Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
F
fachstellen-proxy
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
OZG-Cloud
app
fachstellen-proxy
Compare revisions
a992dd26e841a629abb2b800ff198e18583035c3 to 05bb53a67ff50f1334102b0d58a1d5c08f727e35
Compare revisions
Changes are shown as if the
source
revision was being merged into the
target
revision.
Learn more about comparing revisions.
Source
ozg-cloud/app/fachstellen-proxy
Select target project
No results found
05bb53a67ff50f1334102b0d58a1d5c08f727e35
Select Git revision
Swap
Target
ozg-cloud/app/fachstellen-proxy
Select target project
ozg-cloud/app/fachstellen-proxy
1 result
a992dd26e841a629abb2b800ff198e18583035c3
Select Git revision
Show changes
Only incoming changes from source
Include changes to target since source was created
Compare
Commits on Source (3)
ozg-7494 upload sbom
· ccdeba1a
Bastian
authored
3 months ago
ccdeba1a
ozg-7494 fix cyclonedx call
· af84a822
Bastian Heppener
authored
3 months ago
af84a822
Merge branch 'ozg-7494-sbom-dependency-tracker' into 'main'
· 05bb53a6
Bastian Heppener
authored
3 months ago
ozg-7494 upload sbom See merge request
!1
05bb53a6
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
Jenkinsfile
+24
-23
24 additions, 23 deletions
Jenkinsfile
with
24 additions
and
23 deletions
Jenkinsfile
View file @
05bb53a6
...
...
@@ -28,7 +28,6 @@ pipeline {
}
}
tools
{
go
'go-1.22.0'
}
environment
{
RELEASE_REGEX
=
/v\d+.\d+.\d+/
BETA_REGEX
=
/v\d+.\d+.\d+-beta.\d/
...
...
@@ -82,9 +81,6 @@ tools { go 'go-1.22.0' }
FAILED_STAGE
=
env
.
STAGE_NAME
sh
'''
#export GOPATH so that installed dependecies could be found
export GOPATH=$GOROOT
go mod download
go install \
github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-grpc-gateway \
...
...
@@ -113,24 +109,6 @@ tools { go 'go-1.22.0' }
}
}
stage
(
'OWASP Dependency-Check Vulnerabilities'
)
{
steps
{
dependencyCheck
additionalArguments:
'''
-o "./"
-s "./"
-f "ALL"
-d /dependency-check-data
--suppression dependency-check-supressions.xml
--disableKnownExploited
--noupdate
--disableArchive
--prettyPrint'''
,
odcInstallation:
'dependency-check-owasp'
dependencyCheckPublisher
pattern:
'dependency-check-report.xml'
}
}
stage
(
'Build and publish Docker image'
)
{
steps
{
script
{
...
...
@@ -204,8 +182,31 @@ tools { go 'go-1.22.0' }
}
}
}
stage
(
'Deploy SBOM to DependencyTrack'
)
{
when
{
anyOf
{
branch
'main'
branch
'release'
}
}
steps
{
script
{
catchError
(
buildResult:
'UNSTABLE'
,
stageResult:
'FAILURE'
)
{
sh
'''
go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
go env -w GOFLAGS=-buildvcs=false
cyclonedx-gomod version
cyclonedx-gomod app -main cmd/fachstellen-proxy/ -output sbom.xml
'''
dependencyTrackPublisher
artifact:
'sbom.xml'
,
projectName:
'fachstellen-proxy'
,
projectVersion:
env
.
BRANCH_NAME
,
synchronous:
true
}
}
}
}
}
}
...
...
This diff is collapsed.
Click to expand it.
Bastian authored
Bastian Heppener authored
Bastian Heppener authored