An example project that demonstrates how to automate a release with SBOM generation using Syft
-
Updated
Feb 23, 2023 - Go
An example project that demonstrates how to automate a release with SBOM generation using Syft
build-observer is a tool to observe the build process of a project and create a log of all files that are read, written or executed during the build.
A Bitbucket Pipe containing a collection of open source tools to perform various types of additional analysis on a CycloneDX or SPDX sBOM (Software Bill of Materials).
Automates creation of Software Bill of Materials (SBOM) with Binary Authorization attestation for container images in Artifact Registry.
A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
Tool for SBOM (Software Bill Of Materials) collection from filesystems & GitHub repositories.
Tool to inspect and push and SPDX document as an OCI artifact
Find & pull public SBOMs
Conventions provide a mechanism for platform operators to define cross cutting behavior that is applied to Kubernetes resources by understanding the developers intent and the semantics of the resources being advised.
Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.
fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."