Setup Jenkins pipeline to import the SBOM file
A tutorial to show a possible end-to-end implementation to bring software library data into VSM for a Maven project.
In the below tutorial, you will see how to set up the SBOM generation and provisioning to VSM for an example Maven project the CycloneDX plugin used is documented in more detail here (https://github.com/CycloneDX/cyclonedx-maven-plugin).
Setup pipeline
- Edit your Jenkinsfile to generate the SBOM file
pipeline{
stages{
// your build here
stage("Generate SBOM with CycloneDX maven plugin"){
sh "mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom"
}
}
}
- Send the file on your Jenkins pipeline
pipeline{
stages{
# your build here
# Generate SBOM with CycloneDX maven plugin here
stage("Import SBOM file on the service "){
sh '''
curl --request POST \
--url https://<region>-vsm.leanix.net/services/vsm/discovery/v1/service \
--header 'accept: */*' \
--header 'content-type: multipart/form-data' \
--form id=svc12345 \
--form sourceType=my-alerting-solution \
--form sourceInstance=my-company \
--form name=my-service \
--form 'description=The one and only service with 110% uptime' \
--form 'data={"number_of_incidents":"2","monitoring_dashboard":"https://my-company.my-alerting-solution.com/my-service"}' \
--form bo[email protected]
'''
}
}
}
Here is a complete example of the file:
pipeline{
agent any
stages{
stage("Build Jar"){
sh 'mvn clean package'
}
stage("Generate SBOM with CycloneDX maven plugin"){
sh "mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom"
}
stage("Import SBOM file on the service "){
sh '''
curl --request POST \
--url https://<region>-vsm.leanix.net/services/vsm/discovery/v1/service \
--header 'accept: */*' \
--header 'content-type: multipart/form-data' \
--form id=svc12345 \
--form sourceType=my-alerting-solution \
--form sourceInstance=my-company \
--form name=my-service \
--form 'description=The one and only service with 110% uptime' \
--form 'data={"number_of_incidents":"2","monitoring_dashboard":"https://my-company.my-alerting-solution.com/my-service"}' \
--form [email protected]
'''
}
}
Updated 11 months ago