├── .gitignore
├── .gitattributes
├── juiceshop_service.yaml
├── contrast.properties
├── Dockerfile.from-app-image
├── start
├── Dockerfile.from-source-repo
├── juiceshop_deployment.yaml
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
1 | contrast_security.yaml
2 | 


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 | 


--------------------------------------------------------------------------------
/juiceshop_service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata: 
 4 |   name: client-node-port
 5 | spec: 
 6 |   type: NodePort
 7 |   ports: 
 8 |     - port: 3000
 9 |       targetPort: 3000
10 |       nodePort: 30000
11 |   selector: 
12 |     component: juiceshop
13 | 


--------------------------------------------------------------------------------
/contrast.properties:
--------------------------------------------------------------------------------
1 | CONTRAST__SERVER__NAME=EKS-Node-Pod
2 | CONTRAST__SERVER__ENVIRONMENT=QA
3 | CONTRAST_CONFIG_PATH=/etc/contrast/contrast_security.yaml
4 | AGENT__LOGGER__STDOUT=true
5 | AGENT__LOGGER__LEVEL=INFO
6 | CONTRAST__AGENT__SERVICE__LOGGER__PATH=/proc/1/fd/1
7 | CONTRAST__AGENT__SERVICE__LOGGER__LEVEL=INFO
8 | CONTRAST__AGENT__SECURITY_LOGGER__PATH=/dev/stdout


--------------------------------------------------------------------------------
/Dockerfile.from-app-image:
--------------------------------------------------------------------------------
 1 | # Start from an existing app image
 2 | # FROM bkimminich/juice-shop:v12.7.0
 3 | FROM bkimminich/juice-shop:latest as installer
 4 | 
 5 | FROM node:20
 6 | WORKDIR /juice-shop
 7 | COPY --from=installer /juice-shop .
 8 | 
 9 | # Add in the Contrast agent
10 | RUN npm install --production @contrast/agent
11 | 
12 | EXPOSE 3000
13 | 
14 | # Change the startup command to preload Contrast agent
15 | CMD ["node", "--import", "@contrast/agent", "build/app"]
16 | 


--------------------------------------------------------------------------------
/start:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # Configuration file for the agent
 4 | OPTS="-v `pwd`/contrast_security.yaml:/juice-shop/contrast_security.yaml:ro"
 5 | 
 6 | # If application.name not set in YAML file, you can specify in environment
 7 | OPTS="$OPTS -e CONTRAST__APPLICATION__NAME=juiceshop-guide"
 8 | 
 9 | OPTS="$OPTS -e DEBUG=contrast:\*"
10 | OPTS="$OPTS -e CONTRAST__AGENT__LOGGER__STDOUT=true"
11 | # /proc/1/fd/1 is stdout for pid 1 (our node app)
12 | OPTS="$OPTS -e CONTRAST__AGENT__SERVICE__LOGGER__PATH=/proc/1/fd/1"
13 | 
14 | #OPTS="$OPTS -e CONTRAST__AGENT__LOGGER__LEVEL=debug"
15 | #OPTS="$OPTS -e CONTRAST__AGENT__SERVICE__LOGGER__LEVEL=debug"
16 | 
17 | echo STARTING WITH docker run --rm -it --name contrast-js -p 3000:3000 $OPTS juiceshop:contrast
18 | docker run --rm -it --name contrast-js -p 3000:3000 $OPTS juiceshop:contrast
19 | 


--------------------------------------------------------------------------------
/Dockerfile.from-source-repo:
--------------------------------------------------------------------------------
 1 | FROM node:lts as installer
 2 | 
 3 | # Pull down the application source
 4 | RUN git clone https://github.com/bkimminich/juice-shop /juice-shop
 5 | 
 6 | # Ensure our dependencies are available...
 7 | WORKDIR /juice-shop
 8 | RUN npm install --production --unsafe-perm
 9 | # ...including the Contrast agent
10 | RUN npm install --production @contrast/agent
11 | RUN npm dedupe
12 | # We don't need these
13 | RUN rm -rf frontend/node_modules
14 | 
15 | # Second stage builds a lean runtime environment
16 | FROM node:lts-alpine
17 | WORKDIR /juice-shop
18 | RUN addgroup juicer && \
19 |     adduser -D -G juicer juicer
20 | COPY --from=installer --chown=juicer /juice-shop .
21 | RUN mkdir logs && \
22 |     chown -R juicer logs && \
23 |     chgrp -R 0 ftp/ frontend/dist/ logs/ data/ i18n/ && \
24 |     chmod -R g=u ftp/ frontend/dist/ logs/ data/ i18n/
25 | USER juicer
26 | EXPOSE 3000
27 | 
28 | CMD ["node", "-r", "@contrast/agent", "build/app"]
29 | 


--------------------------------------------------------------------------------
/juiceshop_deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata: 
 4 |   name: juiceshop
 5 | spec: 
 6 |   replicas: 1
 7 |   selector: 
 8 |     matchLabels: 
 9 |       component: juiceshop
10 |   template:
11 |     metadata:
12 |       labels:
13 |         component: juiceshop
14 |     spec:
15 |       containers:
16 |       - name: juiceshop
17 |         image: zencid/juiceshop-k8s:contrast
18 |         ports: 
19 |           - containerPort: 3000
20 |         envFrom:
21 |           - configMapRef:
22 |               name: contrast-config  
23 |         # Volume Mount for contrast_security.yaml  
24 |         volumeMounts:
25 |         - name: contrast-security
26 |           readOnly: false
27 |           mountPath: "/etc/contrast"
28 |         resources:
29 |           requests:
30 |             cpu: 1.0
31 |             memory: 2Gi
32 |           limits:
33 |             cpu: 2.0
34 |             memory: 4Gi
35 |       # Volume from contrast-security secret     
36 |       volumes:
37 |       - name: contrast-security
38 |         secret:
39 |           secretName: contrast-security
40 | 
41 | 
42 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Contrast agent deployment in Docker - Node.js
 2 | 
 3 | This repo is a companion to the [Contrast agent deployment in Docker - Node.js guide](https://support.contrastsecurity.com/hc/en-us/articles/360054526851-Node-js-agent-with-Docker).
 4 | 
 5 | ## Prerequisites
 6 | 
 7 | The following items should be installed in your system:
 8 | 
 9 | Docker
10 | 
11 | ## Building
12 | 
13 | *Note: Example available in `build` script.*
14 | 
15 | ```shell
16 | docker build --rm -t juiceshop:contrast -f <path-to-dockerfile> .
17 | ```
18 | 
19 | ## Running
20 | 
21 | *Note: Example available in `start` script.*
22 | 
23 | Start the container with configuration for connecting to your Contrast account.
24 | 
25 | You may use environment variables to configure Contrast:
26 | 
27 | ```shell
28 | docker run --rm -it -p 3000:3000 \
29 |   -e CONTRAST__API__API_KEY=<value> \
30 |   -e CONTRAST__API__SERVICE_KEY=<value> \
31 |   -e CONTRAST__API__URL=<value> \
32 |   -e CONTRAST__API__USER_NAME=<value> \
33 |   juiceshop:contrast
34 | ```
35 | 
36 | Alternatively, you may configure Contrast with an existing Contrast YAML file by mounting the YAML file as a Docker volume at the default path (the application's base directory):
37 | 
38 | ```shell
39 | docker run --rm -it -p 3000:3000 \
40 |   -v <path-to-yaml-file>:/juice-shop/contrast_security.yaml \
41 |   juiceshop:contrast
42 | ```
43 | 
44 | See https://docs.contrastsecurity.com/en/configure-an-agent.html for more on configuring the Contrast agent.
45 | 


--------------------------------------------------------------------------------