Commit 95b51c22 authored by Jérome Perrin's avatar Jérome Perrin

Dependency-Track: new software

parent 1a48a547
Pipeline #35946 failed with stage
in 0 seconds
# OWASP Dependency Track
https://dependencytrack.org/
Can be used to ingest SBOM of slapos software release produced with [nxdbom](https://lab.nexedi.com/nexedi/nxd-bom)
[instance-profile]
filename = instance.cfg.in
md5sum = 5545f52ea36d5116523c5569999915ae
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"additionalProperties": false,
"properties": {}
}
{
"$schema": "https://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"url": {
"title": "URL",
"description": "URL to access Dependency-Track.",
"type": "string",
"format": "uri"
}
}
}
[buildout]
parts =
publish-connection-parameter
extends = ${monitor2-template:output}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
[dependency-track-instance]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:service}/$${:_buildout_section_name_}
command-line =
${java:location}/bin/java
-jar ${dependency-track-bundled.jar:location}/dependency-track-bundled.jar
-host $${:ip}
-port $${:port}
environment =
ALPINE_DATABASE_MODE=external
ALPINE_DATABASE_URL=jdbc:postgresql://$${postgresql:ipv4}:$${postgresql:port}/$${postgresql:dbname}
ALPINE_DATABASE_DRIVER=org.postgresql.Driver
ALPINE_DATABASE_USERNAME=$${postgresql:superuser}
ALPINE_DATABASE_PASSWORD=$${postgresql:password}
HOME=$${directory:srv-dependency-track}
hash-existing-files =
$${buildout:directory}/software_release/buildout.cfg
ip = $${instance-parameter:ipv4-random}
port = 18080
promises =
$${dependency-track-promise:name}
[dependency-track-frontend-certificate]
recipe = plone.recipe.command
command =
if [ ! -e $${:cert-file} ]
then
${openssl-output:openssl} req -x509 -nodes -sha256 -days 3650 \
-subj "/C=AA/ST=X/L=X/O=Dis/CN=$${:common-name}" \
-newkey rsa -keyout $${:cert-file} \
-out $${:cert-file}
fi
update-command = $${:command}
cert-file = $${directory:var}/$${:_buildout_section_name_}.pem
common-name = $${dependency-track-frontend-config:ip}
location =
$${:cert-file}
[dependency-track-frontend-config]
recipe = slapos.recipe.template:jinja2
url = ${stack-haproxy-default-backend-config:target}
output = $${directory:etc}/$${:_buildout_section_name_}
context =
key pidfile :pidfile
key content :content
content =
listen app
log global
bind $${:ip}:$${:port} ssl crt $${dependency-track-frontend-certificate:cert-file} alpn h2,http/1.1
server app $${dependency-track-instance:ip}:$${dependency-track-instance:port}
pidfile = $${directory:run}/$${:_buildout_section_name_}.pid
ip = $${instance-parameter:ipv6-random}
port = 8443
[dependency-track-frontend]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line =
${haproxy:location}/sbin/haproxy -f $${dependency-track-frontend-config:output}
url = https://[$${dependency-track-frontend-config:ip}]:$${dependency-track-frontend-config:port}
[dependency-track-promise]
<= monitor-promise-base
promise = check_url_available
name = $${:_buildout_section_name_}.py
config-url= $${dependency-track-frontend:url}/
[postgresql-password]
recipe = slapos.cookbook:generate.password
[postgresql]
recipe = slapos.cookbook:postgres
bin = ${postgresql:location}/bin
services = $${directory:service}
dbname = dependency-track_db
superuser = dependency-track-psql
password = $${postgresql-password:passwd}
pgdata-directory = $${directory:srv}/postgresql
ipv4 = $${instance-parameter:ipv4-random}
# disable listening on ipv6
ipv6 =
port = 5432
promises = $${postgresql-promise:name}
[postgresql-psql]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:bin}/$${:_buildout_section_name_}
command-line =
$${postgresql:bin}/psql
-h $${postgresql:pgdata-directory}
-U $${postgresql:superuser}
-d $${postgresql:dbname}
[postgresql-promise]
<= monitor-promise-base
promise = check_command_execute
name = promise-postgresql.py
config-command = $${postgresql-psql:wrapper-path} -c '\q'
[postgresql-backup-crontab-entry]
recipe = slapos.cookbook:cron.d
name = $${:_buildout_section_name_}
cron-entries = $${cron:cron-entries}
time = daily
command = $${postgresql-backup:wrapper-path}
[postgresql-backup]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:bin}/$${:_buildout_section_name_}
# XXX there's a recipe for backup in slapos cookbook, but it does not create
# the backup file in an atomic way, which is not acceptable here, because we
# don't want to risk pulling a partial file. To prevent this, we create a
# temp file and move it when finished.
command-line =
sh -c "$${postgresql:bin}/pg_dump \
-h $${postgresql:pgdata-directory} \
-U $${postgresql:superuser} \
--format=custom \
-f $${:backup-file}.tmp \
$${postgresql:dbname} \
&& mv $${:backup-file}.tmp $${:backup-file}"
backup-file = $${directory:srv-backup}/backup.pg_dump
[postgresql-restore-backup]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:bin}/$${:_buildout_section_name_}
command-line =
sh -e -c "\
echo 'This will replace current database with latest backup. Hit Ctrl+C to cancel';
sleep 10;
$${postgresql:bin}/dropdb \
-h $${postgresql:pgdata-directory} \
-U $${postgresql:superuser} \
--if-exists \
$${postgresql:dbname};
$${postgresql:bin}/createdb \
-h $${postgresql:pgdata-directory} \
-U $${postgresql:superuser} \
$${postgresql:dbname};
$${postgresql:bin}/pg_restore \
--exit-on-error \
-h $${postgresql:pgdata-directory} \
-U $${postgresql:superuser} \
-d $${postgresql:dbname} \
$${postgresql-backup:backup-file}"
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron-output:crond}
cron-entries = $${directory:etc-cron.d}
crontabs = $${directory:var-crontabs}
cronstamps = $${directory:var-cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${directory:bin}/crond
[cron-service]
recipe = slapos.cookbook:wrapper
command-line = $${cron:binary}
wrapper-path = $${directory:services}/crond
hash-existing-files = $${buildout:directory}/software_release/buildout.cfg
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${directory:bin}/cron_simplelogger
log = $${directory:log}/cron.log
[rapidcdn-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Dependency Track Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
shared = true
config-url = $${dependency-track-frontend:url}
return = domain secure_access
[rapidcdn-frontend-available-promise]
<= monitor-promise-base
promise = check_url_available
name = $${:_buildout_section_name_}.py
config-url = $${rapidcdn-frontend:connection-secure_access}
[instance-parameter]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
[directory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
etc-cron.d = $${:etc}/cron.d
var = $${buildout:directory}/var
var-crontabs = $${:var}/crontabs
var-cronstamps = $${:var}/cronstamps
var-cron-entries = $${:var}/cron-entries
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
tmp = $${buildout:directory}/tmp
run = $${buildout:directory}/run
service = $${:etc}/service
srv-dependency-track = $${:srv}/dependency-track
srv-backup = $${:srv}/backup
[publish-connection-parameter]
recipe = slapos.cookbook:publish
url = $${rapidcdn-frontend-available-promise:config-url}
backup-crontab = $${postgresql-backup-crontab-entry:name}
restore-backup-script = $${postgresql-restore-backup:wrapper-path}
[buildout]
extends =
../../component/defaults.cfg
../../component/java/buildout.cfg
../../component/postgresql/buildout.cfg
../../component/dcron/buildout.cfg
../../stack/haproxy/default-backend.cfg
../../stack/slapos.cfg
buildout.hash.cfg
../../stack/monitor/buildout.cfg
parts =
slapos-cookbook
instance-profile
[java]
<= java-re-temurin-21
[dependency-track-bundled.jar]
recipe = slapos.recipe.build:download
url = https://github.com/DependencyTrack/dependency-track/releases/download/4.11.4/dependency-track-bundled.jar
md5sum = a1c5e8f216a999b6d497b133c93588a6
[instance-profile]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/${:filename}
output = ${buildout:directory}/instance.cfg
{
"name": "Dependency-Track",
"description": "Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.",
"serialisation": "xml",
"software-type": {
"default": {
"title": "Default",
"software-type": "default",
"description": "Default",
"request": "instance-dependency-track-input-schema.json",
"response": "instance-dependency-track-output-schema.json",
"index": 1
}
}
}
Tests for DependencyTrack software release
##############################################################################
#
# Copyright (c) 2024 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from setuptools import setup, find_packages
version = '0.0.1.dev0'
name = 'slapos.test.dependencytrack'
with open("README.md") as f:
long_description = f.read()
setup(name=name,
version=version,
description="Test for SlapOS' dependencytrack",
long_description=long_description,
long_description_content_type='text/markdown',
maintainer="Nexedi",
maintainer_email="info@nexedi.com",
url="https://lab.nexedi.com/nexedi/slapos",
packages=find_packages(),
install_requires=[
'slapos.core',
'slapos.cookbook',
'slapos.libnetworkcache',
'supervisor',
'requests'
],
zip_safe=True,
test_suite='test',
)
##############################################################################
#
# Copyright (c) 2024 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import os
import requests
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
setUpModule, InstanceTestCase = makeModuleSetUpAndTestCaseClass(
os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'software.cfg')))
class TestDependencyTrack(InstanceTestCase):
__partition_reference__ = 'DT' # postgresql use a socket in data dir
def test(self):
url = self.computer_partition.getConnectionParameterDict()['url']
resp = requests.get(url, verify=False)
self.assertTrue(resp.text)
self.assertTrue(resp.ok)
......@@ -47,6 +47,11 @@ setup = ${slapos-repository:location}/software/backupserver/test/
egg = slapos.test.dufs
setup = ${slapos-repository:location}/software/dufs/test/
[slapos.test.dependency-track-setup]
<= setup-develop-egg
egg = slapos.test.dependencytrack
setup = ${slapos-repository:location}/software/dependency-track/test/
[slapos.test.erp5-setup]
<= setup-develop-egg
egg = slapos.test.erp5
......@@ -355,6 +360,7 @@ eggs +=
${slapos.test.caucase-setup:egg}
${slapos.test.cloudooo-setup:egg}
${slapos.test.dream-setup:egg}
${slapos.test.dependency-track-setup:egg}
${slapos.test.dufs-setup:egg}
${slapos.test.erp5-setup:egg}
${slapos.test.erp5testnode-setup:egg}
......@@ -446,6 +452,7 @@ tests =
caucase ${slapos.test.caucase-setup:setup}
cloudooo ${slapos.test.cloudooo-setup:setup}
dream ${slapos.test.dream-setup:setup}
dependency-track ${slapos.test.dependency-track-setup:setup}
dufs ${slapos.test.dufs-setup:setup}
erp5 ${slapos.test.erp5-setup:setup}
erp5-py3 ${slapos.test.erp5-setup:setup}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment