Skip to content

Commit

Permalink
update readme, add example cboms (#63)
Browse files Browse the repository at this point in the history 
Signed-off-by: Nicklas Körtge <[email protected]>
  • Loading branch information
@n1ckl0sk0rtge
n1ckl0sk0rtge authored Nov 1, 2024
1 parent c0c86ee commit 782b77b
Show file tree
Hide file tree
Showing 4 changed files with 2,450 additions and 0 deletions.
4 changes: 4 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ git clone https://github.com/IBM/cbomkit
# run the make command to start the docker compose
make production
```
Next steps:
- Enter a git url like [https://github.com/keycloak/keycloak](https://github.com/keycloak/keycloak) to generate a CBOM
- View your generated CBOM by selecting your previously scanned CBOM
- Drag and drop CBOM from the [examples](example) into the dropbox to view it

> [!NOTE]
> By default, the service can be accessed at http://localhost:8001
Expand Down
129 changes: 129 additions & 0 deletions example/flick-cbom.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
{
"version": 1,
"metadata": {
"tools": {
"services": [
{
"name": "Sonar Cryptography Plugin",
"version": "1.3.2",
"provider": {
"name": "IBM"
}
}
]
},
"timestamp": "2024-10-16T09:03:56Z",
"properties": [
{
"name": "git-url",
"value": "https://github.com/apache/flink"
},
{
"name": "git-branch",
"value": "master"
},
{
"name": "commit",
"value": "55cc36a81553523b90b58d89c11ec5ba495f23f4"
},
{
"name": "purl",
"value": "pkg:apache/flink"
},
{
"name": "purl",
"value": "pkg:docker/apache/flink"
},
{
"name": "purl",
"value": "pkg:github/apache/flink"
},
{
"name": "purl",
"value": "pkg:maven/org.apache.flink/flink-core"
}
]
},
"bomFormat": "CycloneDX",
"components": [
{
"name": "SHA256",
"type": "cryptographic-asset",
"bom-ref": "df6e331d-121d-40b9-8571-89a043fc7192",
"evidence": {
"occurrences": [
{
"line": 326,
"offset": 32,
"location": "flink-python/src/main/java/org/apache/flink/python/util/PythonDependencyUtils.java",
"additionalContext": "java.security.MessageDigest#getInstance(Ljava/lang/String;)Ljava/security/MessageDigest;"
}
]
},
"cryptoProperties": {
"oid": "2.16.840.1.101.3.4.2.1",
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "hash",
"cryptoFunctions": [
"digest"
],
"parameterSetIdentifier": "256"
}
}
},
{
"name": "SHA1",
"type": "cryptographic-asset",
"bom-ref": "3a5709eb-4079-41b1-80c2-3daeda93ab55",
"evidence": {
"occurrences": [
{
"line": 282,
"offset": 19,
"location": "flink-runtime/src/main/java/org/apache/flink/runtime/blob/BlobUtils.java",
"additionalContext": "java.security.MessageDigest#getInstance(Ljava/lang/String;)Ljava/security/MessageDigest;"
}
]
},
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "hash",
"cryptoFunctions": [
"digest"
],
"parameterSetIdentifier": "160"
}
}
},
{
"name": "MD5",
"type": "cryptographic-asset",
"bom-ref": "709e816d-bd85-42a7-8939-450f50b88b5e",
"evidence": {
"occurrences": [
{
"line": 169,
"offset": 19,
"location": "flink-table/flink-table-common/src/main/java/org/apache/flink/table/utils/EncodingUtils.java",
"additionalContext": "java.security.MessageDigest#getInstance(Ljava/lang/String;)Ljava/security/MessageDigest;"
}
]
},
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "hash",
"cryptoFunctions": [
"digest"
],
"parameterSetIdentifier": "128"
}
}
}
],
"specVersion": "1.6",
"dependencies": [],
"serialNumber": "urn:uuid:36f08c25-1ae7-49c4-ba90-bb60d56f3d66"
}
Loading

0 comments on commit 782b77b

Please sign in to comment.