Merge branch 'main' of https://github.com/0GiS0/dependency-management…

…-labs

.ado/dependecy-track.yml

@@ -0,0 +1,43 @@
+name: Track dependencies
+
+trigger:
+  branches:
+    include:
+      - main
+  paths:
+    exclude:
+      - .github/**
+      - steps.sh
+      - .gitignore
+
+pool:
+  vmImage: ubuntu-latest
+
+jobs:
+ - job: GenerateSBOMAndSendToDependencyTrack
+   displayName: 'Generate SBOM and Send to Dependency Track' 
+   steps:
+   - task: NodeTool@0
+     inputs:       
+       checkLatest: true
+   - task: CmdLine@2
+     displayName: "Checkout a public GH repo"
+     inputs:
+      script: |
+         clone https://github.com/0GiS0/tour-of-heroes-angular.git && cd tour-of-heroes-angular && npm install        
+   - task: CmdLine@2
+     displayName: "Install cdxgen" 
+     inputs:
+       script: |          
+        npm install -g @cyclonedx/cdxgen
+
+   - task: CmdLine@2
+     displayName: "Generate SBOM and Send to Dependency Tracker" 
+     inputs:
+       script: |          
+        FETCH_LICENSE=true cdxgen tour-of-heroes-angular/ -o bom-1.4.json --spec-version 1.4 \
+        --server-url $(DEPENDENCYTRACK_HOSTNAME) \
+        --api-key $(DEPENDENCYTRACK_APIKEY) \
+        --project-name tour-of-heroes-angular-from-ado \
+        --project-version 1.0.0 \
+        --auto-create