Workflow responsible for launching static code analysis, generating SBOM and scanning for vulnerabilities. Can be applied to projects that use Gradle and Kotlin.
-
Updated
Oct 27, 2022
Workflow responsible for launching static code analysis, generating SBOM and scanning for vulnerabilities. Can be applied to projects that use Gradle and Kotlin.
Create a dependency graph of the components within a SBOM
A Bitbucket Pipe containing a collection of open source tools to perform various types of additional analysis on a CycloneDX or SPDX sBOM (Software Bill of Materials).
An example project that demonstrates how to automate a release with SBOM generation using Syft
Use SBOM metadata to validate release integrity.
fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.
A tool to reverse engineer and inspect the RPM and APT databases to list all the packages along with executables, service and versions.
Add a description, image, and links to the sbom topic page so that developers can more easily learn about it.
To associate your repository with the sbom topic, visit your repo's landing page and select "manage topics."