-
-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: basic implementation for Dependency Track #25
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @derkoe for this PR! I left some comments for discussion.
What about this comment #5 (comment) from @pmckeown? I think the folks who are knowing DT can better discuss on this 😆
With this change the SBOM is now just uploaded to Dependency Track with the "auto-creat" option set to true. So, each project/version combinations gets an entry in Dependency Track. The Docker repository (registry + image) is used as the project name, the Docker tag is used for the version.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only two comments from my side, I like the simplified implementation! 🎉
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TGTM 👍
Thanks to everyone who has contributed here 🎉 |
This adds a basic implementation for sending data to Dependency Track.
When launching the operator make sure to also set
--format=cyclonedx
This is how the Dependency Track project is found:
See #5