You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: chainguard-libraries/java/readme.md
+9-2Lines changed: 9 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,11 +63,12 @@ For this demo all builds will use **containerized environments** to avoid needin
63
63
64
64
## 🧰 Prerequisites
65
65
66
-
-**chainctl** is installed and user has access to the chainguard org with java ecosystem entitlements. NOTE: The user must have the `libraries.java.pull` role in order to access libraries from `https://libraries.cgr.dev/maven/` e.g. `owner` role. Chainctl install docs can be found [here](https://edu.chainguard.dev/chainguard/chainctl-usage/how-to-install-chainctl/)
66
+
-**chainctl** is installed and user has access to the chainguard org with java ecosystem entitlements.
67
+
> NOTE: The user must have the `libraries.java.pull` role in order to access libraries from `https://libraries.cgr.dev/maven/` e.g. `owner` role. Chainctl install docs can be found [here](https://edu.chainguard.dev/chainguard/chainctl-usage/how-to-install-chainctl/)
67
68
-**chainctl** CLI tool to scan artifacts. chainctl install docs can be found [here](https://edu.chainguard.dev/chainguard/chainctl-usage/how-to-install-chainctl/)
68
69
-**jq** installed for JSON parsing
69
70
- A **Chainguard organization name** (e.g. `myorg.com`) that has Java ecosystem entitlements.
70
-
- Network Access to `libraries.cgr.dev/maven/`
71
+
- Network Access to `https://libraries.cgr.dev/maven/`
71
72
- Docker installed to run images
72
73
---
73
74
@@ -96,6 +97,9 @@ It provides a baseline for functionality and scanning before any Chainguard cont
96
97
View the Java dependencies in the pom file:
97
98
98
99
```bash
100
+
# Change Directory into the step1-orig folder
101
+
cd cs-workshop/chainguard-libraries/java/step1-orig
102
+
99
103
# Print only the <dependencies> section from pom.xml to see what the app depends on.
100
104
awk '/<dependencies>/,/<\/dependencies>/' pom.xml
101
105
```
@@ -274,6 +278,7 @@ docker build \
274
278
```bash
275
279
# Start the app using the Chainguard-built container.
276
280
docker run -d -p 8081:8080 --name java-lib-example-1 java-lib-example:$TAG
281
+
sleep 3
277
282
curl http://localhost:8081
278
283
279
284
# Copy the JAR so that we can scan it with chainctl.
@@ -328,6 +333,8 @@ This removes temporary tokens, images, and jar artifacts created during the work
328
333
ID=$(chainctl iam ids ls --parent="$ORG_NAME" -o json | jq -r --arg name "$TOKEN_NAME"'.items[] | select(.name | startswith($name)) | .id')
329
334
chainctl iam identities delete "$ID" --parent "$ORG_NAME" --yes
Copy file name to clipboardExpand all lines: chainguard-libraries/python/readme.md
+21-8Lines changed: 21 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -56,7 +56,8 @@ We’ll work through three stages:
56
56
Demonstrate how to view Provenance details for Chainguard Python Libraries.
57
57
58
58
59
-
For this demo all builds will use **containerized environments** to avoid needing to have a local python setup. We will also be using `uv` instead of `pip` to install python dependencies since it is faster, and also preserves repo precedence when doing builds with Chainguard Libraries. **Note:** It is NOT recommended to use pip when pulling python dependencies directly from the Chainguard repo as it doesn't guarantee dependencies will be pull from Chainguard over PyPI.
59
+
For this demo all builds will use **containerized environments** to avoid needing to have a local python setup. We will also be using `uv` instead of `pip` to install python dependencies since it is faster, and also preserves repo precedence when doing builds with Chainguard Libraries.
60
+
>⚠️ It is NOT recommended to use pip when pulling python dependencies directly from the Chainguard repo as it doesn't guarantee dependencies will be pull from Chainguard over PyPI.
60
61
61
62
---
62
63
@@ -94,6 +95,8 @@ This stage builds and runs a simple Flask app using upstream Python images and d
94
95
### 1. Inspect dependencies
95
96
96
97
```bash
98
+
# Change Directory into the step1-orig directory
99
+
cd cs-workshop/chainguard-libraries/python/step1-orig
97
100
# Review the dependencies used by the application.
In this step we will use chainctl to scan the venv directory to determine how many dependencies came from Chainguard repo vs. upstream PyPI since we haven't built with the Chainguard repo yet we expect the output to be 0%.
142
+
In this step we will use chainctl to scan the venv directory to determine how many dependencies came from Chainguard repo vs. upstream PyPI. Since we haven't built with the Chainguard repo yet we expect the output to be 0%.
138
143
139
144
```bash
140
145
# Copy the virtual environment from the container for scanning.
@@ -163,7 +168,7 @@ After the build, you’ll scan to verify that dependencies now originate from Ch
163
168
```bash
164
169
# Request a Chainguard library token for the Java ecosystem.
@@ -299,7 +305,11 @@ Each Chainguard-built dependency includes an SBOM under
299
305
300
306
Inspect provenance for a specific package, note that the SBOM indicates that the dependency was built by Chainguard, and the git url and commit hash can be verified.
0 commit comments