sbomex is a command line utility to help query and pull from Interlynk's public SBOM repository. The tool is intended to help familiarize with the specifications and formats of common SBOM standards and the quality of produced SBOMs (See sbomqs - SBOM Quality Score for how the score is computed).
The underlying repository is updated periodically with SBOMs from a variety of sources built with many tools.
search commands finds SBOMs in the repository that matches given filtering criteria (specification, format or tool name)
sbomex search --format json --spec cdx --tool trivy --limit 5 ID TARGET QUALITY TYPE CREATOR
5 centos:latest 7.39 cdx-json trivy-0.36.1
14 centos:centos7.9.2009 7.38 cdx-json trivy-0.36.1
23 centos:centos7 7.38 cdx-json trivy-0.36.1
32 centos:7.9.2009 7.38 cdx-json trivy-0.36.1
41 centos:7 7.38 cdx-json trivy-0.36.1
sbomex pull --id 23{
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2023-03-01T01:32:02.939561Z",
"creators": [
"Tool: trivy",
"Organization: aquasecurity"
]
},
"dataLicense": "CC0-1.0",
...
https://github.com/kchetans/sbomex/releasesbrew tap interlynk-io/interlynk
brew install sbomexgo install https://github.com/kchetans/sbomex@latestThis approach invovles cloning the repo and building it.
- Clone the repo
git clone git@github.com:interlynk-io/sbomex.git cdintosbomexfolder- make build
- To test if the build was successful run the following command
./build/sbomex version
We look forward to your contributions, below are a few guidelines on how to submit them
- Fork the repo
- Create your feature/bug branch (
git checkout -b feature/new-feature) - Commit your changes (
git commit -am "awesome new feature") - Push your changes (
git push origin feature/new-feature) - Create a new pull-request