Add github action

.devcontainer/devcontainer.json

@@ -9,7 +9,10 @@
 	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
 	"features": {
 		"ghcr.io/devcontainers-contrib/features/snyk-cli:1": {},
-		"ghcr.io/devcontainers-contrib/features/node-asdf:0": {}
+		"ghcr.io/devcontainers-contrib/features/node-asdf:0": {},
+		"ghcr.io/dhoeric/features/trivy:1": {},
+		"ghcr.io/devcontainers/features/docker-in-docker:2": {}
+
 	},
 
 	// Features to add to the dev container. More info: https://containers.dev/features.

.devcontainer/docker-compose.yml

@@ -132,7 +132,8 @@ services:
       #   * This URL must be reachable by the browsers of your users.
       #   * The frontend container itself does NOT communicate with the API server directly, it just serves static files.
       #   * When deploying to dedicated servers, please use the external IP or domain of the API server.
-      - API_BASE_URL=http://localhost:8081
+      # - API_BASE_URL=http://localhost:8081
+       - API_BASE_URL=https://refactored-winner-96rjjwr96fx7px-8081.app.github.dev
       # - "OIDC_ISSUER="
       # - "OIDC_CLIENT_ID="
       # - "OIDC_SCOPE="

.github/workflows/dependecy-track.yaml

@@ -0,0 +1,33 @@
+name: Dependecy-track
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+      with:  
+        repository: 0gis0/tour-of-heroes-dotnet-api
+    - name: Configure .NET
+      uses: actions/setup-dotnet@v1
+      with:
+        dotnet-version: 7.0.x
+    - name: Build with dotnet
+      run: dotnet build --configuration Release
+    - name: Install cdxgen
+      run: npm install -g cdxgen
+    - name: Generate SBOM
+      run: cdxgen tour-of-heroes-dotnet-api/ -o bom-1.4.json --spec-version 1.4    
+    - name: Send SBOM to DependencyTrack server
+      uses: DependencyTrack/[email protected]
+      with:            
+        serverHostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}        
+        apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+        projectName: 'Tour of Heroes API from GitHub Actions'
+        projectVersion: 'main'
+        bomFilename: "bom-1.4.json"
+        autoCreate: true

steps.sh

@@ -5,67 +5,55 @@
 
 snyk auth
 
-git clone https://github.com/0GiS0/tour-of-heroes-angular.git && cd tour-of-heroes-angular
-npm install
+git clone https://github.com/0GiS0/tour-of-heroes-angular.git && cd tour-of-heroes-angular && npm install
 
 cdxgen -o bom.1.4.json --spec-version 1.4
 
+# with licenses
+export FETCH_LICENSE=true
+cdxgen -o bom-with-license.json --spec-version 1.4
 
-# Trying API REST
-curl http://localhost:8080/api/version -w '%{response_code}'
-
-curl -X "PUT" "http://localhost:8080/api/v1/bom" \
-     -H 'Content-Type: multipart/form-data' \
-     -H 'X-Api-Key: BgCIvb2ZuIEiuaZBiOZ5JhmQdD8I4Iop' \
-     -F 'project=00ca1b30-3746-4da1-abae-f0b45a6d9906' \
-     -F '[email protected]' \
-     -w '%{response_code}'
-
-
-
-curl -X "PUT" "http://localhost:8080/api/v1/bom" \
+curl -X "POST" "http://localhost:8080/api/v1/bom" \
      -H 'Content-Type: multipart/form-data' \
-     -H 'X-Api-Key: BgCIvb2ZuIEiuaZBiOZ5JhmQdD8I4Iop' \
-     -F 'project=81d1c70e-5527-4d1d-bdd0-15d6120badcb' \
-     -F '[email protected]' \
+     -H "X-Api-Key: F6gyljd8lvVARQxKkd8WUpgO6wG4o0gv" \
+     -F "autoCreate=true" \
+     -F "projectName=tour-of-heroes-angular" \
+     -F "projectVersion=1.0.0" \
+     -F "[email protected]" \
      -w '%{response_code}'
 
 
-# snyk sbom --format cyclonedx1.4+json # Doesnt work
+git clone https://github.com/0GiS0/tour-of-heroes-dotnet-api.git &&  cd tour-of-heroes-dotnet-api && dotnet build
 
-git clone https://github.com/0GiS0/tour-of-heroes-dotnet-api.git &&  cd tour-of-heroes-dotnet-api
-dotnet build
+cdxgen -o bom-1.4.json --spec-version 1.4
 
-# npm install -g @cyclonedx/cdxgen
 export FETCH_LICENSE=true
 cdxgen -o bom-with-license.json --spec-version 1.4
 
 curl -X "POST" "http://localhost:8080/api/v1/bom" \
      -H 'Content-Type: multipart/form-data' \
-     -H "X-Api-Key: QN0pNzIFxraSqO4U97kvLsFoCv8zfHR8" \
+     -H "X-Api-Key: F6gyljd8lvVARQxKkd8WUpgO6wG4o0gv" \
      -F "autoCreate=true" \
-     -F "projectName=tour-of-heroes-test" \
+     -F "projectName=tour-of-heroes-dotnet-api" \
      -F "projectVersion=1.0.0" \
-     -F "bom=@bom.1.4.json" \
+     -F "bom=@bom-with-license.json" \
      -w '%{response_code}'
 
-# Test license
-git clone https://github.com/dephell/dephell.git && cd dephell
-cdxgen -o bom.1.4.json --spec-version 1.4
 
+# Generate SBOM from a Docker image (You need Docker install to pull the image)
+cdxgen ghcr.io/0gis0/tour-of-heroes-dotnet-api/tour-of-heroes-api:9b8a5e9 -o docker-bom.json -t docker --spec-version 1.4
+
+# Send SBOM to Dependency-Track
 curl -X "POST" "http://localhost:8080/api/v1/bom" \
      -H 'Content-Type: multipart/form-data' \
-     -H "X-Api-Key: QN0pNzIFxraSqO4U97kvLsFoCv8zfHR8" \
+     -H "X-Api-Key: 1YTRKqtdRBk3ore2vciFvHSjcauYVcJp" \
      -F "autoCreate=true" \
-     -F "projectName=dephell-test" \
+     -F "projectName=tour-of-heroes-dotnet-api-docker" \
+     -F "classifier=CONTAINER" \
      -F "projectVersion=1.0.0" \
-     -F "bom=@bom.1.4.json" \
+     -F "bom=@docker-bom.json" \
      -w '%{response_code}'
 
-
-# FOSSA
-# Install fossa-cli
-curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
-export FOSSA_API_KEY='YOUR_API_KEY'
-# Run an analysis
-fossa analyze
+# Scan SBOM with trivy
+cd tour-of-heroes-dotnet-api
+trivy sbom bom-1.4.json