Integrating Scribe with Other CI Systems
Before you begin
Integrating Scribe Hub requires the following credentials that are found in the product setup dialog (In your Scribe Hub go to Home>Products>[$product]>Setup)
- product key
- client id
- client secret
Note that the product key is unique per product, while the client id and secret are unique for your account.
- Open your Unix based command line interface (CLI), such as bash.
- Download the Scribe valint CLI tool
curl -sSfL https://get.scribesecurity.com/install.sh | sh -s -- -t valint
Add the credentials to your CI system. Here is an example for setting your client id credential as an environment variable:
Replace <client_id> with the client id value you received from Scribe Hub. In the same way you can add the client secret and the product key as environment variables.
valintfrom your build script.
These are the two points for adding Scribe Hub code:
- Source Code Checkout: Calling
valintat this point will collect evidence from the source code files hash values to facilitate the Scribe integrity validation. This is an important yet an optional point.
$HOME/.scribe/bin/valint bom dir:<path> --product-key=$PRODUCT_KEY --scribe.client-id=$CLIENT_ID \
--scribe.client-secret=$CLIENT_SECRET -E -f -v
- Final built image: Generating SBOM right after the final Docker image is created. This is the main and mandatory point.
$HOME/.scribe/bin/valint bom <your_docker_repository:tag> --product-key=$PRODUCT_KEY \
--scribe.client-id=$CLIENT_ID --scribe.client-secret=$CLIENT_SECRET -E -f -v