feat(docker): Use Python 3.12 in docker images

[kiblik]

This PR follows in #10286 and #10280

Whenever DD is considered as ready for Python3.12, this might be merged.

Issues to solve:

• DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
  https://github.com/DefectDojo/django-DefectDojo/actions/runs/9372204332/job/25803362734?pr=10333

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
AppSec Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code changes are focused on updating the base Python image from version 3.11.9 to 3.12.3 across multiple Dockerfiles used in the application's build and deployment process. This update is a positive security measure, as it ensures that the application is running on the latest stable version of Python, which may include important security fixes and improvements.

In addition to the Python version upgrade, the Dockerfiles follow several best practices for secure application containerization, such as:

1. Pinning the base image to a specific SHA256 digest to ensure consistency and prevent unintended changes.
2. Installing necessary system-level dependencies and build tools required for the application.
3. Handling static file collection in a separate build stage to improve performance and maintainability.
4. Utilizing the Nginx web server as the front-end and running the Nginx process as a non-root user.
5. Applying the principle of least privilege by creating a dedicated user for running the application.

Overall, the code changes appear to be focused on updating the application's infrastructure to use the latest version of Python and follow best practices for secure containerization. From an application security perspective, these changes are generally positive and do not raise any immediate concerns. However, it's still important to thoroughly review the entire application stack, including the application code, dependencies, and infrastructure configuration, to ensure a comprehensive security posture.

Files Changed:

1. Dockerfile.integration-tests-debian: This Dockerfile updates the base Python image from 3.11.9 to 3.12.3 and ensures the proper installation of Google Chrome and Chromedriver for running integration tests.
2. Dockerfile.django-alpine: This Dockerfile updates the base Python image from 3.11.9 to 3.12.3 and manages the application's Python dependencies using pip3.
3. Dockerfile.nginx-alpine: This Dockerfile updates the base Python image from 3.11.9 to 3.12.3 and includes the installation of Node.js and Yarn for managing frontend dependencies.
4. Dockerfile.django-debian: This Dockerfile updates the base Python image from 3.11.9 to 3.12.3, manages development and runtime dependencies, and uses a dedicated user for running the application.
5. Dockerfile.nginx-debian: This Dockerfile updates the base Python image from 3.11.9 to 3.12.3, installs necessary system-level dependencies, and utilizes the Nginx web server as the front-end.

Powered by DryRun Security

[kiblik]

We can not keep this PR open because tests are stacked in an endless loop.