Advanced Configuration

You can use the following advanced configuration options to customize Lineaje SCA360 for your organization’s needs.

Configure Upload Automation

To allow the VM to access the metadata file, create an upload_config.yaml file. This file holds the configuration for images discovery and integrations.

  1. Create a /opt/veecli/upload_config.yaml using the specifications in the following upload_config.yaml file.

{
  "supported_orgs": [
    "<org_name_1>",
    "<org_name_2>"
  ],
 
  "images": [
    {
      "aws-account-id": "<aws_account_id>",
      "org-name": "<org_name>",
      "discovery-logic": "<s3-path>",
      "repository-url": "<account_id>.dkr.ecr.<region>.amazonaws.com/<repository-name>",
      "s3-path": "s3://<bucket-name>/<path-prefix>/",
      "role_arn": "arn:aws:iam::<account_id>:role/<role_name>",
      "region": "<aws_region>"
    }
  ],
 
  "amis": [
    {
      "aws-account-id": "<aws_account_id>",
      "org-name": "<org_name>",
      "discovery-logic": "s3-path",
      "unique-resource-id": "ami-<id>, snap-<id>, i-<instance_id>, arn:aws:ec2:<region>:<account_id>:instance/<instance_id>",
      "s3-path": "s3://<bucket-name>/<path-prefix>/",
      "role_arn": "arn:aws:iam::<account_id>:role/<role_name>",
      "region": "<aws_region>"
    }
  ]
}

  1. Run the upload_automation script in the background.

    1. Open a tmux terminal using tmux new-session -t upload_automation

    2. Run command to start automation cd /opt/veecli && python3 upload_automation.py

      1. For --wait, the default value is 24 hours. The script iterates upload_config.yaml every 24 hours.

      2. For --time, the default value is 00:00. The script begins waiting from the specified time.

        Example: If --time 05:30 and --wait 8 are set, the script performs initial discovery at 05:30, then repeats every 8 hours, at 13:30 and 21:30.

      upload automation script

Upload Metadata Files for Upload Automation

Uploading metadata files enables Lineaje SCA360 to discover specific images, associate accurate product details with each image, and maintain privacy by only uploading SBOM metadata tar files to Lineaje infrastructure.

  1. Create an image metadata file in YAML format. This file contains key-value pairs describing product information for an Image, AMI, or AWS Lambda function.

  2. Store the metadata file in Amazon S3 using the following directory structure: s3://<bucket-name>/lineaje-data-science/<groupname>/<image-digest/unique-resource-id>.yaml

    Example: s3://<lineaje-metafiles-bucket>/lineaje-data-science/data-science/org_name/fb93015b83a2570123456789053ad9ccde3fca76df218b0b91b649f3eadbb8.ya

  3. Name the file using a unique identifier, preferably the SHA256 hash of the image (without the sha256: prefix). The filename is also used for ignore files if SBOM generation is performed for the resource.

  4. Include the following mandatory fields in the metadata file:

    • group: Organizational hierarchy (e.g., root-org/demo-ush).

    • project: Project name to appear in the Lineaje tenant.

    • version: Version of the project.

    • repository-url (Required for ECR scans): Full ECR repository URI.

    • image-hash (Required for ECR scans): SHA256 hash of the image.

    • unique-resource-id (Required for AMI/Lambda scans): Unique resource ID.

    • region (Required for AMI/Lambda scans): AWS region where the resource is located.

    • image-creation-date: Timestamp in ISO 8601 format (e.g., 2025-03-07T13:29:15.000Z).

    • sdlc-state: Software Development Life Cycle state (e.g., Dev, Stage, Prod).

    • entrypoint: Optional; can be null.

  5. Add the following recommended fields for better classification:

    • description: Brief description of the image or resource.

    • tags: Key-value tags for classification.

    • owner: Team or individual responsible for the resource.

  6. For ECR images, name the metadata file using <image_hash>.yaml

An example file name is 214ae3a3da7c0f0caf17049fdcdeab60585dae60c07d3891f99718a3bb1d8043.yaml.

The following is an example of an ECR metadata content:

metadata:
  group: "customer_org"
  project: "project_name_here"
  version: "version_here"
  repository-url: "ecr_repo_url_here"
  image-creation-date: "2025-03-07T13:29:15.000Z"
  image-hash: "image_hash_here"
  sdlc-state: "Prod"
  entrypoint: null

  1. For source code, name the metadata using <last_commit_hash>.yaml. An example file name is 77a9afb0f01bf885231a1a8f5fb25dd0196c0a24.yaml.

The following is an example of a source code metadata content:

metadata:
  group: "customer_org"
  project: "project_name_here"
  version: "1.0"
  repository-url: "github_repo_url_here"
  matching-ref: "v1"
  type: "npm"
  sdlc-state: "Prod"
PreviousConfiguring Lineaje SCA360NextIntegration with CICD pipeline

Last updated