This repository provides a suite of language/framework examples that implement end-to-end software supply chain security (SSCS).

The examples contain an advanced continuous integration pipeline covering building, CVE scanning, security scanning, signatures, attestations, SLSA provenance and SBOM along with Gitops-based continuous deployment

Software Template authors and IDP builders can take these samples to create their own SSCS based starters. The components in the samples are designed to be maintainable to ensure that day 2 maintainance of default build pipelines and deployment yaml ensures teams have

To import these templates, register a component in on the golden path template page

Import https://github.com/redhat-appstudio/tssc-sample-templates/blob/main/all.yaml

Add the following to your app-config.yaml file in your backstage configuration

    - type: url
      target:  https://github.com/redhat-appstudio/tssc-sample-templates/blob/main/all.yaml
      rules:
        - allow: [Location, Template]

This will add the samples into a set of backstage templates.

You need to ensure the on-prem host is being configured in app-config.yaml file in your backstage/RHDH configuration

properties file holds the default host for GitHub, GitLab and Quay.

Modify the value and run ./generate.sh will generate new templates with customized default value.

On Application Repository Information Page, provide your Git host in the Repository Server

Note: Please Ensure the correct Host Type is selected

On Deployment information Page, provide your Quay host in the Image Registry

The templates are found in ./templates and reference reusable content in ./skeleton.

The templates are maintained by importing external samples into the software template format. This allows the external samples to be used standalone, developed, and evolved and then imported.

The pipelines are also maintained externally to allow standalone use outside of software templates, as well as evolution of the pipelines in one of more software templates.

To update the templates from these or any new samples you update the list of imported repos and run the following.

./generate.sh to generate all the templates before commit to this repository.

Due to differences between Linux and MacOS, the GNU version of sed is required to be installed.

brew install gnu-sed

After this, alter PATH. For example, add the following line to your ~/.bash_profile:

export PATH="/opt/homebrew/opt/gnu-sed/libexec/gnubin:$PATH"