search

ozontech / dtrack-audit

OWASP Dependency Track API client for intergration into CI/CD pipeline
GNU General Public License v3.0
51 stars 16 forks source link

Add auto-registration of projects #4

Closed oxdef closed 4 years ago

oxdef commented 4 years ago

Common case for microservices world is when you have tons of it and want to integrate SCA security control for all of them. You can add manually each or make single and mandatory CI/CD step/job for all services. To make it works we need to implement auto-registration of projects with algorithm like:

  1. Search in DTrack for project with name PROJECT_NAME
  2. If it is already exists then use it ID
  3. If new one then register with PROJECT_NAME and optionally additional information (e.g. Slack channel for alerts)
  4. Run Dtrack in the job in async mode by default and give developers opportunity to switch on sync mode with breaking pipeline exit code.
oxdef commented 4 years ago

@stevespringett JFYI

oxdef commented 4 years ago

Add following options and environment variables:

Usage of program:
  -a    Auto create project with projectName if it does not exist. Environment variable is DTRACK_AUTO_CREATE_PROJECT
  -n string
        Project name. It is used for auto creation of project. See option autoCreateProject for details. Environment variable is DTRACK_PROJECT_NAME
  -p string
        Project ID. Environment variable is DTRACK_PROJECT_ID
  -v string
        Project version. It is used for auto creation of project. See option autoCreateProject for details. Environment variable is DTRACK_PROJECT_VERSION