Comments (5)
sephiroth-j
commented on August 22, 2024
Hello @aejazuddinam , thanks for your suggestions.
- The creation of tags is already tracked at #12 .
- The classifier is imported by DTrack from the BOM - for Java and Maven you can set it as follows
mvn -DprojectType=application org.cyclonedx:cyclonedx-maven-plugin:2.5.2:makeBom. - Setting the SWID could be done in the same call that is required for setting tags. Do you have an example of such a tag for me and how it looks like in the UI?
from dependency-track-plugin.
aejazuddinam
commented on August 22, 2024
Thanks Ronny,
SWID Tag ID can be seen at the bottom , in the Identity tab just next to General Tab of Project Details.
Also do we have any examples for sending all notification emails and sending/capturing a project vulnerability report from DT Plugin ? I want to configure it in my declarative pipeline for automation like after bom is imported to a project, rather than going to UI and check vulnerability, a vulnerability report should be delivered to email address
from dependency-track-plugin.
sephiroth-j
commented on August 22, 2024
SWID Tag ID can be seen at the bottom , in the Identity tab just next to General Tab of Project Details
Yes, I know where to find it in the UI. I just thought you meant a full SWID tag (a rather long xml).
Also do we have any examples for sending all notification emails and sending/capturing a project vulnerability report from DT Plugin ?
I do not understand what you mean. The plugin does not send emails and it is very unlikely do so in the future. Email and other notifications can be configured in Dependency-Track.
from dependency-track-plugin.
aejazuddinam
commented on August 22, 2024
Thanks Ronny,
Yes i was specifially looking for sending email functionality for all the project vulnerabilities which i dont see is present in the plugin yet. Only Email functionality is alert notification for Bom processing, bom upload etc.
As part of end to end pipeline automation i was looking for, after a bom is uploaded to a project it will generate components and its vulnerabilities with a list in UI so a report kind of list of all vulnerabilities of a project to my email that this project has 100 vulnerabilities listed etc, it can be in any format (CSV,HTML etc) . Basically to avoid login to UI and check project dashboard
from dependency-track-plugin.
sephiroth-j
commented on August 22, 2024
* The classifier is imported by DTrack from the BOM - for Java and Maven you can set it as follows `mvn -DprojectType=application org.cyclonedx:cyclonedx-maven-plugin:2.5.2:makeBom`.
I noticed that DT has a bug that ignores this value for projects being auto-created during BOM upload. I made a PR to fix this - DependencyTrack/dependency-track/pull/1341
from dependency-track-plugin.
Related Issues (20)
- Dtrack-API with contextpath not accessible
- Implement Support for SBOM Quality Score Tool (sbomqs) HOT 2
- Using the dependency-track-plugin behind an (authenticating) proxy HOT 1
- Allow overrideGlobals to override Global timeout and interval settings.
- Explanation of upload error "Error was: Input length = 1 HOT 1
- I don't want to show Dependency-Track Project on Jenkins HOT 1
- HTTP 403 Forbidden, but curl works fine HOT 1
- Upload with Parent uuid does not work with 4.10.0 HOT 2
- Request Tier 2 Plugin for Dependency Track CloudBees HOT 1
- how to build the project HOT 1
- Update to Vue.js 3
- Fails if Dependencey Track API server returns Not Modified HOT 3
- sbom upload fails with "Input length = 1" after Jenkins upgrade HOT 1
- Set stage as unstable
- Is it possible to fail Jenkins on specific critical finding instead of Critical integer value. HOT 1
- Plugin throws exception when timeouts are 0 HOT 1
- Builds fail on return-code 304 - No Modification HOT 1
- upstream request timeout when uploading large sbom HOT 1
- Allow parentname and parentversion to be used during upload HOT 1
- Include artifact name in Publishing Logline
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-track-plugin.