From 4ea694b9bb633bd4861af8805ce27012f5459e7d Mon Sep 17 00:00:00 2001
From: Leopold Cramer <50141172+Leopold-Cramer@users.noreply.github.com>
Date: Fri, 22 Aug 2025 14:26:03 +0200
Subject: [PATCH] Create track_dependencies.yml

---
 .github/workflows/track_dependencies.yml | 31 ++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 .github/workflows/track_dependencies.yml

diff --git a/.github/workflows/track_dependencies.yml b/.github/workflows/track_dependencies.yml
new file mode 100644
index 000000000..e358aed57
--- /dev/null
+++ b/.github/workflows/track_dependencies.yml
@@ -0,0 +1,31 @@
+name: Track Dependencies
+
+on:
+  push:
+    branches:
+      - main
+      
+jobs:
+  generate-sbom:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install CycloneDX
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install cyclonedx-bom
+      - name: Install project
+        run: |
+          python -m venv .venv
+          .venv/bin/pip install -r requirements.txt
+      - name: Generate SBOM file
+        run: |
+          cyclonedx-py environment .venv --output-file sbom.json
+      - name: Upload cyclonedx bom to dependency
+        uses: DependencyTrack/gh-upload-sbom@v3
+        with:
+          serverhostname: ${{ secrets.DEPENDENCY_TRACK_SERVER_HOSTNAME }}
+          apikey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
+          project: '5494feb7-3a34-458a-96f7-1892b6364dd0'
+          bomfilename: 'sbom.json'
+