Installing Trustification locally
The Trustification services use a web-based user interface, and the trust
command-line tool.
The command-line trust
tool can run any of Trustification’s services by using argument flags.
You must use the following infrastructure components, and software:
-
Two S3 buckets named,
vexination
andbombastic
for storing data, and the search index. -
Three topics or queues named,
sbom-stored
,sbom-indexed
, andsbom-failed
for Bombastic. -
Three topics or queues named,
vex-stored
,vex-indexed
, andvex-failed
for Vexination. -
Read and write credentials for the above resources.
-
An implementation of the Compose specification, as used in:
-
The Docker Desktop application.
-
The
podman-compose
tool, version 1.0.6 or higher.
-
You can use unique names by adjusting command-line flags in the manifests. Depending on your choice of infrastructure, you can create these resources, and manage access using your favorite tool, such as terraform. |
-
Clone the Trustification GitHub project locally.
-
Copy the most recent version tag from the Trustification GitHub project.
-
Set the
TRUST_VERSION
environment variable to the most recent version tag:Syntaxexport TRUST_VERSION=VERSION_TAG
Example$ export TRUST_VERSION=0.1.0-nightly.8fce4fcf
-
Change to the
deploy/compose
directory:Example$ cd deploy/compose
-
Start the Trustification containers:
Example$ podman-compose -f compose.yaml -f compose-trustification.yaml -f compose-guac.yaml -f compose-walkers.yaml up
This command starts MinIO and Apache Kafka containers, one container for object storage, and another for event sharing and notifications. Vulnerability data automatically starts loading from Red Hat sources after the containers start.
-
To access the Trustification user interface, open a web browser and point it to
http://localhost:8084
.