This is a python based CLI to submit project information, including a CycloneDX compliant SBOM, to your LeanIX VSM workspace via the Service Discovery API.
Primarily used for submitting an SBOM during your CI/CD pipeline, but can be used to submit additional data during various stages of development and deployment, such as version numbers, testing results, code quality, and deployment times.
Assuming your python packages are on your system $PATH variable, this can be run like any other bash tool just by calling lx-vsm-py. Arguments can be seen by running lx-vsm-py --help. This script uses the arguments to authenticate with your workspace to submit the other arguments and (optional) SBOM to the Service Discovery API. See the next section for detailed instructions.
- Clone this repository to your computer
- Run
python setup.py sdist && pip install dist/lx-vsm-py-1.0.tar.gzto build and install this utility to your local python installation globally. - Add a file to your python project called
lx-vsm-py.shwith the following contents:
cyclonedx-py -e -F --format json -o sbom.json && lx-vsm-py --sbom-path sbom.json --api-token $VSM_TOKEN --region us --host demo-us- Update the region, host, and api-token for your instance of VSM
- Run
./lx-vsm-py.shto update your service in VSM
This project is licensed under the MIT License
Start with the VSM Documentation, or feel free to contact LeanIX Support for anything else.