Generating SBOMs in CI/CD Pipelines
The Manifest CLI can be deployed in any CI/CD Pipeline. The CLI has the ability to both generate and upload an SBOM to the Manifest platform. For ease of use, Manifest provides additional tools and templates for specific software development pipelines.
Using the CLI in any CI/CD Pipeline
Please see Using the CLI for a guide on how to implement the CLI in any environment.
Github Actions
Learn more about using our Github Action on our Github page. This pre-built Github action is available through the Github marketplace and can be called in your code, by simply adding a line like this into your Github Actions config yaml file.
- name: Generate SBOM
uses: manifest-cyber/manifest-github-action@mainHere is an example you can copy and paste into your config file
on:
push:
branches:
- main
jobs:
generate-sbom:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Generate SBOM
uses: manifest-cyber/manifest-github-action@main
id: generate
with:
apiKey: ${{ secrets.MANIFEST_API_KEY }}Before you add that config file, you will want to go to:
- The Github Repository on Github.com
- Repository Settings
- Secrets and Variables
- Actions
- Click to add "New Repository Secrets"
- Name the Key "MANIFEST_API_KEY"
- Ensure you have an API Key from your Manifest tenant, with permissions to upload SBOMs.
- Input your API key into the Secret text box
- Click the Add Secret button
CircleCI Orb
Manifest provides a CircleCI Orb. Reach out to your Manifest support representative for access.
Jenkins
You can use the Manifest CLI in your Jenkins CI/CD pipelines. See the Integrating with Jenkins page for a full example of how to make this work in a Jenkins environment
Other CI tools: using the Manifest CLI
Use Manifest's CLI to generate SBOMs in your existing CI pipelines. Read the documentation here: Using the CLI. Or you can browse our growing list of guides for specific CI tools:
Updated 3 days ago