Add templates

.buildkite/pipeline.yml

@@ -0,0 +1,24 @@
+steps:
+  - label: ":maven: mvn dependency:tree"
+    command: mvn dependency:tree -DoutputFile=.debricked-maven-dependencies.tgf -DoutputType=tgf
+    plugins:
+      - docker#v3.3.0:
+          image: maven
+          workdir: /app
+    artifact_paths: "**/.debricked-maven-dependencies.tgf"
+  - wait
+  - label: ":shield: Debricked"
+    command:
+      - buildkite-agent artifact download "**.debricked-maven-dependencies.tgf" .
+      - bash /buildkite.sh
+    plugins:
+      - docker#v3.3.0:
+          image: "debricked/debricked-scan"
+          mount-buildkite-agent: true
+          environment:
+              - "DEBRICKED_TOKEN"
+              - "BUILDKITE_REPO"
+              - "BUILDKITE_COMMIT"
+              - "BUILDKITE_BRANCH"
+          entrypoint: ""
+          shell : ["/bin/sh", "-e", "-c"]

.circleci/config.yml

@@ -0,0 +1,40 @@
+version: 2.1
+
+jobs:
+  build:
+    docker:
+      # specify the version you desire here
+      - image: circleci/openjdk
+
+    working_directory: ~/repo
+
+    steps:
+      - checkout
+      - run: mvn dependency:tree -DoutputFile=.debricked-maven-dependencies.tgf -DoutputType=tgf
+      # It is important that the generated dependency tree files are persisted and attached to the following scan step
+      - persist_to_workspace:
+          root: ~/repo
+          paths:
+            - '**.debricked-maven-dependencies.tgf'
+            # Make sure to add all generated .debricked-maven-dependencies.tgf files
+
+  scan:
+    docker:
+      # circleci ignores the entrypoint of debricked-scan, so start the scan manually with a step
+      - image: debricked/debricked-scan
+
+    working_directory: ~/repo
+
+    steps:
+      - checkout
+      - attach_workspace:
+          at: ~/repo
+      - run: bash /circleci.sh
+
+workflows:
+  debricked-scan:
+    jobs:
+      - build
+      - scan:
+          requires:
+            - build

.github/workflows/debricked.yml

@@ -0,0 +1,27 @@
+name: Debricked scan
+
+on: [push, pull_request]
+
+jobs:
+  vulnerabilities-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-java@v1
+      with:
+        java-version: '13'
+    - uses: actions/cache@v2
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
+    - run: |
+        mvn dependency:tree \
+        -DoutputFile=.debricked-maven-dependencies.tgf \
+        -DoutputType=tgf
+        
+    - uses: debricked/actions/scan@v1
+      env:
+        DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}

.gitignore

@@ -0,0 +1 @@
+.idea/

.gitlab-ci.yml

@@ -0,0 +1,26 @@
+stages:
+- build
+- scan
+
+build:
+  stage: build
+  image: maven:3.6.3-jdk-11
+
+  script: 
+  - mvn dependency:tree
+    -DoutputFile=.debricked-maven-dependencies.tgf
+    -DoutputType=tgf
+
+  artifacts:
+    paths:
+    - .debricked-maven-dependencies.tgf
+    expire_in: 1 day
+
+debricked:
+  stage: scan
+  image:
+    name: debricked/debricked-scan
+    entrypoint: ["/gitlab-ci.sh"]
+  script: echo "Done"
+  variables:
+    DEBRICKED_TOKEN: $DEBRICKED_TOKEN

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1 @@
+distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.3.9/apache-maven-3.3.9-bin.zip

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Debricked
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,43 @@
+<img src="https://debricked.com/build/images/blueLogo.d39f7709.svg" alt="debricked" width="50%"  align="top"/>  
+
+# Maven templates
+Here you find templates for integrating your Maven repository with us.
+
+In order for us to analyse all dependencies in your Maven project, a file containing the resolved dependency tree has to be created prior to scanning.
+
+This can be done by running the Maven `dependency:tree` plugin and storing the output in a file called `.debricked-maven-dependencies.tgf`.  
+All examples in this repository generate that tree file.  
+The command that is run prior to scanning is:
+```sh
+mvn dependency:tree -DoutputFile=.debricked-maven-dependencies.tgf -DoutputType=tgf
+```
+### Performance tip
+Does your `.debricked-maven-dependencies.tgf` take a long time to create?  
+Make sure to **cache** `.debricked-maven-dependencies.tgf` or the [Maven local repository](https://www.baeldung.com/maven-local-repository#Repository) between runs where your build is the same!
+
+Different CI/CD tools offer different support for this. Below you can find docs on how set this up:
+- GitHub Actions: [docs](https://github.com/actions/cache)
+- CircleCI: [docs](https://circleci.com/docs/2.0/caching/)
+- BuildKite: [docs](https://github.com/buildkite/maven-example) (In BuildKite docker volumes comes in handy)
+- GitLab CI/CD: [docs](https://docs.gitlab.com/ee/ci/caching/)
+- Azure Pipelines: [docs](https://docs.microsoft.com/en-us/azure/devops/pipelines/release/caching?view=azure-devops#maven)
+
+## GitHub Actions [![Debricked scan](https://github.com/debricked/example-maven-integration/actions/workflows/debricked.yml/badge.svg)](https://github.com/debricked/example-maven-integration/actions/workflows/debricked.yml)
+- Add Debricked token variable. [Read more](https://debricked.com/docs/integrations/ci-build-systems/github.html#github-actions)
+- [See template](.github/workflows/debricked.yml)
+
+## CircleCI [![CircleCI](https://circleci.com/gh/debricked/maven-templates/tree/main.svg?style=svg)](https://circleci.com/gh/debricked/maven-templates/tree/main)
+- Add Debricked token variable. [Read more](https://debricked.com/docs/integrations/ci-build-systems/circle-ci.html)
+- [See template](.circleci/config.yml)
+
+## BuildKite [![Build status](https://badge.buildkite.com/cfc0283e07b5b5ca5aa08cc7539af3e95cabff1ed988c0cb8a.svg)](https://buildkite.com/debricked/debricked-maven-templates)
+- Add Debricked token variable. [Read more](https://buildkite.com/docs/pipelines/environment-variables#defining-your-own)
+- [See template](.buildkite/pipeline.yml)  
+
+## GitLab CI/CD
+- Add Debricked token variable. [Read more](https://debricked.com/docs/integrations/ci-build-systems/gitlab.html#integrating-using-an-access-token)
+- [See template](.gitlab-ci.yml)
+
+## Azure Pipelines
+- Add Debricked token variable. [Read more](https://debricked.com/docs/integrations/ci-build-systems/azure-devops.html)
+- [See template](azure-pipelines.yml)

azure-pipelines.yml

@@ -0,0 +1,24 @@
+trigger:
+  branches:
+    include:
+      - '*' # Run on all branches
+
+resources:
+  - repo: self
+
+stages:
+- stage: debricked
+  jobs:
+  - job: debricked
+    displayName: Debricked scan
+    pool:
+      vmImage: 'ubuntu-latest'
+    steps:
+      - script: mvn dependency:tree -DoutputFile=.debricked-maven-dependencies.tgf -DoutputType=tgf
+        displayName: 'mvn dependency:tree'
+      - script: |
+          env > env.list
+          docker run -v $HOME:$HOME --env-file ./env.list --entrypoint "/azure-devops.sh" debricked/debricked-scan:latest
+        displayName: 'Debricked scan'
+        env:
+          DEBRICKED_TOKEN: $(DEBRICKED_TOKEN)