Quartermaster can be deployed both with GitHub Actions (see the workflows folder) and manually, with the following instructions:
-
Launch the DGraph database:
kubectl apply -k dgraph
-
Specify the Maven repository to be cloned in
qmstr/repo-url.env
. -
Specify the desired QMSTR image tags to be deployed in the QMSTR
kustomization.yaml
file.
The list of QMSTR Docker images can be found here. -
Launch Quartermaster:
kubectl apply -k qmstr
-
Wait for the build and analysis phases to be over:
kubectl logs --follow $(kubectl get pods --selector job-name=qmstr -o=name) qmstr-client
-
Forward two local ports to the following two ports on the DGraph Pod:
kubectl port-forward statefulset/dgraph 8000:8000
kubectl port-forward statefulset/dgraph 8080:8080
-
Open localhost:8000/?latest in your browser.
-
Click on "Continue":
-
Navigate to the "Console" page.
-
You should now be able to query the database:
{ PackageNodes(func: has(packageNodeType)) @recurse(loop: true, depth: 3) { uid name version packageNodeType targets additionalInfo buildConfig diagnosticInfo timestamp } FileNodes(func: has(fileNodeType)) @recurse(loop: true, depth: 3) { uid fileNodeType path name fileData timestamp derivedFrom dependencies } FileDataNodes(func: has(fileDataNodeType)) @recurse(loop: true, depth: 3) { uid fileDataNodeType hash additionalInfo diagnosticInfo } InfoNodes(func: has(infoNodeType)) @recurse(loop: true, depth: 3) { uid infoNodeType type confidenceScore analyzer dataNodes timestamp } Analyzers(func: has(analyzerNodeType)) @recurse(loop: true, depth: 3) { uid name analyzerNodeType trustLevel pathSub old new } DataNodes(func: has(dataNodeType)) @recurse(loop: true, depth: 3) { uid dataNodeType type data timestamp } }
-
The generated graph should look something like this:
The left part of the graph consists in the usual build graph, having in this case a single (Java) package node in green as the central node. License and compliance information is on the right, having the analyzer node in pink right in the middle.