-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Included docs for GUACCollect #121
base: main
Are you sure you want to change the base?
Conversation
* Fixes guacsec#120 * I used an image of the mermaid diagram because I don't know whether guac-docs supports mermaid diagrams Signed-off-by: nathannaveen <[email protected]>
✅ Deploy Preview for resonant-wisp-1a517a ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for helping document this!! I have a couple questions and nits, but else LGTM.
|
||
# Ingesting data with GUACCollect | ||
|
||
GUACCollect is a command-line tool within the GUAC ecosystem designed for collecting and ingesting software bill of materials (SBOMs), attestations, and other metadata documents from various sources. This tool supports a wide range of data sources, including GitHub, S3, Google Cloud Storage (GCS), and OCI images, making it a versatile choice for enhancing the visibility and security of your software supply chain. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: guaccollect
to match case (and use ` ticks to indicate code)
|
||
- A fresh copy of the [GUAC service infrastructure through Docker Compose]({{ | ||
site.baseurl }}{%link setup.md %}). Including the `guacone` binary in your path | ||
and [GUAC Data](https://github.com/guacsec/guac-data/archive/refs/heads/main.zip) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm, i think we usually recommend cloning GUAC data instead of unzipping - is this a different dataset?
- **Download from OCI Images**: Retrieve SBOMs and attestations embedded in OCI images. | ||
- **File System Collection**: Collect documents directly from a specified file path on your system. | ||
|
||
## Usage |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could be helpful to also add some information about the poll option
@nathannaveen can you fix the formatter issues (and optionally address Brandon's minor feedback) so we can merge this? I'd also suggest adding the source of your image (as an SVG or the mermaid file or whatever you used to create it) into the repo somewhere so that we can update it later if needed. |
guaccollect
documentation #120