-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add dependency track integration #594
Conversation
https://aquasecurity.slack.com/archives/C02NT2Y4FJL/p1691406606182759
Will this pull request be reviewed and merged? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @takumakume
Sorry for waiting!
I left some comments.
@DmitriyLewen |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your work!
LGTM.
@simar7 can you take a look and merge PR?
Hi, is there anything I can do to merge this pull request? Thank you for your time. @simar7 |
ref #575
SBOM Report has been supported since Trivy Operator 0.15.0 .
I want to execute a webhook to Dependency Track via Postee. (ref: aquasecurity/trivy-operator#143 (comment) )
In this Pull Request, I implemented the following:
Dependency Track uploads the BOM with ProjectName and ProjectVersion as keys.
Dependency Track Integration has the following specification:
ProjectName:ProjectVersion
is the templatetitle
. (e.g.busybox:latest
)description
.In this Pull Request, only JSON used by trivy-operator is supported as BOM format.
The operation was checked in the following environment.