From 193a166df18bf0c616bdd0b6903e7475226fceb0 Mon Sep 17 00:00:00 2001 From: Brian McClain Date: Tue, 21 Jan 2025 09:09:53 -0500 Subject: [PATCH 1/3] Add hcp_sbom provisioner reference --- .../content/docs/provisioners/hcp_sbom.mdx | 39 +++++++++++++++++++ website/content/docs/provisioners/index.mdx | 2 + website/data/docs-nav-data.json | 4 ++ 3 files changed, 45 insertions(+) create mode 100644 website/content/docs/provisioners/hcp_sbom.mdx diff --git a/website/content/docs/provisioners/hcp_sbom.mdx b/website/content/docs/provisioners/hcp_sbom.mdx new file mode 100644 index 00000000000..11d3df1ac45 --- /dev/null +++ b/website/content/docs/provisioners/hcp_sbom.mdx @@ -0,0 +1,39 @@ +--- +page_title: hcp_sbom provisioner reference +description: |- + The hcp-sbom Packer provisioner uploads a CycloneDX or SPDX JSON-formatted software bill of materials record to HCP Packer. +--- + + + + + +# `hcp-sbom` provisioner reference + +The `hcp-sbom` provisioner uploads software bill of materials (SBOM) files from artifacts built by Packer to HCP Packer. You must format SBOM files you want to upload as JSON and follow either the [SPDX](https://spdx.github.io/spdx-spec/latest) or [CycloneDX](https://cyclonedx.org/) specification. HCP Packer ties these SBOM files to the version of the artifact that Packer builds. + +## Example + +The following example uploads an SBOM from the local `/tmp` directory and stores a copy in the `/sboms-catalog` directory on the local machine: + +```hcl +provisioner "hcp-sbom" { + source = "/tmp/sbom_cyclonedx.json" + sbom_name = "my_sbom" + destination = "./sbom_cyclonedx.json" +} +``` + +## Configuration reference + +You can specify the following configuration options. + +Required parameters: + +- `source` (string) - The path to the SBOM file in the Packer artifact. This file must either be in the SPDX or CycloneDX format. + +Optional parameters: + +- `sbom_name` (string) - The name of the SBOM file stored in HCP Packer. If omitted, HCP Packer uses the build fingerprint as the file name. This value must be between three and 36 characters from the following set: `[A-Za-z0-9_-]`. + +- `destination` (string) - The path on the local machine to store a copy of the SBOM file. You can specify an absolute or a path relative to the working directory when you execute the Packer build. diff --git a/website/content/docs/provisioners/index.mdx b/website/content/docs/provisioners/index.mdx index e6144beaef4..8d39857d372 100644 --- a/website/content/docs/provisioners/index.mdx +++ b/website/content/docs/provisioners/index.mdx @@ -29,6 +29,8 @@ The following provisioners are included with Packer: machine images during a build. - [Windows Restart](/packer/docs/provisioners/windows-restart) - initiate a reboot on a Windows machine images during a build. +- [HCP Software Bill of Materials](/packer/docs/provisioners/hcp_sbom) - Upload an SBOM and + associate it with an artifact version in the HCP Packer registry. Additional [Community Supported](/packer/docs/provisioners/community-supported) provisioners are developed and maintained by various members of the community. diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 24c55feb678..2e0412b05ce 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -804,6 +804,10 @@ "title": "Windows Restart", "path": "provisioners/windows-restart" }, + { + "title": "HCP Software Bill of Materials", + "path": "provisioners/hcp_sbom" + }, { "title": "Custom", "path": "provisioners/custom" From 2cee46c82d60e7b823e53b816e7c1a05551c7f26 Mon Sep 17 00:00:00 2001 From: Brian McClain Date: Tue, 21 Jan 2025 10:47:14 -0500 Subject: [PATCH 2/3] Update website/content/docs/provisioners/hcp_sbom.mdx Co-authored-by: rita <8647768+ritsok@users.noreply.github.com> --- website/content/docs/provisioners/hcp_sbom.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/provisioners/hcp_sbom.mdx b/website/content/docs/provisioners/hcp_sbom.mdx index 11d3df1ac45..f6670ebee65 100644 --- a/website/content/docs/provisioners/hcp_sbom.mdx +++ b/website/content/docs/provisioners/hcp_sbom.mdx @@ -10,7 +10,7 @@ description: |- # `hcp-sbom` provisioner reference -The `hcp-sbom` provisioner uploads software bill of materials (SBOM) files from artifacts built by Packer to HCP Packer. You must format SBOM files you want to upload as JSON and follow either the [SPDX](https://spdx.github.io/spdx-spec/latest) or [CycloneDX](https://cyclonedx.org/) specification. HCP Packer ties these SBOM files to the version of the artifact that Packer builds. +The `hcp-sbom` provisioner uploads software bill of materials (SBOM) files from artifacts built by Packer to HCP Packer. You must format SBOM files you want to upload as JSON and follow either the [SPDX](https://spdx.github.io/spdx-spec/latest) or [CycloneDX](https://cyclonedx.org/) specification. HCP Packer links these SBOM files to the version of the artifact that Packer builds. ## Example From c78b6a94ce6b9972ca3f45ee10c70c1b6adb5b30 Mon Sep 17 00:00:00 2001 From: Brian McClain Date: Tue, 21 Jan 2025 10:59:30 -0500 Subject: [PATCH 3/3] Update website/content/docs/provisioners/hcp_sbom.mdx Co-authored-by: rita <8647768+ritsok@users.noreply.github.com> --- website/content/docs/provisioners/hcp_sbom.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/provisioners/hcp_sbom.mdx b/website/content/docs/provisioners/hcp_sbom.mdx index f6670ebee65..46fc1ad6756 100644 --- a/website/content/docs/provisioners/hcp_sbom.mdx +++ b/website/content/docs/provisioners/hcp_sbom.mdx @@ -1,5 +1,5 @@ --- -page_title: hcp_sbom provisioner reference +page_title: hcp-sbom provisioner reference description: |- The hcp-sbom Packer provisioner uploads a CycloneDX or SPDX JSON-formatted software bill of materials record to HCP Packer. ---