Skip to main content

CircleCI

Use the following instructions to integrate your CircleCI with Scribe.

1. Obtain a Scribe Hub API Token

  1. Sign in to Scribe Hub. If you don't have an account you can sign up for free here.

  2. Create a API token in Scribe Hub > Settings > Tokens. Copy it to a safe temporary notepad until you complete the integration.

Important

The token is a secret and will not be accessible from the UI after you finalize the token generation.

2. Add the API token to the CircleCI secrtes

Add the Scribe Hub API token as SCRIBE_TOKEN to your CircleCI environment by following the CircleCI environment variables instructions

3. Install Scribe CLI and usage

Valint(Scribe CLI) is required to generate evidence in such as SBOMs and SLSA provenance. Installation instructions and usage examples can be found on the Scribe Security Orb page

Alternative evidence stores

You can learn more about alternative stores here.

OCI Evidence store

Valint supports both storage and verification flows for attestations and statement objects utilizing OCI registry as an evidence store.

Using OCI registry as an evidence store allows you to upload, download and verify evidence across your supply chain in a seamless manner.

Related flags:

  • oci Enable OCI store.
  • oci-repo - Evidence store location.

Before you begin

Evidence can be stored in any accusable registry.

  • Write access is required for upload (generate).
  • Read access is required for download (verify).

You must first login with the required access privileges to your registry before calling Valint. For example, using docker login command or circle orbs.

Scribe CircleCI Orbs

CircleCI 'Orbs' are shareable packages of CircleCI configuration code snippets. They are often shared in a registry and used to simplify configuration of builds on CircleCI. Scribe offers custom CircleCI Orbs for easier integration of CircleCI workflows with Scribe Hub. The custom Orbs are used for evidence collection and integrity verification in your workflows.

Resources