wn/dtrack-defectdojo-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sbom generation and upload seems to work

Browse Source
This commit is contained in:
Wolfgang Hottgenroth
2025-04-02 14:39:20 +02:00
parent b2d816983b
commit 856368c6c3
1 changed files with 40 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
snippets/test03.py
View File

@ -1,6 +1,8 @@
import os import os
from loguru import logger from loguru import logger
import argparse import argparse
import subprocess
import json
import defectdojo_api import defectdojo_api
from defectdojo_api.rest import ApiException as DefectDojoApiException from defectdojo_api.rest import ApiException as DefectDojoApiException
@ -16,14 +18,31 @@ def executeApiCall(apiClient, ApiClass, EndpointMethod, RequestClass, requestPar
try: try:
logger.info(f"Calling {ApiClass}.{EndpointMethod} with {RequestClass} ({additionalParams}, {requestParams})") logger.info(f"Calling {ApiClass}.{EndpointMethod} with {RequestClass} ({additionalParams}, {requestParams})")
instance = ApiClass(apiClient) instance = ApiClass(apiClient)
if RequestClass:
request = RequestClass(**requestParams) request = RequestClass(**requestParams)
response = EndpointMethod(instance, *additionalParams, request) response = EndpointMethod(instance, *additionalParams, request)
else:
response = EndpointMethod(instance, *additionalParams)
logger.info(f"Response is {response}") logger.info(f"Response is {response}")
return response return response
except Exception as e: except Exception as e:
logger.error(f"Caught error {e} with {str(e)}") logger.error(f"Caught error {e} with {str(e)}")
raise MyLocalException(e) raise MyLocalException(e)
def generateSBOM(target='.', name='dummyName', version='0.0.0'):
try:
result = subprocess.run(
["syft", "scan", target, "-o", "cyclonedx-json", "--source-name", name, "--source-version", version],
check=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True
)
sbom = json.loads(result.stdout)
return sbom
except subprocess.CalledProcessError as e:
logger.error(f"SBOM scanner failed: {e.stderr}")
raise MyLocalException(e)
try: try:
@ -53,12 +72,21 @@ parser.add_argument('--classifier', '-c',
help='Project Classifier from DependencyTrack', help='Project Classifier from DependencyTrack',
choices=['APPLICATION', 'FRAMEWORK', 'LIBRARY', 'CONTAINER', 'OPERATING_SYSTEM', 'DEVICE', 'FIRMWARE', 'FILE', 'PLATFORM', 'DEVICE_DRIVER', 'MACHINE_LEARNING_MODEL', 'DATA'], choices=['APPLICATION', 'FRAMEWORK', 'LIBRARY', 'CONTAINER', 'OPERATING_SYSTEM', 'DEVICE', 'FIRMWARE', 'FILE', 'PLATFORM', 'DEVICE_DRIVER', 'MACHINE_LEARNING_MODEL', 'DATA'],
required=True) required=True)
parser.add_argument('--target', '-T',
help='Target to scan, either path name for sources or docker image tag',
required=True)
args = parser.parse_args() args = parser.parse_args()
projectName = args.name projectName = args.name
projectVersion = args.version projectVersion = args.version
projectDescription = args.description projectDescription = args.description
productType = args.type productType = args.type
projectClassifier = args.classifier projectClassifier = args.classifier
target = args.target
logger.info(f"Generating SBOM for {target}")
sbom = generateSBOM(target, projectName, projectVersion)
logger.info("Done.")
defectdojo_configuration = defectdojo_api.Configuration( defectdojo_configuration = defectdojo_api.Configuration(
@ -135,3 +163,13 @@ with dependencytrack_api.ApiClient(dependencytrack_configuration) as dependencyt
[ project_uuid ] [ project_uuid ]
) )
bom_response = \
executeApiCall(
dependencytrack_api_client,
dependencytrack_api.BomApi,
dependencytrack_api.BomApi.upload_bom,
None,
None,
[ None, False, projectName, projectVersion, None, None, None, None, True, json.dumps(sbom) ]
)