> For the complete documentation index, see [llms.txt](https://docs.interlynk.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.interlynk.io/lynkctl/how-to-guides/ci-cd.md).

# Running in CI/CD

This guide covers using lynkctl as a build step that generates an SBOM and, optionally, gates the pipeline on SBOM quality.

## Making lynkctl Available

lynkctl is distributed by Interlynk — see [Installation](/lynkctl/installation.md). In CI, make the binary available to the runner the same way you handle other internal tooling: a prebuilt container image, an internal artifact store, or a cached binary. The examples below assume `lynkctl` is already on `PATH`.

***

## Quality Gate with Strict Mode

`--strict` makes lynkctl exit `1` when any warning-level diagnostic is present. Use it to block releases whose SBOMs are incomplete or uncertain:

```bash
lynkctl generate . --strict -o sbom.cdx.json
```

The SBOM is still written before lynkctl exits non-zero, so you can archive it for inspection even on a failed gate.

## GitHub Actions

```yaml
name: SBOM
on: [push, pull_request]

jobs:
  sbom:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Generate SBOM
        run: lynkctl generate . --strict -o sbom.cdx.json

      - name: Upload SBOM
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: sbom
          path: sbom.cdx.json
```

The `if: always()` on the upload step keeps the SBOM as an artifact even when the strict gate fails.

## GitLab CI

```yaml
sbom:
  stage: test
  script:
    - lynkctl generate . --strict -o sbom.cdx.json
  artifacts:
    when: always
    paths:
      - sbom.cdx.json
```

## Refreshing the OSS-Index Database

If your runners cache the OSS-index database, refresh it only when it is stale. `db check` exits `0` when current and `1` when not:

```bash
lynkctl db check || lynkctl db download
```

For runners without network access, see [Air-Gapped Environments](/lynkctl/how-to-guides/air-gapped.md).

## Reproducible Pipeline Output

To produce byte-identical SBOMs across rebuilds of the same source — useful for content-addressable storage and diffing — add `--reproducible`. See [Reproducible SBOMs](/lynkctl/how-to-guides/reproducible.md).

## Related

* [Diagnostics & Exit Codes](/lynkctl/diagnostics.md) — interpret the exit code and warnings
* [Air-Gapped Environments](/lynkctl/how-to-guides/air-gapped.md) — CI without network access


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.interlynk.io/lynkctl/how-to-guides/ci-cd.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.