{"id":31156109,"url":"https://github.com/aborroy/alfresco-sbom-generator","last_synced_at":"2025-09-18T20:54:55.272Z","repository":{"id":299610533,"uuid":"1003575305","full_name":"aborroy/alfresco-sbom-generator","owner":"aborroy","description":"Generate a Software Bill of Materials (SBOM) for any Alfresco Docker image in one command","archived":false,"fork":false,"pushed_at":"2025-06-17T12:13:23.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-17T12:32:06.815Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aborroy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-17T10:59:00.000Z","updated_at":"2025-06-17T12:13:26.000Z","dependencies_parsed_at":"2025-06-17T12:34:10.300Z","dependency_job_id":"875a5274-f698-4a78-b7c8-6b5e343d137d","html_url":"https://github.com/aborroy/alfresco-sbom-generator","commit_stats":null,"previous_names":["aborroy/alfresco-sbom-generator"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aborroy/alfresco-sbom-generator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-sbom-generator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-sbom-generator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-sbom-generator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-sbom-generator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aborroy","download_url":"https://codeload.github.com/aborroy/alfresco-sbom-generator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aborroy%2Falfresco-sbom-generator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275830188,"owners_count":25536280,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-18T02:00:09.552Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-09-18T20:54:51.963Z","updated_at":"2025-09-18T20:54:55.260Z","avatar_url":"https://github.com/aborroy.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Alfresco SBOM Generator\n\nGenerate a **Software Bill of Materials (SBOM)** for any Alfresco Docker image in one command. The tool wraps [Anchore Syft](https://github.com/anchore/syft) with a thin Python script and a Makefile so you get a clean HTML report instead of raw JSON—and it applies the whitespace fixes needed for reliable parsing.\n\n## Why use this?\n\n* One‑liner reports: `make run IMAGE=alfresco/alfresco-content-repository-community:25.1.0` drops a browsable HTML SBOM in `reports/`.\n* License coverage at a glance: the script flags packages without licensing info.\n* Pluggable templates: supply any Syft template (we ship a flat one) to keep the parser screaming fast.\n* Opinionated defaults: sane exclusions (`/lib`, `/var`), colourised CLI output, zero‑config Docker pulls.\n\n## Prerequisites\n\n| Tool   | Tested Version | Purpose                           |\n| ------ | -------------- | --------------------------------- |\n| Docker | `24.0+`        | pulls \u0026 caches the Alfresco image |\n| Syft   | `1.2.0`        | extracts the package list         |\n| Python | `3.9+`         | runs `sbom_generator.py`          |\n| Make   | any GNU Make   | gloats over your clipboard        |\n\n\u003e **Tip:** on macOS, install everything with Homebrew: `brew install syft make`.\n\n## Quick‑start\n\n```bash\n# 1. Clone the repo\n$ git clone https://github.com/your‑org/alfresco‑sbom‑generator.git\n$ cd alfresco‑sbom‑generator\n\n# 2. Generate the template once (adds the mandatory newline!)\n$ make create-template\n\n# 3. Run against any Alfresco image\n$ make run IMAGE=alfresco/alfresco-content-repository-community:25.1.0\n\n# 4. Open the report\n$ open reports/sbom_alfresco_alfresco-content-repository-community_25.1.0.html\n```\n\n## Project layout\n\n```bash\n.\n├── sbom_generator.py        # tiny wrapper around Syft\n├── Makefile                 # UX sugar\n├── templates/\n│   └── detailed.tmpl        # flat Syft template (one package per line)\n├── reports/                 # HTML output lands here (git‑ignored)\n└── README.md\n```\n\n## Custom templates\n\nSyft’s Go templates are powerful but *very* whitespace‑sensitive. We ship a safe template that ends every artifact with a line‑break **and** keeps dashes from trimming it:\n\n```gotemplate\n{{- range .artifacts}}\n{{ .name }}:{{ .version }}:{{ .purl }} - {{ range .licenses }}{{ .value }}{{ end }}\n{{- end}}\n```\n\nTo use your own:\n\n```bash\n$ make run-with-template \\\n      IMAGE=alfresco/alfresco-search-services:2.11.0 \\\n      TEMPLATE=my.tmpl\n```\n\n\u003e **Important** — if you modify the template, keep the newline outside any `{{- ... -}}` pair or the Python regex will only capture the first package.\n\n## Contributing\n\nIssues and PRs welcome! Please run `make lint` before raising a pull request.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faborroy%2Falfresco-sbom-generator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faborroy%2Falfresco-sbom-generator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faborroy%2Falfresco-sbom-generator/lists"}