Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Integration with SCM and Dependency Track #140

Open
abhisek opened this issue Nov 1, 2023 · 0 comments
Open

Support Integration with SCM and Dependency Track #140

abhisek opened this issue Nov 1, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@abhisek
Copy link
Member

abhisek commented Nov 1, 2023

Problem

Dependency Track is a continuous SBOM management and analysis platform. For DT to be effective, it is important to continuously import SBOMs into DT. We want vet to make it very easy for an organization to continuously sync there repositories into DT by generating SBOM and using DT's REST API to upload to DT

Solution

We will start by supporting Github and eventually may be Gitlab. For the Github integration, we will provide an experience on top of the existing --github scan option to scan a remote Github repository. The scan will look like

vet scan --github-org https://github.com/safedep

For syncing results to DependencyTrack, we will build a new reporting module that syncs to DependencyTrack instance.

VET_DT_BASE_URL="..." VET_DT_TOKEN="..." \
vet scan --github-org https://github.com/safedep --report-dependency-track
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@abhisek