Using blob storage with GUAC

GUAC can ingest files from blob storage using gocloud/blob. The collector can download one item from the storage, all items from a folder, a whole bucket or listen to storage events using sqs/kafka (poll) and download the files as they are uploaded.

{: .note } The GUAC Helm Charts maintained by Kusari includes MinIO, an S3-compatible blob store server.

Amazon S3 and compatible

guaccollect supports blob storage compatible with the Amazon S3 API. This section includes a non-exhaustive set of example usage.

To ingest from an AWS bucket named “guac-test”:

guaccollect s3 --s3-bucket guac-test --s3-region eu-north-1

To ingest a folder named “sboms” contained in an AWS bucket named “guac-test”:

guaccollect s3 --s3-bucket guac-test --s3-region eu-north-1 --s3-path sboms/

To ingest from an S3-compatible min.io bucket named “guac-test”:

guaccollect s3 --s3-url https://play.min.io --s3-bucket guac-test

To ingest a single file named “alpine-cyclonedx.json” from the bucket in the previous example:

guaccollect s3 --s3-url https://play.min.io --s3-bucket guac-test --s3-item alpine-cyclonedx.json

Google Cloud Storage

guaccollect supports the Google Cloud Storage (GCS) blob store. To collect files from a GCS bucket named “my-bucket” with credentials stored in the local file /secret/sa.json:

guacone collect gcs my-bucket --gcs-credentials-path /secret/sa.json