NOTE: There's some working code in here, but don't bet the farm on it just yet...
A simple blockchain module for Golang.
DKFM is experimenting with a few ideas around using block chain concepts for creating irrefutable evidence that security controls are being executed during build and deployments of code in CI/CD pipelines.
This module encapsulates functionality to create and manage blockchains.
Well, buyer beware here. Right now this module is in a really early state. It's also really dang noisy and outputs a ton of logs. Ensure that you have good log management in any consumer of this module.
If you want to suppress logging (you'll have to do this in your app) you can do this:
log.SetOutput(ioutil.Discard)The Marshal function of the BlockChain struct uses gob to encode data instead of a JSON encoder. This is to enhance performance since BlockChains can get very large. A great article that discusses benchmarking of encoders/decoders and go binary file formats can be found here.
In order to use contribute and participate in the development of kusari you'll need to have an updated Go environment. Before you start, please view the Contributing and Code of Conduct files in this repository.
This project makes use of DKFM tools such as Hookz, Hinge, and other open source tooling. Install these tools with the following commands:
go install github.com/devops-kung-fu/hookz@latest
go install github.com/devops-kung-fu/hinge@latest
go install github.com/kisielk/errcheck@latest
go install golang.org/x/lint/golint@latest
go install github.com/fzipp/gocyclo@latest
kusari uses the CycloneDX to generate a Software Bill of Materials in CycloneDX format (v1.4) every time a developer commits code to this repository (as long as Hookz is being used and is has been initialized in the working directory). More information for CycloneDX is available here
The current SBoM for kusari is available here.
A big thank-you to our friends at Freepik for the kusari logo.