Git Product home page Git Product logo

sbom-combiner's Introduction

sbom-combiner

Lockheed Martin developed utility to combine multiple SBOMs

This application is used to combine two or more Software Bill Of Materials (SBOM) commonly known as SBoms or Boms into a single Bom. It uses the CycloneDx Schema, and can combine SBoms in either JSon or XML, and output either a JSon or XML Bom.

Prerequisites

  • Open JDK11
  • Apache Maven 3.6.3 or greater installed
  • (Recommended) java IDE Eclipse with Subclipse 4.3.0 plug-in

Usage:

Build artifact via maven.

Maven Command

mvn clean package

Run

To run as a standalone java application, you can look at the "example.sh" shell script for an example. You can also use the provided "combine.sh" script as a pass through to the jar. It assumes all the basic settings.

Help is available.

    ./combine.sh -h

Help Output shows options for running the SBomCombiner application.

usage: help
    -d,     --dir       <arg>   (Optional) directory to get all SBoms from
    -f,     --format    <arg>   (Optional) output file format, Valid values json, xml.  Default is json
    -f1,    --sbom1     <arg>   (Optional) first SBom file
    -f2,    --sbom2     <arg>   (Optional) second SBom file
    -g,     --group     <arg>   (Optional) group name for the upper level Component of the combined SBom
    -h,     --help              will print out the command line options.
    -n,     --name      <arg>   (Optional) name of upper level component of the combined SBom
    -o,     --output    <arg>   (Optional) output file name, default is combine.json or combine.xml
    -t,     --type      <arg>   (Optional) Type of upper level component of the combined SBom.  Valid types are APPLICATION, CONTAINER, DEVICE, FILE, FIRMWARE, FRAMEWORK, LIBRARY, or OPERATING_SYSTEM.  Default value is CONTAINER.
    -v      --version   <arg>   (Optional) Version of the upper level component of the combined SBom.

Running SBomCombiner.

In this example it wil combine all files (xml, and json) from the directory ./test into an output.json (also in ./test) bom file.

    ./combine.sh -d ./test -o ./test/output -f json

In this example it will combine two files (sbomcommons.json, sbomcomparator.xml) both in the test directory into an ouptut.xml bom file.

    ./combine.sh -f1 ./test/sbomcommons.json -f2 ./test/sbomcomparator.xml -o output -f xml

In this example it wil combine all files (xml, and json) from the directory ./test into an output.xml (also in ./test) bom file. Settings the upper level SBOM metadata Component's group, name, and version.

    ./combine.sh -d ./test/ -o ./test/output -f xml -n SBOM -g com.lmco.efoss -v 2.0.3

API:

You can also pull in the API and run it inside your application.

    //sbomFiles is a list of strings that are the SBoms to combine.
    Bom combinedSbom = SBomCombiner.combineSBoms(sbomFiles);

License

licenses

sbom-combiner's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

wrgoff snyk-omar jimklimov

sbom-combiner's Issues

the project does not builds

[ERROR] Failed to execute goal on project sbomcomparator: Could not resolve dependencies for project com.lmco.efoss:sbomcomparator:jar:1.2.1: Could not find artifact com.lmco.efoss.sbom:sbom-commons:jar:1.1.1 in central (https://repo.maven.apache.org/maven2) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

combine.sh does not exist

This repo looks like a copy from the CycloneDX/sbom-comparator repo.

combine.sh is not part of the repo although mentioned in the README.

Trying to build the project gives a lot of errors regarding the "commons.utils" package.

Am I missing something? Can someone help me out?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.