aherman
/
packer
mirror of https://github.com/hashicorp/packer
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2e609231b4'
${ noResults }
packer/website/content/docs/provisioners/hcp-sbom.mdx

137 lines
2.8 KiB
Raw Blame History

---
description: |
The hcp-sbom Packer provisioner uploads a CycloneDX or SPDX JSON-formatted software bill of materials record to HCP Packer.
page_title: HCP SBOM - Provisioners
---
<BadgesHeader>
<PluginBadge type="official"/>
</BadgesHeader>
# HCP SBOM Provisioner
Type: `hcp-sbom`
The `hcp-sbom` provisioner uploads software bill of materials (SBOM) files from artifacts built by Packer to HCP Packer. You must format SBOM files you want to upload as JSON and follow either the [SPDX](https://spdx.github.io/spdx-spec/latest) or [CycloneDX](https://cyclonedx.org/) specification. HCP Packer ties these SBOM files to the version of the artifact that Packer builds.
## Example
The following example uploads an SBOM from the local `/tmp` directory and stores a copy at `./sbom/sbom_cyclonedx.json` on the local machine.
<Tabs>
<Tab heading="HCL2">
```hcl
provisioner "hcp-sbom" {
source = "/tmp/sbom_cyclonedx.json"
destination = "./sbom/sbom_cyclonedx.json"
sbom_name = "sbom-cyclonedx"
}
```
</Tab>
<Tab heading="JSON">
```json
{
"type": "hcp-sbom",
"source": "/tmp/sbom_cyclonedx.json",
"destination": "./sbom/sbom_cyclonedx.json",
"sbom_name": "sbom-cyclonedx"
}
```
</Tab>
</Tabs>
## Configuration reference
You can specify the following configuration options.
Required parameters:
@include 'provisioner/hcp-sbom/Config-required.mdx'
Optional parameters:
@include '/provisioner/hcp-sbom/Config-not-required.mdx'
## Example usage
<Tabs>
<Tab heading="HCL2">
```hcl
packer {
required_plugins {
docker = {
version = ">= 1.0.0"
source = "github.com/hashicorp/docker"
}
}
}
source "docker" "ubuntu" {
image = "ubuntu:20.04"
commit = true
}
build {
sources = ["source.docker.ubuntu"]
hcp_packer_registry {
bucket_name = "test-bucket"
}
provisioner "shell" {
inline = [
"apt-get update -y",
"apt-get install -y curl gpg",
"bash -c \"$(curl -sSL https://install.mondoo.com/sh)\"",
"cnquery sbom --output cyclonedx-json --output-target /tmp/sbom_cyclonedx.json",
]
}
provisioner "hcp-sbom" {
source = "/tmp/sbom_cyclonedx.json"
destination = "./sbom"
sbom_name = "sbom-cyclonedx"
}
}
```
</Tab>
<Tab heading="JSON">
```json
{
"builders": [
{
"type": "docker",
"image": "ubuntu:20.04",
"commit": true
}
],
"provisioners": [
{
"type": "shell",
"inline": [
"apt-get update -y",
"apt-get install -y curl",
"bash -c \"$(curl -sSL https://install.mondoo.com/sh)\"",
"cnquery sbom --output cyclonedx-json --output-target /tmp/sbom_cyclonedx.json"
]
},
{
"type": "hcp-sbom",
"source": "/tmp/sbom_cyclonedx.json",
"destination": "./sbom",
"sbom_name": "sbom-cyclonedx"
}
]
}
```
</Tab>
</Tabs>
Reference in new issue View Git Blame Copy Permalink