[FEATURE] Add new flags to toggle deletion of orphan projects, setting parent project and dtrack project name by k8s pod annotation

[romwol-witt]

This PR would add 3 new features:

• setting custom projectname at dependency track by parsing kubernetes pod annotation
• setting parent project at dependency track by parsing kubernetes pod annotation
• disable deletion of orphan projects

Disable automatic deletion of Dtrack projects

New Argument: delete-orphan-projects

Parameter	Required	Default	Description
delete-orphan-projects	false	true	Delete orphan projects automatically

---

Custom Projectname

New Argument: dtrack-project-name-annotation-key

Parameter	Required	Default	Description
dtrack-project-name-annotation-key	false	""	Kubernetes pod annotation key to set custom dtrack project name automatically, e.g. "my.pod.annotation"

Description

The key at kubernetes has to be suffixed with the container name the project is for. e.g. my.project.name/my-nginx.

Important

The suffix regarding container name must not be added to the config value and must not include /. e.g. my.project.name

The value for a custom project name in dtrack by annotation at the specific Pod is written in the format of project:version or just project where version defaults to latest. E.g. MyParentProject or MyParentProject:1.0

---

Parent Project at Dependency Track

New Argument: dtrack-parent-project-annotation-key

Parameter	Required	Default	Description
dtrack-parent-project-annotation-key	false	""	Kubernetes pod annotation key to set parent project automatically, e.g. "my.pod.annotation"

Description

The key at kubernetes has to be suffixed with the container name the parent project is for. e.g. my.parent.project/my-nginx.
The value for the parent project annotation at the specific Pod is written in the format of project:version or just project where version defaults to latest. E.g. MyParentProject or MyParentProject:1.0

Important

The suffix regarding container name must not be added to the config value and must not include /. e.g. my.parent.project

---

Example Pod Annotation:

apiVersion: v1
kind: Pod
metadata:
  annotations:
    my.parent.project/my-nginx: MyParentProject
    my.project.name/my-nginx: MyNginxProject:1.0
    my.parent.project/my-sidecar: MyOtherParentProject
    my.project.name/my-sidecar: MySidecarProject:1.0.1
spec:
  containers:
    - image: nginx:latest
      name: my-nginx
    ...
    - image: some-other-image:latest
      name: my-sidecar
    ...
...

---

sbom-operator config:

--dtrack-parent-project-annotation-key=my.parent.project
--dtrack-project-name-annotation-key=my.project.name

---

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 28.20%. Comparing base (09054d3) to head (40b0521).
Report is 75 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #563      +/-   ##
==========================================
+ Coverage   25.13%   28.20%   +3.06%     
==========================================
  Files           6        6              
  Lines         565      500      -65     
==========================================
- Hits          142      141       -1     
+ Misses        406      339      -67     
- Partials       17       20       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ckotzbauer]

Thanks for your PR, this looks very promising. Only change-request: Could you please rename the delete-orphan-projects feature everywhere to delete-orphan-images? This would be a more generic naming regarding non-dtrack-usages.
The pipeline failure will be fixed by a rebase against main. Thanks again!

[romwol-witt]

Ok, we'll rename it :)

[monadegelingwitt]

I renamed the config Key "DeleteOrphanProjects" to "DeleteOrphanImages"

[ckotzbauer]

Thanks a lot!