diff --git a/Jenkinsfile b/Jenkinsfile
index 0a1d48401fd9de9b676cf8901cc8d4edcfd908b2..b4daa9930523ec60f58d2d6c53899de3c1e9413b 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -5,7 +5,6 @@ pipeline {
}
}
-tools { go 'go-1.22.0' }
environment {
RELEASE_REGEX = /v\d+.\d+.\d+/
BETA_REGEX = /v\d+.\d+.\d+-beta.\d/
@@ -59,9 +58,6 @@ tools { go 'go-1.22.0' }
FAILED_STAGE=env.STAGE_NAME
sh '''
- #export GOPATH so that installed dependencies could be found
- export GOPATH=$GOROOT
-
go mod download
go install \
github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-grpc-gateway \
@@ -75,8 +71,7 @@ tools { go 'go-1.22.0' }
chmod +x ./buf
./buf generate
#to compile go statically with these tags, so that the binary is not dynamically linked and from scratch in Dockerfile will work
- go build -tags osusergo,netgo cmd/info-manager-proxy/main.go
-
+ go build -tags osusergo,netgo cmd/info-manager-proxy/main.go
'''
}
}
@@ -162,6 +157,30 @@ tools { go 'go-1.22.0' }
}
}
}
+
+ stage ('Deploy SBOM to DependencyTrack') {
+ when {
+ anyOf {
+ branch 'main'
+ branch 'release'
+ }
+ }
+ steps {
+ script {
+ catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
+ sh '''
+ go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
+ go env -w GOFLAGS=-buildvcs=false
+
+ cyclonedx-gomod version
+ cyclonedx-gomod app -main cmd/info-manager-proxy/ -output sbom.xml
+ '''
+
+ dependencyTrackPublisher artifact: 'sbom.xml', projectName: 'info-manager-proxy', projectVersion: env.BRANCH_NAME, synchronous: true
+ }
+ }
+ }
+ }
}
}