From 69cbe9a316facf80ebfc0d88c28a76bbd5a10743 Mon Sep 17 00:00:00 2001 From: TracyRagan Date: Wed, 7 Dec 2022 17:43:27 -0700 Subject: [PATCH] Added Swagger --- .../2 Define Components.md | 4 +--- .../guides/userguide/integrations/swagger.md | 21 +++++++++++++++++++ .../reusable/Ortelius Pipeline Automation.md | 4 +++- 3 files changed, 25 insertions(+), 4 deletions(-) create mode 100644 content/en/guides/userguide/integrations/swagger.md diff --git a/content/en/guides/userguide/Publishing Components/2 Define Components.md b/content/en/guides/userguide/Publishing Components/2 Define Components.md index f78e60b7..9d441d78 100644 --- a/content/en/guides/userguide/Publishing Components/2 Define Components.md +++ b/content/en/guides/userguide/Publishing Components/2 Define Components.md @@ -138,7 +138,6 @@ This section shows a list of all _Applications_ that are consuming this _Compone Give your users more information about your Container, Application File or Database Component. You can upload an external readme file to provide any information that you need to convey to your potential consumers. Use the 'Upload' option to select a file. It must be in text format. You can also automate the upload - see below. - ## Component Swagger Publish your Swagger API definitions to provide further information about your restful APIs and the parameters needed. Ortelius takes your .json or .yaml file and renders it using [Swagger](https://swagger.io/). Use the 'Upload' option to associate your .json or .yaml file to that specific _Component Version_. You can also automate the upload - see below. @@ -155,10 +154,9 @@ Component vulnerabilities are based on your SBOM. Every thirty minutes, Ortelius Report the license associated with your code base for your _Component_. Use the 'Upload' option to import your License file into Ortelius. The file must be in a text format. - ## Automate the Readme, SBOM, License, and Swagger Upload via Your Pipeline. -You can automatically upload you readme, SBOM, License, and Swagger data using the Command Line Interface (CLI) added to your pipeline. For more information review the [CI/CD CLI integration document](https://docs.ortelius.io/guides/userguide/integrations/ci-cd_integrations/). +You can automatically upload you readme, SBOM, License, and Swagger data using the Command Line Interface (CLI) added to your pipeline. For more information review the [CI/CD CLI details](https://github.com/Ortelius/cli/blob/main/doc/dh.md). You will find a complete list of parameters for collecting Swagger, SBOM and other tool reports and results. . {{% include "guides/userguide/reusable/AuditTrail-withDeployments.md" %}} diff --git a/content/en/guides/userguide/integrations/swagger.md b/content/en/guides/userguide/integrations/swagger.md new file mode 100644 index 00000000..327208a5 --- /dev/null +++ b/content/en/guides/userguide/integrations/swagger.md @@ -0,0 +1,21 @@ +--- +title: "Swagger Integration" +linkTitle: "Swagger Integration" +weight: 315 +description: > + Tracking Swagger for Your Component +--- + +## Swagger + +Ortelius uses [Swagger](https://swagger.io/) to display your microservice / API documentation, based on your _Component Version_. Developers create, or automate the creation of Swagger documentation. Once created the Swagger documentation can be associated to the _Component Version_. + +### Uploading Swagger Documentation + +You can use the Ortelius _Component_ Detail view to manually upload your Swagger documentation for your _Component_. Alternatively, the recommended approach is to use the CI/CD Command Line Interface to automatically add your Swagger documentation file. Refer to the [CI/CD CLI details](https://github.com/Ortelius/cli/blob/main/doc/dh.md) for incorporating Swagger into your pipeline process. + +> Note: Swagger or OpenAPI formats can be used. + +### Viewing Component CVE Data + +Swagger data is associated to a particular _Component Version_ and can be seen by going to the Component Detail View. \ No newline at end of file diff --git a/content/en/guides/userguide/reusable/Ortelius Pipeline Automation.md b/content/en/guides/userguide/reusable/Ortelius Pipeline Automation.md index db5158dd..d072137a 100644 --- a/content/en/guides/userguide/reusable/Ortelius Pipeline Automation.md +++ b/content/en/guides/userguide/reusable/Ortelius Pipeline Automation.md @@ -2,7 +2,9 @@ In order to continuously gather pipeline intelligence, Ortelius must become part of your pipeline. Ortelius integrates into your CI/CD process using the Ortelius Command Line (CLI). The Ortelius CLI gathers supply chain data based on a single pipeline workflow at the build and deploy steps. The build step gathers Swagger, SBOM, Readme, licenses, Git data, Docker image, and other build output. The deploy step records when a release occurs, what was sent and where the objects were sent to. -[Download the complete Ortelius POC Document](/Ortelius-General-Poc.pdf) +For the most up to date information on the Ortelius CLI visit the [Ortelius GitHub Repository](https://github.com/Ortelius/cli/blob/main/doc/dh.md). You will find a complete list of parameters for collecting Swagger, SBOM and other tool reports and results. + +You can complete a POC setup using Ortelius integrated into your Pipeline. [Download the complete Ortelius POC Document](/Ortelius-General-Poc.pdf) to get started. ### Install the Ortelius CLI Install the Ortelius CLI to complete your POC. Install the Ortelius CLI where your CI/CD server is running. Refer to the [Ortelius GitHub CLI Documentation](https://github.com/Ortelius/cli/blob/main/doc/dh.md) for installation instructions.