This Action ingests SBOMs and Attestations into the Kusari hosted GUAC platform as part of your github workflow. This will enable quick and easy integration to your GUAC instance with very minimal input.
Authentication credentials (client-id, client-secret) are provided by the Kusari team.
For details on how to query and utilize the data upon ingestion, please see documentataion for the GUAC use cases.
See action.yaml
steps:
- uses: actions/checkout@v4
- uses: [Your build and SBOM/Provenance generation steps]
- uses: kusaridev/guac-ingest@v0
name: GUAC Ingestion
with:
files: './spdx.json'
api-addr: 'https://[kusari-tenant-id].api.us.kusari.cloud'
client-id: ${{ secrets.KUSARI_CLIENT_ID }}
client-secret: ${{ secrets.KUSARI_CLIENT_SECRET }}Required - Path to directory or specific file to ingest
Required - Kusari hosted GUAC tenant api endpoint
Required - Client id for auth token provider
Required - Client secret for auth token provider
Url for auth token provider
Raw output of the kusari-uploader command
The scripts and documentation in this project are released under the Apache License