wn/dtrack-defectdojo-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hallo hier ein commit
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source
This commit is contained in:
Wolfgang Hottgenroth
2025-07-10 12:06:41 +02:00
parent b91a7ae0fc
commit 117a74989e
2 changed files with 44 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/converter.py
View File

@ -63,7 +63,8 @@ def minimalSbomFormatConverter(minimalSbom, classifier):
bom.metadata.component = root_component = Component( bom.metadata.component = root_component = Component(
name=minimalSbomObject['product'], name=minimalSbomObject['product'],
type=__converterClassifierToComponentType(classifier), type=__converterClassifierToComponentType(minimalSbomObject['classifier']),
description=minimalSbomObject['description'],
version=minimalSbomObject['version'], version=minimalSbomObject['version'],
licenses=[lc_factory.make_from_string(minimalSbomObject['license'])], licenses=[lc_factory.make_from_string(minimalSbomObject['license'])],
supplier=OrganizationalEntity( supplier=OrganizationalEntity(
@ -73,6 +74,21 @@ def minimalSbomFormatConverter(minimalSbom, classifier):
bom_ref = f"urn:uuid:{uuid.uuid4()}" bom_ref = f"urn:uuid:{uuid.uuid4()}"
) )
component = Component(
type=__converterClassifierToComponentType(minimalSbomObject['classifier']),
name=f"{minimalSbomObject['supplier']['name']}´s own code",
version=minimalSbomObject['version'],
licenses=[lc_factory.make_from_string(minimalSbomObject['license'])],
supplier=OrganizationalEntity(
name=minimalSbomObject['supplier']['name'],
urls=[XsUri(minimalSbomObject['supplier']['url'])]
),
bom_ref = f"urn:uuid:{uuid.uuid4()}"
)
bom.components.add(component)
bom.register_dependency(root_component, [component])
for minimalComponentDescription in minimalSbomObject['components']: for minimalComponentDescription in minimalSbomObject['components']:
component = Component( component = Component(
type=ComponentType.LIBRARY, type=ComponentType.LIBRARY,
@ -91,6 +107,8 @@ def minimalSbomFormatConverter(minimalSbom, classifier):
outputSbom = JsonV1Dot5(bom).output_as_string(indent=2) outputSbom = JsonV1Dot5(bom).output_as_string(indent=2)
logger.info(outputSbom) logger.info(outputSbom)
with open('/tmp/bom.json', 'w') as f:
f.write(outputSbom)
raise Exception("Conversion aborted") return (outputSbom, minimalSbomObject['product'], minimalSbomObject['version'], minimalSbomObject['classifier'], minimalSbomObject['description'])

29
src/sbom-dt-dd.py
View File

@ -63,13 +63,16 @@ except KeyError as e:
parser = argparse.ArgumentParser(description='sbom-dt-dd glue logic') parser = argparse.ArgumentParser(description='sbom-dt-dd glue logic')
parser.add_argument('--name', '-n', parser.add_argument('--name', '-n',
help='Project Name', help='Project Name',
required=True) required=False,
default=''),
parser.add_argument('--version', '-v', parser.add_argument('--version', '-v',
help='Project Version', help='Project Version',
required=True) required=False,
default='')
parser.add_argument('--description', '-d', parser.add_argument('--description', '-d',
help='Project Description', help='Project Description',
required=True) required=False,
default='')
parser.add_argument('--type', '-t', parser.add_argument('--type', '-t',
help='Product Type from DefectDojo', help='Product Type from DefectDojo',
type=int, type=int,
@ -78,7 +81,8 @@ parser.add_argument('--classifier', '-c',
help='Project Classifier from DependencyTrack', help='Project Classifier from DependencyTrack',
choices=['APPLICATION', 'FRAMEWORK', 'LIBRARY', 'CONTAINER', 'OPERATING_SYSTEM', 'DEVICE', choices=['APPLICATION', 'FRAMEWORK', 'LIBRARY', 'CONTAINER', 'OPERATING_SYSTEM', 'DEVICE',
'FIRMWARE', 'FILE', 'PLATFORM', 'DEVICE_DRIVER', 'MACHINE_LEARNING_MODEL', 'DATA'], 'FIRMWARE', 'FILE', 'PLATFORM', 'DEVICE_DRIVER', 'MACHINE_LEARNING_MODEL', 'DATA'],
required=True) required=False,
default='')
parser.add_argument('--uploadsbom', '-U', parser.add_argument('--uploadsbom', '-U',
help='Upload a already existing SBOM instead of generating it. Give the SBOM file at -F instead of a target', help='Upload a already existing SBOM instead of generating it. Give the SBOM file at -F instead of a target',
required=False, required=False,
@ -91,6 +95,10 @@ parser.add_argument('--minimalsbomformat', '-K',
help='SBOM file comes in dedicated minimal format and will be converted into cyclonedx before uploading', help='SBOM file comes in dedicated minimal format and will be converted into cyclonedx before uploading',
action='store_true', action='store_true',
default=False) default=False)
parser.add_argument('--overwritemetadata', '-O',
help='Overwrite name, version, description and classifier with data from minimal SBOM',
action='store_true',
default=False)
parser.add_argument('--target', '-T', parser.add_argument('--target', '-T',
help='Target to scan, either path name for sources or docker image tag', help='Target to scan, either path name for sources or docker image tag',
required=False) required=False)
@ -113,6 +121,12 @@ if uploadSbomFlag:
else: else:
target = args.target target = args.target
if minimalSbomFormat:
overwriteMetadata = args.overwritemetadata
if not overwriteMetadata and not (projectName and projectVersion and projectClassifier and projectDescription):
raise MyLocalException("If overwriteMetadata is not selected, projectName, projectVersion, projectClassifier and projectDescription must be set.")
VERBOSE = args.verbose VERBOSE = args.verbose
@ -126,8 +140,13 @@ if uploadSbomFlag:
logger.info("SBOM file read.") logger.info("SBOM file read.")
if minimalSbomFormat: if minimalSbomFormat:
logger.info("Start converting from minimal format into cyclonedx") logger.info("Start converting from minimal format into cyclonedx")
sbom = minimalSbomFormatConverter(sbom, projectClassifier) (sbom, nameFromMinimalSbom, versionFromMinimalSbom, classifierFromMinimalSbom, descriptionFromMinimalSbom) = minimalSbomFormatConverter(sbom, projectClassifier)
logger.info("Converted") logger.info("Converted")
if overwriteMetadata:
projectName = nameFromMinimalSbom
projectVersion = versionFromMinimalSbom
projectClassifier = classifierFromMinimalSbom
projectDescription = descriptionFromMinimalSbom
logger.info("Done.") logger.info("Done.")
else: else:
# ------- generate SBOM ------------ # ------- generate SBOM ------------