aquasecurity / chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Apache License 2.0
726 stars 60 forks source link

add installation instructions #13

Closed 06kellyjac closed 2 years ago

06kellyjac commented 2 years ago

Description

Added installation instructions: binary, go install, nix

based on https://aquasecurity.github.io/trivy/v0.28.1/getting-started/installation/

Related issues

Related PRs

In stable and unstable :tada:

Checklist

itaywol commented 2 years ago

Wouldn't it be better on a separated INSTALL.md installation usually evolves a-lot around adapting to different os/arch.

@morwn Maybe install script?

06kellyjac commented 2 years ago

yeah I can move it to a separate file. Will chain-bench end up with a docs/ dir that's rendered out to GH pages like trivy?

itaywol commented 2 years ago

yeah I can move it to a separate file. Will chain-bench end up with a docs/ dir that's rendered out to GH pages like trivy?

probably, it would be the best approach in this case

06kellyjac commented 2 years ago

Added mkdocs stuff based on trivy and tracee. Installation order inspired by trivy


Chain-bench is now in unstable, ~it's making it's way to stable~ and is now in stable too

https://nixpk.gs/pr-tracker.html?pr=177777

https://search.nixos.org/packages?channel=unstable&query=chain-bench

https://search.nixos.org/packages?channel=22.05&query=chain-bench


with nix it's also possible to just try chain-bench out in an ephemeral shell

λ chain-bench --help
zsh: command not found: chain-bench

# stable cli
λ nix-shell -p chain-bench
this path will be fetched (4.35 MiB download, 14.86 MiB unpacked):
  /nix/store/1iakvrxl2f41pq1fkqf3j8xywrhgh6kp-chain-bench-0.0.2
copying path '/nix/store/1iakvrxl2f41pq1fkqf3j8xywrhgh6kp-chain-bench-0.0.2' from 'https://cache.nixos.org'...

[nix-shell:~]$ chain-bench --help
Run CIS Benchmarks checks against your software supply chain

Usage:
  chain-bench [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
# ...
  -v, --verbose              set to print logs to console
      --version              version for chain-bench

Use "chain-bench [command] --help" for more information about a command.

[nix-shell:~]$
exit

# unstable new cli
λ nix shell nixpkgs#kdigger

[nix-shell:~]$ chain-bench --help
Run CIS Benchmarks checks against your software supply chain

Usage:
  chain-bench [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
# ...
  -v, --verbose              set to print logs to console
      --version              version for chain-bench

Use "chain-bench [command] --help" for more information about a command.

and in the future docker run -it nixery.dev/shell/chain-bench will work via https://nixery.dev/ once it's updated

docker run -it nixery.dev/shell/chain-bench/git/trivy would give you a container with an interactive shell + chain-bench + git + trivy

06kellyjac commented 2 years ago

rebased on main

06kellyjac commented 2 years ago

GitHub pages links have been commented out of the README and just link to the folder in github until a GHA workflow can deploy to GH Pages

06kellyjac commented 2 years ago

thanks both