Skip to content

jeffmendoza/cdsbom

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
pkg
pkg
 
 
sbomnotice
sbomnotice
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

ClearlyDefined SBOM tools

This repository contains tools for using SBOMs with ClearlyDefined

cdsbom

Install:

go install github.com/jeffmendoza/cdsbom@latest

Make sure $GOBIN is in your path.

  • $GOBIN defaults to $GOPATH/bin
  • $GOPATH defaults to $HOME/go on Unix and %USERPROFILE%\go on Windows

Use:

Example:

cdsbom -out enhanced-sbom.json input-sbom.json

This will read input-sbom.json and query ClearlyDefined for License information. The License fields in the SBOM will be replaced to use the license data returned from ClearlyDefined. A new sbom will be written to enhanced-sbom.json with the updated fields in the same format as the input sbom.

Supported formats are the same as Protobom.

sbomnotice

Install:

go install github.com/jeffmendoza/cdsbom/sbomnotice@latest

Make sure $GOBIN is in your path.

  • $GOBIN defaults to $GOPATH/bin
  • $GOPATH defaults to $HOME/go on Unix and %USERPROFILE%\go on Windows

Use:

Example:

sbomnotice -out NOTICE input-sbom.json

This will read input-sbom.json and parse all the dependencies found. Then query ClearlyDefined for a NOTICE file with all dependencies from the SBOM. The file contents will be written to the provided output file name, or NOTICE if not specified.

Supported formats are the same as Protobom.

Thanks

This project is possible due to Protobom for SBOM parsing, and GUAC sw-id-core to convert PURL to ClearlyDefined Coordinates.

About

Tool for using SBOMs with ClearlyDefined

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages