diff --git a/Jenkinsfile b/Jenkinsfile
index da88c8a7b1690aa158f12b96228ee6d047047dc5..013e542e8a9edaf17d10fda97f3e1f9940ca360d 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -28,7 +28,6 @@ pipeline {
}
}
-tools { go 'go-1.22.0' }
environment {
RELEASE_REGEX = /v\d+.\d+.\d+/
BETA_REGEX = /v\d+.\d+.\d+-beta.\d/
@@ -82,9 +81,6 @@ tools { go 'go-1.22.0' }
FAILED_STAGE=env.STAGE_NAME
sh '''
- #export GOPATH so that installed dependecies could be found
- export GOPATH=$GOROOT
-
go mod download
go install \
github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-grpc-gateway \
@@ -113,24 +109,6 @@ tools { go 'go-1.22.0' }
}
}
-
- stage ('OWASP Dependency-Check Vulnerabilities') {
- steps {
- dependencyCheck additionalArguments: '''
- -o "./"
- -s "./"
- -f "ALL"
- -d /dependency-check-data
- --suppression dependency-check-supressions.xml
- --disableKnownExploited
- --noupdate
- --disableArchive
- --prettyPrint''', odcInstallation: 'dependency-check-owasp'
-
- dependencyCheckPublisher pattern: 'dependency-check-report.xml'
- }
- }
-
stage('Build and publish Docker image') {
steps {
script {
@@ -204,8 +182,31 @@ tools { go 'go-1.22.0' }
}
}
}
+
+ stage ('Deploy SBOM to DependencyTrack') {
+ when {
+ anyOf {
+ branch 'main'
+ branch 'release'
+ }
+ }
+ steps {
+ script {
+ catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
+ sh '''
+ go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
+ go env -w GOFLAGS=-buildvcs=false
+
+ cyclonedx-gomod version
+ cyclonedx-gomod app -main cmd/antragsraum-proxy/ -output sbom.xml
+ '''
+
+ dependencyTrackPublisher artifact: 'sbom.xml', projectName: 'fachstellen-proxy', projectVersion: env.BRANCH_NAME, synchronous: true
+ }
+ }
+ }
+ }
}
-
}