Azure DevOps Plugin: Diggity
Introduction
Diggity BOM Diggity is an open-source tool developed to streamline the critical process of generating a comprehensive Software Bill of Materials (SBOM) for Container Images and File Systems across various supported ecosystems.
Pipeline Scripts: Image, Tar File, and Directory.
Image Scanning Pipeline Script:
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: Diggity@1
inputs:
token: ''
scanType: 'image'
scanName: 'ubuntu:latest'
skipBuildFail: 'false'
Tar File Scanning Pipeline Script:
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- script: |
echo "Pulling Docker image: ubuntu"
docker pull ubuntu
echo "Saving image to ubuntu.tar"
docker save ubuntu -o ubuntu.tar
displayName: 'Pull and Save Docker Image'
- script: |
echo "Listing generated tar file..."
ls -lh ubuntu.tar
displayName: 'List Tar File'
- task: Diggity@1
inputs:
token: ''
scanType: 'tarball'
scanName: 'ubuntu.tar'
skipBuildFail: 'false'
Cloned Repository Directory Scanning Script:
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- script: |
echo "Listing contents of the repository..."
ls -la $(Build.SourcesDirectory)
displayName: 'List Repo Directory'
- task: Diggity@1
inputs:
token: ''
scanType: 'filesystem'
scanName: '$(Build.SourcesDirectory)'
skipBuildFail: 'false'
Tar File Scanning Pipeline Script:
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- script: |
echo "Pulling Docker image: ubuntu"
docker pull ubuntu
echo "Saving image to ubuntu.tar"
docker save ubuntu -o ubuntu.tar
displayName: 'Pull and Save Docker Image'
- script: |
echo "Listing generated tar file..."
ls -lh ubuntu.tar
displayName: 'List Tar File'
- task: Diggity@1
inputs:
token: ''
scanType: 'tarball'
scanName: 'ubuntu.tar'
skipBuildFail: 'false'
Cloned Repository Directory Scanning Script:
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- script: |
echo "Listing contents of the repository..."
ls -la $(Build.SourcesDirectory)
displayName: 'List Repo Directory'
- task: Diggity@1
inputs:
token: ''
scanType: 'filesystem'
scanName: '$(Build.SourcesDirectory)'
failCriteria: 'medium'
skipBuildFail: 'false'
Prerequisites
- Docker Plugin for image pulling.
| Input Name |
Description |
| token * |
Carbonetes Personal Access Token. |
| scanType * |
Choose: image, filesystem, or tarball. |
| scanName * |
Input image name image:tag, filesystem directory path, or tarball file path. |
| skipBuildFail * |
Default false. Warning: If the value is true, it will restrict the plugin from failing the build based on the analysis result. |
* = required inputs.
Output Description
| Table |
Description |
| SBOM Scan |
Show list of packages found. |
| Assessment |
Based on fail-criteria exposed secrets. Pass-Fail Assessment. |
Pipeline
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: Diggity@1
inputs:
token: '' # Carbonetes Personal Access Token
scanType: 'filesystem' # Select Scan Type: image, filesystem, tarball.
scanName: '.' # Input image:tag, filesystem directory path, or tarball file path.
skipBuildFail: 'false' # Default as false. Skip build to fail based on the assessment.
Support
To help with this task extension, or have an issue or feature request, please contact: (eng@carbonetes.com)
If reporting an issue, please include:
- the version of the task extension
- relevant logs and error messages
- steps to reproduce
License and Copyright
Licensed under MIT License.
