Integrating Scribe with Other CI Systems

Before you begin

Integrating Scribe Hub requires the following credentials that are found in the product setup dialog (In your Scribe Hub go to Home>Products>[$product]>Setup)

• product key
• client id
• client secret

Note that the product key is unique per product, while the client id and secret are unique for your account.

Procedure

1. Download valint

   • Open your Unix based command line interface (CLI), such as bash.
   • Download the Scribe valint CLI tool

     curl -sSfL https://get.scribesecurity.com/install.sh  | sh -s -- -t valint

2. Add the credentials to your CI system. Here is an example for setting your client id credential as an environment variable:

   export CLIENT_ID=<client-id>
   export PRODUCT_KEY=<product-key>
   export CLIENT_SECRET=<client-secret>

   Replace <client_id> with the client id value you received from Scribe Hub. In the same way you can add the client secret and the product key as environment variables.

3. Call Scribe valint from your build script.

   These are the two points for adding Scribe Hub code:

• Source Code Checkout: Calling valint at this point will collect evidence from the source code files hash values to facilitate the Scribe integrity validation. This is an important yet an optional point.

$HOME/.scribe/bin/valint bom dir:<path> --product-key=$PRODUCT_KEY --scribe.client-id=$CLIENT_ID \
--scribe.client-secret=$CLIENT_SECRET -E -f -v

• Final built image: Generating SBOM right after the final Docker image is created. This is the main and mandatory point.

   $HOME/.scribe/bin/valint bom <your_docker_repository:tag> --product-key=$PRODUCT_KEY \
--scribe.client-id=$CLIENT_ID --scribe.client-secret=$CLIENT_SECRET -E -f -v