You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cdxgen has a server mode when run with the --server argument. A single endpoint called /sbom is exposed to generate and retrieve an SBoM closely mimicking the cli.
The server mode could be enhanced to offer more APIs to work with the cdx data.
/licenses endpoint to fetch license information.
/evidences endpoint to present usage and call stack evidence of the components.
/annotations endpoint to add or retrieve annotations.
/services endpoint to present the services, endpoints, and data flow identified from the application.
This API approach would help:
reduce the size of the cdx data transmitted by offering only the required information.
improve performance by offloading expensive operations such as the gathering of evidence and services to a background workerthreads
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
cdxgen has a server mode when run with the
--serverargument. A single endpoint called/sbomis exposed to generate and retrieve an SBoM closely mimicking the cli.The server mode could be enhanced to offer more APIs to work with the cdx data.
/licensesendpoint to fetch license information./evidencesendpoint to present usage and call stack evidence of the components./annotationsendpoint to add or retrieve annotations./servicesendpoint to present the services, endpoints, and data flow identified from the application.This API approach would help:
Thanks, @stevespringett, for the idea!
Beta Was this translation helpful? Give feedback.
All reactions