+++ /dev/null
-Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-
-Files: .github/*
-Copyright: 2017 The Linux Foundation
-License: EPL-1.0
-
-Files: node_modules/*
-Copyright: 2017 The Linux Foundation
-License: EPL-1.0
-
-Files: tests/.mypy*
-Copyright: 2017 The Linux Foundation
-License: EPL-1.0
-
-Files: tests/__pycache__/*
-Copyright: 2017 The Linux Foundation
-License: EPL-1.0
-
-Files: relnotes/*
-Copyright: 2017 The Linux Foundation
-License: EPL-1.0
-
-Files: releasenotes/*
-Copyright: 2017 The Linux Foundation
-License: EPL-1.0
-
-Files: jjb/*
-Copyright: 2017 The Linux Foundation
-License: EPL-1.0
-
-Files: .jjb-test/*
-Copyright: 2017 The Linux Foundation
-License: EPL-1.0
-
-Files: docs/*
-Copyright: 2017 The Linux Foundation
-License: CC-BY-4.0
-
-Files: jenkins-admin/*
-Copyright: 2017 The Linux Foundation
-License: EPL-1.0
-
-Files: schema/*
-Copyright: 2017 The Linux Foundation
-License: EPL-1.0
-
-Files: reusable-tox-run-action/*
-Copyright: 2017 The Linux Foundation
-License: EPL-1.0
--- /dev/null
+version = 1
+
+[[annotations]]
+path = ".github/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "EPL-1.0"
+
+[[annotations]]
+path = "node_modules/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "EPL-1.0"
+
+[[annotations]]
+path = "tests/.mypy**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "EPL-1.0"
+
+[[annotations]]
+path = "tests/__pycache__/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "EPL-1.0"
+
+[[annotations]]
+path = "relnotes/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "EPL-1.0"
+
+[[annotations]]
+path = "releasenotes/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "EPL-1.0"
+
+[[annotations]]
+path = "jjb/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "EPL-1.0"
+
+[[annotations]]
+path = ".jjb-test/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "EPL-1.0"
+
+[[annotations]]
+path = "docs/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "CC-BY-4.0"
+
+[[annotations]]
+path = "jenkins-admin/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "EPL-1.0"
+
+[[annotations]]
+path = "schema/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "EPL-1.0"
+
+[[annotations]]
+path = "reusable-tox-run-action/**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2017 The Linux Foundation"
+SPDX-License-Identifier = "EPL-1.0"
lf-infra-nexus-iq-go-cli
------------------------
-Calls nexus-iq-go-cli.sh to CLM scan a Go project.
+Calls nexus-iq-go-cli.sh to CLM scan a Go project through CLI.
+
+:Required Parameters:
+
+ :NEXUS_IQ_PROJECT_NAME: Nexus IQ project name that will receive the CLM scan results.
+
+lf-infra-nexus-iq-go-api
+------------------------
+
+Calls nexus-iq-go-api.sh to CLM scan a Go project through REST API.
:Required Parameters:
NEXUS_IQ_PROJECT_NAME={nexus-iq-project-name}
- shell: !include-raw-escape: ../shell/nexus-iq-go-cli.sh
+- builder:
+ name: lf-infra-nexus-iq-go-api
+ builders:
+ - inject:
+ properties-content: |
+ NEXUS_IQ_PROJECT_NAME={nexus-iq-project-name}
+ - shell: !include-raw-escape: ../shell/nexus-iq-go-api.sh
+
############
# WRAPPERS #
############
git-url: "$GIT_URL/$PROJECT"
github-url: "https://github.com"
java-version: openjdk17 # Scanner is a jar
+ nexus-iq-use-cli: true
nexus-iq-cli-version: 1.185.0-01
nexus-iq-namespace: "" # Recommend a trailing dash when set. Example: odl-
nexus-target-build: "go.sum"
- lf-update-java-alternatives:
java-version: "{java-version}"
- shell: "{pre-build-script}"
- - lf-infra-nexus-iq-go-cli:
- nexus-iq-project-name: "{nexus-iq-namespace}{project-name}"
+ # With CLI
+ - conditional-step:
+ condition-kind: boolean-expression
+ condition-expression: "{nexus-iq-use-cli}"
+ steps:
+ - shell: echo 'Using Nexus IQ CLI'
+ - lf-infra-nexus-iq-go-cli:
+ nexus-iq-project-name: "{nexus-iq-namespace}{project-name}"
+ # With REST API
+ - conditional-step:
+ condition-kind: not
+ condition-operand:
+ condition-kind: boolean-expression
+ condition-expression: "{nexus-iq-use-cli}"
+ steps:
+ - shell: echo 'Using Nexus IQ REST API'
+ - lf-infra-nexus-iq-go-api:
+ nexus-iq-project-name: "{nexus-iq-namespace}{project-name}"
- job-template:
name: "{project-name}-nexus-iq-go-clm-{stream}"
--- /dev/null
+---
+features:
+ - |
+ Add support for running Nexus IQ scan through REST API when CLI option
+ is not enough, like when scanning a Golang project which requires
+ scanning the bom.xml file and CLI doesn't support it properly.
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: EPL-1.0
+##############################################################################
+# Copyright (c) 2025 The Linux Foundation and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+##############################################################################
+echo "---> nexus-iq-go-api.sh"
+# This script installs and runs cyclonedx-gomod to generate an SBOM xml
+# for the Go project, then uses Nexus IQ REST API to analyze the Go project
+# dependencies and publishes the result to Nexus IQ server.
+
+# stop on error or unbound variable
+set -eu
+# do not print commands, credentials should not be logged
+set +x
+
+# shellcheck disable=SC1090
+. ~/lf-env.sh
+
+go version
+go mod tidy
+
+echo "INFO: running Nexus IQ scan (through REST API) on project $NEXUS_IQ_PROJECT_NAME and target: bom.xml"
+
+go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
+PATH=$PATH:$(go env GOPATH)/bin
+export PATH
+cyclonedx-gomod mod -output bom.xml -output-version 1.5 # upgrade to latest SBOM schema version when Nexus IQ version >= 180
+
+APP_ID=$(curl -u "${NEXUS_IQ_USER}:${NEXUS_IQ_PASSWORD}" \
+ -X GET "https://nexus-iq.wl.linuxfoundation.org/api/v2/applications?publicId={$NEXUS_IQ_PROJECT_NAME}" \
+ -s \
+ | jq -r ".applications[].id")
+
+curl -u "${NEXUS_IQ_USER}:${NEXUS_IQ_PASSWORD}" \
+ -X POST -H "Content-Type: application/xml" --data "@bom.xml" \
+ "https://nexus-iq.wl.linuxfoundation.org/api/v2/scan/applications/$APP_ID/sources/cyclonedx"
+
+echo "---> nexus-iq-go-api.sh ends"
Code Review / releng / global-jjb.git / commitdiff