dependency-track
dependency-track copied to clipboard
DependencyTrack
Generate Excel Report on project analysis
Generate a Project report in the format of Excel to present the business for more analysis of the project.
Current Behavior:
Dependency track application does not provide and Report export in any format.
Proposed Behavior:
Implements new Rest API to generate reports in the format of Excel for the project with the components and analysis data.
Pl. Review the Sample code implemented on the Repository https://github.com/rvsoni/dependency-track and provide the comments to improve it and make it eligible to marge to the main project
Sample Excel Report export file: (Report is zipped) DTrack.zip
Thanks, Ravi
@stevespringett
Thanks for considering this request, I just started the implementation of the code to generate reports, it's a very early stage as of now, but was able to create an Excel report from this,
I am looking forward to working with you and can contribute to all code fix require for this implementation.
Currently, you can test report export using the Swagger Browse extension as follow.
Ravi
Hi, I think this is definitely a must-have. When do you think you could wrap it up? BR Gregory
@zg2pro I added the sample of code, I can improve it as per the API implements, my hands' bit sort in GUI development, someone else needs to take care.
I can make it more perfect and can give you the testing build to try.
Pl. let me know, what kind of different excel export need to support.
Ravi.
Hi @rvsoni Unfortunately I have no spare time to work with you. I can just mention I have seen a company exporting the report using screenshots taken by selenium... therefore your idea would be totally appreciated when dependency-track merges it and makes it available in a next version. Greg
That's great, I would try to finish the work ASAP. and would make a one report ready,
As of now, I am implementing the API, which also can be called from the command line and can export reports.
Pl, add the details of any other kind of reports you would like to see as Excel export.
Ravi
As an aide-memoire, to build the rsvoni fork with Excel reporting on an Ubuntu system there are a few steps to perform before the maven command will work without errors.
- If you have not installed Maven, install Maven - sudo apt install maven
- Download the Apache-poi library "poi-bin-5.2.1" or later from Apache (https://poi.apache.org/download.html). Note if the poi version is later than 5.2.1, you need to replace 5.2.1 with it in the following steps.
- Unpack it to a temporary directory - e.g. ~/Downloads/poi-bin-5.2.1
- Create the following sub-directories in your .M2 directory ~/.m2/repository/org/apache/poi ~/.m2/repository/org/apache/poi/poi ~/.m2/repository/org/apache/poi/poi/5.2.1 ~/.m2/repository/org/apache/poi/poi-ooxml ~/.m2/repository/org/apache/poi/poi-ooxml/5.2.1
- Copy poi-5.2.1.jar from ~/Downloads/poi-bin-5.2.1 into ~/.m2/repository/org/apache/poi/poi/5.2.1
- Copy poi-ooxml-5.2.1.jar from ~/Downloads/poi-bin-5.2.1 into ~/.m2/repository/org/apache/poi/poi-ooxml/5.2.1
- Download the DT fork a from github and unpack it to a temporary directory - e.g. ~/Downloads/DT
- Edit the pom.xml file in ~/Downloads/DT and add 2 dependencies at the bottom of the pom dependencies section as follows then save the updated pom.xml file.
- Change directory to temporary directory created by Step 7 (e.g. ~/Downloads/DT) and invoke the maven build command - "mvn clean package -P embedded-jetty -P bundle-ui -Dlogback.configuration.file=src/main/docker/logback.xml"
The resulting JAR can be invoked from the command line using "java -Xmx4G -jar ./dependency-track-bundled.jar", but ideally it should be added to a docker container. Warning - when the JAR is first run it will download a large amount of data from NVD...subsequent runs will download updates if the NVD data has changed.
@higginsm99 Thanks for reporting steps to make a build,
When I was codding Excel report, the POI dependency was coming from Alpine (https://github.com/stevespringett/Alpine)
https://github.com/DependencyTrack/dependency-track/releases/download/4.0.0/bom.json
Some changes into Alpine project, remove POI dependency,
Thanks for documenting the build process, this code is kind of ready to use, I am not much of a UI developer, and don't know the VUI development. so have not build the UI, the code is simple and all ready to use,
Code execution is already demonstrated using the Swagger Browse extension
If any plan to make this PR accepted, I can start working on the code cleanup and other requirements fulfilments on a priority basis, to make it ready.
Ravi
Firstly, I would like to appreciate @stevespringett for introducing Cyclonedx - Dependency Track it's so helpful in work, as above Conversion is that possible to generate report in excel from Dependency Track, if yes could you make a video on it, usually i used get a lot from your videos if you make a video on it , it is very helpful.
hi @higginsm99 can we follow the same steps to generate report in excel format for NPM & Windows projects ? , if not pls guide how to generate report in excel format.
@JohnU777 Yes, you can use my code and can add to the Dependency track code build, and a rest API would give you the export of data into Excel,
A Code that generates an Excel report from Dependency Track. https://github.com/rvsoni/dependency-track/blob/master/src/main/java/org/dependencytrack/resources/v1/Reports.java
I'm also looking for a reporting solution, a way to export (or extend the actual dashboard) to show all the components identified in all the projects and the related licenses, policies, and vulnerabilities... Did anyone already configure anything like it?
Hello, so how is it going on about that report? Is it available to export some kind of PDF file or JSON file? For example Report of outdated components in our project??
