Skip to content

Add hcp_sbom provisioner reference #13262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
BrianMMcClain wants to merge 3 commits into from
Closed

Add hcp_sbom provisioner reference #13262

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
193a166
Add hcp_sbom provisioner reference
BrianMMcClain Jan 21, 2025
2cee46c
Update website/content/docs/provisioners/hcp_sbom.mdx
BrianMMcClain Jan 21, 2025
c78b6a9
Update website/content/docs/provisioners/hcp_sbom.mdx
BrianMMcClain Jan 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions website/content/docs/provisioners/hcp_sbom.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
page_title: hcp-sbom provisioner reference
description: |-
The hcp-sbom Packer provisioner uploads a CycloneDX or SPDX JSON-formatted software bill of materials record to HCP Packer.
---

<BadgesHeader>
<PluginBadge type="official" />
</BadgesHeader>

# `hcp-sbom` provisioner reference

The `hcp-sbom` provisioner uploads software bill of materials (SBOM) files from artifacts built by Packer to HCP Packer. You must format SBOM files you want to upload as JSON and follow either the [SPDX](https://spdx.github.io/spdx-spec/latest) or [CycloneDX](https://cyclonedx.org/) specification. HCP Packer links these SBOM files to the version of the artifact that Packer builds.

## Example

The following example uploads an SBOM from the local `/tmp` directory and stores a copy in the `/sboms-catalog` directory on the local machine:

```hcl
provisioner "hcp-sbom" {
source = "/tmp/sbom_cyclonedx.json"
sbom_name = "my_sbom"
destination = "./sbom_cyclonedx.json"
}
```

## Configuration reference

You can specify the following configuration options.

Required parameters:

- `source` (string) - The path to the SBOM file in the Packer artifact. This file must either be in the SPDX or CycloneDX format.

Optional parameters:

- `sbom_name` (string) - The name of the SBOM file stored in HCP Packer. If omitted, HCP Packer uses the build fingerprint as the file name. This value must be between three and 36 characters from the following set: `[A-Za-z0-9_-]`.

- `destination` (string) - The path on the local machine to store a copy of the SBOM file. You can specify an absolute or a path relative to the working directory when you execute the Packer build.
2 changes: 2 additions & 0 deletions website/content/docs/provisioners/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ The following provisioners are included with Packer:
machine images during a build.
- [Windows Restart](/packer/docs/provisioners/windows-restart) - initiate a reboot on a Windows
machine images during a build.
- [HCP Software Bill of Materials](/packer/docs/provisioners/hcp_sbom) - Upload an SBOM and
associate it with an artifact version in the HCP Packer registry.

Additional [Community Supported](/packer/docs/provisioners/community-supported) provisioners are
developed and maintained by various members of the community.
Expand Down
4 changes: 4 additions & 0 deletions website/data/docs-nav-data.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -804,6 +804,10 @@
"title": "Windows Restart",
"path": "provisioners/windows-restart"
},
{
"title": "HCP Software Bill of Materials",
"path": "provisioners/hcp_sbom"
},
{
"title": "Custom",
"path": "provisioners/custom"
Expand Down
Loading