan an application…

Run the container

In a Powersell terminal, go to the source directory you want to scan and launch this command:

> docker run –rm -v ${PWD}:c:\sourceDir -v ${PWD}:c:\workingDir casthighlight/hl-agent-cli-win –sourceDir c:\sourceDir –workingDir c:\workingDir –skipUpload

The --rm option tells docker to remove the container once it has finished its job.

You should get the following output from the Command Line through the container:

Enjoy your scans!