nais
diff --git a/‎.gitignore
+4 b/‎.gitignore
+4
diff --git a/‎.tool-versions
+4-2 b/‎.tool-versions
+4-2
diff --git a/‎Makefile
+15-1 b/‎Makefile
+15-1
diff --git a/‎cmd/api/main.go
+17-1 b/‎cmd/api/main.go
+17-1
diff --git a/‎cmd/client/main.go
+2-1 b/‎cmd/client/main.go
+2-1
diff --git a/‎go.mod
+21-2 b/‎go.mod
+21-2
diff --git a/‎go.sum
+175 b/‎go.sum
+175
diff --git a/‎internal/dependencytrack/client/.gitignore
+24 b/‎internal/dependencytrack/client/.gitignore
+24
diff --git a/‎internal/dependencytrack/client/.openapi-generator-ignore
+23 b/‎internal/dependencytrack/client/.openapi-generator-ignore
+23
diff --git a/‎internal/dependencytrack/client/.openapi-generator/FILES
+212 b/‎internal/dependencytrack/client/.openapi-generator/FILES
+212
diff --git a/‎internal/dependencytrack/client/.openapi-generator/VERSION
+1 b/‎internal/dependencytrack/client/.openapi-generator/VERSION
+1
@@ -1,2 +1,6 @@
 /.idea/
 bin/
+/internal/dependencytrack/client/.travis.yml
+/internal/dependencytrack/client/git_push.sh
+/internal/dependencytrack/client/go.mo
+.env
@@ -1,2 +1,4 @@
-protoc-gen-go 1.36.2
-protoc-gen-go-grpc 1.3.0
+golang 1.23.5
+protoc-gen-go-grpc 1.5.1
+protoc-gen-go 1.36.3
+protoc 29.3
@@ -8,6 +8,20 @@ generate-proto:
 build:
 	go build -o bin/api ./cmd/api
 
-fmt: prettier
+fmt:
 	go run mvdan.cc/gofumpt@latest -w ./
 
+generate_dp_track:
+	@echo "Generating Go code from the OpenAPI specification..."
+	@openapi-generator generate \
+        -i schema/dtrack.json \
+        -g go \
+        -o internal/dependencytrack/client \
+        --global-property apiTests=false,modelTests=false \
+        --package-name client \
+        --additional-properties=withGoMod=false \
+        --additional-properties=packageName=client || { \
+			echo "Error: openapi-generator is not installed or failed to execute."; \
+			echo "Please visit https://openapi-generator.tech/docs/installation/ for installation instructions."; \
+			exit 1; \
+		}
@@ -1,6 +1,9 @@
 package main
 
 import (
+	"fmt"
+	"github.com/joho/godotenv"
+	"github.com/nais/v13s/internal/dependencytrack"
 	"github.com/nais/v13s/internal/server"
 	"github.com/nais/v13s/pkg/api/vulnerabilities"
 	"google.golang.org/grpc"
@@ -12,13 +15,26 @@ import (
 )
 
 func main() {
+	err := godotenv.Load()
+	if err != nil {
+		fmt.Println("No .env file found")
+	}
+
 	listener, err := net.Listen("tcp", ":50051")
 	if err != nil {
 		log.Fatalf("Failed to listen: %v", err)
 	}
 
 	grpcServer := grpc.NewServer()
-	vulnerabilities.RegisterVulnerabilitiesServer(grpcServer, &server.Server{})
+	dpClient, err := dependencytrack.NewClient(
+		os.Getenv("V13S_DEPENDENCYTRACK_API_KEY"),
+		os.Getenv("V13S_DEPENDENCYTRACK_URL"),
+	)
+	if err != nil {
+		log.Fatalf("Failed to create DependencyTrack client: %v", err)
+	}
+
+	vulnerabilities.RegisterVulnerabilitiesServer(grpcServer, &server.Server{DpClient: dpClient})
 
 	stop := make(chan os.Signal, 1)
 	signal.Notify(stop, os.Interrupt, syscall.SIGTERM)
 
@@ -19,7 +19,8 @@ func main() {
 
 	resp, err := c.ListVulnerabilitySummaries(
 		context.Background(),
-		vulnerabilities.ClusterFilter("cluster-1"),
+		vulnerabilities.NamespaceFilter("nais-system"),
+		vulnerabilities.WorkloadTypeFilter("app"),
 	)
 	handle(resp, err)
 }
 
@@ -1,15 +1,34 @@
 module github.com/nais/v13s
 
-go 1.23.1
+go 1.23.5
 
 require (
+	github.com/joho/godotenv v1.5.1
 	google.golang.org/grpc v1.69.4
-	google.golang.org/protobuf v1.36.2
+	google.golang.org/protobuf v1.36.3
 )
 
 require (
+	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
+	github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 // indirect
+	github.com/getkin/kin-openapi v0.127.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/invopop/yaml v0.3.1 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
+	github.com/perimeterx/marshmallow v1.1.5 // indirect
+	github.com/speakeasy-api/openapi-overlay v0.9.0 // indirect
+	github.com/vmware-labs/yaml-jsonpath v0.3.2 // indirect
+	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/net v0.30.0 // indirect
 	golang.org/x/sys v0.26.0 // indirect
 	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
@@ -0,0 +1,24 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
@@ -0,0 +1,23 @@
+# OpenAPI Generator Ignore
+# Generated by openapi-generator https://github.com/openapitools/openapi-generator
+
+# Use this file to prevent files from being overwritten by the generator.
+# The patterns follow closely to .gitignore or .dockerignore.
+
+# As an example, the C# client generator defines ApiClient.cs.
+# You can make changes and tell OpenAPI Generator to ignore just this file by uncommenting the following line:
+#ApiClient.cs
+
+# You can match any string of characters against a directory, file or extension with a single asterisk (*):
+#foo/*/qux
+# The above matches foo/bar/qux and foo/baz/qux, but not foo/bar/baz/qux
+
+# You can recursively match patterns against a directory, file or extension with a double asterisk (**):
+#foo/**/qux
+# This matches foo/bar/qux, foo/baz/qux, and foo/bar/baz/qux
+
+# You can also negate patterns with an exclamation (!).
+# For example, you can ignore all files in a docs folder with the file extension .md:
+#docs/*.md
+# Then explicitly reverse the ignore rule for a single file:
+#!docs/README.md
@@ -0,0 +1,212 @@
+.gitignore
+.openapi-generator-ignore
+.travis.yml
+README.md
+api/openapi.yaml
+api_acl.go
+api_analysis.go
+api_badge.go
+api_bom.go
+api_calculator.go
+api_component.go
+api_component_property.go
+api_config_property.go
+api_cwe.go
+api_dependency_graph.go
+api_event.go
+api_finding.go
+api_integration.go
+api_ldap.go
+api_license.go
+api_license_group.go
+api_metrics.go
+api_notification.go
+api_oidc.go
+api_permission.go
+api_policy.go
+api_policy_condition.go
+api_project.go
+api_project_property.go
+api_repository.go
+api_search.go
+api_service.go
+api_tag.go
+api_team.go
+api_user.go
+api_version.go
+api_vex.go
+api_violation.go
+api_violationanalysis.go
+api_vulnerability.go
+client.go
+configuration.go
+docs/About.md
+docs/AclAPI.md
+docs/AclMappingRequest.md
+docs/AffectedComponent.md
+docs/AffectedVersionAttribution.md
+docs/Analysis.md
+docs/AnalysisAPI.md
+docs/AnalysisComment.md
+docs/AnalysisRequest.md
+docs/ApiKey.md
+docs/BadgeAPI.md
+docs/BomAPI.md
+docs/BomSubmitRequest.md
+docs/BomUploadResponse.md
+docs/CalculatorAPI.md
+docs/CloneProjectRequest.md
+docs/Component.md
+docs/ComponentAPI.md
+docs/ComponentProperty.md
+docs/ComponentPropertyAPI.md
+docs/ConfigProperty.md
+docs/ConfigPropertyAPI.md
+docs/Cwe.md
+docs/CweAPI.md
+docs/DataClassification.md
+docs/DependencyGraphAPI.md
+docs/DependencyGraphResponse.md
+docs/DependencyMetrics.md
+docs/EventAPI.md
+docs/ExternalReference.md
+docs/Finding.md
+docs/FindingAPI.md
+docs/FindingAttribution.md
+docs/Framework.md
+docs/GroupedFinding.md
+docs/IdentifiableObject.md
+docs/IntegrationAPI.md
+docs/InvalidBomProblemDetails.md
+docs/IsTokenBeingProcessedResponse.md
+docs/LdapAPI.md
+docs/LdapUser.md
+docs/License.md
+docs/LicenseAPI.md
+docs/LicenseGroup.md
+docs/LicenseGroupAPI.md
+docs/ManagedUser.md
+docs/MappedLdapGroup.md
+docs/MappedLdapGroupRequest.md
+docs/MappedOidcGroup.md
+docs/MappedOidcGroupRequest.md
+docs/MetricsAPI.md
+docs/NotificationAPI.md
+docs/NotificationPublisher.md
+docs/NotificationRule.md
+docs/OidcAPI.md
+docs/OidcGroup.md
+docs/OidcUser.md
+docs/OrganizationalContact.md
+docs/OrganizationalEntity.md
+docs/Permission.md
+docs/PermissionAPI.md
+docs/Policy.md
+docs/PolicyAPI.md
+docs/PolicyCondition.md
+docs/PolicyConditionAPI.md
+docs/PolicyViolation.md
+docs/PortfolioMetrics.md
+docs/Project.md
+docs/ProjectAPI.md
+docs/ProjectMetadata.md
+docs/ProjectMetrics.md
+docs/ProjectProperty.md
+docs/ProjectPropertyAPI.md
+docs/ProjectVersion.md
+docs/Repository.md
+docs/RepositoryAPI.md
+docs/RepositoryMetaComponent.md
+docs/Score.md
+docs/SearchAPI.md
+docs/SearchResult.md
+docs/ServiceAPI.md
+docs/ServiceComponent.md
+docs/Tag.md
+docs/TagAPI.md
+docs/Team.md
+docs/TeamAPI.md
+docs/TeamSelfResponse.md
+docs/UserAPI.md
+docs/UserPrincipal.md
+docs/VersionAPI.md
+docs/VexAPI.md
+docs/VexSubmitRequest.md
+docs/ViolationAPI.md
+docs/ViolationAnalysis.md
+docs/ViolationAnalysisComment.md
+docs/ViolationAnalysisRequest.md
+docs/ViolationanalysisAPI.md
+docs/Vulnerability.md
+docs/VulnerabilityAPI.md
+docs/VulnerabilityAlias.md
+docs/VulnerabilityMetrics.md
+git_push.sh
+model_about.go
+model_acl_mapping_request.go
+model_affected_component.go
+model_affected_version_attribution.go
+model_analysis.go
+model_analysis_comment.go
+model_analysis_request.go
+model_api_key.go
+model_bom_submit_request.go
+model_bom_upload_response.go
+model_clone_project_request.go
+model_component.go
+model_component_property.go
+model_config_property.go
+model_cwe.go
+model_data_classification.go
+model_dependency_graph_response.go
+model_dependency_metrics.go
+model_external_reference.go
+model_finding.go
+model_finding_attribution.go
+model_framework.go
+model_grouped_finding.go
+model_identifiable_object.go
+model_invalid_bom_problem_details.go
+model_is_token_being_processed_response.go
+model_ldap_user.go
+model_license.go
+model_license_group.go
+model_managed_user.go
+model_mapped_ldap_group.go
+model_mapped_ldap_group_request.go
+model_mapped_oidc_group.go
+model_mapped_oidc_group_request.go
+model_notification_publisher.go
+model_notification_rule.go
+model_oidc_group.go
+model_oidc_user.go
+model_organizational_contact.go
+model_organizational_entity.go
+model_permission.go
+model_policy.go
+model_policy_condition.go
+model_policy_violation.go
+model_portfolio_metrics.go
+model_project.go
+model_project_metadata.go
+model_project_metrics.go
+model_project_property.go
+model_project_version.go
+model_repository.go
+model_repository_meta_component.go
+model_score.go
+model_search_result.go
+model_service_component.go
+model_tag.go
+model_team.go
+model_team_self_response.go
+model_user_principal.go
+model_vex_submit_request.go
+model_violation_analysis.go
+model_violation_analysis_comment.go
+model_violation_analysis_request.go
+model_vulnerability.go
+model_vulnerability_alias.go
+model_vulnerability_metrics.go
+response.go
+utils.go
@@ -0,0 +1 @@
+7.10.0
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,8 @@ func main() {`
`19`	`19`
`20`	`20`	`resp, err := c.ListVulnerabilitySummaries(`
`21`	`21`	`context.Background(),`
`22`		`- vulnerabilities.ClusterFilter("cluster-1"),`
	`22`	`+ vulnerabilities.NamespaceFilter("nais-system"),`
	`23`	`+ vulnerabilities.WorkloadTypeFilter("app"),`
`23`	`24`	`)`
`24`	`25`	`handle(resp, err)`
`25`	`26`	`}`