{"id":27942076,"url":"https://github.com/mrizzi/bomulator","last_synced_at":"2025-05-07T11:26:16.343Z","repository":{"id":288062979,"uuid":"966705694","full_name":"mrizzi/bomulator","owner":"mrizzi","description":"BOMulator is a synthetic Bill of Materials (BOMs) — currently SBOM — simulator.","archived":false,"fork":false,"pushed_at":"2025-04-22T19:27:24.000Z","size":60,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-22T20:36:33.346Z","etag":null,"topics":["osv","sbom","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mrizzi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-15T10:30:03.000Z","updated_at":"2025-04-22T19:27:28.000Z","dependencies_parsed_at":"2025-04-22T20:26:51.006Z","dependency_job_id":null,"html_url":"https://github.com/mrizzi/bomulator","commit_stats":null,"previous_names":["mrizzi/bomulator"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrizzi%2Fbomulator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrizzi%2Fbomulator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrizzi%2Fbomulator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrizzi%2Fbomulator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mrizzi","download_url":"https://codeload.github.com/mrizzi/bomulator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252867472,"owners_count":21816682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["osv","sbom","vulnerability"],"created_at":"2025-05-07T11:26:15.574Z","updated_at":"2025-05-07T11:26:16.328Z","avatar_url":"https://github.com/mrizzi.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BOMulator\n\n**BOMulator** is a synthetic Bill of Materials (BOMs) — currently SBOM — simulator for testing, analysis, and research. Whether you're simulating large software supply chains or stress-testing your SBOM ingestion pipeline, BOMulator helps you create tailor-made BOMs that match your needs.\n\n---\n\n## Features\n\n- Generate **synthetic SBOMs** with **customizable number of vulnerabilities and package types** (e.g. Maven, crates.io, Golang, Pypi, etc)\n- Ingest and parse vulnerability data from [OSV](https://osv.dev)\n- [_Soon_] Store structured vulnerability data into a PostgreSQL database\n\n---\n\n## Usage\n\n### CLI\n\nYou need to have installed [Docker](https://docs.docker.com/engine/install/) or [Podman](https://podman.io/docs/installation).\n\n1. Download the OSV data in the way you prefer among:\n   1. With a browser download https://osv-vulnerabilities.storage.googleapis.com/all.zip\n   2. From a terminal, execute\n       ```shell\n       curl -O https://osv-vulnerabilities.storage.googleapis.com/all.zip\n       ```\n2. Run BOMulator using container (you can replace `podman` with `docker`)\n   ```shell\n   podman run -v ./:/bomulator:Z quay.io/mrizzi/bomulator:latest -i /bomulator/all.zip -o /bomulator/\n   ```\n   and you should get an output like:\n   ```shell\n   Input zip file ingestion\n   Output file data gathering\n   Created files:\n   /bomulator/bomulator-0.1.0-e3b9ad9c-2a58-40fc-8fae-7aaa4baa7d5a.cdx.json\n   /bomulator/bomulator-0.1.0-e3b9ad9c-2a58-40fc-8fae-7aaa4baa7d5a.spdx.json\n   ```\n   \nIn your local directory the two newly generated SBOMs will be available.\n\n#### Input options\n\nThe available input options can be retrieved running:\n\n```\npodman run quay.io/mrizzi/bomulator:latest\n```\n\n### Library\n\nThe examples on how to leverage this library into Rust code are available in the [examples](./examples) folder.  \nYou can give it a try to the `generate_sboms` example executing:\n\n```shell\ncargo run -r --example generate_sboms\n```\n\n---\n\n## Contributing\n\nPull requests and feedback are welcome! Please open an issue first to discuss major changes.\n\n---\n\n## Roadmap\n\nCheck the open issues for the list of upcoming changes: please vote the ones you need/like the most, thank you.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrizzi%2Fbomulator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrizzi%2Fbomulator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrizzi%2Fbomulator/lists"}