Multiple cpe experiments, failed. Add reimport feature.

src/ENV-python

@@ -1,2 +1,5 @@
 export PYTHONPATH=./locallibs/defectdojo-client:./locallibs/dependencytrack-client
 
+
+
+

src/converter.py

@@ -9,6 +9,7 @@ from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component, ComponentType
 from cyclonedx.model.contact import OrganizationalEntity
 from cyclonedx.model import XsUri
+from cyclonedx.model import ExternalReference
 from cyclonedx.output.json import JsonV1Dot5
 
 class MyLocalConverterException(Exception): pass
@@ -54,7 +55,9 @@ def minimalSbomFormatConverter(minimalSbom, classifier):
     minimalSbomObject = yaml.safe_load(minimalSbom)
     logger.debug(f"{minimalSbomObject=}")
 
-    bom = Bom()
+    bom = Bom(
+        version=minimalSbomObject['sbomVersion']
+    )
     bom.metadata.tools.components.add(cdx_lib_component())
     bom.metadata.tools.components.add(Component(
         name='sbom-dt-dd',

src/prepare-local-env.sh

@@ -1,10 +1,11 @@
 #!/bin/bash
 
+set -e
+
+. ./ENV
+
 LOCALLBIS=./locallibs
-DTRACK_API_URL=https://dtrack-api-rd.krohne.com
-DEFECTDOJO_API_URL=https://defectdojo-rd.krohne.com
 OPENAPI_GENERATOR=openapitools/openapi-generator-cli:v7.12.0
-UID=$(id -u)
 
 mkdir $LOCALLBIS && cd $LOCALLBIS
 
@@ -16,8 +17,8 @@ docker run -v $PWD:/work -u $UID $OPENAPI_GENERATOR \
   -g python \
   -o /work/dependencytrack-openapi-custom-template
 
-sed -i 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_anyof.mustache
+sed -i -e 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_anyof.mustache
-sed -i 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_generic.mustache
+sed -i -e 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_generic.mustache
 
 docker run -v $PWD:/work -u $UID $OPENAPI_GENERATOR \
   generate \
@@ -28,7 +29,7 @@ docker run -v $PWD:/work -u $UID $OPENAPI_GENERATOR \
   -t /work/dependencytrack-openapi-custom-template
 
 # --- Defectdojo Client Library ----------------------------------------------------------
-curl ${DEFECTDOJO_API_URL}/api/v2/oa3/schema/?format=json >defectdojo-openapi.json
+curl ${DEFECTDOJO_URL}/api/v2/oa3/schema/?format=json >defectdojo-openapi.json
 
 docker run -v $PWD:/work -u $UID $OPENAPI_GENERATOR \
   generate \

src/sbom-dt-dd.py

@@ -102,6 +102,11 @@ parser.add_argument('--overwritemetadata', '-O',
 parser.add_argument('--target', '-T',
                     help='Target to scan, either path name for sources or docker image tag',
                     required=False)
+parser.add_argument('--reimport', '-R',
+                    help='Import the SBOM for an existing project/product once again',
+                    required=False,
+                    action='store_true',
+                    default=False)
 parser.add_argument('--verbose', '-V',
                     help='A lot of debug output',
                     required=False,
@@ -113,6 +118,7 @@ projectVersion = args.version
 projectDescription = args.description
 productType = args.type
 projectClassifier = args.classifier
+reImport = args.reimport
 
 uploadSbomFlag = args.uploadsbom
 if uploadSbomFlag:
@@ -158,6 +164,8 @@ else:
 
 
 # ------- create product and engagement in DefectDojo -------
+if not reImport:
+    # in case of a reimport no modification on DefectDojo are required
     defectdojo_configuration = defectdojo_api.Configuration(
         host = DEFECTDOJO_URL
     )
@@ -206,6 +214,8 @@ dependencytrack_configuration.debug = False
 dependencytrack_configuration.api_key['ApiKeyAuth'] = DTRACK_TOKEN
 
 with dependencytrack_api.ApiClient(dependencytrack_configuration) as dependencytrack_api_client:
+    if not reImport:
+        # in case of a reimport it is not necessary to create the project
         project_response = \
             executeApiCall(
             dependencytrack_api_client,