How to build a Windows-based Docker image for CAST Highlight code scans

Our Docker image allows you to run the command line to scan your apps, as a Linux-based container. While it works for most of organizations, some users may need to run it as a Windows-based container. This article details the few steps required to build your own Windows-based image, run the container and scan your first application with CAST Highlight.
First off, get Docker
First, you’ll need Docker installed on your machine. Depending on your OS, you can get it from here: In order to check everything you need is installed, simply run this command:


> docker version

This should return something like this:

Client: Docker Engine – Community
Version: 19.03.5
API version: 1.40
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:22:37 2019
OS/Arch: windows/amd64
Experimental: false

Server: Docker Engine – Community
Version: 19.03.5
API version: 1.40 (minimum version 1.12)
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:29:19 2019
OS/Arch: linux/amd64
Experimental: false
Version: v1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
Version: 0.18.0
GitCommit: fec3683

Define your Windows image
Create a directory where the image will be built.

mkdir win-hl

Copy the archive of the CAST Highlight command line (Highlight-Automation-Command-x.x.x.tar.gz) to this directory

copy Highlight-Automation-Command-5.1.17.tar.gz win-hl

Create a Dockerfile in the same directory and add the code below:

FROM adoptopenjdk:8-jdk-hotspot-windowsservercore-1809
ENV PERL_SHA256 1bb54d7f5e487ff468bf980dbfd9962fb9d83ff1f10ccde008e0bee1f1f5b6ce
RUN powershell -Command $ErrorActionPreference = 'Stop' ; $ProgressPreference = 'SilentlyContinue' ; \
    Invoke-WebRequest $('{0}/strawberry-perl-{0}' -f $env:PERL_VERSION) -OutFile '' -UseBasicParsing ; \
    if ((Get-FileHash -Algorithm sha256).Hash -ne $env:PERL_SHA256) { Write-Error 'SHA256 mismatch' } ; \
    Expand-Archive -Path -DestinationPath C:\ -Force ; \
    rm ; \
    setx /M PATH $('C:\perl\site\bin;C:\perl\bin;C:\c\bin;{0}' -f $env:PATH)
ADD *.tar.gz /
WORKDIR /Highlight-Automation-Command
ENTRYPOINT [ "java", "-jar", "HighlightAutomation.jar", "--perlInstallDir", "c:/perl", "--analyzerDir", "./perl" ]

Launch the build command as follows:


> docker build -t casthighlight/hl-agent-cli-win .

You’re now ready to run this image as a container and scan an application…

Run the container
In a Powersell terminal, go to the source directory you want to scan and launch this command:

> docker run –rm -v ${PWD}:c:\sourceDir -v ${PWD}:c:\workingDir casthighlight/hl-agent-cli-win –sourceDir c:\sourceDir –workingDir c:\workingDir –skipUpload

The --rm option tells docker to remove the container once it has finished its job.

You should get the following output from the Command Line through the container:


Enjoy your scans!