sbom

command module

v0.0.0-...-7cfd785 Latest Latest Go to latest Published: Jun 13, 2022 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sgirdhar/sbom

Links

Open Source Insights

README ¶

sbom

Sbom is a CLI tool to generate the Software Bill of Material (SBOM) for container images.

It takes image string or image tarball as input.

Usage:

sbom [command]

Examples:

Possible Inputs

sbom scan my_image:my_tag			Get the image from dockerHub. If no tag specified, default is latest.
sbom scan my_image@my_digest			Get the image from dockerHub. No default value for digest.
sbom scan --tar /path/to/tarfile/my_image.tar	Docker tar or OCI tar.

Output Formats

sbom scan my_image:my_tag				Default output is human readable summary table
sbom scan my_image:my_tag --output cyclonedx		Generates CycloneDX xml output
sbom scan my_image:my_tag --output cyclonedx-json	Generates CycloneDX json output

Compare SBOM

sbom scan my_image:my_tag --compare /path/to/cyclonedx-json/my_sbom.json	Generates SBOM and compares with CycloneDX json file provided

Available Commands:

help : Help about any command

scan : Generate SBOM using image name or image tarfile

Flags:

-h, --help : help for sbom

-v, --version : version for sbom

Use "sbom [command] --help" for more information about a command.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
pkg
report
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL