Skip to content

Latest commit

 

History

History
67 lines (46 loc) · 1.76 KB

README.md

File metadata and controls

67 lines (46 loc) · 1.76 KB

ClearlyDefined SBOM tools

This repository contains tools for using SBOMs with ClearlyDefined

cdsbom

Install:

go install github.com/jeffmendoza/cdsbom@latest

Make sure $GOBIN is in your path.

  • $GOBIN defaults to $GOPATH/bin
  • $GOPATH defaults to $HOME/go on Unix and %USERPROFILE%\go on Windows

Use:

Example:

cdsbom -out enhanced-sbom.json input-sbom.json

This will read input-sbom.json and query ClearlyDefined for License information. The License fields in the SBOM will be replaced to use the license data returned from ClearlyDefined. A new sbom will be written to enhanced-sbom.json with the updated fields in the same format as the input sbom.

Supported formats are the same as Protobom.

sbomnotice

Install:

go install github.com/jeffmendoza/cdsbom/sbomnotice@latest

Make sure $GOBIN is in your path.

  • $GOBIN defaults to $GOPATH/bin
  • $GOPATH defaults to $HOME/go on Unix and %USERPROFILE%\go on Windows

Use:

Example:

sbomnotice -out NOTICE input-sbom.json

This will read input-sbom.json and parse all the dependencies found. Then query ClearlyDefined for a NOTICE file with all dependencies from the SBOM. The file contents will be written to the provided output file name, or NOTICE if not specified.

Supported formats are the same as Protobom.

Thanks

This project is possible due to Protobom for SBOM parsing, and GUAC sw-id-core to convert PURL to ClearlyDefined Coordinates.