{"id":13846543,"url":"https://github.com/vmware-samples/sbom-composer","last_synced_at":"2025-04-11T02:13:26.221Z","repository":{"id":57748213,"uuid":"515991391","full_name":"vmware-samples/sbom-composer","owner":"vmware-samples","description":"A tool that takes two or more micro SBOMs and composes them into one distributable SBOM","archived":false,"fork":false,"pushed_at":"2023-03-23T13:48:41.000Z","size":65,"stargazers_count":23,"open_issues_count":10,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-11T02:13:18.974Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vmware-samples.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-20T13:22:52.000Z","updated_at":"2024-09-19T02:23:51.000Z","dependencies_parsed_at":"2024-05-30T04:34:35.684Z","dependency_job_id":"fb8d06b1-6fbe-467d-9d4d-3063144f0a65","html_url":"https://github.com/vmware-samples/sbom-composer","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-samples%2Fsbom-composer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-samples%2Fsbom-composer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-samples%2Fsbom-composer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-samples%2Fsbom-composer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vmware-samples","download_url":"https://codeload.github.com/vmware-samples/sbom-composer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248328163,"owners_count":21085261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T18:00:39.435Z","updated_at":"2025-04-11T02:13:26.184Z","avatar_url":"https://github.com/vmware-samples.png","language":"Go","funding_links":[],"categories":["Software Bill of Materials"],"sub_categories":[],"readme":"# sbom-composer\n\n**This project is now officially migrated to [opensbom-generator/sbom-composer](https://github.com/opensbom-generator/sbom-composer).**\n\n**Please visit the new official repository instead.**\n\n## Overview\nsbom-composer is a tool that serves for composing two or more micro SBOMs into a single SBOM document in SPDX format.\n\n## Try it out\n\n### Build \u0026 Run\n\n1. `cd cli/`\n2. `go build`\n3. `./sbomcompose -d \u003cpath-to-dir-with-spdx-files-to-compose\u003e [flags]`\n\n\n* `flags`:\n    - `-d`, `--dir`: Folder with micro SBOMs in SPDX format\n    - `-s`, `--save`: Saves composed SBOM to a given file. `composed.spdx` by default\n    - `-c`, `--conf`: Configuration for the composed document. `sbom-composer/config/example_config.yaml` by default\n    - `-o`, `--out`: Output format of the composed document: `tv` or `json`. `tv` by default\n    - `-f`, `--filters`: A list of packages to filter from the output\n\nTo filter a single, or a list of packages, use `-f \u003cpkg1\u003e -f \u003cpkg2\u003e [...]`.\n\n### Testing changes\n\nRun your local changes with:\n```\ncd cli/\ngo run sbom_compose.go -d \u003cpath-to-dir-with-spdx-files-to-compose\u003e [flags]\n```\n\nIf testing local changes to some of the sbom-composer's packages, e.g. the `parser`, modify `cli/sbom_compose.go` imports:\n```\n// \"github.com/vmware-samples/sbom-composer/parser\"\n\"sbom-composer/parser\"\n```\nand `cli/go.mod` with:\n```\nreplace sbom-composer/parser =\u003e ../parser\n```\nThen run:\n```\ncd cli\ngo mod tidy\n```\n## Documentation\n\nTo be added.\n\n## Contributing\n\nThe sbom-composer project team welcomes contributions from the community. Before you start working with sbom-composer, please\nread our [Developer Certificate of Origin](https://cla.vmware.com/dco). All contributions to this repository must be\nsigned as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on\nas an open-source patch. For more detailed information, refer to [CONTRIBUTING.md](CONTRIBUTING.md).\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmware-samples%2Fsbom-composer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvmware-samples%2Fsbom-composer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmware-samples%2Fsbom-composer/lists"}