This repo contains the base images for AppThreat projects such as cdxgen. They were created based on specific issues and challenges observed in enterprise deployments. There will be no FREE community support offered for these images. Pull requests are NOT accepted.
The official cdxgen image bundles Java >= 23 with the latest maven and gradle. Legacy applications that rely on Java 11 can use the unofficial image ghcr.io/appthreat/cdxgen-java11-slim:v10. For Java 17, use ghcr.io/appthreat/cdxgen-java17-slim:v10.
Example invocations:
Java 11 version
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-java11-slim:v10 -r /app -o /app/bom.json -t javaJava 11 version with Android 33 SDK and gcc
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-java11:v10 -r /app -o /app/bom.json -t javaJava 17 version
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-java17-slim:v10 -r /app -o /app/bom.json -t javaJava 17 version with Android 34 SDK and gcc
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $HOME/.m2:$HOME/.m2 -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-java17:v10 -r /app -o /app/bom.json -t javaUse the unofficial image ghcr.io/appthreat/cdxgen-dotnet:v10.
Example invocation:
.Net Framework 4.6 - 4.8
A bundled version of nuget and mono is used to support .Net framework apps.
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-dotnet6:v10 -r /app -o /app/bom.json -t dotnet-frameworkDotnet 3.1 or Dotnet 6.0
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-dotnet6:v10 -r /app -o /app/bom.json -t dotnetDotnet 7.0
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-dotnet7:v10 -r /app -o /app/bom.json -t dotnetDotnet 8.0
Dotnet 8 is also bundled with the official ghcr.io/cyclonedx/cdxgen image.
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-dotnet8:v10 -r /app -o /app/bom.json -t dotnetDotnet 9.0
Use the cdxgen-rolling image for testing dotnet 9 apps.
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-rolling:v10 -r /app -o /app/bom.json -t dotnetUse the unofficial image ghcr.io/appthreat/cdxgen-python312:v10 or ghcr.io/appthreat/cdxgen-python311:v10. This includes additional build tools and libraries to build a range of Python applications. Construction of the dependency tree is supported with Python >= 3.9.
Example invocation:
Python 3.6 (Direct dependencies only without dependency tree)
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-python36:v10 -r /app -o /app/bom.json -t pythonNOTE: dependency tree is unavailable with Python 3.6
Python 3.9
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-python39:v10 -r /app -o /app/bom.json -t pythonPython 3.10
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-python310:v10 -r /app -o /app/bom.json -t pythonPython 3.11
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-python311:v10 -r /app -o /app/bom.json -t pythonPython 3.12
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-python312:v10 -r /app -o /app/bom.json -t pythonUse the unofficial image ghcr.io/appthreat/cdxgen-node20:v10.
Node.js 20
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-node20:v10 -r /app -o /app/bom.json -t jsUse the unofficial image ghcr.io/appthreat/cdxgen-deno:v10.
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-deno:v10 -r /app -o /app/bom.json -t jsUse the unofficial image ghcr.io/appthreat/cdxgen-php82:v10.
docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-php82:v10 -r /app -o /app/bom.json -t phpNode.js applications that rely on native builds using node-gyp might also require specific version of Node.js and Python to build properly. Try using the base image ghcr.io/appthreat/bci-node20 to test the npm install command directly.
docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -w /app -it ghcr.io/appthreat/bci-node20:main npm installUse the --platform argument to test the install command under a different architecture such as linux/arm64 or linux/amd64.
docker run --platform=linux/arm64 --rm -v /tmp:/tmp -v $(pwd):/app:rw -w /app -it ghcr.io/appthreat/bci-node20:main npm installdocker run --platform=linux/amd64 --rm -v /tmp:/tmp -v $(pwd):/app:rw -w /app -it ghcr.io/appthreat/bci-node20:main npm installOld .Net framework applications (<= 4.7) are well known for their dislike of linux and hence may not restore/build easily. To troubleshoot, try running the nuget restore command manually using the bci-dotnet image as shown.
docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -w /app -it ghcr.io/appthreat/bci-dotnet:main nuget restore -Verbosity detailed /app/<solution file name>If you see any mono-related crashes, there isn't a lot that can be done other than using the correct version of Windows for the restore step.
Assemblies that are present in the Global Assembly Cache can be referred to and used directly without specifying a version number. This style of includes is common with namespaces such as System., Microsoft., and Mono.. Use the command gacutil -l to obtain the version details for libraries from GAC.
docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -w /app -it ghcr.io/appthreat/bci-dotnet:main gacutil -lSample output:
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.ComponentModel.Composition, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.ComponentModel.DataAnnotations, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Data.DataSetExtensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Data.OracleClient, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Data.Services.Client, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.DirectoryServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.DirectoryServices.Protocols, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.IO.Compression, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.IO.Compression.FileSystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.IdentityModel.Selectors, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Json, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
System.Json.Microsoft, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Messaging, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Net, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Net.Http.Formatting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
System.Net.Http.WebRequest, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Numerics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Numerics.Vectors, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Reactive.Core, Version=2.2.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
- Install Rancher Desktop and setup nerdctl instead of docker
- Setup multi-platform by following this doc
Include the below argument with the nerdctl run command.
--platform=linux/arm64
Example:
nerdctl run --rm --platform=linux/arm64 -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/cdxgen-node20:v10 -r /app -o /app/bom.json -t jsMIT
NOTE: No FREE support will be offered for users of these images. Pull Requests are NOT accepted.