Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fill some CycloneDX gaps #18

Merged
merged 1 commit into from
Mar 9, 2023
Merged

fill some CycloneDX gaps #18

merged 1 commit into from
Mar 9, 2023

Conversation

jkowalleck
Copy link
Contributor

@jkowalleck jkowalleck commented Feb 24, 2023

@@ -54,14 +57,20 @@ From [Wikipedia](https://en.wikipedia.org/wiki/Software_bill_of_materials):
- [microsoft/sbom-tool](https://github.com/microsoft/sbom-tool)
- [SwiftBOM - generate SBOMs](https://github.com/CERTCC/SBOM/tree/master/SwiftBOM)
- [Kubernetes SBOM Tool](https://sigs.k8s.io/bom)
- [CycloneDX BOM Examples](https://github.com/CycloneDX/bom-examples)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved up to line 50

README.md Outdated
@@ -30,6 +30,8 @@ From [Wikipedia](https://en.wikipedia.org/wiki/Software_bill_of_materials):
### Tools (and [classification](https://ntia.gov/sites/default/files/publications/ntia_sbom_tooling_taxonomy-2021mar30_0.pdf))
|Tool|Produce|Consume|Transform|
|----|-------|-------|---------|
|[CycloneDX/cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin)|:heavy_check_mark:|||
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added to the table, since the tool was in the list of repositories already.

README.md Outdated
@@ -30,6 +30,8 @@ From [Wikipedia](https://en.wikipedia.org/wiki/Software_bill_of_materials):
### Tools (and [classification](https://ntia.gov/sites/default/files/publications/ntia_sbom_tooling_taxonomy-2021mar30_0.pdf))
|Tool|Produce|Consume|Transform|
|----|-------|-------|---------|
|[CycloneDX/cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin)|:heavy_check_mark:|||
|[CycloneDX CLI tool](https://github.com/CycloneDX/cyclonedx-cli)||:heavy_check_mark:|:heavy_check_mark:|
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added a tool that is capable of transforming, converting and merging SBOMs

- [Aqua Trivy](https://github.com/aquasecurity/trivy)
- [bomber](https://github.com/devops-kung-fu/bomber)
- [Snyk provider](https://github.com/devops-kung-fu/bomber/tree/main/providers/snyk)
- Snyk SBOM [API](https://docs.snyk.io/snyk-api-info) and [CLI](https://docs.snyk.io/snyk-cli)
- [Snyk SBOM Checker](https://snyk.io/code-checker/sbom-security/)
- [Interlynk SBOM Quality Score](https://github.com/interlynk-io/sbomqs)

## CycloneDX
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some initial CycloneDX reads

@jkowalleck jkowalleck marked this pull request as ready for review February 24, 2023 16:00
@developer-guy
Copy link
Collaborator

cool, thx, can you please rebase from master?

@jkowalleck
Copy link
Contributor Author

jkowalleck commented Feb 27, 2023

re: #18 (comment)

@developer-guy , done.
also added some columns from https://ntia.gov/sites/default/files/publications/ntia_sbom_tooling_taxonomy-2021mar30_0.pdf that the last change in #19 did not add.
SO #14 should be ready.
Done so, as i was able to populate them.

@jkowalleck jkowalleck marked this pull request as draft February 27, 2023 10:31
@jkowalleck jkowalleck marked this pull request as ready for review February 27, 2023 11:10
README.md Outdated
|[Snyk SBOM Checker](https://snyk.io/code-checker/sbom-security/)||CycloneDX,SPDX|||||
|[Interlynk SBOM Quality Score](https://github.com/interlynk-io/sbomqs)||CycloneDX,SPDX|CycloneDX,SPDX||CycloneDX,SPDX|

|Tool|Build SBOM|Analyze SBOM|Edit SBOM|View SBOM| Diff SBOM |Import SBOM|Translate SBOM|Merge SBOM|Integrate with Other Tools|
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

complete categories as of #14

@developer-guy
Copy link
Collaborator

need rebase again

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck
Copy link
Contributor Author

@developer-guy needs review again.

Copy link
Collaborator

@developer-guy developer-guy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@developer-guy developer-guy merged commit a198dc6 into awesomeSBOM:master Mar 9, 2023
|[SBOM-Manager](https://pypi.org/project/sbom-manager/)|| CycloneDX,SPDX |CycloneDX,SPDX||||

|Tool|Build SBOM|Analyze SBOM|Edit SBOM|View SBOM|Diff SBOM|Import SBOM|Translate SBOM|Merge SBOM|Integrate with Other Tools|
|----|:--------:|:----------:|:-------:|:-------:|:-------:|:---------:|:------------:|:--------:|:------------------------:|
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants