Manifest CLI Quickstart Guide
First, install the Manifest cli locally. There are many ways to install listed on the README.
brew install manifest
Next, generate an API Key so you can send the SBOM to the Manifest app.
- Login to the Manifest app (app.manifestcyber.com)
- Click on the button in the top right of the app with your organization name.
- Click 'Create New API Token'
- Give your token a Label, description, and scope. For scope, select
upload sbomand click 'Confirm.' - Copy your API token into your secrets manager (e.g. Github Secrets, or keep it handy to pass into the cli)
Generate your first SBOM and send it to Manifest. Simply run the following command, and make sure the -p parameter points to a source code repository/folder or a container.
manifest sbom -p=./route/to/folder,alpine:latest --generator=trivy --publish=true
In the command above, the command will generate two SBOMs: one for the project located at ./route/to/folder, and the other for the latest version of the Alpine container image. It will use the Trivy SBOM generator, and will publish the SBOM (send it to the Manifest app).
Login to the Manifest app, and navigate to the SBOMs page. The SBOMs may take a few minutes to upload and process. When they're ready to view, you can either click on the Asset name in the SBOM page, or go to the Assets page.