dti4q
v1.0.0
Published
CLI to upload BOM files to Dependency-Track (https://dependencytrack.org/) tool using CI/CD pipelines
Downloads
1
Maintainers
Readme
Dependencytrack
CLI to Dependecy Track
Installation
Install it using npm
npm install @i4q/dtrack-cli -g
Usage
Execute the following command:
dtrack-cli --server https://yourDependencyTrackServer.com/
--bom-path bom.xml
--api-key PUT_YOUR_KEY_HERE
--project-name "Project Name"
--project-version latest
--auto-create true
Gitlab CI/CD example
package.json projects (NodeJS, Angular, React...)
dependency-check:
stage: XXX
image: node:12.17
before_script:
- npm install -g @cyclonedx/bom
- npm install -g @i4q/dtrack-cli -g
script:
- npm install
- cyclonedx-bom -o bom.xml
- dtrack-cli --server ${DTRACK_HOST_URL} --bom-path bom.xml --api-key ${DTRACK_API_KEY} --project-name ${NAME} --project-version ${VERSION} --auto-create true
allow_failure: true
only:
- tags
PyPi projects
dependency-check:
stage: XXX
image: python:3.6
before_script:
- apt update -y
- apt install curl gnupg -y
- curl -sL https://deb.nodesource.com/setup_12.x | bash -
- apt install nodejs -y
- npm install -g @i4q/dtrack-cli
- node -v
- pip install cyclonedx-bom
script:
- cyclonedx-py -i requirements.txt -o bom.xml
- dtrack-cli --server ${DTRACK_HOST_URL} --bom-path bom.xml --api-key ${DTRACK_API_KEY} --project-name ${NAME} --project-version ${VERSION} --auto-create true
allow_failure: true
only:
- tags
Maven projects
dependency-check-java:
stage: sonar
image: maven:3.6-openjdk-11
before_script:
- apt update -y
- apt install curl gnupg -y
- curl -sL https://deb.nodesource.com/setup_12.x | bash -
- apt install nodejs -y
- npm install -g @i4q/dtrack-cli
script:
- mvn clean install
- mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom
- dtrack-cli --server ${DTRACK_HOST_URL} --bom-path target/bom.xml --api-key ${DTRACK_API_KEY} --project-name ${NAME} --project-version ${VERSION} --auto-create true
allow_failure: true
only:
- tags