Create track_dependencies.yml

Leopold-Cramer · Leopold-Cramer · commit b35186285f77 · 2025-08-25T09:33:47.000+02:00
diff --git a/.github/workflows/track_dependencies.yml b/.github/workflows/track_dependencies.yml
@@ -0,0 +1,31 @@
+name: Track Dependencies
+
+on:
+  push:
+    branches:
+      - main
+      
+jobs:
+  generate-sbom:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install CycloneDX
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install cyclonedx-bom
+      - name: Install project
+        run: |
+          python -m venv .venv
+          .venv/bin/pip install -r requirements.txt
+      - name: Generate SBOM file
+        run: |
+          cyclonedx-py environment .venv --output-file sbom.json
+      - name: Upload cyclonedx bom to dependency
+        uses: DependencyTrack/gh-upload-sbom@v3
+        with:
+          serverhostname: ${{ secrets.DEPENDENCY_TRACK_SERVER_HOSTNAME }}
+          apikey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
+          project: '5494feb7-3a34-458a-96f7-1892b6364dd0'
+          bomfilename: 'sbom.json'
+    
