Robot Users

Not all accounts are necessarily associated with human users. BOMnipotent is built with pipeline integration in mind. To create an account to be used in automation, add the ‘robot’ option to the request:

Input (long variant)

bomnipotent_client user request example_robot --robot

Input (short variant)

bomnipotent_client user request example_robot -r

Output

[INFO] Generating new key pair.
[INFO] Storing secret key to '/root/.config/bomnipotent/secret_key.pem' and public key to '/root/.config/bomnipotent/public_key.pem'.
[INFO] Request for robot user submitted. It now needs to be confirmed by a user manager.

This request will mark the account as a robot, and not send a verification mail. To approve such an account, you have to provide the ‘robot’ option.

Input (long variant)

bomnipotent_client user approve example_robot --robot

Input (short variant)

bomnipotent_client user approve example_robot -r

Output

[INFO] Changed status of example_robot to APPROVED.

Note

Since robot users are not verified, and typically have elevated permissions, you should be absolutely certain that this is the account you want to approve.

A plausible setup is to give the robot user roles with the permissions BOM_MANAGEMENT and VULN_MANAGEMENT, enabling them to upload BOMs and update vulnerabilities:

Input

bomnipotent_client user-role add example_robot bom_manager;
bomnipotent_client user-role add example_robot vuln_manager;

Output

[INFO] Added role to user.
[INFO] Added role to user.

Now you can use your robot’s credentials in your CI/CD pipeline.