Skip to content
Merged

Dev #304

Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions docs/integrating-scribe/admission-controller/kyverno.md
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,10 @@ spec:
attestors:
- entries:
- certificates:
rekor:
ignoreTlog: true
ctlog:
ignoreSCT: true
certChain: |-
-----BEGIN CERTIFICATE-----
MIIF8jCCA9qgAwIBAgICEjQwDQYJKoZIhvcNAQELBQAwgY0xCzAJBgNVBAYTAklM
Expand Down
4 changes: 2 additions & 2 deletions docs/integrating-scribe/ci-integrations/github/action-bom.md
Original file line number Diff line number Diff line change
Expand Up @@ -173,15 +173,15 @@ To overcome the limitation install tool directly - **[installer](https://github.
Containerized action can be used on Linux runners as following
```yaml
- name: Generate cyclonedx json SBOM
uses: scribe-security/action-bom@v1.5.18
uses: scribe-security/action-bom@v1.5.19
with:
target: 'busybox:latest'
```

Composite Action can be used on Linux or Windows runners as following
```yaml
- name: Generate cyclonedx json SBOM
uses: scribe-security/action-bom-cli@v1.5.18
uses: scribe-security/action-bom-cli@v1.5.19
with:
target: 'hello-world:latest'
```
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -138,15 +138,15 @@ The `valint evidence` action is a versatile action designed to include various t
Containerized action can be used on Linux runners as following
```yaml
- name: Include evidence derived from a file
uses: scribe-security/action-evidence@v1.5.18
uses: scribe-security/action-evidence@v1.5.19
with:
target: some_file.json
```

Composite Action can be used on Linux or Windows runners as following
```yaml
- name: Include evidence derived from a file
uses: scribe-security/action-evidence-cli@v1.5.18
uses: scribe-security/action-evidence-cli@v1.5.19
with:
target: some_file.json
```
Expand Down
4 changes: 2 additions & 2 deletions docs/integrating-scribe/ci-integrations/github/action-slsa.md
Original file line number Diff line number Diff line change
Expand Up @@ -157,15 +157,15 @@ To overcome the limitation install tool directly - [installer](https://github.co
Containerized action can be used on Linux runners as following
```yaml
- name: Generate SLSA provenance
uses: scribe-security/action-slsa@v1.5.18
uses: scribe-security/action-slsa@v1.5.19
with:
target: 'busybox:latest'
```

Composite Action can be used on Linux or Windows runners as following
```yaml
- name: Generate cyclonedx json SBOM
uses: scribe-security/action-slsa-cli@v1.5.18
uses: scribe-security/action-slsa-cli@v1.5.19
with:
target: 'hello-world:latest'
```
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -169,15 +169,15 @@ Containerized action can be used on Linux runners as following
```yaml
- name: valint verify
id: valint_verify
uses: scribe-security/action-verify@v1.5.18
uses: scribe-security/action-verify@v1.5.19
with:
target: 'busybox:latest'
```

Composite Action can be used on Linux or Windows runners as following
```yaml
- name: Generate cyclonedx json SBOM
uses: scribe-security/action-verify-cli@v1.5.18
uses: scribe-security/action-verify-cli@v1.5.19
with:
target: 'hello-world:latest'
```
Expand Down
34 changes: 34 additions & 0 deletions docs/integrating-scribe/ci-integrations/gitlabci.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,40 @@ scribe-gitlab-job:
-P $SCRIBE_TOKEN
```

#### Using custom x509 keys

Utilizing X509 Keys on Gitlab CI.

- Prepare the X509 key in PEM format, including the Certificate and CA-chain.

- Encode the keys using the commands below:

```yaml
cat my_key.pem | base64
cat my_cert.pem | base64
cat my_ca-chain.pem | base64
```

- Store The following Secrets as project variable using **[GitLab project variable](https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project)**.

<img src='../../../../img/ci/platforms_gitlab_keys.png' alt='Signing Variables'/>

- `ATTEST_KEY_B64` Base64 encoded x509 Private key pem content, make sure to mask the value.
- `ATTEST_CERT_B64` - Base64 encoded x509 Cert pem content.
- `ATTEST_CA_B64` - Base64 encoded x509 CA Chain pem content

We recommended to base64 encode your PEM files to ensure they can be marked as protected and masked.

> Explore additional signing options in the [attestations](https://scribe-security.netlify.app/docs/valint/attestations) section.

Lastly Use the masked environment variables with Valint by decoding them:
```yaml
- export ATTEST_KEY=$(echo $ATTEST_KEY_B64 | base64 -d | tr -d '\r' )
- export ATTEST_CERT=$(echo $ATTEST_CERT_B64 | base64 -d | tr -d '\r' )
- export ATTEST_CA=$(echo $ATTEST_CA_B64 | base64 -d | tr -d '\r' )
- valint bom my_image:latest -o attest
```

#### Basic example

```yaml
Expand Down
6 changes: 3 additions & 3 deletions docs/integrating-scribe/ci-integrations/jenkins.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ The token is a secret and will not be accessible from the UI after you finalize
3. In the **Global credentials** section, click **+ Add Credentials**. A new **Credentials** form opens.
<img src="/img/start/jenkins-add-credentials.jpg" alt="Jenkins Add Credentials"/>

4. Copy the Scribe Hub API Token to the **Password** field and set the username to `SCRIBE_CLIENT_ID`.
4. Copy the Scribe Hub API Token to the **Password**, and **Username** with anything:
<img src="/img/start/jenkins-username.jpg" alt="Jenkins Credentials Username/Password"/>

5. Set **ID** to `scribe-auth-id` (lowercase).
5. Set **ID** to `scribe-auth-id` (lowercase)
<img src="/img/start/jenkins-auth-id.jpg" alt="Jenkins Credentials ID"/>

6. Click **Create**.
Expand Down Expand Up @@ -80,7 +80,7 @@ pipeline {
valint bom busybox:latest \
--context-type jenkins \
--output-directory ./scribe/valint \
-P $SCRIBE_API_TOKEN
-P $SCRIBE_TOKEN
'''
}
}
Expand Down
Loading