{"id":42761220,"url":"https://github.com/starwit/sbom-report-generator","last_synced_at":"2026-01-29T20:34:10.022Z","repository":{"id":245129324,"uuid":"817340306","full_name":"starwit/sbom-report-generator","owner":"starwit","description":"This components aims at generating PDF reports for software bill of materials based on CycloneDX standard.","archived":false,"fork":false,"pushed_at":"2025-09-09T14:00:07.000Z","size":1150,"stargazers_count":1,"open_issues_count":5,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-09-09T17:23:39.865Z","etag":null,"topics":["ai-cockpit","aicockpit","excel-export","pdf-generation"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/starwit.png","metadata":{"files":{"readme":"Readme.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-06-19T13:54:31.000Z","updated_at":"2025-09-09T14:00:09.000Z","dependencies_parsed_at":"2024-06-20T01:06:49.014Z","dependency_job_id":"6cd77e90-6161-4ddd-86dd-d6c72c28471b","html_url":"https://github.com/starwit/sbom-report-generator","commit_stats":null,"previous_names":["starwit/sbom-report-generator"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/starwit/sbom-report-generator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/starwit%2Fsbom-report-generator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/starwit%2Fsbom-report-generator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/starwit%2Fsbom-report-generator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/starwit%2Fsbom-report-generator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/starwit","download_url":"https://codeload.github.com/starwit/sbom-report-generator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/starwit%2Fsbom-report-generator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28884291,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-29T19:55:09.949Z","status":"ssl_error","status_checked_at":"2026-01-29T19:55:08.490Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-cockpit","aicockpit","excel-export","pdf-generation"],"created_at":"2026-01-29T20:34:08.503Z","updated_at":"2026-01-29T20:34:10.017Z","avatar_url":"https://github.com/starwit.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Report sBOM Generator \n\nThis components aims at generating reports in various for software bill of materials based on CycloneDX standard. More info on this standard can be found [here](https://cyclonedx.org/specification/overview/). \n\n## What does it do\nService offers an API to which other services or users can send sBOM documents (CycloneDX) and get back generated PDF/spread sheet files.\n\n## How to install\n\nService so far supports running as Docker container and to be deployed to Kubernetes cluster. For Docker instructions see: https://hub.docker.com/r/starwitorg/sbom-generator\n\nTo install service to Kubernetes use Helm chart provided here: https://hub.docker.com/r/starwitorg/sbom-generator-chart\n\n_Note:_ This application creates and ships an SBOM for itself. You can find it at: host:port/application.cdx.json\n\n# Development\nDocumentation for developers - pull requests are always appreciated.\n\n## How to run locally\nAs this is a Spring Boot app, compiling and running is simple:\n\n```bash\nmvn clean package\njava -jar target/application-sbom-generator.jar \n```\n\n__Note__: Build file contains a code signing step. Make sure to change config to your own signing key. For more details see [plugin page](https://maven.apache.org/plugins/maven-gpg-plugin/usage.html)\n\nYou can reach API via:\n\n    http://localhost:8080/swagger-ui/index.html\n\n### Test API\n\nApplication's SBOM is located here: http://localhost:8080/application.cdx.json\n\nTo generate a PDF report use the following API call:\n\n```bash\ncurl -X 'POST' 'http://localhost:8080/api/report/remote' -H 'Content-Type: application/json' -d '{\"sbomURI\": [\"http://localhost:8080/application.cdx.json\"],\"dcId\": 0,\"compact\": true}' \u003e report.pdf\n```\nThis API call returns a binary PDF file which is then stored as _report.pdf_.\n\n## Authentication\n\nIn order to use authentication, use sping profile \"auth\" in your application.properties:\n\n```bash\nspring.profiles.active=auth\n```\n\nYou need a running openID compatible identity provider (IdP). In folder [deployment/docker-compose](deployment/docker-compose/auth-docker-compose.yml) you find a Docker compose file, that starts a pre-configured Keycloak running at http://localhost:8081/\n\n### Manual API Access with Token Generation\nIf you use pre-configured Keycloak use the following command to get an access token. If you want to use another Keycloak, adapt command accordingly.\n```bash\ncurl -H application/x-www-form-urlencoded -d \"realm=default\" -d \"client_id=aicockpit\" -d \"username=admin\" -d \"password=admin\" -d \"grant_type=password\" \"http://localhost:8081/auth/realms/aicockpit/protocol/openid-connect/token\"\n```\n__Hint:__ On bash you can use [jq](https://jqlang.org/) to structure JSON answers. Following image shows a sample answer.\n\n![](doc/sample_token_answer.png)\n\nValue of field access_token needs to be added to API calls. If you expose TOKEN as an environment variable like so:\n```bash\nexport TOKEN=\"value\"\n```\n\nNow you can call API and generate reports. Following example uses report-generator's own SBOM and creates a PDF report.\n```bash\ncurl -X 'POST' -H \"Authorization: Bearer $TOKEN\"  'http://localhost:8080/api/report/remote' -H 'Content-Type: application/json' -d '{\"sbomURI\": [\"http://localhost:8080/application.cdx.json\"],\"dcId\": 0,\"compact\": true}'\n```\n\n# Contact \u0026 Contribution\nThis project was partly funded by the government of the federal republic of Germany. It is part of a research project aiming to keep _humans in command_ and is organized by the Federal Ministry of Labour and Social Affairs.\n\nThe “KI-Cockpit” (AI Cockpit) project was funded by the Federal Ministry of Labor and Social Affairs.\n\n\u003cimg src=\"doc/foerderlogo.png\" alt=\"BMAS Logo\" style=\"width:33%; height:auto;\"\u003e\n\n## License\n\nSoftware in this repository is licensed under the AGPL-3.0 license. See [license agreement](LICENSE) for more details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstarwit%2Fsbom-report-generator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstarwit%2Fsbom-report-generator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstarwit%2Fsbom-report-generator/lists"}