Compare commits
25 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
f55c3da3ef
|
|||
|
f50d821aec
|
|||
|
609f33b181
|
|||
|
7c8e1156aa
|
|||
|
226456ccd2
|
|||
|
227ef294d3
|
|||
|
a14e0ab2c5
|
|||
|
471fcb2177
|
|||
|
0d4ac4022a
|
|||
|
405d66cdcb
|
|||
|
a32d9fd643
|
|||
|
7f394f82ee
|
|||
|
c8577edf0c
|
|||
|
02aba34391
|
|||
|
1fb4c387a7
|
|||
|
92b61fdae0
|
|||
|
4ddb6cfd30
|
|||
|
0eb761db27
|
|||
|
9cc81373dc
|
|||
|
b856424640
|
|||
|
d6a8f5f436
|
|||
|
4cc4e5cec6
|
|||
|
aec0e3fb0e
|
|||
|
05c5c49cd5
|
|||
|
9156b594e3
|
@ -5,9 +5,12 @@ stages:
|
|||||||
variables:
|
variables:
|
||||||
REGISTRY: devnexus.krohne.com:18079/repository/docker-krohne
|
REGISTRY: devnexus.krohne.com:18079/repository/docker-krohne
|
||||||
IMAGE_NAME: $REGISTRY/$CI_PROJECT_NAME
|
IMAGE_NAME: $REGISTRY/$CI_PROJECT_NAME
|
||||||
|
DTRACK_API_URL: https://dtrack-api-rd.krohne.com
|
||||||
|
DEFECTDOJO_API_URL: https://defectdojo-rd.krohne.com
|
||||||
|
KROHNE_CA_URL: https://devwiki.krohnegroup.com/lib/exe/fetch.php?media=krohne-ca.crt
|
||||||
|
KROHNE_CA_CHECKSUM: a921e440a742f1e67c7714306e2c0d76
|
||||||
|
|
||||||
|
.generate-api:
|
||||||
generate-dtrack-api:
|
|
||||||
stage: generate-api-clients
|
stage: generate-api-clients
|
||||||
image: openapitools/openapi-generator-cli:v7.12.0
|
image: openapitools/openapi-generator-cli:v7.12.0
|
||||||
tags:
|
tags:
|
||||||
@ -17,12 +20,21 @@ generate-dtrack-api:
|
|||||||
rules:
|
rules:
|
||||||
- if: '$CI_COMMIT_BRANCH == "main"'
|
- if: '$CI_COMMIT_BRANCH == "main"'
|
||||||
- if: '$CI_COMMIT_TAG'
|
- if: '$CI_COMMIT_TAG'
|
||||||
|
before_script:
|
||||||
|
- curl --insecure $KROHNE_CA_URL -o krohne-ca.crt
|
||||||
|
- echo "$KROHNE_CA_CHECKSUM krohne-ca.crt" | md5sum -c
|
||||||
|
- mv krohne-ca.crt /usr/local/share/ca-certificates
|
||||||
|
- update-ca-certificates
|
||||||
|
|
||||||
|
|
||||||
|
generate-dtrack-api:
|
||||||
|
extends: .generate-api
|
||||||
artifacts:
|
artifacts:
|
||||||
paths:
|
paths:
|
||||||
- dtrack-api-client.tgz
|
- dtrack-api-client.tgz
|
||||||
expire_in: 1 week
|
expire_in: 1 week
|
||||||
script:
|
script:
|
||||||
- curl https://dtrack-api.hottis.de/api/openapi.json > dependencytrack-openapi.json
|
- curl ${DTRACK_API_URL}/api/openapi.json > dependencytrack-openapi.json
|
||||||
- |
|
- |
|
||||||
docker-entrypoint.sh \
|
docker-entrypoint.sh \
|
||||||
author template \
|
author template \
|
||||||
@ -42,21 +54,13 @@ generate-dtrack-api:
|
|||||||
|
|
||||||
|
|
||||||
generate-defectdojo-api:
|
generate-defectdojo-api:
|
||||||
stage: generate-api-clients
|
extends: .generate-api
|
||||||
image: openapitools/openapi-generator-cli:v7.12.0
|
|
||||||
tags:
|
|
||||||
- linux
|
|
||||||
- docker
|
|
||||||
- bash
|
|
||||||
rules:
|
|
||||||
- if: '$CI_COMMIT_BRANCH == "main"'
|
|
||||||
- if: '$CI_COMMIT_TAG'
|
|
||||||
artifacts:
|
artifacts:
|
||||||
paths:
|
paths:
|
||||||
- defectdojo-api-client.tgz
|
- defectdojo-api-client.tgz
|
||||||
expire_in: 1 week
|
expire_in: 1 week
|
||||||
script:
|
script:
|
||||||
- curl https://defectdojo.hottis.de/api/v2/oa3/schema/?format=json > defectdojo-openapi.json
|
- curl ${DEFECTDOJO_API_URL}/api/v2/oa3/schema/?format=json > defectdojo-openapi.json
|
||||||
- |
|
- |
|
||||||
docker-entrypoint.sh \
|
docker-entrypoint.sh \
|
||||||
generate \
|
generate \
|
||||||
@ -78,11 +82,13 @@ dockerize:
|
|||||||
script:
|
script:
|
||||||
- tar -xzf defectdojo-api-client.tgz
|
- tar -xzf defectdojo-api-client.tgz
|
||||||
- tar -xzf dtrack-api-client.tgz
|
- tar -xzf dtrack-api-client.tgz
|
||||||
- docker build --tag $IMAGE_NAME:latest
|
- docker build --build-arg ADDITIONAL_CA_URL="$KROHNE_CA_URL"
|
||||||
|
--build-arg ADDITIONAL_CA_CHECKSUM=$KROHNE_CA_CHECKSUM
|
||||||
|
--tag $IMAGE_NAME:latest
|
||||||
--tag $IMAGE_NAME:$CI_COMMIT_SHA
|
--tag $IMAGE_NAME:$CI_COMMIT_SHA
|
||||||
--tag $IMAGE_NAME:$CI_COMMIT_TAG
|
--tag $IMAGE_NAME:$CI_COMMIT_TAG
|
||||||
.
|
.
|
||||||
- docker login -u $NEXUS_DOCKER_USER -p $NEXUS_DOCKER_PASSWORD $REGISTRY
|
- docker login -u $NEXUS_USER -p $NEXUS_PASSWORD $REGISTRY
|
||||||
- docker push $IMAGE_NAME:latest
|
- docker push $IMAGE_NAME:latest
|
||||||
- docker push $IMAGE_NAME:$CI_COMMIT_SHA
|
- docker push $IMAGE_NAME:$CI_COMMIT_SHA
|
||||||
- docker push $IMAGE_NAME:$CI_COMMIT_TAG
|
- docker push $IMAGE_NAME:$CI_COMMIT_TAG
|
||||||
|
|||||||
16
Dockerfile
16
Dockerfile
@ -6,12 +6,26 @@ ENV DEFECTDOJO_URL=""
|
|||||||
ENV DEFECTDOJO_TOKEN=""
|
ENV DEFECTDOJO_TOKEN=""
|
||||||
|
|
||||||
ARG APP_DIR=/opt/app
|
ARG APP_DIR=/opt/app
|
||||||
|
ARG ADDITIONAL_CA_URL="x"
|
||||||
|
ARG ADDITIONAL_CA_CHECKSUM="y"
|
||||||
|
|
||||||
RUN \
|
RUN \
|
||||||
|
set -e &&\
|
||||||
apk add --no-cache syft &&\
|
apk add --no-cache syft &&\
|
||||||
adduser -s /bin/sh -D user &&\
|
adduser -s /bin/sh -D user &&\
|
||||||
mkdir -p $APP_DIR &&\
|
mkdir -p $APP_DIR &&\
|
||||||
chown user:user $APP_DIR
|
chown user:user $APP_DIR &&\
|
||||||
|
echo $ADDITIONAL_CA_URL &&\
|
||||||
|
echo $ADDITIONAL_CA_CHECKSUM &&\
|
||||||
|
if [ "$ADDITIONAL_CA_URL" != "x" ]; then \
|
||||||
|
cd /usr/local/share/ca-certificates; \
|
||||||
|
wget --no-check-certificate -O custom-ca.crt $ADDITIONAL_CA_URL; \
|
||||||
|
echo "$ADDITIONAL_CA_CHECKSUM custom-ca.crt" | md5sum -c; \
|
||||||
|
/usr/sbin/update-ca-certificates; \
|
||||||
|
echo "custom ca added"; \
|
||||||
|
else \
|
||||||
|
echo "no additional ca"; \
|
||||||
|
fi
|
||||||
|
|
||||||
USER user
|
USER user
|
||||||
WORKDIR $APP_DIR
|
WORKDIR $APP_DIR
|
||||||
|
|||||||
@ -1,11 +1,11 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# entrypoint.sh
|
# entrypoint.sh
|
||||||
|
|
||||||
source ./.venv/bin/activate
|
source /opt/app/.venv/bin/activate
|
||||||
|
|
||||||
PYTHONPATH="$PYTHONPATH:./dependencytrack-client"
|
PYTHONPATH="$PYTHONPATH:/opt/app/dependencytrack-client"
|
||||||
PYTHONPATH="$PYTHONPATH:./defectdojo-client"
|
PYTHONPATH="$PYTHONPATH:/opt/app/defectdojo-client"
|
||||||
export PYTHONPATH
|
export PYTHONPATH
|
||||||
|
|
||||||
exec python sbom-dt-dd.py "$@"
|
exec python /opt/app/sbom-dt-dd.py "$@"
|
||||||
|
|
||||||
|
|||||||
@ -16,7 +16,9 @@ class MyLocalException(Exception): pass
|
|||||||
|
|
||||||
def executeApiCall(apiClient, ApiClass, EndpointMethod, RequestClass, requestParams, additionalParams=[]):
|
def executeApiCall(apiClient, ApiClass, EndpointMethod, RequestClass, requestParams, additionalParams=[]):
|
||||||
try:
|
try:
|
||||||
logger.info(f"Calling {ApiClass}.{EndpointMethod} with {RequestClass} ({additionalParams}, {requestParams})")
|
logger.info(f"Calling {ApiClass=}.{EndpointMethod=} with {RequestClass=})")
|
||||||
|
if VERBOSE:
|
||||||
|
logger.debug(f"{additionalParams=}, {requestParams=}")
|
||||||
instance = ApiClass(apiClient)
|
instance = ApiClass(apiClient)
|
||||||
if RequestClass:
|
if RequestClass:
|
||||||
request = RequestClass(**requestParams)
|
request = RequestClass(**requestParams)
|
||||||
@ -85,6 +87,11 @@ parser.add_argument('--sbomfile', '-F',
|
|||||||
parser.add_argument('--target', '-T',
|
parser.add_argument('--target', '-T',
|
||||||
help='Target to scan, either path name for sources or docker image tag',
|
help='Target to scan, either path name for sources or docker image tag',
|
||||||
required=False)
|
required=False)
|
||||||
|
parser.add_argument('--verbose', '-V',
|
||||||
|
help='A lot of debug output',
|
||||||
|
required=False,
|
||||||
|
action='store_true',
|
||||||
|
default=False)
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
projectName = args.name
|
projectName = args.name
|
||||||
projectVersion = args.version
|
projectVersion = args.version
|
||||||
@ -98,6 +105,8 @@ if uploadSbomFlag:
|
|||||||
else:
|
else:
|
||||||
target = args.target
|
target = args.target
|
||||||
|
|
||||||
|
VERBOSE = args.verbose
|
||||||
|
|
||||||
|
|
||||||
# ---- main starts here --------------------------------------------------------------------------------------------------
|
# ---- main starts here --------------------------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user