UNPKG

@fjbarrena/dtrack-cli

Version:

A small CLI to upload BOM files to OWASP Dependency Track (https://dependencytrack.org/) tool using CI/CD pipelines

109 lines (88 loc) 2.74 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# dtrack-cli A tiny CLI to upload BOM files to [OWASP Dependency Track Tool](https://dependencytrack.org/) ## Installation Fast and furious, just install it using npm ``` npm install @fjbarrena/dtrack-cli -g ``` ## Usage Fast and furious. Just execute the following command: ``` dtrack-cli --server https://yourDependencyTrackServer.com/ --bom-path bom.xml --api-key PUT_YOUR_KEY_HERE --project-name "LOL Great Name" --project-version latest --auto-create true ``` To see the help, just run ``` dtrack-cli ``` ## Requirements * Tested in Dependency Track v3.8.0 * An API Key with enough permissions * You can get it in Administration -> Teams * Automation Team recommended, with the following permissions: * BOM_UPLOAD * PROJECT_CREATION_UPLOAD ## Gitlab CI/CD example ### package.json based projects (NodeJS, Angular, React...) ```yaml stages: - dtrack dependency-check: stage: dtrack image: node:12.17 before_script: - npm install -g @cyclonedx/bom - npm install -g @fjbarrena/dtrack-cli script: # Assuming your code is in root, if not just make a cd - npm install - cyclonedx-bom -o bom.xml - dtrack-cli --server ${DTRACK_HOST_URL} --bom-path bom.xml --api-key ${DTRACK_API_KEY} --project-name ${NAME} --project-version ${VERSION} --auto-create true allow_failure: true only: - master ``` ### PyPi based projects ```yaml stages: - dtrack dependency-check: stage: dtrack image: python:3.6 before_script: - apt update -y - apt install curl gnupg -y - curl -sL https://deb.nodesource.com/setup_12.x | bash - - apt install nodejs -y - npm install -g @fjbarrena/dtrack-cli - node -v - pip install cyclonedx-bom script: # Assuming your code is in root, if not just make a cd - cyclonedx-py -i requirements.txt -o bom.xml - dtrack-cli --server ${DTRACK_HOST_URL} --bom-path bom.xml --api-key ${DTRACK_API_KEY} --project-name ${NAME} --project-version ${VERSION} --auto-create true allow_failure: true only: - master ``` ### Maven based projects ```yaml dependency-check-java: stage: sonar image: maven:3.6-openjdk-11 before_script: - apt update -y - apt install curl gnupg -y - curl -sL https://deb.nodesource.com/setup_12.x | bash - - apt install nodejs -y - npm install -g @fjbarrena/dtrack-cli script: # Assuming your code is in root, if not just make a cd - mvn clean install - mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom - dtrack-cli --server ${DTRACK_HOST_URL} --bom-path target/bom.xml --api-key ${DTRACK_API_KEY} --project-name ${NAME} --project-version ${VERSION} --auto-create true allow_failure: true only: - master ```