pitc-flow
Secure and compliant software delivery with trust and integrity. 🚀This module contains ready to use pipelines.
They build and deliver your software / project with security and compliance out of the box.
Installation
dagger install github.com/puzzle/dagger-module-pitc-flow/pitc-flow@v0.2.0Entrypoint
Return Type
PitcFlowExample
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
func (m *MyModule) Example() *dagger.PitcFlow {
return dag.
PitcFlow()
}@function
def example() -> dagger.PitcFlow:
return (
dag.pitc_flow()
)@func()
example(): PitcFlow {
return dag
.pitcFlow()
}Types
PitcFlow 🔗
lint() 🔗
Returns a file containing the results of the lint command
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| container | Container ! | - | Container to run the lint command |
| results | String ! | - | Path to file containing lint results |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
lint --container IMAGE:TAG --results stringfunc (m *MyModule) Example(container *dagger.Container, results string) *dagger.File {
return dag.
PitcFlow().
Lint(container, results)
}@function
def example(container: dagger.Container, results: str) -> dagger.File:
return (
dag.pitc_flow()
.lint(container, results)
)@func()
example(container: Container, results: string): File {
return dag
.pitcFlow()
.lint(container, results)
}test() 🔗
Returns a directory containing the results of the test command
Return Type
Directory !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| container | Container ! | - | Container to run the test command |
| results | String ! | - | Path to directory containing test results |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
test --container IMAGE:TAG --results stringfunc (m *MyModule) Example(container *dagger.Container, results string) *dagger.Directory {
return dag.
PitcFlow().
Test(container, results)
}@function
def example(container: dagger.Container, results: str) -> dagger.Directory:
return (
dag.pitc_flow()
.test(container, results)
)@func()
example(container: Container, results: string): Directory {
return dag
.pitcFlow()
.test(container, results)
}sast() 🔗
Returns a file containing the results of the security scan
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| container | Container ! | - | Container to run the security scan |
| results | String ! | - | Path to file containing the results of the security scan |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
sast --container IMAGE:TAG --results stringfunc (m *MyModule) Example(container *dagger.Container, results string) *dagger.File {
return dag.
PitcFlow().
Sast(container, results)
}@function
def example(container: dagger.Container, results: str) -> dagger.File:
return (
dag.pitc_flow()
.sast(container, results)
)@func()
example(container: Container, results: string): File {
return dag
.pitcFlow()
.sast(container, results)
}build() 🔗
Returns a Container built from the Dockerfile in the provided Directory
Return Type
Container !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| dir | Directory ! | - | No description provided |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
build --dir DIR_PATHfunc (m *MyModule) Example(dir *dagger.Directory) *dagger.Container {
return dag.
PitcFlow().
Build(dir)
}@function
def example(dir: dagger.Directory) -> dagger.Container:
return (
dag.pitc_flow()
.build(dir)
)@func()
example(dir: Directory): Container {
return dag
.pitcFlow()
.build(dir)
}sbomBuild() 🔗
Builds the container and creates a SBOM for it
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| dir | Directory ! | - | No description provided |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
sbom-build --dir DIR_PATHfunc (m *MyModule) Example(dir *dagger.Directory) *dagger.File {
return dag.
PitcFlow().
SbomBuild(dir)
}@function
def example(dir: dagger.Directory) -> dagger.File:
return (
dag.pitc_flow()
.sbom_build(dir)
)@func()
example(dir: Directory): File {
return dag
.pitcFlow()
.sbomBuild(dir)
}sbom() 🔗
Creates a SBOM for the container
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| container | Container ! | - | No description provided |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
sbom --container IMAGE:TAGfunc (m *MyModule) Example(container *dagger.Container) *dagger.File {
return dag.
PitcFlow().
Sbom(container)
}@function
def example(container: dagger.Container) -> dagger.File:
return (
dag.pitc_flow()
.sbom(container)
)@func()
example(container: Container): File {
return dag
.pitcFlow()
.sbom(container)
}vulnscan() 🔗
Scans the SBOM for vulnerabilities
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| sbom | File ! | - | No description provided |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
vulnscan --sbom file:pathfunc (m *MyModule) Example(sbom *dagger.File) *dagger.File {
return dag.
PitcFlow().
Vulnscan(sbom)
}@function
def example(sbom: dagger.File) -> dagger.File:
return (
dag.pitc_flow()
.vulnscan(sbom)
)@func()
example(sbom: File): File {
return dag
.pitcFlow()
.vulnscan(sbom)
}publishToDeptrack() 🔗
Publish cyclonedx SBOM to Deptrack
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| sbom | File ! | - | SBOM file |
| address | String ! | - | deptrack address for publishing the SBOM https://deptrack.example.com/api/v1/bom |
| apiKey | Secret ! | - | deptrack API key |
| projectUuid | String ! | - | deptrack project UUID |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
publish-to-deptrack --sbom file:path --address string --api-key env:MYSECRET --project-uuid stringfunc (m *MyModule) Example(ctx context.Context, sbom *dagger.File, address string, apiKey *dagger.Secret, projectUuid string) string {
return dag.
PitcFlow().
PublishToDeptrack(ctx, sbom, address, apiKey, projectUuid)
}@function
async def example(sbom: dagger.File, address: str, api_key: dagger.Secret, project_uuid: str) -> str:
return await (
dag.pitc_flow()
.publish_to_deptrack(sbom, address, api_key, project_uuid)
)@func()
async example(sbom: File, address: string, apiKey: Secret, projectUuid: string): Promise<string> {
return dag
.pitcFlow()
.publishToDeptrack(sbom, address, apiKey, projectUuid)
}publish() 🔗
Publish the provided Container to the provided registry
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| container | Container ! | - | Container to publish |
| registryAddress | String ! | - | Registry address to publish to - formatted as [host]/[user]/[repo]:[tag] |
| registryUsername | String | "" | Username of the registry’s account |
| registryPassword | Secret | - | API key, password or token to authenticate to the registry |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
publish --container IMAGE:TAG --registry-address stringfunc (m *MyModule) Example(ctx context.Context, container *dagger.Container, registryAddress string) string {
return dag.
PitcFlow().
Publish(ctx, container, registryAddress)
}@function
async def example(container: dagger.Container, registry_address: str) -> str:
return await (
dag.pitc_flow()
.publish(container, registry_address)
)@func()
async example(container: Container, registryAddress: string): Promise<string> {
return dag
.pitcFlow()
.publish(container, registryAddress)
}sign() 🔗
Sign the published image using cosign (keyless)
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| registryUsername | String ! | - | Username of the registry’s account |
| registryPassword | Secret ! | - | API key, password or token to authenticate to the registry |
| digest | String ! | - | Container image digest to sign |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
sign --registry-username string --registry-password env:MYSECRET --digest stringfunc (m *MyModule) Example(ctx context.Context, registryUsername string, registryPassword *dagger.Secret, digest string) string {
return dag.
PitcFlow().
Sign(ctx, registryUsername, registryPassword, digest)
}@function
async def example(registry_username: str, registry_password: dagger.Secret, digest: str) -> str:
return await (
dag.pitc_flow()
.sign(registry_username, registry_password, digest)
)@func()
async example(registryUsername: string, registryPassword: Secret, digest: string): Promise<string> {
return dag
.pitcFlow()
.sign(registryUsername, registryPassword, digest)
}attest() 🔗
Attests the SBOM using cosign (keyless)
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| registryUsername | String ! | - | Username of the registry’s account |
| registryPassword | Secret ! | - | API key, password or token to authenticate to the registry |
| digest | String ! | - | Container image digest to attest |
| predicate | File ! | - | SBOM file |
| sbomType | String ! | - | SBOM type |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
attest --registry-username string --registry-password env:MYSECRET --digest string --predicate file:path --sbom-type stringfunc (m *MyModule) Example(ctx context.Context, registryUsername string, registryPassword *dagger.Secret, digest string, predicate *dagger.File, sbomType string) string {
return dag.
PitcFlow().
Attest(ctx, registryUsername, registryPassword, digest, predicate, sbomType)
}@function
async def example(registry_username: str, registry_password: dagger.Secret, digest: str, predicate: dagger.File, sbom_type: str) -> str:
return await (
dag.pitc_flow()
.attest(registry_username, registry_password, digest, predicate, sbom_type)
)@func()
async example(registryUsername: string, registryPassword: Secret, digest: string, predicate: File, sbomType: string): Promise<string> {
return dag
.pitcFlow()
.attest(registryUsername, registryPassword, digest, predicate, sbomType)
}run() 🔗
Executes all the steps and returns a directory with the results
Return Type
Directory !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| dir | Directory ! | - | source directory |
| lintContainer | Container ! | - | lint container |
| lintReport | String ! | - | lint report file name e.g. “lint.json” |
| sastContainer | Container ! | - | sast container |
| sastReport | String ! | - | security scan report file name e.g. “/app/brakeman-output.tabs” |
| testContainer | Container ! | - | test container |
| testReportDir | String ! | - | test report folder name e.g. “/mnt/test/reports” |
| registryUsername | String ! | - | registry username for publishing the container image |
| registryPassword | Secret ! | - | registry password for publishing the container image |
| registryAddress | String ! | - | registry address registry/repository/image:tag |
| dtAddress | String ! | - | deptrack address for publishing the SBOM https://deptrack.example.com/api/v1/bom |
| dtProjectUuid | String ! | - | deptrack project UUID |
| dtApiKey | Secret ! | - | deptrack API key |
| pass | Boolean | false | ignore linter failures |
Example
dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
run --dir DIR_PATH --lint-container IMAGE:TAG --lint-report string --sast-container IMAGE:TAG --sast-report string --test-container IMAGE:TAG --test-report-dir string --registry-username string --registry-password env:MYSECRET --registry-address string --dt-address string --dt-project-uuid string --dt-api-key env:MYSECRETfunc (m *MyModule) Example(dir *dagger.Directory, lintContainer *dagger.Container, lintReport string, sastContainer *dagger.Container, sastReport string, testContainer *dagger.Container, testReportDir string, registryUsername string, registryPassword *dagger.Secret, registryAddress string, dtAddress string, dtProjectUuid string, dtApiKey *dagger.Secret) *dagger.Directory {
return dag.
PitcFlow().
Run(dir, lintContainer, lintReport, sastContainer, sastReport, testContainer, testReportDir, registryUsername, registryPassword, registryAddress, dtAddress, dtProjectUuid, dtApiKey)
}@function
def example(dir: dagger.Directory, lint_container: dagger.Container, lint_report: str, sast_container: dagger.Container, sast_report: str, test_container: dagger.Container, test_report_dir: str, registry_username: str, registry_password: dagger.Secret, registry_address: str, dt_address: str, dt_project_uuid: str, dt_api_key: dagger.Secret) -> dagger.Directory:
return (
dag.pitc_flow()
.run(dir, lint_container, lint_report, sast_container, sast_report, test_container, test_report_dir, registry_username, registry_password, registry_address, dt_address, dt_project_uuid, dt_api_key)
)@func()
example(dir: Directory, lintContainer: Container, lintReport: string, sastContainer: Container, sastReport: string, testContainer: Container, testReportDir: string, registryUsername: string, registryPassword: Secret, registryAddress: string, dtAddress: string, dtProjectUuid: string, dtApiKey: Secret): Directory {
return dag
.pitcFlow()
.run(dir, lintContainer, lintReport, sastContainer, sastReport, testContainer, testReportDir, registryUsername, registryPassword, registryAddress, dtAddress, dtProjectUuid, dtApiKey)
}