From c9c17d4db020210ebde1cda2c7d86ed29471dd54 Mon Sep 17 00:00:00 2001
From: Sam White <swhite@gitlab.com>
Date: Thu, 1 Feb 2024 03:33:57 +0000
Subject: [PATCH] Updates to documentation on export script

---
 doc/tutorials/export_sbom.md | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/doc/tutorials/export_sbom.md b/doc/tutorials/export_sbom.md
index 3216763fd3d8d..e738014fba82f 100644
--- a/doc/tutorials/export_sbom.md
+++ b/doc/tutorials/export_sbom.md
@@ -20,6 +20,8 @@ Set up Dependency Scanning. For detailed instructions, follow [the Dependency Sc
 
 ## Create configuration files
 
+1. Create a private access token with `api` scope and the `Developer` role.
+1. Add the token value as a CI/CD variable named `PRIVATE_TOKEN`.
 1. Create a [snippet](../api/snippets.md) with the following code.
 
    Filename: `export.sh`
@@ -31,7 +33,7 @@ Set up Dependency Scanning. For detailed instructions, follow [the Dependency Sc
      curl --silent \
      --header "PRIVATE-TOKEN: $PRIVATE_TOKEN" \
      -X 'POST' --data "export_type=sbom" \
-     "http://gitlab.example.com/api/v4/pipelines/$CI_PIPELINE_ID/dependency_list_exports" \
+     "http://gitlab.com/api/v4/pipelines/$CI_PIPELINE_ID/dependency_list_exports" \
      | jq '.id'
    }
 
@@ -39,13 +41,13 @@ Set up Dependency Scanning. For detailed instructions, follow [the Dependency Sc
      curl --silent \
        --header "PRIVATE-TOKEN: $PRIVATE_TOKEN" \
        --write-out "%{http_code}" --output /dev/null \
-       http://gitlab.example.com/api/v4/dependency_list_exports/$1
+       http://gitlab.com/api/v4/dependency_list_exports/$1
    }
 
    function download {
      curl --header "PRIVATE-TOKEN: $PRIVATE_TOKEN" \
        --output "gl-sbom-merged-$CI_PIPELINE_ID.cdx.json" \
-       "http://gitlab.example.com/api/v4/dependency_list_exports/$1/download"
+       "http://gitlab.com/api/v4/dependency_list_exports/$1/download"
    }
 
    function export_sbom {
@@ -87,7 +89,9 @@ Set up Dependency Scanning. For detailed instructions, follow [the Dependency Sc
        - apk add --update jq curl
      stage: .post
      script:
-       - curl --output export.sh --url "https://gitlab.example.com/api/v4/snippets/<SNIPPET_ID>/raw"
+       - |
+         curl --header "Authorization: Bearer $PRIVATE_TOKEN"
+         --output export.sh --url "https://gitlab.com/api/v4/snippets/<SNIPPET_ID>/raw"
        - /bin/sh export.sh
      artifacts:
        paths:
-- 
GitLab