Version: 1.11.x

Git (GitHub, GitLab)

Collects Git repositories. This plugin collects the repository as specified by the purl and by default only collects a depth of 1.

Accepts purl types: git, gitlab, github

Details

Transfer Tag

hoppr.core_plugins.collect_git_plugin

Supported PURLs

gitgitlabgithub

System Dependencies

git

Transfer File Example

---
schemaVersion: v1
kind: transfer

stages:
  collect:
    plugins:
    - name: "hoppr.core_plugins.collect_git_plugin"
      config:
        process_timeout: 60

max_processes: 3

Configuration Options

Option	Details
git_command	String. Defaults to `git`. Command to be used to execute git commands. May be overridden with another command that uses the same syntax, or a fully qualified path if `git` is not on the default `$PATH`.
process_timeout	Number of seconds to attempt collect before timeout. Default: 60
depth	all, 1 or any int greater than 1. Sets the depth of the git clone command. Default: 1

Proxy and Certificate Configuration

The Git Collector plugin uses Git to download repositories, so the proxy and certificate configurations are not handled directly by the plugin, instead they must be configured as specified by Git.

To configure proxies and certificates, run the git config --edit --global command and add the following settings:

[http]
    sslverify = true
    sslCAInfo = <PATH_TO_YOUR_CA_CERTIFICATE>
    sslbackend = schannel
    proxy = <YOUR_PROXY_URL>
[https]
    sslverify = true
    sslCAInfo = <PATH_TO_YOUR_CA_CERTIFICATE>
    sslbackend = schannel
    proxy = <YOUR_PROXY_URL>

For specifying domains where proxies must not be used, create a new section with the URL for that domain and leave the proxy setting empty like in the following example:

[https "https://example.url/"]
    sslVerify = false
    proxy = 

Credentials Configuration

To specify credentials, you need a credentials file.

Sample credentials file:

---
schemaVersion: v1
kind: Credentials

metadata: 
  name: Registry Credentials
  version: v1
  description: Sample credentials file

credential_required_services:
  - url: registry.gitlab.com
    user_env: CI_REGISTRY_USER
    pass_env: CI_REGISTRY_PASSWORD

SBOM Generation Tools

syft (cli tool)
gh-sbom (cli tool that leverages gh)

note

For more tools visit the CycloneDX Tool Center

Details

Transfer Tag

Supported PURLs

System Dependencies

Transfer File Example

Configuration Options​

Proxy and Certificate Configuration​

Credentials Configuration​

SBOM Generation Tools​

Configuration Options

Proxy and Certificate Configuration

Credentials Configuration

SBOM Generation Tools