diff --git a/Jenkinsfile b/Jenkinsfile
index ad94be4a9053cb73a667e57d3501b584182f4db6..371daee1f7559fe59cc10206329951955ad9d036 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -109,22 +109,22 @@ pipeline {
}
}
-// TODO aktuell dauert es viel zu lange und wird am Ende einfach abgebrochen
-// stage ('OWASP Dependency-Check Vulnerabilities') {
-// steps {
-// dependencyCheck additionalArguments: '''
-// -o "./"
-// -s "./"
-// -f "ALL"
-// -d /dependency-check-data
-// --suppression dependency-check-supressions.xml
-// --disableKnownExploited
-// --disableArchive
-// --prettyPrint''', odcInstallation: 'dependency-check-owasp'
-//
-// dependencyCheckPublisher pattern: 'dependency-check-report.xml'
-// }
-// }
+ stage ('Deploy SBOM to DependencyTrack') {
+ steps {
+ script {
+ IMAGE_TAG = "${env.BRANCH_NAME}-${getPomVersion('pom.xml')}"
+
+ configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
+ withCredentials([string(credentialsId: 'dependency-track-api-key', variable: 'API_KEY')]) {
+
+ catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
+ sh "mvn --no-transfer-progress -s $MAVEN_SETTINGS io.github.pmckeown:dependency-track-maven-plugin:upload-bom -Ddependency-track.apiKey=$API_KEY -Ddependency-track.projectVersion=${IMAGE_TAG} -Ddependency-track.dependencyTrackBaseUrl=https://dependency-track.ozg-sh.de"
+ }
+ }
+ }
+ }
+ }
+ }
stage('Deploy to Nexus'){
steps {
diff --git a/pom.xml b/pom.xml
index 01c6e3078d808b961ae2e94ed259b16aa53ee2cc..dda7a2a932195564638a1b501e03edd3c3ac2079 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,6 +31,10 @@
<maven-assembly-plugin.version>3.2.0</maven-assembly-plugin.version>
<maven-clean-plugin.version>3.1.0</maven-clean-plugin.version>
<maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
+
+ <!-- dependency track -->
+ <dependency-track-maven-plugin.version>1.7.0</dependency-track-maven-plugin.version>
+ <cyclonedx-maven-plugin.version>2.7.11</cyclonedx-maven-plugin.version>
</properties>
<dependencyManagement>
@@ -113,6 +117,21 @@
</dependencies>
<build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>io.github.pmckeown</groupId>
+ <artifactId>dependency-track-maven-plugin</artifactId>
+ <version>${dependency-track-maven-plugin.version}</version>
+ <configuration>
+ <dependencyTrackBaseUrl>https://dependency-track.ozg-sh.de</dependencyTrackBaseUrl>
+ <failOnError>true</failOnError>
+ <createProject>true</createProject>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+
<plugins>
<!-- Configure the compilation process. At least Java 11 is required. -->
<plugin>
@@ -208,6 +227,20 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>${maven-surefire-plugin.version}</version>
</plugin>
+
+ <plugin>
+ <groupId>org.cyclonedx</groupId>
+ <artifactId>cyclonedx-maven-plugin</artifactId>
+ <version>${cyclonedx-maven-plugin.version}</version>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>makeAggregateBom</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
<repositories>