The Chisel SBOM Exporter

This project generates a Software Bill of Materials (SBOM) for Chisel projects. The SBOM is generated in the SPDX format using the metadata from the Chisel jsonwall manifest.

Usage

Build

To build the project, run the following command:

go build ./cmd/ssbom

Install

Install with go install:

go install github.com/canonical/ssbom/cmd/ssbom@latest

Install with snap:

snap install ssbom --classic

Run

If built with go build:

./ssbom <path-to-chiselled-rootfs> [<spdx-file-out>]

If installed with go install or snap:

ssbom <path-to-chiselled-rootfs> [<spdx-file-out>]

NOTE: If there is no output file specified, the SBOM will be generated to a manifest.spdx.json file in the current working directory.

Integration with trivy

This tools also provides a script to run trivy on the generated SBOM. To use this, run the following command:

If installed with go install:

./scripts/ssbom-trivy <path-to-chiselled-rootfs> [<extra-trivy-args>]

If installed with snap:

ssbom.trivy <path-to-chiselled-rootfs> [<extra-trivy-args>]

Test

go test ./...

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
cmd/ssbom		cmd/ssbom
internal		internal
scripts		scripts
snap		snap
.gitignore		.gitignore
README.md		README.md
go.mod		go.mod
go.sum		go.sum
renovate.json		renovate.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

The Chisel SBOM Exporter

Usage

Build

Install

Run

Integration with trivy

Test

About

Releases

Packages

Languages

canonical/ssbom

Folders and files

Latest commit

History

Repository files navigation

The Chisel SBOM Exporter

Usage

Build

Install

Run

Integration with trivy

Test

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages