|
| 1 | +--- |
| 2 | +title: "Trying out Trustify, on a local machine" |
| 3 | +authors: ctron |
| 4 | +tags: [ trustify ] |
| 5 | +--- |
| 6 | + |
| 7 | +[Trustify](https://github.com/trustification/trustify) is a project for working with software supply chain information, |
| 8 | +like SBOMs and advisories. Connect a few data sources with the system, and gather some insight in what you have. |
| 9 | + |
| 10 | +Although Trustify is in its pretty early stages, it might be interesting to try it out and play a bit with it, do see |
| 11 | +where this is heading. Read on to see how you can easily do that. |
| 12 | + |
| 13 | +<!--truncate--> |
| 14 | + |
| 15 | +## What to expect? |
| 16 | + |
| 17 | +First of all, we really want to emphasize that the project is pretty young. There are a lot of areas where work is |
| 18 | +underway. However, in the sprit of "release early, release often", we try to release a version every week. In a |
| 19 | +form that you can simply download and run it right away. |
| 20 | + |
| 21 | +That, of course, is not the ideal deployment scenario. But it should enable you to get started within minutes and |
| 22 | +see what's in the box. |
| 23 | + |
| 24 | +## What do you need? |
| 25 | + |
| 26 | +A computer (doesn't work on phones, sorry), internet access (we don't ship on floppies), and the ability to run some |
| 27 | +code on your machine (yes, corporate IT rules might be an issue). |
| 28 | + |
| 29 | +Linux, macOS, Windows. AMD or ARM. Doesn't make a difference. |
| 30 | + |
| 31 | +## Everything, Everywhere, All at once |
| 32 | + |
| 33 | +Head over to the [release page](https://github.com/trustification/trustify/releases), and pick a binary for your OS and |
| 34 | +architecture with the name starting with `trustd-pm`. That's a binary which includes just everything: the application |
| 35 | +itself, the UI, the database, and an embedded OIDC server. |
| 36 | + |
| 37 | +Download that archive, extract it, and run the binary inside it. That's it! |
| 38 | + |
| 39 | +## Now what? |
| 40 | + |
| 41 | +Take your favorite web browser and navigate to: <http://localhost:8080>. That will automatically log you in with a |
| 42 | +demo user, and show you the user interface. |
| 43 | + |
| 44 | +You might notice that the system looks quite empty. That is because we did not connect any datasource yet. Navigate |
| 45 | +to the "Importer" section and enable the following pre-configured importers: |
| 46 | + |
| 47 | +* `cve-from-2024` |
| 48 | +* `redhat-csaf-vex-2024` |
| 49 | +* `redhat-sbom` |
| 50 | + |
| 51 | +After that, you might want to take a break. Ingesting those sources for the first time might take a bit. Future runs, |
| 52 | +however, will be much faster, as only the diff will be processed. |
| 53 | + |
| 54 | +Maybe click a bit around in the UI to get an idea. Again, don't expect too much yet. It's'a work in progress. |
| 55 | + |
| 56 | +## So? |
| 57 | + |
| 58 | +Being a work in progress also has its advantages. If you managed to get the system up and running in a few minutes, |
| 59 | +you might want to reach out and check what we're up to. Or you might have some ideas yourself, or questions. Or, in |
| 60 | +case you had not been able to start up the demo, we would kindly as to reach out to use and let us know. |
| 61 | + |
| 62 | +Everything is on GitHub: <https://github.com/trustification/trustify>. If you have some feedback or run into problems, |
| 63 | +just raise an issue. If you have some ideas, please let us know as well. And of course, PRs are also always welcome. |
| 64 | + |
| 65 | +If you're looking for a direct chat, you're also welcome to join our Matrix channel: [#trustification:matrix.org](https://matrix.to/#/#trustification:matrix.org). |
| 66 | + |
| 67 | +## What's next? |
| 68 | + |
| 69 | +Our goal is to push out a new pre-release every week around Thursday. So maybe come back in a bit and check out the |
| 70 | +improvements. |
0 commit comments