Skip to content

Commit

Permalink
fix #327, #328
Browse files Browse the repository at this point in the history 
this commit fixes #327 by changing dependency track consumer's debug flag name
it also fixes #328 by chaning the method used to upload boms to DT from
UploadBom to PostBom
  • Loading branch information
@northdpole
northdpole committed Aug 30, 2024
1 parent 7b0fdc9 commit b1008c7
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 24 deletions.
46 changes: 23 additions & 23 deletions components/consumers/dependency-track/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package main
import (
"context"
"crypto/tls"
"encoding/base64"
"flag"
"fmt"
"log"
Expand All @@ -12,6 +11,7 @@ import (
"strings"

dtrack "github.com/DependencyTrack/client-go"
"github.com/go-errors/errors"
"github.com/google/uuid"

v1 "github.com/ocurity/dracon/api/proto/v1"
Expand All @@ -28,7 +28,7 @@ var (
client *dtrack.Client
ownerAnnotation string
// used for debugging, turns off certificate and enables debug
debug bool
debugDT bool
)

func main() {
Expand All @@ -37,7 +37,7 @@ func main() {
flag.StringVar(&projectName, "projectName", "", "dependency track project name")
flag.StringVar(&projectUUID, "projectUUID", "", "dependency track project name")
flag.StringVar(&projectVersion, "projectVersion", "", "dependency track project version")
flag.BoolVar(&debug, "debug", false, "setup client with no tls and enable debug")
flag.BoolVar(&debugDT, "debugDependencyTrackConnection", false, "setup client with no tls and enable debug")
flag.StringVar(
&ownerAnnotation,
"ownerAnnotation",
Expand Down Expand Up @@ -66,27 +66,27 @@ func main() {
log.Fatal("project version is mandatory for dependency track")
}

client, err := dtrack.NewClient(
c, err := dtrack.NewClient(
authURL,
dtrack.WithHttpClient(
&http.Client{Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: debug,
InsecureSkipVerify: debugDT,
},
},
}),
dtrack.WithDebug(debug),
dtrack.WithDebug(debugDT),
dtrack.WithAPIKey(apiKey),
)
if err != nil {
log.Panicf("could not instantiate client err: %#v\n", err)
log.Fatalf("could not instantiate client err: %#v\n", err)
}

client = c
abt, err := client.Metrics.LatestPortfolioMetrics(context.Background())
if err != nil {
log.Fatalf("cannot connect to Dependency Track at %s, err:'%v'", authURL, err)
}
slog.Info("connection to DT successful listed projects in instance", "projects", abt.Projects)
slog.Info("Connection to DT successful, projects in instance:", "instance", abt.Projects)
if consumers.Raw {
responses, err := consumers.LoadToolResponse()
if err != nil {
Expand Down Expand Up @@ -115,8 +115,7 @@ func uploadBOMSFromEnriched(responses []*v1.EnrichedLaunchToolResponse) ([]strin
if issue.GetRawIssue().GetCycloneDXSBOM() != "" && bomIssue == nil {
bomIssue = issue
} else if bomIssue != nil && bomIssue.GetRawIssue().GetCycloneDXSBOM() != "" {
log.Printf("Tool response for tool %s is malformed, we expected a single issue with an SBOM as part of the tool, got something else instead",
res.GetOriginalResults().GetToolName())
slog.Error("tool:", res.GetOriginalResults().GetToolName(), "response is malformed, we expected a single issue with an SBOM as part of the tool, got something else instead")
continue
}
}
Expand All @@ -126,20 +125,19 @@ func uploadBOMSFromEnriched(responses []*v1.EnrichedLaunchToolResponse) ([]strin
}
token, err := uploadBOM(bomIssue.GetRawIssue().GetCycloneDXSBOM(), cdxbom.Metadata.Component.Version)
if err != nil {
log.Fatal("could not upload bom to dependency track, err:", err)
return tokens, errors.Errorf("could not upload bom to dependency track, err:%w", err)
}
log.Println("upload token is", token)
slog.Debug("upload", "token", token)
tokens = append(tokens, token)
if ownerAnnotation != "" {
log.Println("tagging owners")
owners := []string{}
for key, value := range bomIssue.Annotations {
if strings.Contains(key, ownerAnnotation) {
owners = append(owners, value)
}
}
if err := addOwnersTags(owners); err != nil {
log.Println("could not tag owners, err:", err)
slog.Error("could not tag owners", "err", err)
}
}
}
Expand All @@ -154,8 +152,7 @@ func uploadBOMsFromRaw(responses []*v1.LaunchToolResponse) ([]string, error) {
if *issue.CycloneDXSBOM != "" && bomIssue == nil {
bomIssue = issue
} else if bomIssue != nil && *bomIssue.CycloneDXSBOM != "" {
log.Printf("Tool response for tool %s is malformed, we expected a single issue with an SBOM as part of the tool, got multiple issues with sboms instead",
res.GetToolName())
slog.Error("tool:", res.GetToolName(), "response is malformed, we expected a single issue with an SBOM as part of the tool, got something else instead")
continue
}
}
Expand All @@ -165,9 +162,9 @@ func uploadBOMsFromRaw(responses []*v1.LaunchToolResponse) ([]string, error) {
}
token, err := uploadBOM(*bomIssue.CycloneDXSBOM, cdxbom.Metadata.Component.Version)
if err != nil {
log.Fatal("could not upload bod to dependency track, err:", err)
return tokens, errors.Errorf("could not upload bod to dependency track, err:%w", err)
}
log.Println("upload token is", token)
slog.Info("upload", "token", token)
tokens = append(tokens, token)
}
return tokens, nil
Expand All @@ -179,7 +176,7 @@ func addOwnersTags(owners []string) error {
uuid := uuid.MustParse(projectUUID)
project, err := client.Project.Get(context.Background(), uuid)
if err != nil {
log.Println("could not add project tags error getting project by uuid, err:", err)
slog.Error("could not add project tags error getting project by uuid", "err", err)
return err
}
for _, owner := range owners {
Expand All @@ -203,13 +200,16 @@ func uploadBOM(bom string, projectVersion string) (string, error) {
if projectVersion == "" {
projectVersion = "Unknown"
}
uuid := uuid.MustParse(projectUUID)
token, err := client.BOM.Upload(context.TODO(), dtrack.BOMUploadRequest{
uuid, err := uuid.Parse(projectUUID)
if err != nil {
return "", err
}
token, err := client.BOM.PostBom(context.TODO(), dtrack.BOMUploadRequest{
ProjectName: projectName,
ProjectVersion: projectVersion,
ProjectUUID: &uuid,
AutoCreate: true,
BOM: base64.StdEncoding.EncodeToString([]byte(bom)),
BOM: bom,
})
return string(token), err
}
2 changes: 1 addition & 1 deletion components/consumers/dependency-track/task.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,5 +41,5 @@ spec:
"-projectVersion", "$(params.consumer-dependency-track-project-version)",
"-projectUUID", "$(params.consumer-dependency-track-project-uuid)",
"-ownerAnnotation","$(params.consumer-dependency-track-owner-annotation)",
"-debug", "$(params.consumer-dependency-track-debug)"
"-debugDependencyTrackConnection", "$(params.consumer-dependency-track-debug)"
]

0 comments on commit b1008c7

Please sign in to comment.