{"id":13727973,"url":"https://github.com/interlynk-io/sbomex","last_synced_at":"2025-05-08T00:30:58.091Z","repository":{"id":114960403,"uuid":"609720632","full_name":"interlynk-io/sbomex","owner":"interlynk-io","description":"Find \u0026 pull public SBOMs","archived":false,"fork":false,"pushed_at":"2024-08-25T17:49:36.000Z","size":385,"stargazers_count":13,"open_issues_count":2,"forks_count":2,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-08-25T19:00:31.128Z","etag":null,"topics":["go","golang","sbom","sbom-distribution","sbom-examples","sbom-repository","sbom-samples","sbom-tool"],"latest_commit_sha":null,"homepage":"https://sbombenchmark.dev/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/interlynk-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-05T02:50:35.000Z","updated_at":"2024-08-25T17:49:40.000Z","dependencies_parsed_at":"2024-01-14T22:46:33.948Z","dependency_job_id":"6127c06a-69c3-4590-b8b6-e4436b658597","html_url":"https://github.com/interlynk-io/sbomex","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/interlynk-io%2Fsbomex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/interlynk-io%2Fsbomex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/interlynk-io%2Fsbomex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/interlynk-io%2Fsbomex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/interlynk-io","download_url":"https://codeload.github.com/interlynk-io/sbomex/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224679789,"owners_count":17351868,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","golang","sbom","sbom-distribution","sbom-examples","sbom-repository","sbom-samples","sbom-tool"],"created_at":"2024-08-03T02:00:35.690Z","updated_at":"2024-11-14T19:30:29.486Z","avatar_url":"https://github.com/interlynk-io.png","language":"Go","funding_links":[],"categories":["Official projects","Go"],"sub_categories":["Tools (and [classification](https://ntia.gov/sites/default/files/publications/ntia_sbom_tooling_taxonomy-2021mar30_0.pdf))"],"readme":"\u003c!--\n Copyright 2023 Interlynk.io\n \n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n \n     http://www.apache.org/licenses/LICENSE-2.0\n \n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n--\u003e\n\n# `sbomex`: SBOM Explorer\n\n[![Go Reference](https://pkg.go.dev/badge/github.com/interlynk-io/sbomex.svg)](https://pkg.go.dev/github.com/interlynk-io/sbomex)\n[![Go Report Card](https://goreportcard.com/badge/github.com/interlynk-io/sbomex)](https://goreportcard.com/report/github.com/interlynk-io/sbomex)\n\n`sbomex` is a command line utility to help query and pull from Interlynk's public SBOM repository. The tool is intended to help familiarize with the specifications and formats of common SBOM standards and the quality of produced SBOMs (See [sbomqs](https://github.com/interlynk-io/sbomqs/) - SBOM Quality Score for how the score is computed). \n\nThe underlying repository is updated periodically with SBOMs from a variety of sources built with many tools.\n\n\n## `sbomex search` : Search repository for matching SBOMs\nsearch commands finds SBOMs in the repository that matches given filtering criteria (specification, format or tool name)\n\n```sh\nsbomex search --format json --spec cdx --tool trivy --target '%centos%7' --limit 3\n```\n```\n  ID  TARGET                 QUALITY  TYPE      CREATOR\n  14  centos:centos7.9.2009  7.38     cdx-json  trivy-0.36.1\n  23  centos:centos7         7.38     cdx-json  trivy-0.36.1\n  32  centos:7.9.2009        7.38     cdx-json  trivy-0.36.1\n```\n\n## `sbomex pull` : Downloads specified SBOM from the repository and prints to the screen\n```sh\nsbomex pull --id 23\n ```\n ```\n {\n\t\"SPDXID\": \"SPDXRef-DOCUMENT\",\n\t\"creationInfo\": {\n\t\t\"created\": \"2023-03-01T01:32:02.939561Z\",\n\t\t\"creators\": [\n\t\t\t\"Tool: trivy\",\n\t\t\t\"Organization: aquasecurity\"\n\t\t]\n\t},\n\t\"dataLicense\": \"CC0-1.0\",\n ...\n ```\n\n#### Using containerized sbomex\n\n```sh\ndocker run ghcr.io/interlynk-io/sbomex [search|pull] [options]\n```\nExample\n```sh\ndocker run ghcr.io/interlynk-io/sbomex:latest search --format json --spec cdx --tool trivy --target '%box%' --limit 3\n```\n```\nUnable to find image 'ghcr.io/interlynk-io/sbomex:latest' locally\nlatest: Pulling from interlynk-io/sbomex\nbc89d6624a71: Already exists\nbacb9c1935ff: Already exists\nDigest: sha256:a00682b085fd21b7f071245a4d62d4825a07d9e783a8dfcda6b1f30f6a49514c\nStatus: Downloaded newer image for ghcr.io/interlynk-io/sbomex:latest\ndownloading db 100% |███████████████████████████| (89/89 MB, 5.4 MB/s)\n\nA new version of sbomex is available v0.0.6.\n\n  ID   TARGET          QUALITY  TYPE      CREATOR\n  95   busybox:latest  3.25     cdx-json  trivy-0.36.1\n  104  busybox:uclibc  3.25     cdx-json  trivy-0.36.1\n  113  busybox:musl    3.25     cdx-json  trivy-0.36.1\n```\n\n# SBOM Card \n[![SBOMCard](https://api.interlynk.io/api/v1/badges?type=hcard\u0026project_group_id=d6fbe787-51e6-44bc-a691-f792fb581f63\n)](https://app.interlynk.io/customer/products?id=d6fbe787-51e6-44bc-a691-f792fb581f63\u0026signed_url_params=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkltVTJObUl4T0RFNUxUSXpaR1l0TkdFM09DMDRZVEptTFRkbE1EYzJZak13TTJJMk5pST0iLCJleHAiOm51bGwsInB1ciI6InNoYXJlX2x5bmsvc2hhcmVfbHluayJ9fQ==--9ab55c63454b3144b175f0439119cb442b5eae1bbfc5f18a9639a69d89487396)\n\n# Installation \n\n## Using Prebuilt binaries \n\n```console\nhttps://github.com/interlynk-io/sbomex/releases\n```\n\n## Using Homebrew\n```console\nbrew tap interlynk-io/interlynk\nbrew install sbomex\n```\n\n## Using Go install\n\n```console\ngo install github.com/interlynk-io/sbomex@latest\n```\n\n## Using repo\n\nThis approach invovles cloning the repo and building it. \n\n1. Clone the repo `git clone git@github.com:interlynk-io/sbomex.git`\n2. `cd` into `sbomex` folder \n3. make build\n4. To test if the build was successful run the following command `./build/sbomex version`\n\n\n# Contributions\nWe look forward to your contributions, below are a few guidelines on how to submit them \n\n- Fork the repo\n- Create your feature/bug branch (`git checkout -b feature/new-feature`)\n- Commit your changes (`git commit -am \"awesome new feature\"`)\n- Push your changes (`git push origin feature/new-feature`)\n- Create a new pull-request\n\n# Other SBOM Open Source tools\n- [SBOM Assembler](https://github.com/interlynk-io/sbomasm) - A tool to compose a single SBOM by combining other (part) SBOMs\n- [SBOM Quality Score](https://github.com/interlynk-io/sbomqs) - A tool for evaluating the quality and completeness of SBOMs\n- [SBOM Search Tool](https://github.com/interlynk-io/sbomagr) - A tool to grep style semantic search in SBOMs\n- [SBOM Explorer](https://github.com/interlynk-io/sbomex) - A tool for discovering and downloading SBOM from a public repository\n\n# Contact \nWe appreciate all feedback. The best ways to get in touch with us:\n- :phone: [Live Chat](https://www.interlynk.io/#hs-chat-open)\n- 📫 [Email Us](mailto:hello@interlynk.io)\n- 🐛 [Report a bug or enhancement](https://github.com/interlynk-io/sbomex/issues) \n- :x: [Follow us on X](https://twitter.com/InterlynkIo)\n\n# Stargazers\n\nIf you like this project, please support us by starring it. \n\n[![Stargazers](https://starchart.cc/interlynk-io/sbomex.svg)](https://starchart.cc/interlynk-io/sbomex)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finterlynk-io%2Fsbomex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finterlynk-io%2Fsbomex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finterlynk-io%2Fsbomex/lists"}