rename dockerfiles

.gitlab-ci.yml

@@ -68,7 +68,7 @@ generate-defectdojo-api:
         -o defectdojo-client \
         --package-name defectdojo_api 
 
-dockerize:
+.dockerize:
   stage: build
   image: devnexus.krohne.com:18079/repository/docker-krohne/krohnedockerbash:0.5
   tags:
@@ -83,44 +83,21 @@ dockerize:
                    --tag $IMAGE_NAME:latest 
                    --tag $IMAGE_NAME:$CI_COMMIT_SHA
                    --tag $IMAGE_NAME:$CI_COMMIT_TAG
+                   -f $DOCKERFILE 
                    .
     - docker login -u $NEXUS_USER -p $NEXUS_PASSWORD $REGISTRY
     - docker push $IMAGE_NAME:latest
     - docker push $IMAGE_NAME:$CI_COMMIT_SHA
     - docker push $IMAGE_NAME:$CI_COMMIT_TAG
 
-build-windows-binary:
-  stage: build
-  tags:
-    - windows
-    - pwsh
-    - python3.13
-  rules:
-    - if: '$CI_COMMIT_TAG'
-  artifacts:
-    paths:
-      - sbom-dt-dd.exe
-  script:
-    - |
-      cd src
-      mv ..\dependencytrack-client .
-      mv ..\defectdojo-client .
-      & 'C:\Program Files\Python313\python.exe' -m venv venv
-      .\venv\Scripts\pip.exe install --upgrade pip
-      .\venv\Scripts\pip.exe install -r requirements.txt
-      .\venv\Scripts\pip.exe install -r dependencytrack-client\requirements.txt
-      .\venv\Scripts\pip.exe install -r defectdojo-client\requirements.txt
-      .\venv\Scripts\pip.exe install pyinstaller
-      .\venv\Scripts\pyinstaller.exe --onefile `
-        --add-data "dependencytrack-client;dependencytrack-client" `
-        --add-data "defectdojo-client;defectdojo-client" `
-        --hidden-import pydantic `
-        --hidden-import dateutil.parser `
-        --hidden-import urllib3 `
-        --hidden-import regex `
-        --collect-data cyclonedx `
-        --collect-data license_experssion `
-        sbom-dt-dd.py
-      mv dist\sbom-dt-dd.exe ..
+dockerize-cli:
+  extends: .dockerize
+  variables:
+    DOCKERFILE: dockerize-cli
+
+dockerize-server:
+  extends: .dockerize
+  variables:
+    DOCKERFILE: dockerize-server
 
 

Dockerfile-cli

@@ -34,7 +34,7 @@ COPY src/requirements.txt .
 COPY src/sbom_dt_dd.py .
 COPY src/sbom_dt_dd_cli.py .
 COPY src/converter.py .
-COPY src/entrypoint.sh .
+COPY src/entrypoint-cli.sh .
 COPY dependencytrack-client/ ./dependencytrack-client
 COPY defectdojo-client/ ./defectdojo-client
 
@@ -45,7 +45,7 @@ RUN \
   pip install -r dependencytrack-client/requirements.txt &&\
   pip install -r defectdojo-client/requirements.txt
 
-ENTRYPOINT [ "./entrypoint.sh" ] 
+ENTRYPOINT [ "./entrypoint-cli.sh" ] 
 
 
 

Dockerfile-server

@@ -0,0 +1,52 @@
+FROM python:3.12.10-alpine3.22
+
+ENV DTRACK_API_URL=""
+ENV DTRACK_TOKEN=""
+ENV DEFECTDOJO_URL=""
+ENV DEFECTDOJO_TOKEN=""
+
+ARG APP_DIR=/opt/app
+ARG ADDITIONAL_CA_URL="x"
+ARG ADDITIONAL_CA_CHECKSUM="y"
+
+RUN \
+  set -e &&\
+  adduser -s /bin/sh -D user &&\
+  mkdir -p $APP_DIR &&\
+  chown user:user $APP_DIR &&\
+  echo $ADDITIONAL_CA_URL &&\
+  echo $ADDITIONAL_CA_CHECKSUM &&\
+  if [ "$ADDITIONAL_CA_URL" != "x" ]; then \
+    cd /usr/local/share/ca-certificates; \
+    wget --no-check-certificate -O custom-ca.crt $ADDITIONAL_CA_URL; \
+    echo "$ADDITIONAL_CA_CHECKSUM  custom-ca.crt" | md5sum -c; \
+    /usr/sbin/update-ca-certificates; \
+    echo "custom ca added"; \
+  else \
+    echo "no additional ca"; \
+  fi 
+
+USER user
+WORKDIR $APP_DIR
+
+COPY src/requirements.txt .
+COPY src/sbom_dt_dd.py .
+COPY src/sbom_dt_dd_api.py .
+COPY src/converter.py .
+COPY src/entrypoint-server.sh .
+COPY dependencytrack-client/ ./dependencytrack-client
+COPY defectdojo-client/ ./defectdojo-client
+
+RUN \
+  python -m venv .venv &&\
+  . ./.venv/bin/activate &&\
+  pip install -r requirements.txt &&\
+  pip install -r dependencytrack-client/requirements.txt &&\
+  pip install -r defectdojo-client/requirements.txt
+
+EXPOSE 8000
+
+ENTRYPOINT [ "./entrypoint-server.sh" ] 
+
+
+

src/entrypoint-server.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+source /opt/app/.venv/bin/activate
+
+PYTHONPATH="$PYTHONPATH:/opt/app/dependencytrack-client"
+PYTHONPATH="$PYTHONPATH:/opt/app/defectdojo-client"
+export PYTHONPATH
+
+gunicorn sbom_dt_dd_api:app -k uvicorn.workers.UvicornWorker -w 4 -b 0.0.0.0:8000

src/sbom_dt_dd_api.py

@@ -1,4 +1,6 @@
 import os
+import json
+import yaml
 from loguru import logger
 from fastapi import FastAPI, UploadFile, File, Form, HTTPException
 from fastapi.responses import JSONResponse
@@ -56,17 +58,58 @@ async def uploadMinimalSBOM(
     """
     Endpoint to upload a minimal SBOM definition
     """
+    try:
         sbom = await file.read()
 
-    try:
         logger.info("Start converting from minimal format into cyclonedx")
         (sbom, projectName, projectVersion, projectClassifier, projectDescription) = minimalSbomFormatConverter(sbom)
         logger.info("Converted")
     
         loadToDTrackAndDefectDojo(app.state.config, projectName, projectVersion, projectClassifier, projectDescription, 1, sbom, reimport)
         logger.info("Done.")
+    except yaml.scanner.ScannerError as e:
+        logger.warning(f"uploadMinimalSBOM, yaml ScannerError: {e.context=}, {e.context_mark=}, {e.problem=}, {e.problem_mark=}, {e.note=}")
+        raise HTTPException(status_code=400, detail=f"yaml ScannerError: {e.context=}, {e.context_mark=}, {e.problem=}, {e.problem_mark=}, {e.note=}")
     except ApiException as e:
+        logger.warning(f"uploadMinimalSBOM, ApiException: {e.status=}, {e.reason=}, {e.body=}")
         raise HTTPException(status_code=e.status, detail=f"{e.reason=}, {e.body=}, {e.data=}")
+    except Exception as e:
+        logger.warning(f"uploadMinimalSBOM, Exception: {type(e)=}, {str(e)=}, {e.msg=}")
+        raise HTTPException(status_code=500, detail=f"Exception: {type(e)=}, {str(e)=}, {e.msg=}")
+
+    return JSONResponse(content={
+        "message": "Upload successful!"
+    })
+
+@app.post("/uploadSBOM/")
+async def uploadSBOM(
+    file: UploadFile = File(...),
+    projectName: str = Form(...),
+    projectVersion: str = Form(...),
+    projectClassifier: str = Form(...),
+    projectDescription: str = Form(...),
+    reimport: bool = Form(...)
+):
+    """
+    Endpoint to upload a CycloneDX SBOM
+    """
+    sbom = await file.read()
+
+    try:
+        sbomJson = json.loads(sbom)
+        sbom = json.dumps(sbomJson)
+
+        loadToDTrackAndDefectDojo(app.state.config, projectName, projectVersion, projectClassifier, projectDescription, 1, str(sbom), reimport)
+        logger.info("Done.")
+    except json.decoder.JSONDecodeError as e:
+        logger.warning(f"uploadSBOM, JSONDecodeError: {e.msg=}")
+        raise HTTPException(status_code=400, detail=f"JSON decoding error: {e.msg=}, {e.doc=}, {e.pos=}, {e.lineno=}, {e.colno=}")
+    except ApiException as e:
+        logger.warning(f"uploadSBOM, ApiException: {e.status=}, {e.reason=}, {e.body=}")
+        raise HTTPException(status_code=e.status, detail=f"{e.reason=}, {e.body=}, {e.data=}")
+    except Exception as e:
+        logger.warning(f"uploadSBOM, Exception: {type(e)=}, {str(e)=}, {e.msg=}")
+        raise HTTPException(status_code=500, detail=f"Exception: {type(e)=}, {str(e)=}, {e.msg=}")
 
     return JSONResponse(content={
         "message": "Upload successful!"

src/server.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-
-./.venv/bin/gunicorn sbom_dt_dd_api:app -k uvicorn.workers.UvicornWorker -w 4 -b 0.0.0.0:8000