77Let's call this "PM mode":
88
99``` shell
10- cargo run --bin trustd
10+ AUTH_DISABLED=true cargo run --bin trustd
1111```
1212
13- That will create its own database on your local filesystem.
13+ If you haven't setup your Rust development environment yet, i.e. you
14+ don't have ` cargo ` , you can alternatively use the latest "trustd-pm"
15+ [ release binary] ( https://github.com/trustification/trustify/releases ) .
1416
15- * To use the ** UI ** , navigate to: < http://localhost:8080 > .
16- * To use the ** Swagger UI ** , navigate to: < http://localhost:8080/openapi/ > .
17+ That will create its own database in your current directory beneath
18+ ` .trustify/ ` .
1719
18- ### Running containerized UI
20+ * To use the ** GUI** , navigate to: < http://localhost:8080 > .
21+ * To use the ** REST API** , navigate to: < http://localhost:8080/openapi/ > .
1922
20- You can also fire up the UI using:
23+ ### Data
24+
25+ The app's not much fun without data, e.g. SBOM's and Advisories. There are a few ways to ingest some:
26+
27+ #### Datasets
28+
29+ There are some bundles of related data beneath
30+ [ etc/datasets] ( etc/datasets ) . You can use any HTTP command line
31+ client, e.g. curl, wget, or [ httpie] ( https://httpie.io/ ) to ingest a
32+ zipped archive of SBOMs and/or Advisories like so:
2133
2234``` shell
23- podman run --network=" host"
24- -e TRUSTIFY_API_URL=http://localhost:8080 \
25- -e OIDC_CLIENT_ID=frontend \
26- -e OIDC_SERVER_URL=http://localhost:8090/realms/trustify \
27- -e ANALYTICS_ENABLED=false \
28- -e PORT=3000 \
29- -p 3000:3000 \
30- ghcr.io/trustification/trustify-ui:latest
35+ cd etc/datasets
36+ make
37+ http POST localhost:8080/api/v1/dataset @ds1.zip
38+ ```
39+
40+ #### Upload
41+
42+ There is an "Upload" menu option in the GUI: http://localhost:8080/upload
43+
44+ You can also interact with the API directly in a shell:
45+
46+ ``` shell
47+ cat some-sbom.json | http POST localhost:8080/api/v1/sbom
48+ cat some-advisory.json | http POST localhost:8080/api/v1/advisory
49+ ```
50+
51+ #### Importers
52+
53+ You may configure importers to regularly fetch data from remote
54+ sites. See [ modules/importer/README.md] ( modules/importer/README.md )
55+ for details.
56+
57+ ### Authentication
58+
59+ When testing the app using "PM mode", it may be convenient to set an
60+ environment variable, ` AUTH_DISABLED=true ` , to bypass all auth checks.
61+
62+ By default, authentication is enabled. It can be disabled using the
63+ flag ` --auth-disabled ` when running the server. Also. by default,
64+ there is no working authentication/authorization configuration. For
65+ development purposes, one can use ` --devmode ` to use the Keycloak
66+ instance deployed with the compose deployment.
67+
68+ Also see: [ docs/oidc.md] ( docs/oidc.md )
69+
70+ HTTP requests must provide the bearer token using the ` Authorization `
71+ header. For that, a valid access token is required. There are
72+ tutorials using ` curl ` on getting such a token. It is also possible
73+ the use the ` oidc ` client tool:
74+
75+ Installation:
76+
77+ ``` bash
78+ cargo install oidc-cli
3179```
3280
33- Open the UI at < http://localhost:3000 >
81+ Then, set up an initial client (needs to be done every time the client/keycloak instance if re-created):
82+
83+ ``` bash
84+ oidc create confidential --name trusty --issuer http://localhost:8090/realms/chicken --client-id walker --client-secret ZVzq9AMOVUdMY1lSohpx1jI3aW56QDPS
85+ ```
86+
87+ Then one can perform ` http ` request using HTTPie like this:
88+
89+ ``` bash
90+ http localhost:8080/purl/asdf/dependencies Authorization:$( oidc token trusty -b)
91+ ```
3492
3593## Repository Organization
3694
@@ -48,17 +106,9 @@ Database entity models, implemented via SeaORM.
48106
49107SeaORM migrations for the DDL.
50108
51- #### ` modules/graph `
52-
53- The primary graph engine and API.
54-
55- #### ` modules/importer `
56-
57- Importers capable of adding documents into the graph.
58-
59- #### ` modules/ingestor `
109+ #### ` modules `
60110
61- Ingestors/readers for various formats (SPDX, CSAF, CVE, OSV, etc, etc)
111+ The primary behavior of the application.
62112
63113#### ` server `
64114
@@ -70,15 +120,30 @@ The server CLI tool `trustd`
70120
71121### Et Merde
72122
123+ #### ` etc/test-data `
124+
125+ Arbitrary test-data used for unit tests
126+
127+ #### ` etc/datasets `
128+
129+ Integrated data bundles that show off the features of the app.
130+
73131#### ` etc/deploy `
74132
75133Deployment-related (such as ` compose ` ) files.
76134
77- #### ` etc/test-data `
135+ ## Development Environment
78136
79- Arbitrary test-data.
137+ ### Rust
80138
81- ## Development Environment
139+ If you haven't already, [ get started!] ( https://www.rust-lang.org/learn/get-started )
140+
141+ #### If test failures on OSX
142+
143+ Potentially our concurrent Postgres installations during testing can
144+ exhaust shared-memory. Adjusting shared-memory on OSX is not
145+ straight-forward. Use [ this
146+ guide] ( https://unix.stackexchange.com/questions/689295/values-from-sysctl-a-dont-match-etc-sysctl-conf-even-after-restart ) .
82147
83148### Postgres
84149
@@ -112,60 +177,6 @@ cargo run --bin trustd api --help
112177RUST_LOG=info cargo run --bin trustd api --db-password eggs --devmode --auth-disabled
113178```
114179
115- #### If test failures on OSX
116-
117- Potentially our concurrent Postgres installations during testing can exhaust shared-memory.
118- Adjusting shared-memory on OSX is not straight-forward.
119- Use [ this guide] ( https://unix.stackexchange.com/questions/689295/values-from-sysctl-a-dont-match-etc-sysctl-conf-even-after-restart ) .
120-
121- ### Import some data
122-
123- Import data (also see: [ modules/importer/README.md] ( modules/importer/README.md ) for more options):
124-
125- ``` shell
126- # SBOM's
127- http POST localhost:8080/api/v1/importer/redhat-sbom sbom[source]=https://access.redhat.com/security/data/sbom/beta/ sbom[keys][]=https://access.redhat.com/security/data/97f5eac4.txt#77E79ABE93673533ED09EBE2DCE3823597F5EAC4 sbom[disabled]:=false sbom[onlyPatterns][]=quarkus sbom[period]=30s sbom[v3Signatures]:=true
128- # CSAF's
129- http POST localhost:8080/api/v1/importer/redhat-csaf csaf[source]=https://redhat.com/.well-known/csaf/provider-metadata.json csaf[disabled]:=false csaf[onlyPatterns][]=" ^cve-2023-"
130- ```
131-
132-
133- To import files from a local disk or a location that is not properly-formed csaf repository, use [ csaf walker] ( https://github.com/ctron/csaf-walker ) tool:
134-
135- ``` shell
136- sbom scoop http://localhost:8080/api/v1/sbom /workspace/github.com/trustification/trustification/data/ds1/sbom/
137- csaf scoop http://localhost:8080/api/v1/advisory /workspace/github.com/trustification/trustification/data/ds1/csaf/
138- ```
139-
140- ### Authentication
141-
142- By default, authentication is enabled. It can be disabled using the flag ` --auth-disabled ` when running the server.
143- Also. by default, there is no working authentication/authorization configuration. For development purposes, one can
144- use ` --devmode ` to use the Keycloak instance deployed with the compose deployment.
145-
146- Also see: [ docs/oidc.md] ( docs/oidc.md )
147-
148- HTTP requests must provide the bearer token using the ` Authorization ` header. For that, a valid access token is
149- required. There are tutorials using ` curl ` on getting such a token. It is also possible the use the ` oidc ` client tool:
150-
151- Installation:
152-
153- ``` bash
154- cargo install oidc-cli
155- ```
156-
157- Then, set up an initial client (needs to be done every time the client/keycloak instance if re-created):
158-
159- ``` bash
160- oidc create confidential --name trusty --issuer http://localhost:8090/realms/chicken --client-id walker --client-secret ZVzq9AMOVUdMY1lSohpx1jI3aW56QDPS
161- ```
162-
163- Then one can perform ` http ` request using HTTPie like this:
164-
165- ``` bash
166- http localhost:8080/purl/asdf/dependencies Authorization:$( oidc token trusty -b)
167- ```
168-
169180## Notes on models
170181
171182### Package
0 commit comments