sbom

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2025 License: MIT Imports: 17 Imported by: 0

README

SBOM Package

The sbom package provides utilities for generating and encoding Software Bill of Materials (SBOM) from Kubernetes manifests. It leverages the Syft library to create SBOMs in formats such as SPDX JSON, SPDX Tag-Value, CycloneDX JSON, and CycloneDX XML.

Installation

To use this package, you need to install it using go get:

go get github.com/yourusername/go-common/pkg/sbom

Usage

Generating SBOMs

You can generate SBOMs from Kubernetes manifests or from a directory containing manifest files.

Generate SBOMs from a Manifest

To generate SBOMs from a Kubernetes manifest, use the GenerateSBOMsFromManifest function:

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/yourusername/go-common/pkg/sbom"
)

func main() {
	ctx := context.Background()
	manifestFile, err := os.Open("path/to/manifest.yaml")
	if err != nil {
		fmt.Printf("Error opening manifest file: %v\n", err)
		return
	}
	defer manifestFile.Close()

	sboms, err := sbom.GenerateSBOMsFromManifest(ctx, manifestFile)
	if err != nil {
		fmt.Printf("Error generating SBOMs: %v\n", err)
		return
	}

	for _, s := range sboms {
		fmt.Printf("Generated SBOM: %+v\n", s)
	}
}
Generate SBOMs from a Path

To generate SBOMs from all manifest files in a directory, use the GenerateSBOMsFromPath function:

package main

import (
	"context"
	"fmt"

	"github.com/yourusername/go-common/pkg/sbom"
)

func main() {
	ctx := context.Background()
	path := "path/to/manifests"

	sboms, err := sbom.GenerateSBOMsFromPath(ctx, path)
	if err != nil {
		fmt.Printf("Error generating SBOMs: %v\n", err)
		return
	}

	for _, s := range sboms {
		fmt.Printf("Generated SBOM: %+v\n", s)
	}
}
Encoding SBOMs

You can encode SBOMs into different formats using the Encode function. Supported formats include SPDX JSON, SPDX Tag-Value, CycloneDX JSON, and CycloneDX XML.

package main

import (
	"context"
	"fmt"
	"os"

	"github.com/yourusername/go-common/pkg/sbom"
)

func main() {
	ctx := context.Background()
	manifestFile, err := os.Open("path/to/manifest.yaml")
	if err != nil {
		fmt.Printf("Error opening manifest file: %v\n", err)
		return
	}
	defer manifestFile.Close()

	sboms, err := sbom.GenerateSBOMsFromManifest(ctx, manifestFile)
	if err != nil {
		fmt.Printf("Error generating SBOMs: %v\n", err)
		return
	}

	outputFile, err := os.Create("output.sbom.json")
	if err != nil {
		fmt.Printf("Error creating output file: %v\n", err)
		return
	}
	defer outputFile.Close()

	err = sbom.Encode(outputFile, *sboms[0], sbom.FormatSPDXJSON)
	if err != nil {
		fmt.Printf("Error encoding SBOM: %v\n", err)
		return
	}

	fmt.Println("SBOM successfully encoded to output.sbom.json")
}

Contributing

Contributions are welcome! Please open an issue or submit a pull request on GitHub.

License

We have licensed this project under the MIT License.

Acknowledgements

This package uses the Syft library for SBOM generation and encoding. Special thanks to the Syft team for their competent work.

Documentation

Overview

Package sbom provides functionality for working with Software Bill of Materials (SBOM) files.

This package supports:

- generating SBOMs from parsing kubernetes manifest files.

Basic usage:

// Parse an SBOM file
sbom, err := sbom.Parse("path/to/sbom.json")
if err != nil {
    // Handle error
}

// Get components
components := sbom.Components()

// Check licenses
licenses := sbom.Licenses()

The package supports different SBOM formats and provides utilities for:

  • Parsing SBOM files
  • Extracting component information
  • License analysis
  • Dependency tracking

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Encode added in v0.3.0

func Encode(w io.Writer, sbom sbom.SBOM, f Format) error

Encode writes the SBOM to the writer in the specified format

func GenerateSBOMsFromManifest added in v0.2.1

func GenerateSBOMsFromManifest(ctx context.Context, manifest io.Reader) ([]*sbom.SBOM, error)

GenerateSBOMsFromManifest generates SBOMs from the given manifest

func GenerateSBOMsFromPath added in v0.2.1

func GenerateSBOMsFromPath(ctx context.Context, path string) ([]*sbom.SBOM, error)

GenerateSBOMsFromPath generates SBOMs from all manifests in the given path

Types

type Encoder added in v0.3.0

type Encoder interface {
	Encode(io.Writer, sbom.SBOM) error
}

type Format added in v0.3.0

type Format int
const (
	FormatSPDXJSON Format = iota
	FormatSPDXTagValue
	FormatCycloneDXJSON
	FormatCycloneDXXML
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL