コンテンツにスキップ

Deployment

There are a few deployment scenarios we envision, depending on your established software development processes and infrastructure.

Local-only Deployment

This is the most straightforward scenario, where the target application(s) are run on the same host that is performing the analysis.

For example, let's imagine that this host is a a developer workstation or a CI runner. During development or during a test pipeline, containers of interest would be exercised locally. Our observability service will record our observations in a local database. This database will then be used to augment SBOM/SCA reports based on these observations.

We envision this flow being ideal for local development, or for augmenting SBOM/SCA results based on behaviors observed from E2E/integration tests.

As these test environments likely do not perfectly represent production scenarios and cannot be easily combined with data from other hosts, potentially a less-complete picture of the behavior of the application is available in this scenario. This limitation should be considered when interpreting the results generated from these limited deployments.

Mayhem Platform Integration (Multi-Node)

In order to view results on the Mayhem platform, we must enable syncing observations from one or more nodes to the Mayhem API.

Configuring Sync

To begin, log in to your Mayhem instance and generate an API key.

You can then enable syncing from your mdsbom config in /etc/mdsbom/config.toml, by adding a section like:

[sync]
upstream_url = "https://app.mayhem.security"
api_token = "YOUR TOKEN HERE"
workspace = "YOUR WORKSPACE HERE"

Replacing api_token and workspace as appropriate.

(In lieu of specifying your token in this file, you can instead set api_token_file to a path to a file containing only your API token, with locked down permissions).

Querying the Mayhem Platform API

In order to query or submit reports to the hosted API, you will need to log in from your normal user account to the Mayhem API. This can be done with mdsbom login [URL] [TOKEN], replacing URL and TOKEN as appropriate. If you have logged in already with the mayhem or mapi CLIs, this login will also affect queries.

After logging in, queries and report submissions will target the remote API by default. As such, you will need to configure syncing from one or more nodes in order to see results. You can override this behavior when performing a query or report upload by specifying --local to the query or report commands.