Comments (2)
riteshnoronha
commented on July 21, 2024
Thanks @msymons. I'm the creator of the tool, if you do decide to integrate this, please do reach out to me if u run into issues or concerns.
from dependency-track-plugin.
sephiroth-j
commented on July 21, 2024
This function goes beyond what this plugin is intended for. It is not a generic SBOM plugin and does not call an external executable, for whatever reason.
You can do this yourself in your Jenkins pipeline.
- call
sbomqsand capture the output:def out = sh(script: 'sbomqs score <sbom-file>', returnStdout: true).trim() - extract the score from the captured output and store it in a variable:
def score = Float.parseFloat(out.split(' ')[0]) - let the build fail if the score is to low:
if (score < 9.0) { error 'sbom quality to low' } - use the feature of setting tags to set the sbomqs-tag when uploading the sbom file:
dependencyTrackPublisher artifact: '<sbom-file>', ..., projectProperties: [tags: ["sbomqs=${score}"]]
from dependency-track-plugin.
Related Issues (20)
- Produce a report of the dependency track findings HOT 4
- Get Artifact from outside the workspace HOT 3
- Error was: Input length = 1 HOT 2
- Support threshold for "unnassigned" vulnerabilities HOT 1
- Add the possibility to assign (newly created) projects to a team HOT 2
- Add Support for Identification of Aliases HOT 8
- Dtrack-API with contextpath not accessible
- Using the dependency-track-plugin behind an (authenticating) proxy HOT 1
- Allow overrideGlobals to override Global timeout and interval settings.
- Explanation of upload error "Error was: Input length = 1 HOT 1
- I don't want to show Dependency-Track Project on Jenkins HOT 1
- HTTP 403 Forbidden, but curl works fine HOT 1
- Upload with Parent uuid does not work with 4.10.0 HOT 2
- Request Tier 2 Plugin for Dependency Track CloudBees HOT 1
- how to build the project HOT 1
- Update to Vue.js 3
- Fails if Dependencey Track API server returns Not Modified HOT 3
- sbom upload fails with "Input length = 1" after Jenkins upgrade HOT 1
- Set stage as unstable
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-track-plugin.