Skip to content
/ ssbom Public

SSBOM (Sliced Software Bill of Materials) is a tool to export SPDX SBOMs from Chisel manifests.

github.com/canonical/ssbom
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

canonical/ssbom

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
cmd/ssbom
cmd/ssbom
 
 
internal
internal
 
 
scripts
scripts
 
 
snap
snap
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
renovate.json
renovate.json
 
 

Repository files navigation

The Chisel SBOM Exporter

This project generates a Software Bill of Materials (SBOM) for Chisel projects. The SBOM is generated in the SPDX format using the metadata from the Chisel jsonwall manifest.

Usage

Build

To build the project, run the following command:

go build ./cmd/ssbom

Install

Install with go install:

go install github.com/canonical/ssbom/cmd/ssbom@latest

Install with snap:

snap install ssbom --classic

Run

If built with go build:

./ssbom <path-to-chiselled-rootfs> [<spdx-file-out>]

If installed with go install or snap:

ssbom <path-to-chiselled-rootfs> [<spdx-file-out>]

NOTE: If there is no output file specified, the SBOM will be generated to a manifest.spdx.json file in the current working directory.

Integration with trivy

This tools also provides a script to run trivy on the generated SBOM. To use this, run the following command:

If installed with go install:

./scripts/ssbom-trivy <path-to-chiselled-rootfs> [<extra-trivy-args>]

If installed with snap:

ssbom.trivy <path-to-chiselled-rootfs> [<extra-trivy-args>]

Test

go test ./...

About

SSBOM (Sliced Software Bill of Materials) is a tool to export SPDX SBOMs from Chisel manifests.

github.com/canonical/ssbom

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages