Automating SBOM uploads when a new product version is installed #4256
Unanswered
logicaloud
asked this question in
Q&A
Replies: 1 comment
-
|
Maybe there is no such tool available or possibly it is not a common problem? Would there be any general interest in such a tool? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Does anybody know of a tool that can automate SBOM uploads to Dependency Track outside of a CI pipeline? The use case scenario I'm looking at is this:
A product generates SBOMs for several product modules as part of the CI pipeline. The product, including SBOMs, is installed at the customer site, possibly without Internet connection for the product itself. The customer uses a local Dependency Track installation to monitor the specific version of the product that is installed. When a new product version is installed at the customer site, then Dependency Track should automatically be updated with the new SBOMs.
In this scenario it would be useful to have a tool that monitors a number of folders in the file system (or some local URLs) for updated SBOM files; if any are found then the Dependency Track API could be used to upload the SBOMs.
It sounds like a common problem - is there already a tool/solution/best practice for this?
Any other ideas or suggestions are welcome! Thank you.
Beta Was this translation helpful? Give feedback.
All reactions