ReARM.Demo.Video.mp4
ReARM is an abbreviation for "Reliza's Awesome Release Manager". It is a DevSecOps and Supply Chain Security tool to organize product releases with their metadata, including various Bills of Materials (SBOMs / xBOMs).
ReARM stores xBOMs on OCI-compatible storage via Reliza's Rebom project.
ReARM is developed by Reliza.
ReARM is a xBOM management system that allows organizations to maintain compliance within the framework of European CRA regulations as well as US Executive Orders 14028 and 14144.
While highlighting regulatory pressure, we strive to make sure that ReARM bears minimum or no overhead on developers and more so provides real value in terms of managing technology releases and their metadata. In other words, our goal is creating a product that would be useful for developers and managers, while also solving the compliance problem.
- Storage and retrieval of SBOMs / xBOMs
- Maintaining representation of organization's products and components with branches and releases
- Automated creation of release versions and changelogs between releases
- Close integration with Dependency-Track for analysis of vulnerabilities and policies, including license policy
- Integration with various CI systems (including GitHub Actions, Azure DevOps, Jenkins, GitLab CI and others) to produce BOMs and upload them with other release metadata to ReARM
- Release approval logic (Commercial Edition only)
- Marketing release workflow (Commercial Edition only)
Creators of ReARM are part of active contributors of Transparency Exchange API (TEA) that aims to build standard API for exchanging supply chain artifacts and intelligence.
A lot of core ReARM ideas are shared as a part of the TEA workgroup with permissive Open Source licensing.
ReARM will be supporting TEA when the standard is ready. Preliminary work to have support for TEA Beta 1 has already started.
- Documentation: https://docs.rearmhq.com
- ReARM CLI: https://github.com/relizaio/rearm-cli
- Project ReARM web-site: https://rearmhq.com
- Public Demo: https://demo.rearmhq.com
- Reliza Website: https://reliza.io
- ReARM CLI: https://github.com/relizaio/rearm-cli - CLI tool to interact with ReARM for humans and automation bots
- Rebom: https://github.com/relizaio/rebom - ReARM is using Rebom as a layer to perform actual storage of certain metadata artifacts
- BEAR (BOM Enrichment and Augmentation by Reliza): https://github.com/relizaio/bear - BEAR may be used for BOM enrichment before uploading to ReARM
Public Demo is available at https://demo.rearmhq.com. When you register for the demo, you get read-only account for the Demo organization and can browse several existing demo Components, Products, Releases. You may then also create your own organization and try organizing storage for your own release metadata (Documentation for this coming soon). Note, that while your data on Public Demo is private, it is subject to deletion at any time and without notice.
Refer to the project documentation: https://docs.rearmhq.com
This documentation is built using vitepress and checked in to this repository under documentation_site. If you spot any issues or would like to propose additions, please open issues or Pull Requests accordingly.
OpenAPI Spec can be found here - https://github.com/CycloneDX/transparency-exchange-api/blob/main/spec/openapi.yaml
And then copied into tea-spec/ directory in this repository as well.
To generate initial tea-server spring service, run
npx @openapitools/openapi-generator-cli generate -i tea-spec/openapi.yaml -g spring -o tea-server/ --additional-properties=useSpringBoot3=true
Then rename model files to Tea prefix (from ReARM repo root directory):
./scripts/rename_with_tea.sh ./tea-server/src/main/java/org/openapitools/model- Create a docker container for database:
docker run --name rearm-postgres -d -p 5440:5432 -e POSTGRES_PASSWORD=relizaPass postgres:16
This part will be continued (TODO).
Easiest way to contact us is through our Discord Community - find #rearm channel there and either post in this channel or send a direct message to maintainers.
You can also send us an email to info@reliza.io.