This Action ingests SBOMs and Attestations into the Kusari hosted GUAC platform as part of your github workflow. This will enable quick and easy integration to your GUAC instance with very minimal input.

Authentication credentials (client-id, client-secret) are provided by the Kusari team.

For details on how to query and utilize the data upon ingestion, please see documentataion for the GUAC use cases.

See action.yaml

steps:
  - uses: actions/checkout@v4

  - uses: [Your build and SBOM/Provenance generation steps]

  - uses: kusaridev/guac-ingest@v0
    name: GUAC Ingestion
    with:
      files: './spdx.json'
      api-addr: 'https://[kusari-tenant-id].api.us.kusari.cloud'
      client-id: ${{ secrets.KUSARI_CLIENT_ID }}
      client-secret: ${{ secrets.KUSARI_CLIENT_SECRET }}

Required - Path to directory or specific file to ingest

Required - Kusari hosted GUAC tenant api endpoint

Required - Client id for auth token provider

Required - Client secret for auth token provider

Url for auth token provider

Raw output of the kusari-uploader command

The scripts and documentation in this project are released under the Apache License