@fjbarrena/dtrack-cli

1.0.12 • Public • Published

dtrack-cli

A tiny CLI to upload BOM files to OWASP Dependency Track Tool

Installation

Fast and furious, just install it using npm

npm install @fjbarrena/dtrack-cli -g

Usage

Fast and furious. Just execute the following command:

dtrack-cli --server https://yourDependencyTrackServer.com/ --bom-path bom.xml
           --api-key PUT_YOUR_KEY_HERE --project-name "LOL Great Name"
           --project-version latest --auto-create true

To see the help, just run

dtrack-cli

Requirements

  • Tested in Dependency Track v3.8.0
  • An API Key with enough permissions
    • You can get it in Administration -> Teams
    • Automation Team recommended, with the following permissions:
      • BOM_UPLOAD
      • PROJECT_CREATION_UPLOAD

Gitlab CI/CD example

package.json based projects (NodeJS, Angular, React...)

stages:
  - dtrack

dependency-check:
  stage: dtrack
  image: node:12.17
  before_script:
    - npm install -g @cyclonedx/bom
    - npm install -g @fjbarrena/dtrack-cli
  script:
    # Assuming your code is in root, if not just make a cd
    - npm install
    - cyclonedx-bom -o bom.xml
    - dtrack-cli --server ${DTRACK_HOST_URL} --bom-path bom.xml --api-key ${DTRACK_API_KEY} --project-name ${NAME} --project-version ${VERSION} --auto-create true
  allow_failure: true
  only:
    - master

PyPi based projects

stages:
  - dtrack
  
dependency-check:
  stage: dtrack
  image: python:3.6
  before_script:
    - apt update -y
    - apt install curl gnupg -y
    - curl -sL https://deb.nodesource.com/setup_12.x  | bash -
    - apt install nodejs -y
    - npm install -g @fjbarrena/dtrack-cli
    - node -v
    - pip install cyclonedx-bom
  script:
    # Assuming your code is in root, if not just make a cd
    - cyclonedx-py -i requirements.txt -o bom.xml
    - dtrack-cli --server ${DTRACK_HOST_URL} --bom-path bom.xml --api-key ${DTRACK_API_KEY} --project-name ${NAME} --project-version ${VERSION} --auto-create true
  allow_failure: true
  only:
    - master

Maven based projects

dependency-check-java:
  stage: sonar
  image: maven:3.6-openjdk-11
  before_script:
    - apt update -y
    - apt install curl gnupg -y
    - curl -sL https://deb.nodesource.com/setup_12.x  | bash -
    - apt install nodejs -y
    - npm install -g @fjbarrena/dtrack-cli
  script:
    # Assuming your code is in root, if not just make a cd
    - mvn clean install
    - mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom
    - dtrack-cli --server ${DTRACK_HOST_URL} --bom-path target/bom.xml --api-key ${DTRACK_API_KEY} --project-name ${NAME} --project-version ${VERSION} --auto-create true
  allow_failure: true
  only:
    - master

Package Sidebar

Install

npm i @fjbarrena/dtrack-cli

Weekly Downloads

30

Version

1.0.12

License

MIT

Unpacked Size

375 kB

Total Files

5

Last publish

Collaborators

  • fjbarrena