dockeruser
/
almalinux.org
mirror of https://github.com/AlmaLinux/almalinux.org.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

add sbom page

pull/83/head
Atalay Kelestemur 3 years ago
parent
0a5db3a25f
commit
c0d16a056d
3 changed files with 126 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 120
      www/templates/sbom/index.html
  2. 3
      www/urls.py
  3. 4
      www/views.py

120
www/templates/sbom/index.html
View File

@ -0,0 +1,120 @@
{% extends 'layouts/base.html' %}
{% load i18n %}
{% load static %}
{% load encore %}
{% block title %}{% translate 'AlmaLinux OS - SBOM' %}{% endblock %}
{% block description %}
{% translate 'ELevate enables migration between major versions of RHEL(r) derivatives. Easily go from CentOS 7.x to any 8.x of your choice' %}{% endblock %}
{% block head_end %}
{% encore_entrypoint_css 'page_elevate' %}
{% endblock %}
{% block body_end %}
{% encore_entrypoint_js 'page_elevate' %}
{% endblock %}
{% block body %}
<section class="al-page-blog-post">
<div class="container py-5">
<h1 class="al-section-title mb-3">AlmaLinux Software Bill of Materials (SBOM) Information</h1>
<article>
{% if post.featured_image %}
<div class="al-article-feature mb-4">
<img src="{{ post.featured_image.url }}"
class="d-block mx-lg-auto img-fluid"
alt="{{ post.title }}"
loading="lazy">
</div>
{% endif %}
<div class="al-article-content pb-5 al-wysiwyg">
<p>
AlmaLinux provides a Software Bill of Materials (SBOM) for its releases.
</p>
<h2>What is an SBOM?</h2>
<p>
SBOM, which stands for Software Bill of Materials, is something akin to an “ingredient list” for a
codebase. It helps identify the contents of software, including what open source and third-party
components are used, licensing information, components&#39; versions and if there are any known
vulnerabilities in those components.
</p>
<p>
The SBOM is the “ingredient list”, the code are the ingredients, the build system is the “kitchen”
where those ingredients get built into the final piece of software which you consume.
</p>
<h2>
Why are SBOMs important?
</h2>
<p>
Open source software is used extensively in applications, but it has led to the discovery of high-
profile hacks and vulnerabilities. SBOMs are meant to provide the community and users of open
source with even more transparency, and an efficient way to identify (in the case of a risk)
individual files, libraries, dependencies, etc. thereby increasing the trust and confidence in the
use of open source software.
</p>
<p>
The Linux Foundation thinks so too…
</p>
<p>
The Linux Foundation and open source Security Foundation (OpenSSF) have also produced a
plan called the <a href="https://openssf.org/oss-security-mobilization-plan/" target="_blank">Source Software Security Mobilization Plan</a> which calls for industry action
to develop software component frameworks, including SBOMs, to expedite discovery of and
response to future vulnerabilities like Log4j.
</p>
<p>
...And the president himself
</p>
<p>
An SBOM has been spotlighted as a key part of the solution presented by the president in the <a href="https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/" target="_blank">Executive Order on Improving the Nation’s Cybersecurity.</a>
</p>
<blockquote>
"the term “Software Bill of Materials” or “SBOM” means a formal record containing
the details and supply chain relationships of various components used in building
software. Software developers and vendors often create products by assembling
existing open source and commercial software components. The SBOM
enumerates these components in a product. It is analogous to a list of
ingredients on food packaging."
</blockquote>
<h2>
What AlmaLinux Provides
</h2>
<p>
<a href="https://build.almalinux.org/" target="_blank">The AlmaLinux Build System</a> has implemented SBOM into the pipeline for the reasons listed above, to enable:
</p>
<ul>
<li>Tracing the whole build process from pulling sources from CentOS git repositories to releasing a verified and signed package in the public repository</li>
<li>Making the build pipeline more secure like ensuring that only trusted sources are used for builds, avoiding attack consequences, etc</li>
<li>Reducing the number of ways of data corruption</li>
</ul>
<h3>How are we doing this?</h3>
<p>AlmaLinux is leveraging Codenotary’s open source <a href="https://cas.codenotary.com/" target="_blank"> Community Attestation Service</a> (CAS) to provide administrators with authentication, verification and full SBOM visibility.</p>
<ul>
<li>CAS stores all signatures inside of <a href="https://immudb.io/" target="_blank">immudb</a>, the standard for open source for
immutable databases, used by some of the world’s leading companies and
governments.</li>
<li>CAS is protected against tampering. All attestation data is integrity-checked and
cryptographically verified by the CAS client. No one can change this data, not
AlmaLinux or anyone else.</li>
<li>CAS is also protected against MITM attacks. The encryption key is client-side
verified and checked before every communication.</li>
</ul>
<h2>Getting Started</h2>
<p>For more information, see the Almalinux wiki: <a href="https://github.com/AlmaLinux/build-system/wiki/Codenotary-SBOM-integration">https://github.com/AlmaLinux/build-system/wiki/Codenotary-SBOM-integration</a></p>
</div>
</article>
<div class="al-blog-pagination mt-3">
{% if previous_post %}
<a href="{% url 'blog_post' previous_post.slug %}" class="al-blog-previous-button">
<span>{% translate '&laquo; Previous' %}</span>
</a>
{% endif %}
{% if next_post %}
<a href="{% url 'blog_post' next_post.slug %}" class="al-blog-next-button">
<span>{% translate 'Next &raquo;' %}</span>
</a>
{% endif %}
</div>
</div>
</section>
{% endblock %}

3
www/urls.py
View File

@ -17,6 +17,7 @@ urlpatterns = [
path('feed/', BlogPostFeed(), name='feed'), path('feed/', BlogPostFeed(), name='feed'),
path('media-link/<int:media_id>', views.media_element, name='media_element'), path('media-link/<int:media_id>', views.media_element, name='media_element'),
path('elevate', views.elevate, name='elevate'), path('elevate', views.elevate, name='elevate'),
path('sbom', views.sbom, name='sbom'),
path('ELevate', RedirectView.as_view(url='elevate'), name='ELevate'), path('ELevate', RedirectView.as_view(url='elevate'), name='ELevate'),
path('certified/amd-ryzen-may2022/', views.certified_index, name="certified_index_page") path('certified/amd-ryzen-may2022/', views.certified_index, name="certified_index_page")
] ]

4
www/views.py
View File

@ -220,6 +220,10 @@ def media_element(_: HttpRequest, media_id: int) -> HttpResponse:
def elevate(request: HttpRequest) -> HttpResponse: def elevate(request: HttpRequest) -> HttpResponse:
return render(request, 'elevate/index.html', {}) return render(request, 'elevate/index.html', {})
@require_safe
@never_cache
def sbom(request: HttpRequest) -> HttpResponse:
return render(request, 'sbom/index.html', {})
def not_found(request: HttpRequest, exception: Exception) -> HttpResponse: def not_found(request: HttpRequest, exception: Exception) -> HttpResponse:
return render(request, '404.html', status=404) return render(request, '404.html', status=404)

Write Preview
Loading…
Cancel
Save