dependency-track漏洞管理平台

发表于 2023-08-28 阅读次数：本文字数： 5k 阅读时长 ≈ 5 分钟

部署:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: dependency-track
  namespace: devops
spec:
  replicas: 1
  selector:
    matchLabels:
      app: dependency-track
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: dependency-track
    spec:
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: dependency-track
      containers:
        - name: dependency-track
          image: dependencytrack/apiserver:4.8.2
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          resources:
            limits:
              cpu: "4"
              memory: 5Gi
            requests:
              cpu: 100m
              memory: 5Gi
          volumeMounts:
            - name: data
              mountPath: /data
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: IfNotPresent
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      dnsPolicy: ClusterFirst
      securityContext: {}
      schedulerName: default-scheduler
  strategy:
    type: Recreate
  revisionHistoryLimit: 10
  progressDeadlineSeconds: 600

apiVersion: apps/v1
kind: Deployment
metadata:
  name: dependency-track-frontend
  namespace: devops
spec:
  replicas: 1
  selector:
    matchLabels:
      app: dependency-track-frontend
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: dependency-track-frontend
    spec:
      containers:
        - name: dependency-track-frontend
          image: dependencytrack/frontend:4.8.1
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          env:
            - name: API_BASE_URL
              value: https://dependency-track-api.xxxx.com #浏览器可访问的地址
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: IfNotPresent
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      dnsPolicy: ClusterFirst
      securityContext: {}
      schedulerName: default-scheduler
  strategy:
    type: Recreate
  revisionHistoryLimit: 10
  progressDeadlineSeconds: 600

jenkinsFile

后端java

pipeline {
    agent {
        node {
            label 'maven'
        }
    }
    stages {
        stage('deploy') {
            steps {
                container('maven') {
                    script {
                        APP_LIST = DEP_PROJECT.trim().split('\n')
                        APP_LIST.each { APP_INFO ->
                        if (APP_INFO){
                            (APP_NAME,IMAGE_ID) = APP_INFO.split(':')
                            stage(APP_NAME) {
                                dir("${APP_NAME}"){
                                    git branch: 'release', credentialsId: 'gitlab-c0030', url: "https://gitlab.xxxx.com/ss/${APP_NAME}.git"
                                }
                                sh """
                                echo $APP_NAME $IMAGE_ID
                                cd $APP_NAME
                                echo Z3JlcCAnPGJ1aWxkPicgcG9tLnhtbAppZiBbICIkPyIgPT0gMSBdOyB0aGVuCiAgICBlY2hvICLml6BwbHVnaW5zIgogICAgc2VkIC1pICcvPFwvZGVwZW5kZW5jeU1hbmFnZW1lbnQ+L2FcICAgIDxidWlsZD5cbiAgICAgICAgPHBsdWdpbnM+XG4gICAgICAgICAgICA8cGx1Z2luPlxuICAgICAgICAgICAgPGdyb3VwSWQ+b3JnLmN5Y2xvbmVkeDwvZ3JvdXBJZD5cbiAgICAgICAgICAgIDxhcnRpZmFjdElkPmN5Y2xvbmVkeC1tYXZlbi1wbHVnaW48L2FydGlmYWN0SWQ+XG4gICAgICAgICAgICA8dmVyc2lvbj4yLjcuOTwvdmVyc2lvbj5cbiAgICAgICAgICAgICAgICA8ZXhlY3V0aW9ucz5cbiAgICAgICAgICAgICAgICAgICAgPGV4ZWN1dGlvbj5cbiAgICAgICAgICAgICAgICAgICAgICAgIDxwaGFzZT5jb21waWxlPC9waGFzZT5cbiAgICAgICAgICAgICAgICAgICAgICAgIDxnb2Fscz5cbiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8Z29hbD5tYWtlQWdncmVnYXRlQm9tPC9nb2FsPlxuICAgICAgICAgICAgICAgICAgICAgICAgPC9nb2Fscz5cbiAgICAgICAgICAgICAgICAgICAgPC9leGVjdXRpb24+XG4gICAgICAgICAgICAgICAgPC9leGVjdXRpb25zPlxuICAgICAgICAgICAgICAgIDxjb25maWd1cmF0aW9uPlxuICAgICAgICAgICAgICAgICAgICA8b3V0cHV0Rm9ybWF0PnhtbDwvb3V0cHV0Rm9ybWF0PlxuICAgICAgICAgICAgICAgIDwvY29uZmlndXJhdGlvbj5cbiAgICAgICAgICAgIDwvcGx1Z2luPlxuICAgICAgICA8L3BsdWdpbnM+XG4gICAgPC9idWlsZD5cbicgcG9tLnhtbApmaQoKc2VkIC1pICcvPHBsdWdpbnM+L2FcICAgICAgICAgICAgPHBsdWdpbj5cbiAgICAgICAgICAgIDxncm91cElkPm9yZy5jeWNsb25lZHg8L2dyb3VwSWQ+XG4gICAgICAgICAgICA8YXJ0aWZhY3RJZD5jeWNsb25lZHgtbWF2ZW4tcGx1Z2luPC9hcnRpZmFjdElkPlxuICAgICAgICAgICAgPHZlcnNpb24+Mi43Ljk8L3ZlcnNpb24+XG4gICAgICAgICAgICAgICAgPGV4ZWN1dGlvbnM+XG4gICAgICAgICAgICAgICAgICAgIDxleGVjdXRpb24+XG4gICAgICAgICAgICAgICAgICAgICAgICA8cGhhc2U+Y29tcGlsZTwvcGhhc2U+XG4gICAgICAgICAgICAgICAgICAgICAgICA8Z29hbHM+XG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgPGdvYWw+bWFrZUFnZ3JlZ2F0ZUJvbTwvZ29hbD5cbiAgICAgICAgICAgICAgICAgICAgICAgIDwvZ29hbHM+XG4gICAgICAgICAgICAgICAgICAgIDwvZXhlY3V0aW9uPlxuICAgICAgICAgICAgICAgIDwvZXhlY3V0aW9ucz5cbiAgICAgICAgICAgICAgICA8Y29uZmlndXJhdGlvbj5cbiAgICAgICAgICAgICAgICAgICAgPG91dHB1dEZvcm1hdD54bWw8L291dHB1dEZvcm1hdD5cbiAgICAgICAgICAgICAgICA8L2NvbmZpZ3VyYXRpb24+XG4gICAgICAgICAgICA8L3BsdWdpbj5cbicgcG9tLnhtbA== | base64 -d > sed.sh
                                chmod +x sed.sh
                                ./sed.sh
                                mvn clean install
                                """
                                dependencyTrackPublisher artifact: "${WORKSPACE}/${APP_NAME}/target/bom.xml", autoCreateProjects: true, dependencyTrackApiKey: 'dependency-track-jenkins-apikey', projectId: "${IMAGE_ID}", synchronous: true
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}

前端npm

# 安装cyclonedx-npm
npm install --global @cyclonedx/cyclonedx-npm
# JSON格式
cyclonedx-npm --short-PURLs --ignore-npm-errors --output-format JSON --output-file bom.json -- package.json
# XML格式
cyclonedx-npm --short-PURLs --ignore-npm-errors --output-format XML --output-file bom.xml -- package.json