Giter Site home page Giter Site logo

kondukto-io / sbom-pipeline-example Goto Github PK

View Code? Open in Web Editor NEW
1.0 2.0 0.0 2.3 MB

This repo does contains an example of Jenkins/Github Pipeline and a Maven Project.

Java 100.00%
devsecops-pipeline github-actions jenkins kondukto log4j sbom sbom-examples

sbom-pipeline-example's Introduction

Initiating SBOM Creation & SCA Scan On Pipeline

In our previous blog post, we have covered what SBOM is, its advantages, how to create it, and how to detect a vulnerability with SBOM. You may find the SBOM 101 blog at this link.

If you wish to see the blog post of this repository please click to this link.

This repository contains a vulnerable Log4j version, do not use it in the production environment.

In this repository, you can find an example pom.xml file to understand how you can import various plugins to your Maven project. Besides that, it contains a Github Actions & Jenkins pipeline examples to guide you on how you can create/edit your pipeline according to your needs.

Github Actions Pipeline

What is CycloneDX?

CycloneDX is a Software Bill of Materials(SBOM) standard by OWASP and it’s designed for use in application security contexts. The CycloneDX project provides a bunch of tools for anyone to use in the desired environment.

To use this plugin, we only need to add the following configuration to the pom.xml file:

Codedx Maven Plugin

What is Dependency-Check?

Dependency-Check is an SCA tool. The main purpose of it to generate the dependency list and check for the known vulnerabilities via different sources like NVD, OSS Index or Github’s Security Advisory, etc. Some tools may also provide more details about their open source license.

Here is the import block for the pom.xml file:

Dependency-Check plugin

sbom-pipeline-example's People

Contributors

beyildirim avatar

Stargazers

avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.