NOTE: There's some working code in here, but don't bet the farm on it just yet...
kusari (鎖)
A simple blockchain module for Golang.
Overview
DKFM is experimenting with a few ideas around using block chain concepts for creating irrefutable evidence that security controls are being executed during build and deployments of code in CI/CD pipelines.
This module encapsulates functionality to create and manage blockchains.
Using kusari
Well, buyer beware here. Right now this module is in a really early state. It's also really dang noisy and outputs a ton of logs. Ensure that you have good log management in any consumer of this module.
If you want to suppress logging (you'll have to do this in your app) you can do this:
log.SetOutput(ioutil.Discard)
Development
Overview
In order to use contribute and participate in the development of kusari
you'll need to have an updated Go environment. Before you start, please view the Contributing and Code of Conduct files in this repository.
Prerequisites
This project makes use of DKFM tools such as Hookz, Hinge, and other open source tooling. Install these tools with the following commands:
go install github.com/devops-kung-fu/hookz@latest
go install github.com/devops-kung-fu/lucha@latest
go install github.com/devops-kung-fu/hinge@latest
go install github.com/kisielk/errcheck@latest
go install golang.org/x/lint/golint@latest
go install github.com/fzipp/gocyclo@latest
Software Bill of Materials
kusari
uses the CycloneDX to generate a Software Bill of Materials in CycloneDX format (v1.4) every time a developer commits code to this repository (as long as Hookz is being used and is has been initialized in the working directory). More information for CycloneDX is available here
The current SBoM for kusari
is available here.
Credits
A big thank-you to our friends at Freepik for the kusari
logo.