Robot Users

Not all accounts are necessarily associated with human users. BOMnipotent is built with pipeline integration in mind. To create an account to be used in automation, add the ‘robot’ option to the request:

Input (long variant)
bomnipotent_client user request example_robot --robot
Input (short variant)
bomnipotent_client user request example_robot -r
Output
[INFO] All requests are unauthenticated: No username was provided for signing request.
[INFO] Generating new key pair.
[INFO] Storing secret key to '/root/.config/bomnipotent/secret_key.pem' and public key to '/root/.config/bomnipotent/public_key.pem'.
[INFO] All requests are unauthenticated: No username was provided for signing request.
[INFO] Request for robot user 'example_robot' submitted. It now needs to be confirmed by a user manager.

This request will mark the account as a robot, and not send a verification mail. To approve such an account, you have to provide the ‘robot’ option.

Input (long variant)
bomnipotent_client user approve example_robot --robot
Input (short variant)
bomnipotent_client user approve example_robot -r
Output
[INFO] Changed status of example_robot to APPROVED.
Note

Since robot users are not verified, and typically have elevated permissions, you should be absolutely certain that this is the account you want to approve.

In ordner not to have to fish the generated keys from the somewhat hidden user folder, you can specify a desired path to store them:

Input (long variant) (available since version 1.1.0)
bomnipotent_client user request ci_cd_robot --robot /home/ci_cd_robot
Input (short variant)
bomnipotent_client user request ci_cd_robot -r /home/ci_cd_robot
Output
[INFO] All requests are unauthenticated: No username was provided for signing request.
[INFO] Generating new key pair.
[INFO] Storing secret key to '/home/ci_cd_robot_secret_key.pem' and public key to '/home/ci_cd_robot_public_key.pem'.
[INFO] All requests are unauthenticated: No username was provided for signing request.
[INFO] Request for robot user 'ci_cd_robot' submitted. It now needs to be confirmed by a user manager.

A plausible setup is to give the robot user roles with the permissions BOM_MANAGEMENT and VULN_MANAGEMENT, enabling them to upload BOMs and update vulnerabilities:

Input
bomnipotent_client user-role add example_robot bom_manager;
bomnipotent_client user-role add example_robot vuln_manager;
Output
[INFO] Added role to user.
[INFO] Added role to user.

Now you can use your robot’s credentials in your CI/CD pipeline.