Skip to content

Github Action for ingesting SBOMs and Attestations into GUAC

License

Notifications You must be signed in to change notification settings

kusaridev/guac-ingest

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 

Repository files navigation

guac-ingest Action

This Action ingests SBOMs and Attestations into the Kusari hosted GUAC platform as part of your github workflow. This will enable quick and easy integration to your GUAC instance with very minimal input.

Authentication credentials (client-id, client-secret) are provided by the Kusari team.

For details on how to query and utilize the data upon ingestion, please see documentataion for the GUAC use cases.

Usage

See action.yaml

steps:
  - uses: actions/checkout@v4

  - uses: [Your build and SBOM/Provenance generation steps]

  - uses: kusaridev/guac-ingest@v0
    name: GUAC Ingestion
    with:
      files: './spdx.json'
      api-addr: 'https://[kusari-tenant-id].api.us.kusari.cloud'
      client-id: ${{ secrets.KUSARI_CLIENT_ID }}
      client-secret: ${{ secrets.KUSARI_CLIENT_SECRET }}

Inputs

files

Required - Path to directory or specific file to ingest

api-addr

Required - Kusari hosted GUAC tenant api endpoint

client-id

Required - Client id for auth token provider

client-secret

Required - Client secret for auth token provider

token-url

Url for auth token provider

Outputs

console_out

Raw output of the kusari-uploader command

License

The scripts and documentation in this project are released under the Apache License

About

Github Action for ingesting SBOMs and Attestations into GUAC

Resources

License

Stars

Watchers

Forks

Packages

No packages published