Development Guide

Each of the components is developed in its own repository under the sbomer-project organization on GitHub.

The following are based around sbom-service component, but the general principles apply to all components; each component has its own scripts customized for that component.

To deploy the system locally, we deploy all the necessary components using Helm to the local Minikube Kubernetes cluster. In addition to the components, we need to install Tekton to the cluster since we are using Tekton pipelines to orchestrate the generation process.

Scripts for setting up the environment can be found in the hack directory.

Run

from the root directory to set up the Minikube local cluster environment.

This has to be done only once. You do not need to run this while changing the component code.

Run

to deploy all the components to the local cluster sbomer-test.

Component versions, apart from the current component, which is built from the current (changed) code, are decided by the central Helm chart in sbomer-platform repository.

Upon successful deployment, you should see all the pods running or completed.

To view pods, run

To gain access to the gateway, which is the entry point to the system (UI, API, other component ports), expose it by running

Now the system is fully deployed.

Depending on the component, you can additionally test it using curl or the UI.

For example, if you are working on the sbom-service, you can send a request to the API to trigger a generation and see how it is processed by the system.

Note: Some components can be developed on their own, such as the sbom-service API, so you don’t need to deploy the whole system to test them.