Installation
hoppr-cop is available as a python module or a docker image
Quick Install with Docker (recommended)
Register for a free account with OSS-Index. Then get the api token from your account page. You will use these in the next step.
Add the following to your ~/.bashrc file
export OSS_INDEX_USER=<your email>
export OSS_INDEX_TOKEN=<your token>
export CACHE_DIR=/tmp
export HOPPR_COP_VERSION="latest"
alias hoppr-cop='docker run -v $(pwd):/hoppr -e OSS_INDEX_TOKEN -e OSS_INDEX_USER -v $CACHE_DIR:/cache -t registry.gitlab.com/hoppr/hoppr-cop/hoppr-cop:$HOPPR_COP_VERSION'
Test the installation by running hoppr-cop --help
Gitlab CI Usage
variables:
HOPPR_COP_TAG: latest
SBOM_FILE: bom.json
OSS_INDEX_TOKEN: token
OSS_INDEX_USER: user
hoppr-cop:
image:
name: registry.gitlab.com/hoppr/hoppr-cop/hoppr-cop:$HOPPR_COP_TAG
entrypoint: [""]
stage: build
script:
- hoppr-cop --format table --format html --format gitlab --output-dir ./vuln-reports $SBOM_FILE
- artifacts:
paths:
- vuln-reports/*
reports:
dependency_scanning: vuln-reports/gl-dependency-scanning-report.json
Full install (pip)
Prerequisites
Note python 3.10 is required
The remaining prerequisites are optional, if not performed that scanner will not be activated.
- Install grype
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - Install trivy
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.2 - Register for a free account with OSS-Index
- Get the api token from your account page. Export your username and token as
OSS_INDEX_TOKENandOSS_INDEX_USER
- Get the api token from your account page. Export your username and token as
- install
ruby - run
gem install semver_dialects
Install Python Module
Note python 3.10 is required to install the tool
pip install hoppr-cop