Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide CycloneDX SBOM as an alternative to SPDX SBOM #21444

Open
mawl opened this issue Jan 21, 2025 · 1 comment
Open

Provide CycloneDX SBOM as an alternative to SPDX SBOM #21444

mawl opened this issue Jan 21, 2025 · 1 comment
Labels
area/SBOM backlog kind/requirement New feature or idea on top of harbor

Comments

@mawl
Copy link

mawl commented Jan 21, 2025

Hi there,

currently Harbor generates a trivy SPDX SBOM: https://goharbor.io/docs/edge/administration/sbom-integration/

We would prefer CycloneDX over SPDX json as it is more widely adopted.

In our special case, we would like to sync SBOMs generated in Harbor to Dependency-Track.

Trivy is already capable of generating a CycloneDX SBOM from docker images, so I hope a neat solution is not too complex to implement.

BTW: is there already an API endpoint for downloading SBOMs?

Thanks for your efforts in advance.
@wy65701436 wy65701436 added the kind/requirement New feature or idea on top of harbor label Jan 21, 2025
@bupd
Copy link
Contributor

bupd commented Jan 22, 2025

BTW: is there already an API endpoint for downloading SBOMs?

I think there is no direct API endpoint for downloading SBOMs. but you can download it by using

curl -X GET https://<your-harbor-domain>/api/v2.0/projects/<project-name>/repositories/<repo-name>/artifacts/<artifact-digest>/additions/sbom

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/SBOM backlog kind/requirement New feature or idea on top of harbor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wy65701436 @mawl @MinerYang @bupd