Integrating Scribe with Other CI Systems

Use the following instructions to integrate Scribe with your local host or with any CI platform that has no specific reference in Scribe's documentation.

1. Obtain a Scribe Hub API Token

Sign in to Scribe Hub. If you don't have an account you can sign up for free here.
Create a API token in Scribe Hub > Settings > Tokens. Copy it to a safe temporary notepad until you complete the integration.
Important
The token is a secret and will not be accessible from the UI after you finalize the token generation.

2. Add the API token to your environemnt

export SCRIBE_TOKEN=<scribe_api_token>

Replace '<scribe_api_token>' with the token you obtained in the previous step.

3. Download Scribe CLI

Valint -Scribe CLI- is required to generate evidence in such as SBOMs and SLSA provenance.

curl -sSfL https://get.scribesecurity.com/install.sh  | sh -s -- -t valint

4. Instrument your build scripts

Call Valint from your build script.

At Checkout: Generate an SBOM of the source code.

$HOME/.scribe/bin/valint bom dir:<path> --scribe.client-id=$CLIENT-ID \
--scribe.client-secret=$CLIENT-SECRET -E -f

At the end of a build: Generate SBOM of the built image is created.

   $HOME/.scribe/bin/valint bom <your_docker_repository:tag> -P $SCRIBE_TOKEN -E -f

1. Obtain a Scribe Hub API Token​

2. Add the API token to your environemnt​

3. Download Scribe CLI​

4. Instrument your build scripts​

1. Obtain a Scribe Hub API Token

2. Add the API token to your environemnt

3. Download Scribe CLI

4. Instrument your build scripts