VeriBOM How-to Guide
  • VeriBOM How-to Guide
    • VeriBOM Source Code Upload
    • VeriBOM GitHub Integration
    • VeriBOM GitLab Integration
    • VeriBOM Bitbucket Integration
    • VeriBOM AWS CodeCommit Integration
    • VeriBOM Azure Repos Integration
    • VeriBOM Docker Hub Integration
    • VeriBOM ECR Integration
    • VeriBOM ACR Integration
    • VeriBOM Jenkins Integration
    • VeriBOM GitHub Actions Integration
    • VeriBOM GitLab-CI/CD Integration
    • VeriBOM CircleCI Integration
    • VeriBOM TeamCity Integration
    • VeriBOM Azure Pipelines Integration
    • VeriBOM Bitbucket Pipelines Integration
    • VeriBOM AWS CodeBuild Integration
    • VeriBOM Travis CI Integration
    • VeriBOM On-Premise Integration
Powered by GitBook
On this page
  1. VeriBOM How-to Guide

VeriBOM Travis CI Integration

PreviousVeriBOM AWS CodeBuild IntegrationNextVeriBOM On-Premise Integration

Last updated 1 year ago

Introduction This guide provides step-by-step instructions on integrating VeriBOM with Travis-CI Pipelines CI/CD for seamless CI/CD pipeline scanning for SBOM generation and uploading the generated SBOM to the VeriBOM platform.

Prerequisites

Before you begin, ensure that you have the following:

  1. Travis-CI Account: Ensure you have access to your Travis-CI repository with the necessary permissions to configure pipeline settings.

  2. VeriBOM Account: Ensure you have access to VeriBOM and the required permissions to generate an API key.

Steps

Step 1: Generate an access token from VeriBOM

  1. Log in to VeriBOM

  2. Navigate to Products page

  1. If the product for which Travis-CI CI/CD integration is needed is already listed, click it; otherwise, click on Add Product to create the product and click it.

  1. Click on "Add Project."

  1. Provide project information (name, description, and environment) and click on the Save and Continue button.

  1. On the next page, select Travis-CI CI/CD under Source Type.

  1. From the following page, Copy the API Key generated and click on "Complete Setup" Please ensure to securely store this API Key for future use.

A SBOM request needs to be submitted from the Travis-CI CI/CD platform using the API Key. You should be able to view the SBOM when the SBOM scanning status is shown as completed.

Step 2: Configure VeriBOM Integration in Travis-CI

  1. Log in to your Travis-CI account

  1. Once logged in, click on your Repo.

  2. For your Selected Repo, click on Settings

  1. Scroll down to the Environment Variables section, and enter the API Key previously copied from the VeriBOM UI.

  1. Once you've stored the VeriBOM API Key in the Travis-CI Environment variable, proceed by adding a .travis.yml file to your repository. Within this file, include or adjust the script responsible for initiating SBOM generation and uploading the resulting SBOM to VeriBOM. You can refer to a sample script available on the same page where you obtained the API Key.

  2. Scroll up on the same page click on "Trigger Build"

  1. Once the job is completed, verify the generated SBOM in VeriBOM.

In this way, we can successfully integrate VeriBOM with Travis-CI projects and manage and track SBOM efficiently.