{"id":25281943,"url":"https://github.com/pqca/cbomkit-action","last_synced_at":"2025-04-06T13:13:36.019Z","repository":{"id":277165764,"uuid":"931013491","full_name":"PQCA/cbomkit-action","owner":"PQCA","description":"GitHub Action to generate Cryptography Bill of Materials (CBOM)","archived":false,"fork":false,"pushed_at":"2025-03-17T10:54:24.000Z","size":152240,"stargazers_count":2,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-17T11:24:55.967Z","etag":null,"topics":["cbom","cbom-tool","cbomkit","cryptographic-inventory","github-actions","post-quantum-cryptography","quantum-safe"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PQCA.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-11T15:27:42.000Z","updated_at":"2025-03-10T15:43:53.000Z","dependencies_parsed_at":"2025-03-04T12:32:47.886Z","dependency_job_id":null,"html_url":"https://github.com/PQCA/cbomkit-action","commit_stats":null,"previous_names":["pqca/cbomkit-action"],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PQCA%2Fcbomkit-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PQCA%2Fcbomkit-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PQCA%2Fcbomkit-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PQCA%2Fcbomkit-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PQCA","download_url":"https://codeload.github.com/PQCA/cbomkit-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247485290,"owners_count":20946398,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cbom","cbom-tool","cbomkit","cryptographic-inventory","github-actions","post-quantum-cryptography","quantum-safe"],"created_at":"2025-02-12T19:08:58.131Z","updated_at":"2025-04-06T13:13:36.014Z","avatar_url":"https://github.com/PQCA.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CBOMkit-action\n\nGitHub Action to generate CBOMs.\n\n## Usage\n\n```yaml\non:\n  workflow_dispatch:\n\njobs:\n  cbom-scan:\n    runs-on: ubuntu-latest\n    name: CBOM generation\n    permissions:\n      contents: write\n      pull-requests: write\n    steps:\n      - name: Checkout repository\n        uses: actions/checkout@v4\n      - name: Create CBOM\n        uses: PQCA/cbomkit-action@v1.1.0\n        id: cbom\n      # Allow you to persist CBOM after a job has completed, and share \n      # that CBOM with another job in the same workflow.\n      - name: Create and publish CBOM artifact\n        uses: actions/upload-artifact@v4\n        with:\n          name: \"CBOM\"\n          path: ${{ steps.cbom.outputs.filename }}\n```\n\n## Supported languages and libraries\n\nThe current scanning capabilities of the CBOMkit are defined by the [Sonar Cryptography Plugin's](https://github.com/IBM/sonar-cryptography) supported languages \nand cryptographic libraries:\n\n| Language | Cryptographic Library                                                                         | Coverage | \n|----------|-----------------------------------------------------------------------------------------------|----------|\n| Java     | [JCA](https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html) | 100%     |\n|          | [BouncyCastle](https://github.com/bcgit/bc-java) (*light-weight API*)                         | 100%[^1] |\n| Python   | [pyca/cryptography](https://cryptography.io/en/latest/)                                       | 100%     |\n\n[^1]: We only cover the BouncyCastle *light-weight API* according to [this specification](https://javadoc.io/static/org.bouncycastle/bctls-jdk14/1.80/specifications.html)\n\nWhile the CBOMkit's scanning capabilities are currently bound to the Sonar Cryptography Plugin, the modular \ndesign of this plugin allows for potential expansion to support additional languages and cryptographic libraries in \nfuture updates.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpqca%2Fcbomkit-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpqca%2Fcbomkit-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpqca%2Fcbomkit-action/lists"}