HomeEAMVSMSMPProduct UpdatesProduct Roadmap
Try it outWebsite

Setup Jenkins pipeline to import the SBOM file

A tutorial to show a possible end-to-end implementation to bring software library data into VSM for a Maven project.

Suggest Edits

In the below tutorial, you will see how to set up the SBOM generation and provisioning to VSM for an example Maven project the CycloneDX plugin used is documented in more detail here (https://github.com/CycloneDX/cyclonedx-maven-plugin).

Setup pipeline

  1. Edit your Jenkinsfile to generate the SBOM file
pipeline{
  stages{
    // your build here
    
    stage("Generate SBOM with CycloneDX maven  plugin"){
       sh "mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom"
    }
  }
}
  1. Send the file on your Jenkins pipeline
pipeline{
  stages{
    # your build here
    # Generate SBOM with CycloneDX maven  plugin here

    stage("Import SBOM file on the service "){
           sh '''
           curl --request POST \
             --url https://<region>-vsm.leanix.net/services/vsm/discovery/v1/service \
             --header 'accept: */*' \
             --header 'content-type: multipart/form-data' \
             --form id=svc12345 \
             --form sourceType=my-alerting-solution \
             --form sourceInstance=my-company \
             --form name=my-service \
             --form 'description=The one and only service with 110% uptime' \
             --form 'data={"number_of_incidents":"2","monitoring_dashboard":"https://my-company.my-alerting-solution.com/my-service"}' \
             --form [email protected]
           '''
    }
  }
}

Here is a complete example of the file:

pipeline{
    agent any
    stages{
        stage("Build Jar"){
          sh 'mvn clean package'
        }
        stage("Generate SBOM with CycloneDX maven  plugin"){
          sh "mvn org.cyclonedx:cyclonedx-maven-plugin:makeBom"
         
        }
        stage("Import SBOM file on the service "){
  
           sh '''
           curl --request POST \
             --url https://<region>-vsm.leanix.net/services/vsm/discovery/v1/service \
             --header 'accept: */*' \
             --header 'content-type: multipart/form-data' \
             --form id=svc12345 \
             --form sourceType=my-alerting-solution \
             --form sourceInstance=my-company \
             --form name=my-service \
             --form 'description=The one and only service with 110% uptime' \
             --form 'data={"number_of_incidents":"2","monitoring_dashboard":"https://my-company.my-alerting-solution.com/my-service"}' \
             --form [email protected]
           '''
    }
}

Updated 5 months ago