Version 0.6

Author: Harri Klingsten

README.md

@@ -10,6 +10,21 @@ This application is intended to use **CycloneDX** and **Dependency Track** softw
 
 If you want to setup **CycloneDX** and **Dependency Track** in any other way, I recommend you to look at their respective documentation, links to their repos are present at the end of this document. You also need to adjust the ```PowerCommandsConfiguration.yaml``` configuration file with the appropriate API endpoints. You do not need to run the ```start``` command if the software is installed and already running on your machine or a server else where.
 
+## Setup 
+### Setup docker containers
+```setup --docker```
+
+This will pull down the docker images needed if you want to run this with Docker Desktop, which is:
+- ghcr.io/cyclonedx/cdxgen:v8.6.0
+- dependencytrack/apiserver
+- dependencytrack/frontend
+
+### Setup Dependency Track API key
+```setup dt-key```
+
+Paste the API key copied from the Dependency Track Admin, this is only needed if you intend to automatically import your sbom file into Dependency Track (and why shouldn't you do that?).
+You must of course start Dependency Track with the ```start``` command described below.
+
 ## Start
 ```start```
 

dt-api-key.png

@@ -7,7 +7,7 @@
 		<ImplicitUsings>enable</ImplicitUsings>
 		<Nullable>enable</Nullable>
 		<AssemblyName>p-sec-tools</AssemblyName>
-		<Version>0.5.0.0</Version>
+		<Version>0.6.0.0</Version>
 	</PropertyGroup>
 
 	<ItemGroup>

src/SecTools/PainKiller.PowerCommands.PowerCommandsConsole/PainKiller.PowerCommands.PowerCommandsConsole.csproj

@@ -20,7 +20,7 @@ public override async Task<RunResult> RunAsync()
 
         if (HasOption("upload"))
         {
-            var response = await DependencyTrackManager.PostSbom(Configuration.DependencyTracker.SbomApiUrl, jsonData, name, Configuration.Secret.DecryptSecret("##DT_PowerCommand##"));
+            var response = await DependencyTrackManager.PostSbom($"{Configuration.DependencyTracker.ApiUrl}{Configuration.DependencyTracker.SbomApiUrl}", jsonData, name, Configuration.Secret.DecryptSecret("##DT_PowerCommand##"));
             if (response.StartsWith("Request failed with status code:")) WriteFailureLine(response);
             else WriteSuccessLine(response);
         }

src/SecTools/SecToolsCommands/Commands/SbomCommand.cs

@@ -0,0 +1,35 @@
+using PainKiller.PowerCommands.Core.Commands;
+using SecToolsCommands.Managers;
+
+namespace SecToolsCommands.Commands;
+
+[PowerCommandDesign( description: "Pull necessary docker images.",
+                         options: "docker|dt-key",
+                         example: "setup")]
+public class SetupCommand : CommandBase<PowerCommandsConfiguration>
+{
+    public SetupCommand(string identifier, PowerCommandsConfiguration configuration) : base(identifier, configuration) { }
+
+    public override RunResult Run()
+    {
+        if (HasOption("docker"))
+        {
+            DockerDesktopManager.StartDockerDesktop(Configuration.DockerDesktop.Path, Configuration.DockerDesktop.StartupTime);
+
+            DockerDesktopManager.Pull(Configuration.Cdxgen.ImageUrl);
+            WriteSuccessLine("\nCdxgen setup done!");
+
+            DockerDesktopManager.Pull(Configuration.DependencyTracker.ApiServerImage);
+            DockerDesktopManager.Pull(Configuration.DependencyTracker.FrontendImage);
+        
+            WriteSuccessLine("\nDependency track setup done!");
+        }
+        else if (HasOption("dt-key"))
+        {
+            var secretCommand = new SecretCommand("secret", Configuration);
+            secretCommand.InitializeAndValidateInput("secret --create \"DT_PowerCommand\"".Interpret());
+            secretCommand.Run();
+        }
+        return Ok();
+    }
+}

src/SecTools/SecToolsCommands/Commands/SetupCommand.cs

@@ -17,11 +17,12 @@ public override RunResult Run()
         var xCfg = Configuration.Cdxgen;
         CycloneDxManager.Start(xCfg.HostMount, xCfg.ContainerMount, xCfg.HostPort, xCfg.ContainerPort, xCfg.SdxGenServerVolumeMount, xCfg.ImageUrl, xCfg.ServerHost);
 
-        DependencyTrackManager.Start(Configuration.DependencyTracker.UrlToDockerComposeFile, Configuration.DependencyTracker.AdminUrl, Configuration.DependencyTracker.StartupTime);
+        var dCfg = Configuration.DependencyTracker;
+        DependencyTrackManager.Start(dCfg.ApiUrl, dCfg.ApiServerImage, dCfg.ApiServerContainer, dCfg.ApiPorts, dCfg.FrontendImage, dCfg.FrontendContainer, dCfg.FrontendPorts, dCfg.AdminUrl, dCfg.StartupTime);
 
         WriteHeadLine("You are now ready to create SBOM files\n");
         WriteLine("Notice that to automatically upload the SBOM to Dependency Track, you first need to do two things:");
-        WriteLine("1) Create a Team in Dependency Track give the Team BOM_UPLOAD, PROJECT_CREATION, PORTFOLIO_MANAGEMENT permissions");
+        WriteLine("1) Create a Team in Dependency Track give the Team BOM_UPLOAD, PROJECT_CREATION");
         WriteLine("2) Copy the API key, and create a secret in PowerCommands like this:");
         WriteCodeExample("secret","--create \"DT_PowerCommand\"");
 

src/SecTools/SecToolsCommands/Commands/StartCommand.cs

@@ -3,7 +3,15 @@
 public class DependencyTrackerConfiguration
 {
     public string UrlToDockerComposeFile { get; set; } = "https://dependencytrack.org/docker-compose.yml";
-    public string SbomApiUrl { get; set; } = "http://localhost:8081/api/v1/bom";
+    public string SbomApiUrl { get; set; } = "/api/v1/bom";
     public string AdminUrl { get; set; } = "http://localhost:8080";
+    public string ApiUrl { get; set; } = "http://localhost:8081";
+    public string ApiPorts { get; set; } = "8081:8080";
+    public string ApiServerImage { get; set; } = "dependencytrack/apiserver";
+    public string ApiServerContainer { get; set; } = "dtrack-frontend";
+    public string FrontendImage { get; set; } = "dependencytrack/frontend";
+    public string FrontendContainer { get; set; } = "dtrack-apiserver";
+    public string FrontendPorts { get; set; } = "8080:8080";
     public int StartupTime { get; set; } = 5;
+
 }

src/SecTools/SecToolsCommands/Configuration/DependencyTrackerConfiguration.cs

@@ -19,19 +19,10 @@ public static async Task<string> PostSbom(string apiUrl, string sbomJson, string
         var responseBody = await response.Content.ReadAsStringAsync();
         return responseBody;
     }
-
-    public static void Start(string urlToDockerComposeFile, string adminUrl, int startupTime)
+    public static void Start(string apiUrl, string apiServerImage, string apiServerContainer, string apiPorts, string frontendImage, string frontendContainer, string frontendPorts, string adminUrl, int startupTime)
     {
-        var dockerComposeFileName = Path.Combine(PowerCommandsConfiguration.AppDataFolderDependencyTrack, "docker-compose.yml");
-        if (!File.Exists(dockerComposeFileName))
-        {
-            var httpClient = new HttpClient();
-            var yamlData = httpClient.GetStringAsync(urlToDockerComposeFile).Result;
-            File.WriteAllText(dockerComposeFileName, yamlData);
-            ConsoleService.Service.WriteSuccessLine(nameof(DependencyTrackManager), "Docker compose file downloaded and save in app directory.");;
-        }
-
-        ShellService.Service.Execute("docker-compose", "up -d", PowerCommandsConfiguration.AppDataFolderDependencyTrack);
+        ShellService.Service.Execute("docker", $"run -d --name {apiServerContainer} -p {apiPorts} {apiServerImage}", "");
+        ShellService.Service.Execute("docker", $"run -d --name {frontendContainer} -e API_BASE_URL={apiUrl} -p {frontendPorts} --restart unless-stopped {frontendImage}", "");
         ConsoleService.Service.WriteSuccessLine(nameof(DependencyTrackManager), "Dependency Track container starting...");;
 
         PauseService.Pause(startupTime);

src/SecTools/SecToolsCommands/Managers/DependencyTrackManager.cs

@@ -1,5 +1,4 @@
 namespace SecToolsCommands.Managers;
-
 public static class DockerDesktopManager
 {
     public static void StartDockerDesktop(string fullFileName, int startupTime)
@@ -22,4 +21,9 @@ public static void StartDockerDesktop(string fullFileName, int startupTime)
         };
         ShellService.Service.Execute("docker", arguments: "info", workingDirectory: "", reader, fileExtension: "", waitForExit: true);
     }
+    public static void Pull(string image)
+    {
+        Console.WriteLine($"Pull image {image}... please wait, result will not show before the whole process is done.");
+        ShellService.Service.Execute("docker", $"pull {image}", workingDirectory: "", waitForExit: true);
+    }
 }

src/SecTools/SecToolsCommands/Managers/DockerDesktopManager.cs

@@ -20,8 +20,15 @@ configuration:
   dependencyTracker:
     urlToDockerComposeFile: https://dependencytrack.org/docker-compose.yml    
     adminUrl: http://localhost:8080
-    sbomApiUrl: http://localhost:8081/api/v1/bom
+    apiUrl: http://localhost:8081
+    sbomApiUrl: /api/v1/bom
     startupTime: 5
+    apiServerImage: dependencytrack/apiserver
+    apiServerContainer: dtrack-apiserver
+    apiPorts: 8081:8080
+    frontendImage: dependencytrack/frontend    
+    frontendContainer: dtrack-frontend
+    frontendPorts: 8080:8080
   startupToolbar:
     hideToolbarOption: OnCommandHighlighted
     toolbarItems: