{"id":26633493,"url":"https://github.com/chains-project/zksbom","last_synced_at":"2026-03-12T16:02:15.256Z","repository":{"id":279573978,"uuid":"927743313","full_name":"chains-project/zkSBOM","owner":"chains-project","description":"zero knowledge SBOMs (thesis Tom Sorger)","archived":false,"fork":false,"pushed_at":"2025-06-01T16:17:40.000Z","size":5973,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-02T01:55:41.652Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chains-project.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-05T13:24:59.000Z","updated_at":"2025-05-28T08:37:11.000Z","dependencies_parsed_at":"2025-05-09T13:47:03.417Z","dependency_job_id":"727c18cc-9725-43c7-9361-f6c9c28135e9","html_url":"https://github.com/chains-project/zkSBOM","commit_stats":null,"previous_names":["t-sorger/zksbom","chains-project/zksbom"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/chains-project/zkSBOM","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chains-project%2FzkSBOM","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chains-project%2FzkSBOM/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chains-project%2FzkSBOM/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chains-project%2FzkSBOM/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chains-project","download_url":"https://codeload.github.com/chains-project/zkSBOM/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chains-project%2FzkSBOM/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263091026,"owners_count":23412343,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-24T15:15:07.675Z","updated_at":"2026-03-12T16:02:15.249Z","avatar_url":"https://github.com/chains-project.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Zero-Knowledge SBOM (zkSBOM)\n\nThis repository contains a proof-of-concept (PoC) implementation for disclosing limited but verifiable SBOM (Software Bill of Materials) information to authorized users using cryptographic methods.\n\nSupported cryptographic methods:\n\n- Merkle Trees (MT)\n- Sparse Merkle Trees (SMT)\n- Merkle Patricia Tries (MPT)\n- Ordered Zero-Knowledge Sets (oZKS)\n\nThe project is divided into two tools\n- [zkSBOM](./zksbom/)\n  - Allows vendors to upload their product SBOMs, customers to retrieve commitments for specific SBOMs, and the system to generate cryptographic proofs confirming the presence of vulnerable dependencies.\n  It also performs regular dependency-to-vulnerability mappings.\n\n- [zkSBOM Verifier](./zksbom-verifier/)\n  - Validates the cryptographic proofs generated by zkSBOM.\n\n## Installation\n\n```Bash\n# Clone the repository\ngit clone git@github.com:chains-project/zkSBOM.git\n\n# Initialize the submodules\ngit submodule update --init --recursive \n```\n\nFollow the installation section in the corresponding README.md to install [zkSBOM](./zksbom/README.md#Installation) or [zkSBOM Verifier](./zksbom-verifier/README.md#Installation).\n\n## Usage\n\nSee the usage guide in the corresponding README.md for [zkSBOM](./zksbom/README.md#Usage) or [zkSBOM Verifier](./zksbom-verifier/README.md#Usage).\n\n\n## Citation\n\nSorger, T. (2025). Towards Zero-Knowledge Software Bill of Materials [Computer software]. https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-369919\n\n## License\n\nMIT License\n\n## Contact\n\n[Tom Sorger](mailto:sorger@kth.se)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchains-project%2Fzksbom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchains-project%2Fzksbom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchains-project%2Fzksbom/lists"}