Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should we add another default SBOM importer? #861

Open
jcrossley3 opened this issue Sep 30, 2024 · 3 comments
Open

Should we add another default SBOM importer? #861

jcrossley3 opened this issue Sep 30, 2024 · 3 comments
Labels
enhancement New feature or request SBOMs

Comments

@jcrossley3
Copy link
Contributor

We only have the RHT one now. If there was another big repo of SBOM's somewhere, we might explore the limits of trustify by importing them.
@jcrossley3
Copy link
Contributor Author

jcrossley3 commented Sep 30, 2024
edited
Loading

from @JimFuller-RedHat

I had a look around for sbom corpuses https://sbombenchmark.dev has a few k
spdx has examples https://github.com/spdx/spdx-examples/tree/master/software
every github project generates an sbom
and we can run syft
cyclonedx https://github.com/CycloneDX/bom-examples

@JimFuller-RedHat
Copy link
Collaborator

JimFuller-RedHat commented Sep 30, 2024
edited
Loading

the sbombenchmark.dev exposes an api

https://sbombenchmark.dev/api/data?draw=1&columns%5B0%5D%5Bdata%5D=file_url&columns%5B0%5D%5Bname%5D=&columns%5B0%5D%5Bsearchable%5D=true&columns%5B0%5D%5Borderable%5D=false&columns%5B0%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B0%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B1%5D%5Bdata%5D=target_name&columns%5B1%5D%5Bname%5D=&columns%5B1%5D%5Bsearchable%5D=true&columns%5B1%5D%5Borderable%5D=true&columns%5B1%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B1%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B2%5D%5Bdata%5D=score&columns%5B2%5D%5Bname%5D=&columns%5B2%5D%5Bsearchable%5D=true&columns%5B2%5D%5Borderable%5D=false&columns%5B2%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B2%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B3%5D%5Bdata%5D=spec&columns%5B3%5D%5Bname%5D=&columns%5B3%5D%5Bsearchable%5D=false&columns%5B3%5D%5Borderable%5D=true&columns%5B3%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B3%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B4%5D%5Bdata%5D=format&columns%5B4%5D%5Bname%5D=&columns%5B4%5D%5Bsearchable%5D=false&columns%5B4%5D%5Borderable%5D=true&columns%5B4%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B4%5D%5Bsearch%5D%5Bregex%5D=false&columns%5B5%5D%5Bdata%5D=creator&columns%5B5%5D%5Bname%5D=&columns%5B5%5D%5Bsearchable%5D=true&columns%5B5%5D%5Borderable%5D=true&columns%5B5%5D%5Bsearch%5D%5Bvalue%5D=&columns%5B5%5D%5Bsearch%5D%5Bregex%5D=false&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=desc&start=0&length=10&search%5Bvalue%5D=&search%5Bregex%5D=false&_=1727715463266

guessing the start and length would allow one to get to the download urls

though I just found https://github.com/interlynk-io/sbomex which is a kind of cli against that repository ... thats probably the way to go.

@JimFuller-RedHat
Copy link
Collaborator

lastly - sqlite database with list of sboms and their file url - https://github.com/interlynk-io/sbomdb?tab=readme-ov-file

@ctron ctron added SBOMs enhancement New feature or request labels Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request SBOMs
Projects
Trustify
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jcrossley3 @ctron @JimFuller-RedHat