-
-
Notifications
You must be signed in to change notification settings - Fork 157
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support for excluding directories. Tweaks to cache jar namespaces (#701)
* Support for excluding directories. Tweaks to cache jar namespaces Signed-off-by: Prabhu Subramanian <[email protected]> Bump version Signed-off-by: Prabhu Subramanian <[email protected]> New reachables test Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
- Loading branch information
Showing
10 changed files
with
461 additions
and
196 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
name: Reachables tests | ||
|
||
on: | ||
pull_request: | ||
workflow_dispatch: | ||
jobs: | ||
build: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
node-version: ['21.x'] | ||
os: ['ubuntu-latest'] | ||
runs-on: ${{ matrix.os }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Set up JDK | ||
uses: actions/setup-java@v3 | ||
with: | ||
distribution: 'temurin' | ||
java-version: '19' | ||
- name: Use Node.js ${{ matrix.node-version }} | ||
uses: actions/setup-node@v3 | ||
with: | ||
node-version: ${{ matrix.node-version }} | ||
- name: npm install, build | ||
run: | | ||
npm install | ||
npm run build --if-present | ||
mkdir -p repotests | ||
mkdir -p bomresults | ||
- uses: actions/checkout@v4 | ||
with: | ||
repository: 'DependencyTrack/dependency-track' | ||
path: 'repotests/dependency-track' | ||
- name: compile | ||
run: | | ||
cd repotests/dependency-track | ||
mvn clean compile -DskipTests -Dmaven.test.skip=true | ||
- name: repotests | ||
run: | | ||
bin/cdxgen.js -p -t java --profile research -o repotests/dependency-track/bom.json repotests/dependency-track | ||
cp -rf repotests/dependency-track/*.json *.slices.json bomresults/ | ||
- uses: actions/upload-artifact@v3 | ||
with: | ||
name: bomresults | ||
path: bomresults |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# Create an SBOM with reachable evidence | ||
|
||
## Learning Objective | ||
|
||
In this lesson, we will learn about generating an SBOM with reachable evidence for Dependency-Track, a Java application. | ||
|
||
## Pre-requisites | ||
|
||
Ensure the following tools are installed. | ||
|
||
``` | ||
Java >= 17 | ||
Maven | ||
Node.js > 18 | ||
``` | ||
|
||
## Getting started | ||
|
||
Install cdxgen | ||
|
||
```shell | ||
sudo npm install -g @cyclonedx/cdxgen | ||
``` | ||
|
||
Clone and compile dependency track | ||
|
||
```shell | ||
git clone https://github.com/DependencyTrack/dependency-track | ||
cd dependency-track | ||
mvn clean compile -P clean-exclude-wars -P enhance -P embedded-jetty -DskipTests | ||
``` | ||
|
||
Create SBOM with the research profile | ||
|
||
```shell | ||
cd dependency-track | ||
# Takes around 5 mins | ||
cdxgen -o bom.json -t java --profile research . -p | ||
``` | ||
|
||
The resulting BOM file would include components with the occurrence and call stack evidence. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# Create an SBOM with reachable evidence | ||
|
||
## Learning Objective | ||
|
||
In this lesson, we will learn about generating an SBOM with reachable evidence for Dependency-Track frontend, a JavaScript application. | ||
|
||
## Pre-requisites | ||
|
||
Ensure the following tools are installed. | ||
|
||
``` | ||
Java >= 17 | ||
Node.js > 18 | ||
``` | ||
|
||
## Getting started | ||
|
||
Install cdxgen | ||
|
||
```shell | ||
sudo npm install -g @cyclonedx/cdxgen | ||
``` | ||
|
||
Clone | ||
|
||
```shell | ||
git clone https://github.com/DependencyTrack/frontend | ||
``` | ||
|
||
Create SBOM with the research profile | ||
|
||
```shell | ||
cd frontend | ||
# Takes around 5 mins | ||
cdxgen -o bom.json -t js --profile research . -p | ||
``` | ||
|
||
The resulting BOM file would include components with the occurrence and call stack evidence. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.