This project contains the Harbor application and enrichment providers that support it.
Version 2 of this project is in early stages of development. We are rapidly iterating towards a v2.0.0 MVP, but at this time all features are not yet operational, and the usage documentation is not available.
- Rust toolchain
- Protobuf
- docker (optional - used for tests)
- docker compose (optional - used for local environment)
- GitLeaks
- pre-commit
The following environment variables are referenced in code. When possible, defaults are provided that
support the docker-compose configuration found in the devenv folder.
SNYK_TOKEN- A valid Snyk API token. Required if using the Snyk integrations.HARBOR_FILE_STORE- Path specification for file storage. When using anS3StorageProviderthis should be the bucket name with path prefix where you wish to store generated files. When using aFileSystemStorageProviderthis should be a valid directory on the host machine running the job.DOCDB_CONFIG- DocumentDB connection configuration. If not set, tests will default to the configuration that supports thedocker-compose.yamlenvironment specified in thedevenvfolder. The primary Harbor installation is backed by DocumentDB, but any MongoDB 5.0 compliant database should be usable. Dynamic configuration is not yet implemented, but pull requests are welcome if community members need this capability before we can get to it. The current DocumentDB config expects a JSON document with the following schema:
{
"password":"<redacted>",
"engine":"mongo",
"port":27017,
"dbInstanceIdentifier":"<documentdb-instance-identifier>",
"host":"<documentdb-host-name>",
"ssl":true,
"username":"<redacted>"
}- Clone the repository and
cdinto its directory.
git clone git@github.com:cms-enterprise/sbom-harbor`
cd sbom-harbor- Install git pre-commit hooks.
pre-commit install- Depending on your development environment, you may also need to add the following to your
/etc/hostsfile.
# Harbor DevEnv
127.0.0.1 mongoThe documentation for each crate can be generated from source using cargo or rustdoc.
To generate the documentation, clone the repository, and then run the following command from this directory.
cargo doc --no-depsDocumentation for each crate will be generated and output to the target/doc subdirectory.
To build all workspace targets on the local machine run the following from the root directory.
cargo buildTo build a single crate run the following from the root directory.
cargo build --workspace -p <crate-name> # e.g. use harbor-api or harbor-cli as the final argument.By default, this will produce a debug build in the target/debug directory. To produce a release
binary run the following.
cargo build --releaseThe release build can be found in the target/release directory.
There are several use cases addressed by this repository. The following sections detail how to try out each one.
If you wish to run Harbor locally using the development environment found in the devenv directory,
open a new terminal and run the following command.
cd devenv && docker compose upFor organizations that use Snyk, Harbor can import SBOMs using the Snyk API. Make sure all environment variables are set and then run the following command.
Note: this assumes you are running the command from the root directory of the repository and
that you have run a release build as described above.
./target/release/harbor-cli sbom -p snykOnce you have ingested the SBOMs from the Snyk API, you can then use Harbor to call the API for all identified packages, and store any known vulnerability findings for each package.
./target/release/harbor-cli enrich -p snykIf you wish to run the above commands against the local development environment provided in
the devenv directory, add the --debug flag.
./target/release/harbor-cli sbom --debug -p snyk