[StepSecurity] Apply security best practices

.github/dependabot.yml

@@ -51,3 +51,53 @@ updates:
           - "src/services/java/*"
     schedule:
       interval: "daily"
+
+  - package-ecosystem: docker
+    directory: /scripts/generators/docker-compose
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /scripts/generators/docker-compose
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /scripts/generators/k8s
+    schedule:
+      interval: daily
+
+  - package-ecosystem: pip
+    directory: /scripts/generators/k8s
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /src/databases/mysql
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /src/loaders/curl
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /src/services/dotnetcore
+    schedule:
+      interval: daily
+
+  - package-ecosystem: nuget
+    directory: /src/services/dotnetcore
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /src/services/java
+    schedule:
+      interval: daily
+
+  - package-ecosystem: docker
+    directory: /src/services/nodejs
+    schedule:
+      interval: daily

.pre-commit-config.yaml

@@ -0,0 +1,30 @@
+repos:
+- repo: https://github.com/digitalpulp/pre-commit-php
+  rev: 1.4.0
+  hooks:
+  - id: php-lint-all
+- repo: https://github.com/gherynos/pre-commit-java
+  rev: v0.2.4
+  hooks:
+  - id: Checkstyle
+- repo: https://github.com/gitleaks/gitleaks
+  rev: v8.16.3
+  hooks:
+  - id: gitleaks
+- repo: https://github.com/jumanjihouse/pre-commit-hooks
+  rev: 3.0.0
+  hooks:
+  - id: shellcheck
+- repo: https://github.com/pre-commit/mirrors-eslint
+  rev: v8.38.0
+  hooks:
+  - id: eslint
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.4.0
+  hooks:
+  - id: end-of-file-fixer
+  - id: trailing-whitespace
+- repo: https://github.com/pylint-dev/pylint
+  rev: v2.17.2
+  hooks:
+  - id: pylint

src/services/dotnetcore/Dockerfile

@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build-env
+FROM mcr.microsoft.com/dotnet/core/sdk:3.1@sha256:150d074697d1cda38a0c2185fe43895d84b5745841e9d15c5adba29604a6e4cb AS build-env
 WORKDIR /app
 
 # Copy csproj and restore as distinct layers
@@ -10,7 +10,7 @@ COPY . ./
 RUN dotnet publish -c Release -o out
 
 # Build runtime image
-FROM mcr.microsoft.com/dotnet/core/aspnet:3.1
+FROM mcr.microsoft.com/dotnet/core/aspnet:3.1@sha256:e3b773f30a0a6e88d71ce52429f6847627fc9353e491346902ca345760b82bdd
 
 LABEL org.opencontainers.image.source=https://github.com/cisco-open/app-simulator
 LABEL org.opencontainers.image.description="dotnetcore service for app-simulator"