A Software Factory

This repository contains the various demonstration for software factory features.

Visit the Software Factory documentation page.

Partner Demonstrations

Software Bill of Material

Sonatype - Nexus IQ Server - Nexus Lifecycle

First, clone this repo. Then, from a fresh cluster:

1. Install the OpenShift Pipelines Operator into all namespaces
2. Install Sonatype Nexus IQ Operatore
   1. Install the Nexus IQ namespace oc apply -f components/sonatype/sonatype-namespace.yml
   2. Insall the Nexus IQ Operator Subscription oc apply -f components/sonatype/nexus-iq-sever/nexus-iq-server-subscription.yml
   3. Insall an Nexus IQ Operator instance oc apply -f components/sonatype/nexus-iq-sever/nexus-iq-server-instance.yml
   4. Insall an Nexus IQ Operator route oc apply -f components/sonatype/nexus-iq-sever/nexus-iq-server-route.yml
3. Access the Nexus IQ Server via your route
   1. Login with default credentials [un: admin, pw: admin123]
   2. Upload the Not For Resale (NFR) License
   3. Create an organization called Red Hat
   4. Settings -> Automatic Applications
      1. Turn on Automatic Application Creation
      2. Select Red Hat as Parent Organization
4. Install Tekton task for Nexus IQ Scan oc apply -f https://raw.githubusercontent.com/tektoncd/catalog/main/task/nexus-lifecycle-scan/0.1/nexus-lifecycle-scan.yml
5. Install WebGoat Sample Pipeline (components/sonatype/tekton-pipelines-samples/web-goat-pipeline)
   1. First, the two parameters in the pipeline CRD
      1. [REPLACE-WITH-NEXUS-IQ_SERVER] - Replace with the route created earlier
      2. [USER:PASSWORD] - Use the default of admin:admin123
   2. Invoke the updated pipline CRD oc apply -f components/sonatype/tekton-pipelines-samples/web-goat-pipeline
6. Invoke a pipeline run. Make sure to selevt the VolumeClaimTemplate for the storage option