fix #327, change dependency track consumer's debug flag name

smithy-security · Aug 30, 2024 · e4c3c1b · e4c3c1b
1 parent 7b0fdc9
commit e4c3c1b
Show file tree

Hide file tree

Showing 9 changed files with 33 additions and 25 deletions.
diff --git a/api/proto/v1/engine.pb.go b/api/proto/v1/engine.pb.go
diff --git a/api/proto/v1/issue.pb.go b/api/proto/v1/issue.pb.go
diff --git a/buf.gen.yaml b/buf.gen.yaml
@@ -3,6 +3,11 @@ plugins:
   - local: protoc-gen-go
     out: .
     opt: paths=source_relative
+  - remote: buf.build/protocolbuffers/python:v27.3
+    out: gen
+  # dependencies
+  - remote: buf.build/protocolbuffers/pyi:v27.3
+    out: gen
 inputs:
   - proto_file: api/proto/v1/issue.proto
   - proto_file: api/proto/v1/engine.proto
diff --git a/components/consumers/dependency-track/main.go b/components/consumers/dependency-track/main.go
@@ -28,7 +28,7 @@ var (
 	client          *dtrack.Client
 	ownerAnnotation string
 	// used for debugging, turns off certificate and enables debug
-	debug bool
+	debugDT bool
 )
 
 func main() {
@@ -37,7 +37,7 @@ func main() {
 	flag.StringVar(&projectName, "projectName", "", "dependency track project name")
 	flag.StringVar(&projectUUID, "projectUUID", "", "dependency track project name")
 	flag.StringVar(&projectVersion, "projectVersion", "", "dependency track project version")
-	flag.BoolVar(&debug, "debug", false, "setup client with no tls and enable debug")
+	flag.BoolVar(&debugDT, "debugDT", false, "setup client with no tls and enable debug")
 	flag.StringVar(
 		&ownerAnnotation,
 		"ownerAnnotation",
@@ -71,11 +71,11 @@ func main() {
 		dtrack.WithHttpClient(
 			&http.Client{Transport: &http.Transport{
 				TLSClientConfig: &tls.Config{
-					InsecureSkipVerify: debug,
+					InsecureSkipVerify: debugDT,
 				},
 			},
 			}),
-		dtrack.WithDebug(debug),
+		dtrack.WithDebug(debugDT),
 		dtrack.WithAPIKey(apiKey),
 	)
 	if err != nil {
@@ -86,7 +86,7 @@ func main() {
 	if err != nil {
 		log.Fatalf("cannot connect to Dependency Track at %s, err:'%v'", authURL, err)
 	}
-	slog.Info("connection to DT successful listed projects in instance", "projects", abt.Projects)
+	slog.Info("Connection to DT successful, projects in instance:", "instance", abt.Projects)
 	if consumers.Raw {
 		responses, err := consumers.LoadToolResponse()
 		if err != nil {

diff --git a/components/consumers/dependency-track/task.yaml b/components/consumers/dependency-track/task.yaml
@@ -41,5 +41,5 @@ spec:
       "-projectVersion", "$(params.consumer-dependency-track-project-version)",
       "-projectUUID", "$(params.consumer-dependency-track-project-uuid)",
       "-ownerAnnotation","$(params.consumer-dependency-track-owner-annotation)",
-      "-debug", "$(params.consumer-dependency-track-debug)"
+      "-debugDT", "$(params.consumer-dependency-track-debug)"
     ]
diff --git a/components/consumers/jira/Makefile b/components/consumers/jira/Makefile
@@ -8,10 +8,10 @@ PRODUCER_AGGREGATOR_BASE_IMAGE=$(shell test -e .custom_image && cat .custom_imag
 DOCKER=docker
 
 container:
-	$(DOCKER) build --tag $(CONTAINER_REPO)/components/consumers/jira:$(DRACON_VERSION) \
+	$(DOCKER) build --tag $(CONTAINER_REPO)/components/consumers/dependency-track:$(DRACON_VERSION) \
 					--file Dockerfile \
 					$$([ "${SOURCE_CODE_REPO}" != "" ] && echo "--label=org.opencontainers.image.source=${SOURCE_CODE_REPO}" ) \
 					 ../../../bin 1>&2
 
 publish:
-	$(DOCKER) push $(CONTAINER_REPO)/components/consumers/jira:$(DRACON_VERSION) 1>&2
+	$(DOCKER) push $(CONTAINER_REPO)/components/consumers/dependency-track:$(DRACON_VERSION) 1>&2
diff --git a/examples/pipelines/cdxgen-project/kustomization.yaml b/examples/pipelines/cdxgen-project/kustomization.yaml
@@ -9,4 +9,5 @@ components:
   - pkg:helm/dracon-oss-components/producer-aggregator
   - pkg:helm/dracon-oss-components/enricher-deduplication
   - pkg:helm/dracon-oss-components/enricher-aggregator
-  - pkg:helm/dracon-oss-components/consumer-stdout-json
+  - pkg:helm/dracon-oss-components/consumer-stdout-json
+  - components/consumers/dependency-track
diff --git a/examples/pipelines/cdxgen-project/pipelinerun.yaml b/examples/pipelines/cdxgen-project/pipelinerun.yaml
@@ -9,11 +9,17 @@ spec:
     name: dracon-cdxgen-project
   params:
   - name: git-clone-url
-    value: https://github.com/ocurity/e2e-monorepo.git
-  - name: b64-signature-key
-  # THIS IS AN EXAMPLE, PLEASE USE A PROPERLY SECURED SECRET KEY IN PRODUCTION
-  # Corresponding public key for verification is MOt7TFuLyGB9yRN5mcIeAPa6jKoFglkwEwGBTOVLeXI=
-    value: Lvbo+wAsW8Y4ENBA+lAikOwGTYAIXCQ49eRMEwClv94w63tMW4vIYH3JE3mZwh4A9rqMqgWCWTATAYFM5Ut5cg==
+    value: 'https://github.com/sqreen/go-dvwa.git'
+  - name: consumer-dependency-track-api-url
+    value: http://192.168.1.13:8081
+  - name: consumer-dependency-track-project-name
+    value: cdxgen-test
+  - name: consumer-dependency-track-project-version
+    value: "0.1.0"
+  - name: consumer-dependency-track-token
+    value: odt_HvaqxzTkekZeiI5Nd2I73azqxh31hadL
+  - name: consumer-dependency-track-project-uuid
+    value: ac819655-8e0d-4117-8ae8-1b05e9723b23
   workspaces:
   - name: output
     subPath: source-code

diff --git a/examples/pipelines/golang-project/pipelinerun.yaml b/examples/pipelines/golang-project/pipelinerun.yaml
@@ -8,9 +8,7 @@ spec:
     name: dracon-golang-project
   params:
   - name: git-clone-url
-    value: https://github.com/ocurity/e2e-monorepo.git
-  - name: git-clone-subdirectory
-    value: source-code
+    value: 'https://github.com/sqreen/go-dvwa.git'
   workspaces:
   - name: output
     volumeClaimTemplate: