snyk-sbom-export

command module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 15, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

README

snyk-sbom-export

A tool to take projects that are onboarded to Snyk's dependency scanning, and generate a Software Bill of Materials (SBOM). Although this is already available through the Snyk API, this does not include licensing information.

By using snyk-sbom-export, you will receive annotated licensing information as well as the core SBOM data.

Limitations

Note that this only supports Open Source projects, as Snyk does not support SBOM generation for non-Open Source projects. However, this may be worked on as part of this project.

Installation

This can be installed from source using:

go install gitlab.com/tanna.dev/snyk-sbom-export@latest

The minimum Go version required to run it is Go 1.21.

Usage

The SNYK_API_TOKEN environment variable is required, and to get one, you can follow the Snyk documentation.

env SNYK_API_TOKEN=... snyk-sbom-export -orgID ... -format cyclonedx1.4+json
# alternatively
env SNYK_API_TOKEN=... snyk-sbom-export -orgID ... -format spdx2.3+json

This will then process through all projects in the Snyk organisation, defined by the -orgID flag, and will output them in the specified SBOM format.

License

Licensed under the Apache-2.0 license.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.