github.com/hashicorp/packer@v1.14.3/website/content/docs/provisioners/hcp-sbom.mdx (about)

     1  ---
     2  description: |
     3    The `hcp-sbom` Packer provisioner uploads a CycloneDX- or SPDX JSON-formatted software bill of materials record to HCP Packer. Learn how to use the `hcp-sbom` provisioner.
     4  page_title: hcp-sbom provisioner reference
     5  ---
     6  
     7  <BadgesHeader>
     8    <PluginBadge type="official"/>
     9  </BadgesHeader>
    10  
    11  # `hcp-sbom` provisioner
    12  
    13  The `hcp-sbom` provisioner uploads software bill of materials (SBOM) files from artifacts built by Packer to HCP Packer. You must format  SBOM files you want to upload as JSON and follow either the [SPDX](https://spdx.github.io/spdx-spec/latest) or [CycloneDX](https://cyclonedx.org/) specification. HCP Packer ties these SBOM files to the version of the artifact that Packer builds.
    14  
    15  ## Example
    16  
    17  The following example uploads an SBOM from the local `/tmp` directory and stores a copy at `./sbom/sbom_cyclonedx.json` on the local machine.
    18  
    19  <Tabs>
    20  <Tab heading="HCL2">
    21  
    22  ```hcl
    23  provisioner "hcp-sbom" {
    24    source      = "/tmp/sbom_cyclonedx.json"
    25    destination = "./sbom/sbom_cyclonedx.json"
    26    sbom_name   = "sbom-cyclonedx"
    27  }
    28  ```
    29  
    30  </Tab>
    31  <Tab heading="JSON">
    32  
    33  ```json
    34  {
    35    "type": "hcp-sbom",
    36    "source": "/tmp/sbom_cyclonedx.json",
    37    "destination": "./sbom/sbom_cyclonedx.json",
    38    "sbom_name": "sbom-cyclonedx"
    39  }
    40  ```
    41  
    42  </Tab>
    43  </Tabs>
    44  
    45  ## Configuration reference
    46  
    47  You can specify the following configuration options.
    48  
    49  Required parameters:
    50  
    51  @include 'provisioner/hcp-sbom/Config-required.mdx'
    52  
    53  Optional parameters:
    54  
    55  @include '/provisioner/hcp-sbom/Config-not-required.mdx'
    56  
    57  ## Example usage
    58  
    59  <Tabs>
    60  <Tab heading="HCL2">
    61  
    62  ```hcl
    63  packer {
    64    required_plugins {
    65      docker = {
    66        version = ">= 1.0.0"
    67        source  = "github.com/hashicorp/docker"
    68      }
    69    }
    70  }
    71  
    72  source "docker" "ubuntu" {
    73    image  = "ubuntu:20.04"
    74    commit = true
    75  }
    76  
    77  build {
    78    sources = ["source.docker.ubuntu"]
    79  
    80    hcp_packer_registry {
    81      bucket_name = "test-bucket"
    82    }
    83  
    84  
    85    provisioner "shell" {
    86      inline = [
    87        "apt-get update -y",
    88        "apt-get install -y curl gpg",
    89        "bash -c \"$(curl -sSL https://install.mondoo.com/sh)\"",
    90        "cnquery sbom --output cyclonedx-json --output-target /tmp/sbom_cyclonedx.json",
    91      ]
    92    }
    93  
    94    provisioner "hcp-sbom" {
    95      source      = "/tmp/sbom_cyclonedx.json"
    96      destination = "./sbom"
    97      sbom_name   = "sbom-cyclonedx"
    98    }
    99  }
   100  ```
   101  
   102  </Tab>
   103  <Tab heading="JSON">
   104  
   105  ```json
   106  {
   107    "builders": [
   108      {
   109        "type": "docker",
   110        "image": "ubuntu:20.04",
   111        "commit": true
   112      }
   113    ],
   114    "provisioners": [
   115      {
   116        "type": "shell",
   117        "inline": [
   118          "apt-get update -y",
   119          "apt-get install -y curl",
   120          "bash -c \"$(curl -sSL https://install.mondoo.com/sh)\"",
   121          "cnquery sbom --output cyclonedx-json --output-target /tmp/sbom_cyclonedx.json"
   122        ]
   123      },
   124      {
   125        "type": "hcp-sbom",
   126        "source": "/tmp/sbom_cyclonedx.json",
   127        "destination": "./sbom",
   128        "sbom_name": "sbom-cyclonedx"
   129      }
   130    ]
   131  }
   132  ```
   133  
   134  </Tab>
   135  </Tabs>