TijZwa
commented
7 months ago @totaam fyi; I'm using OWASP Dependecy Track (https://dependencytrack.org/) I'm using the following action to feed it the SBOM:
name: Create sbom on release
on:
push:
branches:
- 'main'
jobs:
Sbom:
runs-on: <Agent>
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Create CycloneDX sbom
run: dotnet-CycloneDX <project> -o sbom
- name: Upload sbom
env:
PROJECTGUID: ${{ vars.PROJECTGUID }}
APIKEY: ${{ secrets.API_KEY }}
run: |
$xml = Get-Content ".\sbom\bom.xml" -Raw
$ProjectGuid = $Env:PROJECTGUID
$ApiKey = $Env:APIKEY
$Uri = "<DepTrack server>"
$Body = ([PSCustomObject] @{
project = $ProjectGuid
bom = ([Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($xml)))
} | ConvertTo-Json)
$Header = @{ 'X-API-Key' = $ApiKey }
Invoke-RestMethod -Method Put -Uri "$Uri/api/v1/bom" -Headers $Header -ContentType "application/json" -Body $Body
shell: powershell
Just like https://github.com/Xpra-org/xpra/issues/4050