VeriBOM How-to Guide
  • VeriBOM How-to Guide
    • VeriBOM Source Code Upload
    • VeriBOM GitHub Integration
    • VeriBOM GitLab Integration
    • VeriBOM Bitbucket Integration
    • VeriBOM AWS CodeCommit Integration
    • VeriBOM Azure Repos Integration
    • VeriBOM Docker Hub Integration
    • VeriBOM ECR Integration
    • VeriBOM ACR Integration
    • VeriBOM Jenkins Integration
    • VeriBOM GitHub Actions Integration
    • VeriBOM GitLab-CI/CD Integration
    • VeriBOM CircleCI Integration
    • VeriBOM TeamCity Integration
    • VeriBOM Azure Pipelines Integration
    • VeriBOM Bitbucket Pipelines Integration
    • VeriBOM AWS CodeBuild Integration
    • VeriBOM Travis CI Integration
    • VeriBOM On-Premise Integration
Powered by GitBook
On this page
  • Introduction
  • Prerequisites
  • Steps
  1. VeriBOM How-to Guide

VeriBOM GitHub Integration

PreviousVeriBOM Source Code UploadNextVeriBOM GitLab Integration

Last updated 1 year ago

Introduction

VeriBOM allows you to generate SBOM for your code repositories hosted on GitHub using a few simple steps. This guide provides detailed configuration steps for the same.

Prerequisites

Before you begin, ensure that you have the following:

1. GitHub Account: You need a GitHub account with access to the repos that you want to configure in VeriBOM.

2. VeriBOM Account: Make sure you have an account in VeriBOM and the necessary permissions to configure integrations.

Steps

Step 1: Generate an access token from GitHub

  1. Go to and log in to your account.

  2. In GitHub, click on your profile picture in the top-right corner and select Settings.

  1. In the left sidebar, click on Developer Settings.

  1. Under Personal Access Tokens, click on Token (classic).

  1. Fill in the required information. Ensure you select the necessary scopes (permissions) for your SBOM integration. Typically, "repo" and "read:org" permissions are required. It is recommended to set the expiration to "no expiration.".

  1. Click Generate Token at the bottom of the page.

  1. GitHub will generate a personal access token. Copy this token and store it securely. You won't be able to see it again.

Step 2: Configure GitHub Integration in VeriBOM

  1. Login to VeriBOM.

  2. Navigate to the Products page.

  1. If the product for which GitHub integration is needed is already listed, click it; otherwise, click on Add Product to create the product and click it.

  1. Click on "Add Project".

  1. Provide project information (name, description and environment) and click on the Save and Continue button.

  1. On next page, select GitHub under Source Type and continue.

  1. On the next page, enter the personal access token that you generated and the repository URL. If you want to supply more than one repository URL, click on Add Another Repository. Click Save and Continue button after you have added the required repositories.

  1. A SBOM request will be submitted. You should be able to view the SBOM when the Status is shown as completed.

In this way, we would be able to successfully integrate VeriBOM with GitHub projects and manage and track SBOM efficiently.

GitHub