fix: Added cve fixes

Author: Vasavi-Yarramneni

.github/CODEOWNERS

@@ -1,15 +0,0 @@
-# Lines starting with '#' are comments.
-# Each line is a file pattern followed by one or more owners.
-
-# More details are here: https://help.github.com/articles/about-codeowners/
-
-# The '*' pattern is global owners.
-
-# Order is important. The last matching pattern has the most precedence.
-# The folders are ordered as follows:
-
-# In each subsection folders are ordered first by depth, then alphabetically.
-# This should make it easy to add new rules without breaking existing ones.
-
-# Global rule:
-*           @f5devcentral/application-study-tool-owners

.github/workflows/deploy-pages.yml

@@ -3,7 +3,8 @@ name: Deploy Jekyll with GitHub Pages dependencies preinstalled
 
 on:
   push:
-    branches: [main]
+    branches:
+      - main
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:

.github/workflows/push-image.yml

@@ -2,8 +2,12 @@ name: Push Image to ghcr.io
 run-name: ${{ github.actor }} is running this workflow
 on:
   push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
+    branches:
+      - main
+  workflow_dispatch:
+    #tags:
+    #  - 'v[0-9]+.[0-9]+.[0-9]+'
+
 jobs:
   Pull-From_Gitlab:
     permissions:
@@ -34,7 +38,13 @@ jobs:
       - name: Push to Github
         run:
           |
-            docker tag registry.gitlab.com/f5/greenhouse/apps/seven-layer-cake-collector/otel_custom_collector:${{ env.VERSION }} ghcr.io/f5devcentral/application-study-tool/otel_custom_collector:${{ env.VERSION }}
-            docker tag registry.gitlab.com/f5/greenhouse/apps/seven-layer-cake-collector/otel_custom_collector:${{ env.VERSION }} ghcr.io/f5devcentral/application-study-tool/otel_custom_collector:latest
-            docker push ghcr.io/f5devcentral/application-study-tool/otel_custom_collector:${{ env.VERSION }}
-            docker push ghcr.io/f5devcentral/application-study-tool/otel_custom_collector:latest
+            exit_code=0
+            docker pull ghcr.io/f5networks/f5-insight-for-bigip/otel_custom_collector:${{ env.VERSION }} > /dev/null 2>&1 || exit_code=$?
+            if [ $exit_code -eq 0 ]; then
+                 echo "Image already exists in the github registry, skipping push"
+                 exit 0
+            fi
+            docker tag registry.gitlab.com/f5/greenhouse/apps/seven-layer-cake-collector/otel_custom_collector:${{ env.VERSION }} ghcr.io/f5networks/f5-insight-for-bigip/otel_custom_collector:${{ env.VERSION }}
+            docker tag registry.gitlab.com/f5/greenhouse/apps/seven-layer-cake-collector/otel_custom_collector:${{ env.VERSION }} ghcr.io/f5networks/f5-insight-for-bigip/otel_custom_collector:latest
+            docker push ghcr.io/f5networks/f5-insight-for-bigip/otel_custom_collector:${{ env.VERSION }}
+            docker push ghcr.io/f5networks/f5-insight-for-bigip/otel_custom_collector:latest

COLLECTOR_VERSION

@@ -1 +1 @@
-v0.9.4
+v2.0.1

CONTRIBUTING.md

@@ -1,100 +0,0 @@
-# Contributing Guide
-
-Thank you for your interest in contributing to the Application Study Tool!
-Please read this guide for general guidelines to follow, which borrows heavily
-from those used by the Opentelemetry Collector.
-
-## How to contribute
-
-### Before you start
-
-Comment on the issue that you want to work on so we can assign it to you and
-clarify anything related to it.
-
-If you would like to work on something that is not listed as an issue,
-please create an issue and describe your proposal. It is best to do this
-in advance so that maintainers can decide if the proposal is a good fit for
-this repository. This will help avoid situations when you spend significant time
-on something that maintainers may decide this repo is not the right place for.
-
-Follow the instructions below to create your PR.
-
-### Fork
-
-In the interest of keeping this repository clean and manageable, you should
-work from a fork. To create a fork, click the 'Fork' button at the top of the
-repository, then clone the fork locally using `git clone
-git@github.com:USERNAME/application-study-tool.git`.
-
-You should also add this repository as an "upstream" repo to your local copy,
-in order to keep it up to date. You can add this as a remote like so:
-
-`git remote add upstream https://github.com/f5devcentral/application-study-tool.git`
-
-Verify that the upstream exists:
-
-`git remote -v`
-
-To update your fork, fetch the upstream repo's branches and commits, then merge
-your `development` with upstream's `development`:
-
-```
-git fetch upstream
-git checkout development
-git merge upstream/development
-```
-
-Remember to always work in a branch of your local copy, as you might otherwise
-have to contend with conflicts in `development`.
-
-
-## Required Tools
-
-Working with the project sources requires the following tools:
-
-1. [git](https://git-scm.com/)
-4. [docker](https://www.docker.com/)
-
-## Repository Setup
-
-Fork the repo and checkout  by:
-
-```
-$ git clone git@github.com:f5devcentral/application-study-tool.git
-```
-
-Add your fork as an origin:
-
-```shell
-$ cd application-study-tool
-$ git remote add fork git@github.com:YOUR_GITHUB_USERNAME/application-study-tool.git
-```
-
-## Creating a PR
-
-Checkout a new branch, make modifications, build locally, and push the branch to your fork
-to open a new PR:
-
-```shell
-$ git checkout development
-$ git checkout -b feature
-# edit
-$ git commit
-$ git push fork feature
-```
-
-### Commit Messages
-
-Use descriptive commit messages. Here are [some recommendations](https://cbea.ms/git-commit/)
-on how to write good commit messages.
-When creating PRs GitHub will automatically copy commit messages into the PR description,
-so it is a useful habit to write good commit messages before the PR is created.
-Also, unless you actually want to tell a story with multiple commits make sure to squash
-into a single commit before creating the PR.
-
-When maintainers merge PRs with multiple commits, they will be squashed and GitHub will
-concatenate all commit messages right before you hit the "Confirm squash and merge"
-button. Maintainers must make sure to edit this concatenated message to make it right before merging.
-In some cases, if the commit messages are lacking the easiest approach to have at
-least something useful is copy/pasting the PR description into the commit message box
-before merging (but see the above paragraph about writing good commit messages in the first place).

README.md

@@ -7,7 +7,7 @@ configuration, troubleshooting (REST changes) info, etc.
 
 > See the [F5 Application Study Tool Labs](https://clouddocs.f5.com/training/community/ast/html/) for an educational guided lab experience.
 
-The Application Study Tool is intended to provide enhanced insights into (classic) BIG-IP products, leveraging best in class
+The F5 Application Study Tool is intended to provide enhanced insights into (classic) BIG-IP products, leveraging best in class
 open source telemetry tools. The full installation includes:
 
 * Custom Instance of OpenTelemetry Collector with enhanced BIG-IP data receivers (data fetched via iControlRest) [Full List of Metrics Collected](pages/components/otel_collector/receiver_metrics.md).
@@ -173,6 +173,8 @@ Create a file called .env.device-secrets, and add your BIP passwords like so:
 BIGIP_PASSWORD_1=foo-bar123!
 BIGIP_PASSWORD_2=bar-foo123!
 ```
+> **Note:** Ensure that the permissions on the (_.env.device-secrets_) file are restricted to allow read access only to the user running the Docker containers.
+> This ensures that credential information remains protected from unauthorized access.
 
 The variable name (the part on the left of the equal sign) must match the configured
 value for the devices that use this password in config/ast_defaults.yaml or device specific
@@ -348,7 +350,7 @@ cp .env-example .env
 ```
 
 ### Run Application Study Tool
-Once the above configurations have been made, the tool can be started with:
+After the above configurations have been made, start the tool with:
 
 ```shell
 # `docker compose up -d` to start in background mode
@@ -357,7 +359,7 @@ docker compose up
 
 #### View The Dashboards
 The default Grafana user/pass is `admin/admin`, and can be accessed at
-`http://<hostname>:3000`.
+`http://<hostname>:3000`. If HTTPS is configured, use `https://<hostname>:3001`.
 
 
 ## Updating AST Versions
@@ -371,7 +373,7 @@ special instructions / breaking changes.
 git stash
 git fetch --tags
 git pull origin main
-git checkout tags/RELEASE_VERSION #(e.g. tags/v0.9.4)
+git checkout tags/RELEASE_VERSION #(e.g. tags/v2.0.1)
 git stash pop
 # <merge any conflicts with your local changes>
 # <re-run config scripts>
@@ -380,30 +382,10 @@ docker compose down
 docker compose up
 ```
 
-## Support
-
-For support, please open a GitHub issue.  Note, the code in this repository is community supported and is not supported by F5 Networks.  For a complete list of supported projects please reference [SUPPORT.md](SUPPORT.md).
-
-## Community Code of Conduct
-
-Please refer to the [F5 DevCentral Community Code of Conduct](code_of_conduct.md).
-
 ## License
 
 [Apache License 2.0](LICENSE)
 
 ## Copyright
 
-Copyright 2014-2024 F5 Networks Inc.
-
-### F5 Networks Contributor License Agreement
-
-Before you start contributing to any project sponsored by F5 Networks, Inc. (F5) on GitHub, you will need to sign a Contributor License Agreement (CLA).
-
-If you are signing as an individual, we recommend that you talk to your employer (if applicable) before signing the CLA since some employment agreements may have restrictions on your contributions to other projects.
-Otherwise by submitting a CLA you represent that you are legally entitled to grant the licenses recited therein.
-
-If your employer has rights to intellectual property that you create, such as your contributions, you represent that you have received permission to make contributions on behalf of that employer, that your employer has waived such rights for your contributions, or that your employer has executed a separate CLA with F5.
-
-If you are signing on behalf of a company, you represent that you are legally entitled to grant the license recited therein.
-You represent further that each employee of the entity that submits contributions is authorized to submit such contributions on behalf of the entity pursuant to the CLA.
+Copyright 2014-2024 F5 Networks Inc.

docker-compose.yaml

@@ -6,7 +6,8 @@ volumes:
 
 services:
   prometheus:
-    image: prom/prometheus:v2.54.1
+    # prom/prometheus:v2.53.5
+    image: prom/prometheus@sha256:7a34573f0b9c952286b33d537f233cd5b708e12263733aa646e50c33f598f16c
     container_name: prometheus
     restart: unless-stopped
     stop_grace_period: 5m
@@ -21,13 +22,14 @@ services:
       - '--web.enable-lifecycle'
       - '--enable-feature=otlp-write-receiver'
       - '--storage.tsdb.retention.time=1y'
-    ports:
-      - 9090:9090
+    expose:
+      - 9090
     networks:
       - 7lc_network
 
   otel-collector:
-    image: ghcr.io/f5devcentral/application-study-tool/otel_custom_collector:v0.9.4
+    # ghcr.io/f5networks/f5-insight-for-bigip/otel_custom_collector:v2.0.1
+    image: ghcr.io/f5networks/f5-insight-for-bigip/otel_custom_collector@sha256:0155a441a39a3b6ea42799a4f2172e0ad5b30758970b560c3bc7f7c87903262a
     restart: unless-stopped
     volumes:
       - ./services/otel_collector:/etc/otel-collector-config
@@ -40,7 +42,8 @@ services:
       - 7lc_network
 
   grafana:
-    image: grafana/grafana:11.2.0
+    # grafana/grafana:v11.6.3
+    image: grafana/grafana@sha256:6128afd8174f01e39a78341cb457588f723bbb9c3b25c4d43c4b775881767069
     container_name: grafana
     restart: unless-stopped
     ports:

https_setup.md

@@ -0,0 +1,46 @@
+### Enabling HTTPS for Grafana
+
+This section outlines the steps required to enable HTTPS for Grafana when deployed using Docker Compose.
+
+#### 1. Generate SSL Certificate and Key
+
+To enable HTTPS, you need a certificate `(cert.pem)` and a private key `(key.pem)`. For local development, you can generate self-signed certificates using OpenSSL with the following commands:
+
+```sh
+mkdir -p ./services/grafana/ssl
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+  -keyout ./services/grafana/ssl/key.pem -out ./services/grafana/ssl/cert.pem \
+  -subj "/CN=localhost"
+```
+
+> **Note:** In production environments, always use certificates from a trusted Certificate Authority (CA).
+> It is recommended to rotate these certificates regularly before they expire to minimize the risk of security breaches.
+
+> **Reference:** For more detailed guidance on configuring HTTPS, refer to the [official Grafana documentation](https://grafana.com/docs/grafana/latest/setup-grafana/set-up-https/).
+
+#### 2. Modify the Docker Compose Configuration
+
+Update your `docker-compose.yaml` file with the necessary configurations to enable HTTPS for Grafana. Below is an example snippet for the Grafana service:
+
+```yaml
+grafana:
+  image: grafana/grafana:11.6.3
+  container_name: grafana
+  restart: unless-stopped
+  ports:
+    - 3000:3000
+    - 3001:3001 # HTTPS port
+  volumes:
+    - grafana:/var/lib/grafana
+    - ./services/grafana/provisioning/:/etc/grafana/provisioning
+    - ./services/grafana/ssl/cert.pem:/etc/grafana/cert.pem:ro
+    - ./services/grafana/ssl/key.pem:/etc/grafana/key.pem:ro
+  env_file: ".env"
+  environment:
+    - GF_SERVER_PROTOCOL=https
+    - GF_SERVER_CERT_FILE=/etc/grafana/cert.pem
+    - GF_SERVER_CERT_KEY=/etc/grafana/key.pem
+    - GF_SERVER_HTTP_PORT=3001
+```
+
+By following these steps, you will successfully enable HTTPS for your Grafana deployment. Ensure you test your configuration in both development and production environments to verify functionality and security compliance.

pages/Gemfile

@@ -32,8 +32,12 @@ gem "wdm", "~> 0.1", :platforms => [:mingw, :x64_mingw, :mswin]
 # do not have a Java counterpart.
 gem "http_parser.rb", "~> 0.6.0", :platforms => [:jruby]
 
-gem 'nokogiri'
-gem 'rack', '~> 2.2.4'
+gem 'nokogiri', '>= 1.18.8'
+gem 'rack', '~> 2.2.14'
 gem 'rspec'
 
+gem 'google-protobuf', '>= 4.28.2'
+gem 'webrick', '>= 1.8.2'
+gem 'rexml', '>= 3.3.9'
+
 gem "html-proofer", "~> 5.0", :group => :development