Setting up Scribe protection in your CI pipeline
Adding code snippets to your Continuous Integration (CI) pipeline that call Scribe's tool, Valint, automates the process of generating SBOMs and analysis reports for your builds. You may also use Scribe's tool to generate SLSA provenance for your final artifact. If you're using GitHub then integrating the ScribeApp with your organizational GitHub account will allow you to get SSDF and SLSA compliance reports about your build.
The following scheme demonstrates the points on your CI pipeline to enter the code snippets calling Scribe's tool:
Supported CIs
Currently, Scribe natively supports the following CI setups:
If you have another CI, you can integrate it using these Generic CI integration instructions.