Ubuntu.md

Install tools on your own Ubuntu

These instruction will help you install the tools on Ubuntu. This should work on a VM, WSL, bare metal,...

Update your apt repositories and install package updates:

sudo apt update && sudo apt upgrade -y

Install git, curl and build-essential (required for installing tools):

sudo apt install git curl build-essential -y

Install Rust:

curl https://sh.rustup.rs -sSf | sh -s -- -y
. "$HOME/.cargo/env"

Install cargo-sbom. If the cargo command is not found, restart your terminal.

cargo install cargo-sbom

Install Anchore tools (Syft, Grype, Grant):

curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sudo sh -s -- -b /usr/local/bin
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin
curl -sSfL https://raw.githubusercontent.com/anchore/grant/main/install.sh | sudo sh -s -- -b /usr/local/bin

Install Maven for the Java project:

sudo apt install maven

Install Cosign to verify SBoM signatures:

for x86:

curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64"
sudo mv cosign-linux-amd64 /usr/local/bin/cosign
sudo chmod +x /usr/local/bin/cosign

for arm64:

curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-arm64"
sudo mv cosign-linux-arm64 /usr/local/bin/cosign
sudo chmod +x /usr/local/bin/cosign