Skip to content

mmwilder26/rkvst-sbom

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
action.yaml
action.yaml
 
 
requirements.txt
requirements.txt
 
 
sbom.py
sbom.py
 
 
software_package.py
software_package.py
 
 

Repository files navigation

rkvst-sbom

This is a Dockerized Implementation of the Code found in our Archivist Samples Repo

This can be used as a standalone container to be dropped in any pipeline, alternatively, it can be used directly as a GH Action.

Adding the rkvst-sbom to your pipeline

Generally speaking the same steps apply to all pipelines, Github Actions included:

  1. Create an App Registration in RKVST

  2. Add your CLIENT_ID and CLIENT_SECRET to your pipeline as Secrets (they will need to be passed as Env Vars to the container during operation).

How you add these secrets will be unique to your environment, here are instructions for doing this in Github.

  1. Add rkvst-sbom to your pipeline

This will also depend on the environment you work in.

For illustrative purposes here is an example from this repos workflows folder

       - uses: mmwilder26/rkvst-sbom@v0.a.3
         env:
           CLIENT_ID: ${{ secrets.CLIENT_ID }}
           CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
         with:
           command: release
           asset_id: assets/650fcc21-4d7c-43c1-a59e-37ce8f0ab1bb
           attachments: '["mwilder26-rkvst-sbom_latest.cyclonedx/mwilder26-rkvst-sbom_latest.cyclonedx"]'

In this case I am passing through the CLIENT_ID and SECRET we generated earlier as envvars but I am also passing through some other, pertinent, information as arguments to the command.

I have the type of event I'm sending (release), the ASSET_ID (assets/650fcc21-4d7c-43c1-a59e-37ce8f0ab1bb) and the name of the SBOM I know will be generated by my other steps("mwilder26-rkvst-sbom_latest.cyclonedx/mwilder26-rkvst-sbom_latest.cyclonedx").

Note that more information is required than this, but most defaults for the arguments the code requires have been set in the action.yaml which is specific to Github Actions.

If you are using your own pipeline you must ensure you provide the correct arguments to the container yourself.

To see what arguments you can use and in which order they must be presented, please see sbom.py for the direct code explanation or you can see the how we do it for real in the action.yaml.

Building with Docker

Pre-reqs:

  • Git
  • Docker
  1. Clone the Repo
git clone git@github.com:leflambeur/rkvst-sbom.git
  1. Build the Image
docker build -t <your registry here>/rkvst-sbom:latest .
  1. Use the Image!

See Adding the rkvst-sbom to your pipeline for details on how to do so.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 9

v0.a.1 Latest
Nov 30, 2021
+ 8 releases

Packages

No packages published

Languages