bom

command

v0.1.0 Latest Latest Go to latest Published: Nov 22, 2021 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/bom

Links

Open Source Insights

README ¶

bom (Bill of Materials)

A utility to generate SPDX compliant Bill of Materials manifests.

bom is a tiny utility that leverages the code written for the Kubernetes Bill of Materials project. It enables software authors to generate an SBOM for their projects in a simple, yet powerful way.

terminal demo

bom is a general-purpose tool that can generate SPDX packages from directories, container images, single files, and other sources. The utility has a built-in license classifier that recognizes the 400+ licenses in the SPDX catalog.

Other features include Golang dependency analysis and full .gitignore support when scanning git repositories.

Generate your own Bill of Materials

If you are looking for a way to create a bill of materials for your project, we have created a HOWTO guide to generating an SBOM.

The guide includes information about what a Bill of Materials is, the SPDX standard, and instructions to add files, images, directories, and other sources to your BOM.

Compiling bom

To compile bom, clone the Kubernetes Release Engineering repository and run the compile-tools script:

git clone git@github.com:kubernetes/release.git
cd release
./compile-release-tools

Examples

The following examples show how bom can process different sources to generate an SPDX Bill of Materials. Multiple sources can be combined to get a document describing different packages.

Generate an SBOM from the Current Directory:

To process a directory as a source for your SBOM, use the -d flag or simply pass the path as the first argument to bom:

bom generate -n http://example.com/ .

Process a Container Image

This example pulls the kube-apiserver image, analyzes it, and describes in the SBOM. Each of its layers are then expressed as a subpackage in the resulting document:

bom generate -n http://example.com/ --image k8s.gcr.io/kube-apiserver:v1.21.0

Generate a BOM to describe files

You can create an SBOM with just files in the manifest. For that, use -f:

bom generate -n http://example.com/ \
    -f Makefile \
    -f file1.exe \
    -f document.md \
    -f other/file.txt

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL