Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bom analysis tool deployment docs #69

Merged
merged 2 commits into from
Nov 23, 2020
Merged

bom analysis tool deployment docs #69

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
41bead8
bom analysis tool deployment docs
sigu Nov 17, 2020
2097327
Merge branch 'develop' of github.com:sparrell/SbomPoc-sFractal into t…
sigu Nov 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,11 +52,15 @@ sbom Create SBOM file for hex and npm deps
## Generating SBOM file
To generate an sbom file, use the make task `make sbom` to generate an `sbom.xml` file on the project root
## BOM analysis tool
If you want to deploy your own bom analysis tool, you can [follow this instructions](./docs/dependancy-tracker.md) to get set up
## Deployment to GCP
Instructions to deployment can be found on [deployment docs](./docs/deployment.md)
## Adding status
You can add your project status as markdown content by adding a markdown file to the `/status` directory.
Expand Down
30 changes: 30 additions & 0 deletions docs/dependancy-tracker.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Dependancy track
Dependency-Track is an intelligent Software Supply Chain Component Analysis platform
that allows organizations to identify and reduce risk from the use of third-party and open source components

## Deployment of the tracker to a virtual machine
Owasp provides a [docker image](https://hub.docker.com/r/owasp/dependency-track) that can be used to do deploy the application on to a virtual machine.

1. Create a virtual machine with the following specifications:

| Minimum | Recommended |
|-------------|-------------|
| 4.5GB RAM | 16GB RAM |
| 2 CPU cores | 4 CPU cores |

2. SSH into the virtual machine created
3. Install docker and ensure its running
4. run the following commands in sequence to start the tracker

```shell
docker pull owasp/dependency-track
docker volume create --name dependency-track
docker run -d -m 8192m -p 8080:8080 --name dependency-track -v dependency-track:/data owasp/dependency-track
```
## Running on your local machine
It is possible to run the tracker on your local computer but you should note that it requires a significant resources as listed above.
If you have docker running your computer, run the commands on step 4 above to get the tracker running

## Troubleshooting
The commands above have been picked directly from [owasp docker image page](https://hub.docker.com/r/owasp/dependency-track) so if you
are having trouble, visit that page to ensure the commands and requirements above are not outdated