-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fill some CycloneDX gaps #18
Conversation
jkowalleck
commented
Feb 24, 2023
•
edited
Loading
edited
- aded some gaps of CycloneDX things
- also introduced complete split up categories, as requested by Breaking awesomeSBOM listing along NTIA tools #14
- ordered tools table alphabetically
@@ -54,14 +57,20 @@ From [Wikipedia](https://en.wikipedia.org/wiki/Software_bill_of_materials): | |||
- [microsoft/sbom-tool](https://github.com/microsoft/sbom-tool) | |||
- [SwiftBOM - generate SBOMs](https://github.com/CERTCC/SBOM/tree/master/SwiftBOM) | |||
- [Kubernetes SBOM Tool](https://sigs.k8s.io/bom) | |||
- [CycloneDX BOM Examples](https://github.com/CycloneDX/bom-examples) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
moved up to line 50
README.md
Outdated
@@ -30,6 +30,8 @@ From [Wikipedia](https://en.wikipedia.org/wiki/Software_bill_of_materials): | |||
### Tools (and [classification](https://ntia.gov/sites/default/files/publications/ntia_sbom_tooling_taxonomy-2021mar30_0.pdf)) | |||
|Tool|Produce|Consume|Transform| | |||
|----|-------|-------|---------| | |||
|[CycloneDX/cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin)|:heavy_check_mark:||| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added to the table, since the tool was in the list of repositories already.
README.md
Outdated
@@ -30,6 +30,8 @@ From [Wikipedia](https://en.wikipedia.org/wiki/Software_bill_of_materials): | |||
### Tools (and [classification](https://ntia.gov/sites/default/files/publications/ntia_sbom_tooling_taxonomy-2021mar30_0.pdf)) | |||
|Tool|Produce|Consume|Transform| | |||
|----|-------|-------|---------| | |||
|[CycloneDX/cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin)|:heavy_check_mark:||| | |||
|[CycloneDX CLI tool](https://github.com/CycloneDX/cyclonedx-cli)||:heavy_check_mark:|:heavy_check_mark:| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added a tool that is capable of transforming, converting and merging SBOMs
- [Aqua Trivy](https://github.com/aquasecurity/trivy) | ||
- [bomber](https://github.com/devops-kung-fu/bomber) | ||
- [Snyk provider](https://github.com/devops-kung-fu/bomber/tree/main/providers/snyk) | ||
- Snyk SBOM [API](https://docs.snyk.io/snyk-api-info) and [CLI](https://docs.snyk.io/snyk-cli) | ||
- [Snyk SBOM Checker](https://snyk.io/code-checker/sbom-security/) | ||
- [Interlynk SBOM Quality Score](https://github.com/interlynk-io/sbomqs) | ||
|
||
## CycloneDX |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some initial CycloneDX reads
cool, thx, can you please rebase from master? |
re: #18 (comment) @developer-guy , done. |
README.md
Outdated
|[Snyk SBOM Checker](https://snyk.io/code-checker/sbom-security/)||CycloneDX,SPDX||||| | ||
|[Interlynk SBOM Quality Score](https://github.com/interlynk-io/sbomqs)||CycloneDX,SPDX|CycloneDX,SPDX||CycloneDX,SPDX| | ||
|
||
|Tool|Build SBOM|Analyze SBOM|Edit SBOM|View SBOM| Diff SBOM |Import SBOM|Translate SBOM|Merge SBOM|Integrate with Other Tools| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
complete categories as of #14
need rebase again |
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@developer-guy needs review again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
|[SBOM-Manager](https://pypi.org/project/sbom-manager/)|| CycloneDX,SPDX |CycloneDX,SPDX|||| | ||
|
||
|Tool|Build SBOM|Analyze SBOM|Edit SBOM|View SBOM|Diff SBOM|Import SBOM|Translate SBOM|Merge SBOM|Integrate with Other Tools| | ||
|----|:--------:|:----------:|:-------:|:-------:|:-------:|:---------:|:------------:|:--------:|:------------------------:| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- also introduced complete split up categories, as requested by Breaking awesomeSBOM listing along NTIA tools #14
- ordered the table alphabetically, so the next rebase is easier for me.