pitc-flow
Installation
Entrypoint
Types
PitcFlow

pitc-flow

Secure and compliant software delivery with trust and integrity. 🚀

This module contains ready to use pipelines.
They build and deliver your software / project with security and compliance out of the box.

Installation

dagger install github.com/puzzle/dagger-module-pitc-flow/pitc-flow@v0.2.0

Entrypoint

Return Type

PitcFlow

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \

func (m *myModule) example() *dagger.PitcFlow  {
	return dag.
			PitcFlow()
}

@function
def example() -> dagger.PitcFlow:
	return (
		dag.pitc_flow()
	)

@func()
example(): PitcFlow {
	return dag
		.pitcFlow()
}

Types

PitcFlow 🔗

lint() 🔗

Returns a file containing the results of the lint command

Return Type

File !

Arguments

Name	Type	Default Value	Description
container	Container !	-	Container to run the lint command
results	String !	-	Path to file containing lint results

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 lint --container IMAGE:TAG --results string

func (m *myModule) example(container *dagger.Container, results string) *dagger.File  {
	return dag.
			PitcFlow().
			Lint(container, results)
}

@function
def example(container: dagger.Container, results: str) -> dagger.File:
	return (
		dag.pitc_flow()
		.lint(container, results)
	)

@func()
example(container: Container, results: string): File {
	return dag
		.pitcFlow()
		.lint(container, results)
}

test() 🔗

Returns a directory containing the results of the test command

Return Type

Directory !

Arguments

Name	Type	Default Value	Description
container	Container !	-	Container to run the test command
results	String !	-	Path to directory containing test results

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 test --container IMAGE:TAG --results string

func (m *myModule) example(container *dagger.Container, results string) *dagger.Directory  {
	return dag.
			PitcFlow().
			Test(container, results)
}

@function
def example(container: dagger.Container, results: str) -> dagger.Directory:
	return (
		dag.pitc_flow()
		.test(container, results)
	)

@func()
example(container: Container, results: string): Directory {
	return dag
		.pitcFlow()
		.test(container, results)
}

sast() 🔗

Returns a file containing the results of the security scan

Return Type

File !

Arguments

Name	Type	Default Value	Description
container	Container !	-	Container to run the security scan
results	String !	-	Path to file containing the results of the security scan

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 sast --container IMAGE:TAG --results string

func (m *myModule) example(container *dagger.Container, results string) *dagger.File  {
	return dag.
			PitcFlow().
			Sast(container, results)
}

@function
def example(container: dagger.Container, results: str) -> dagger.File:
	return (
		dag.pitc_flow()
		.sast(container, results)
	)

@func()
example(container: Container, results: string): File {
	return dag
		.pitcFlow()
		.sast(container, results)
}

build() 🔗

Returns a Container built from the Dockerfile in the provided Directory

Return Type

Container !

Arguments

Name	Type	Default Value	Description
dir	Directory !	-	No description provided

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 build --dir DIR_PATH

func (m *myModule) example(dir *dagger.Directory) *dagger.Container  {
	return dag.
			PitcFlow().
			Build(dir)
}

@function
def example(dir: dagger.Directory) -> dagger.Container:
	return (
		dag.pitc_flow()
		.build(dir)
	)

@func()
example(dir: Directory): Container {
	return dag
		.pitcFlow()
		.build(dir)
}

sbomBuild() 🔗

Builds the container and creates a SBOM for it

Return Type

File !

Arguments

Name	Type	Default Value	Description
dir	Directory !	-	No description provided

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 sbom-build --dir DIR_PATH

func (m *myModule) example(dir *dagger.Directory) *dagger.File  {
	return dag.
			PitcFlow().
			SbomBuild(dir)
}

@function
def example(dir: dagger.Directory) -> dagger.File:
	return (
		dag.pitc_flow()
		.sbom_build(dir)
	)

@func()
example(dir: Directory): File {
	return dag
		.pitcFlow()
		.sbomBuild(dir)
}

sbom() 🔗

Creates a SBOM for the container

Return Type

File !

Arguments

Name	Type	Default Value	Description
container	Container !	-	No description provided

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 sbom --container IMAGE:TAG

func (m *myModule) example(container *dagger.Container) *dagger.File  {
	return dag.
			PitcFlow().
			Sbom(container)
}

@function
def example(container: dagger.Container) -> dagger.File:
	return (
		dag.pitc_flow()
		.sbom(container)
	)

@func()
example(container: Container): File {
	return dag
		.pitcFlow()
		.sbom(container)
}

vulnscan() 🔗

Scans the SBOM for vulnerabilities

Return Type

File !

Arguments

Name	Type	Default Value	Description
sbom	File !	-	No description provided

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 vulnscan --sbom file:path

func (m *myModule) example(sbom *dagger.File) *dagger.File  {
	return dag.
			PitcFlow().
			Vulnscan(sbom)
}

@function
def example(sbom: dagger.File) -> dagger.File:
	return (
		dag.pitc_flow()
		.vulnscan(sbom)
	)

@func()
example(sbom: File): File {
	return dag
		.pitcFlow()
		.vulnscan(sbom)
}

publishToDeptrack() 🔗

Publish cyclonedx SBOM to Deptrack

Return Type

String !

Arguments

Name	Type	Default Value	Description
sbom	File !	-	SBOM file
address	String !	-	deptrack address for publishing the SBOM https://deptrack.example.com/api/v1/bom
apiKey	Secret !	-	deptrack API key
projectUuid	String !	-	deptrack project UUID

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 publish-to-deptrack --sbom file:path --address string --api-key env:MYSECRET --project-uuid string

func (m *myModule) example(ctx context.Context, sbom *dagger.File, address string, apiKey *dagger.Secret, projectUuid string) string  {
	return dag.
			PitcFlow().
			PublishToDeptrack(ctx, sbom, address, apiKey, projectUuid)
}

@function
async def example(sbom: dagger.File, address: str, api_key: dagger.Secret, project_uuid: str) -> str:
	return await (
		dag.pitc_flow()
		.publish_to_deptrack(sbom, address, api_key, project_uuid)
	)

@func()
async example(sbom: File, address: string, apiKey: Secret, projectUuid: string): Promise<string> {
	return dag
		.pitcFlow()
		.publishToDeptrack(sbom, address, apiKey, projectUuid)
}

publish() 🔗

Publish the provided Container to the provided registry

Return Type

String !

Arguments

Name	Type	Default Value	Description
container	Container !	-	Container to publish
registryAddress	String !	-	Registry address to publish to - formatted as [host]/[user]/[repo]:[tag]
registryUsername	String	""	Username of the registry's account
registryPassword	Secret	-	API key, password or token to authenticate to the registry

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 publish --container IMAGE:TAG --registry-address string

func (m *myModule) example(ctx context.Context, container *dagger.Container, registryAddress string) string  {
	return dag.
			PitcFlow().
			Publish(ctx, container, registryAddress)
}

@function
async def example(container: dagger.Container, registry_address: str) -> str:
	return await (
		dag.pitc_flow()
		.publish(container, registry_address)
	)

@func()
async example(container: Container, registryAddress: string): Promise<string> {
	return dag
		.pitcFlow()
		.publish(container, registryAddress)
}

sign() 🔗

Sign the published image using cosign (keyless)

Return Type

String !

Arguments

Name	Type	Default Value	Description
registryUsername	String !	-	Username of the registry's account
registryPassword	Secret !	-	API key, password or token to authenticate to the registry
digest	String !	-	Container image digest to sign

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 sign --registry-username string --registry-password env:MYSECRET --digest string

func (m *myModule) example(ctx context.Context, registryUsername string, registryPassword *dagger.Secret, digest string) string  {
	return dag.
			PitcFlow().
			Sign(ctx, registryUsername, registryPassword, digest)
}

@function
async def example(registry_username: str, registry_password: dagger.Secret, digest: str) -> str:
	return await (
		dag.pitc_flow()
		.sign(registry_username, registry_password, digest)
	)

@func()
async example(registryUsername: string, registryPassword: Secret, digest: string): Promise<string> {
	return dag
		.pitcFlow()
		.sign(registryUsername, registryPassword, digest)
}

attest() 🔗

Attests the SBOM using cosign (keyless)

Return Type

String !

Arguments

Name	Type	Default Value	Description
registryUsername	String !	-	Username of the registry's account
registryPassword	Secret !	-	API key, password or token to authenticate to the registry
digest	String !	-	Container image digest to attest
predicate	File !	-	SBOM file
sbomType	String !	-	SBOM type

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 attest --registry-username string --registry-password env:MYSECRET --digest string --predicate file:path --sbom-type string

func (m *myModule) example(ctx context.Context, registryUsername string, registryPassword *dagger.Secret, digest string, predicate *dagger.File, sbomType string) string  {
	return dag.
			PitcFlow().
			Attest(ctx, registryUsername, registryPassword, digest, predicate, sbomType)
}

@function
async def example(registry_username: str, registry_password: dagger.Secret, digest: str, predicate: dagger.File, sbom_type: str) -> str:
	return await (
		dag.pitc_flow()
		.attest(registry_username, registry_password, digest, predicate, sbom_type)
	)

@func()
async example(registryUsername: string, registryPassword: Secret, digest: string, predicate: File, sbomType: string): Promise<string> {
	return dag
		.pitcFlow()
		.attest(registryUsername, registryPassword, digest, predicate, sbomType)
}

run() 🔗

Executes all the steps and returns a directory with the results

Return Type

Directory !

Arguments

Name	Type	Default Value	Description
dir	Directory !	-	source directory
lintContainer	Container !	-	lint container
lintReport	String !	-	lint report file name e.g. "lint.json"
sastContainer	Container !	-	sast container
sastReport	String !	-	security scan report file name e.g. "/app/brakeman-output.tabs"
testContainer	Container !	-	test container
testReportDir	String !	-	test report folder name e.g. "/mnt/test/reports"
registryUsername	String !	-	registry username for publishing the container image
registryPassword	Secret !	-	registry password for publishing the container image
registryAddress	String !	-	registry address registry/repository/image:tag
dtAddress	String !	-	deptrack address for publishing the SBOM https://deptrack.example.com/api/v1/bom
dtProjectUuid	String !	-	deptrack project UUID
dtApiKey	Secret !	-	deptrack API key
pass	Boolean	false	ignore linter failures

Example

dagger -m github.com/puzzle/dagger-module-pitc-flow/pitc-flow@67568247837a61c793cbe2c3e60ad54346b6bbc7 call \
 run --dir DIR_PATH --lint-container IMAGE:TAG --lint-report string --sast-container IMAGE:TAG --sast-report string --test-container IMAGE:TAG --test-report-dir string --registry-username string --registry-password env:MYSECRET --registry-address string --dt-address string --dt-project-uuid string --dt-api-key env:MYSECRET

func (m *myModule) example(dir *dagger.Directory, lintContainer *dagger.Container, lintReport string, sastContainer *dagger.Container, sastReport string, testContainer *dagger.Container, testReportDir string, registryUsername string, registryPassword *dagger.Secret, registryAddress string, dtAddress string, dtProjectUuid string, dtApiKey *dagger.Secret) *dagger.Directory  {
	return dag.
			PitcFlow().
			Run(dir, lintContainer, lintReport, sastContainer, sastReport, testContainer, testReportDir, registryUsername, registryPassword, registryAddress, dtAddress, dtProjectUuid, dtApiKey)
}

@function
def example(dir: dagger.Directory, lint_container: dagger.Container, lint_report: str, sast_container: dagger.Container, sast_report: str, test_container: dagger.Container, test_report_dir: str, registry_username: str, registry_password: dagger.Secret, registry_address: str, dt_address: str, dt_project_uuid: str, dt_api_key: dagger.Secret) -> dagger.Directory:
	return (
		dag.pitc_flow()
		.run(dir, lint_container, lint_report, sast_container, sast_report, test_container, test_report_dir, registry_username, registry_password, registry_address, dt_address, dt_project_uuid, dt_api_key)
	)

@func()
example(dir: Directory, lintContainer: Container, lintReport: string, sastContainer: Container, sastReport: string, testContainer: Container, testReportDir: string, registryUsername: string, registryPassword: Secret, registryAddress: string, dtAddress: string, dtProjectUuid: string, dtApiKey: Secret): Directory {
	return dag
		.pitcFlow()
		.run(dir, lintContainer, lintReport, sastContainer, sastReport, testContainer, testReportDir, registryUsername, registryPassword, registryAddress, dtAddress, dtProjectUuid, dtApiKey)
}