sbomex is a command line utility to help query and pull from Interlynk's public SBOM repository. The tool is intended to help familiarize with the specifications and formats of common SBOM standards and the quality of produced SBOMs (See sbomqs - SBOM Quality Score for how the score is computed).
The underlying repository is updated periodically with SBOMs from a variety of sources built with many tools.
Our SBOM Automation Platform has a free community tier that provides a comprehensive solution to manage SBOMs (Software Bill of Materials) effortlessly. From centralized SBOM storage, built-in SBOM editor, continuous vulnerability mapping and assessment, and support for organizational policies, all while ensuring compliance and enhancing software supply chain security using integrated SBOM quality scores. The community tier is ideal for small teams. Learn more here or Sign up
search commands finds SBOMs in the repository that matches given filtering criteria (specification, format or tool name)
sbomex search --format json --spec cdx --tool trivy --target '%centos%7' --limit 3 ID TARGET QUALITY TYPE CREATOR
14 centos:centos7.9.2009 7.38 cdx-json trivy-0.36.1
23 centos:centos7 7.38 cdx-json trivy-0.36.1
32 centos:7.9.2009 7.38 cdx-json trivy-0.36.1sbomex pull --id 23{
"SPDXID": "SPDXRef-DOCUMENT",
"creationInfo": {
"created": "2023-03-01T01:32:02.939561Z",
"creators": [
"Tool: trivy",
"Organization: aquasecurity"
]
},
"dataLicense": "CC0-1.0",
...docker run ghcr.io/interlynk-io/sbomex [search|pull] [options]Example:
docker run ghcr.io/interlynk-io/sbomex:latest search --format json --spec cdx --tool trivy --target '%box%' --limit 3Unable to find image 'ghcr.io/interlynk-io/sbomex:latest' locally
latest: Pulling from interlynk-io/sbomex
bc89d6624a71: Already exists
bacb9c1935ff: Already exists
Digest: sha256:a00682b085fd21b7f071245a4d62d4825a07d9e783a8dfcda6b1f30f6a49514c
Status: Downloaded newer image for ghcr.io/interlynk-io/sbomex:latest
downloading db 100% |███████████████████████████| (89/89 MB, 5.4 MB/s)
A new version of sbomex is available v0.0.6.
ID TARGET QUALITY TYPE CREATOR
95 busybox:latest 3.25 cdx-json trivy-0.36.1
104 busybox:uclibc 3.25 cdx-json trivy-0.36.1
113 busybox:musl 3.25 cdx-json trivy-0.36.1https://github.com/interlynk-io/sbomex/releasesbrew tap interlynk-io/interlynk
brew install sbomexgo install github.com/interlynk-io/sbomex@latestThis approach invovles cloning the repo and building it.
- Clone the repo
git clone git@github.com:interlynk-io/sbomex.git cdintosbomexfolder- make build
- To test if the build was successful run the following command
./build/sbomex version
We look forward to your contributions, below are a few guidelines on how to submit them
- Fork the repo
- Create your feature/bug branch (
git checkout -b feature/new-feature) - Commit your changes (
git commit -am "awesome new feature") - Push your changes (
git push origin feature/new-feature) - Create a new pull-request
- SBOM Assembler - A tool for conditional edits and merging of SBOMs
- SBOM Seamless Transfer - A primary tool to transfer SBOM's between different systems.
- SBOM Quality Score - A tool for evaluating the quality and compliance of SBOMs
- SBOM Search Tool - A tool for context aware search in SBOM repositories.
- SBOM Benchmark is a repository of SBOM and quality score for most popular containers and repositories
We appreciate all feedback. The best ways to get in touch with us:
If you like this project, please support us by starring it.
