This Action ingests SBOMs and Attestations into GUAC as part of your github workflow. Authentication is provided by GitHub's OIDC provider and a specified auth token provider. This will enable quick and easy integration to your GUAC instance with very minimal input.
For details on how to query and utilize the data upon ingestion, please see documentataion for the GUAC use cases.
This action will only work with an OAuth2 protected GUAC GraphQL API endpoint - e.g. The Kusari hosted GUAC platform.
See action.yaml
steps:
- uses: actions/checkout@v3
- uses: [Your build and SBOM/Provenance generation steps]
- uses: kusaridev/guac-ingest@v0
name: GUAC ingestion
with:
files: './spdx.json'
gql-addr: 'https://[tenant-id].api.kusari.cloud/query'
token-url: ${{ secrets.TOKENURL }}
client-id: ${{ secrets.CLIENTID }}
Required Path to directory or specific file to ingest
Required GUAC GraphQL API Endpoint - example: https://guac.instance/query
Required URL of auth token provider - example: https://token.provider/oauth2/token
Required Client ID for auth token provider - example: abcd-efgh-1234...
Raw output of the guacone command
The scripts and documentation in this project are released under the Apache License