{"id":25936937,"url":"https://github.com/zcubbs/sbomer","last_synced_at":"2026-05-11T00:47:38.177Z","repository":{"id":280315048,"uuid":"937232927","full_name":"zcubbs/sbomer","owner":"zcubbs","description":"SBOMer is a Go-based tool for generating Software Bill of Materials (SBOM) for GitLab projects (eventually others). It provides an automated way to fetch projects from GitLab groups and generate SBOMs using Syft.","archived":false,"fork":false,"pushed_at":"2025-05-22T13:07:54.000Z","size":65,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-16T09:19:17.476Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zcubbs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-02-22T16:46:03.000Z","updated_at":"2025-05-22T12:58:42.000Z","dependencies_parsed_at":"2025-03-02T18:15:53.819Z","dependency_job_id":"9527353f-9fe0-4379-b270-9b69834bbdfd","html_url":"https://github.com/zcubbs/sbomer","commit_stats":null,"previous_names":["zcubbs/sbomer"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/zcubbs/sbomer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zcubbs%2Fsbomer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zcubbs%2Fsbomer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zcubbs%2Fsbomer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zcubbs%2Fsbomer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zcubbs","download_url":"https://codeload.github.com/zcubbs/sbomer/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zcubbs%2Fsbomer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32877246,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-10T13:40:02.631Z","status":"ssl_error","status_checked_at":"2026-05-10T13:40:02.145Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-04T02:55:07.519Z","updated_at":"2026-05-11T00:47:38.151Z","avatar_url":"https://github.com/zcubbs.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SBOMer\n\nSBOMer is a Go-based tool for generating Software Bill of Materials (SBOM) for GitLab projects (eventually others). It provides an automated way to fetch projects from GitLab groups and generate SBOMs using Syft.\n\n## Features\n\n- **Group-Based Project Fetching**: Recursively fetch projects from specified GitLab groups and their subgroups\n- **Topic-Based Filtering**: Skip projects with specific topics using exclude_topics configuration\n- **Efficient Processing**: Process projects in batches with configurable batch sizes and cool-off periods\n- **Message Queue Integration**: Uses RabbitMQ for reliable project processing\n- **Database Storage**: Stores fetch statistics and operation logs in PostgreSQL\n- **Syft Integration**: Generates SBOMs using Syft in CycloneDX JSON format\n\n## Components\n\n- **Fetcher**: Retrieves projects from GitLab and publishes them to RabbitMQ\n- **Processor**: Clones repositories and generates SBOMs using Syft\n- **Database**: Stores operational data and statistics\n- **GitLab Client**: Handles GitLab API interactions and repository cloning\n\n## Configuration\n\nThe application is configured via environment variables or a `config.yaml` file:\n\n```yaml\napp:\n  log_level: info\n\ngitlab:\n  host: gitlab.com\n  scheme: https\n  token: \"\" # Set via SBOMER_GITLAB_TOKEN\n  temp_dir: tmp/sbomer\n\ndatabase:\n  host: localhost\n  port: 5432\n  user: postgres\n  password: postgres\n  dbname: sbomer\n  sslmode: disable\n\nfetcher:\n  schedule: \"once\"     # once or cron format \"seconds minutes hours days months days_of_the_week\"\n  batch_size: 10\n  cool_off_secs: 5\n  group_ids:\n    - \"your-group-id\"  # Optional: Specify GitLab group IDs to fetch from\n  include_topics:      # Optional: Include only projects with these topics\n    - \"sbomer\"\n  exclude_topics:      # Optional: Skip projects with these topics\n    - \"skip-sbom\"\n    - \"no-sbom\"\n\nsyft:\n  syft_bin_path: bin/syft.exe\n```\n\n### Topic-Based Filtering\n\nYou can exclude projects from SBOM generation by adding specific topics to them in GitLab and listing those topics in the `exclude_topics` configuration. This is useful for:\n- Skipping projects that don't need SBOMs\n- Excluding test or template repositories\n- Managing large groups of repositories efficiently\n\nFor example, if you add the topic \"skip-sbom\" to a GitLab project and include it in the `exclude_topics` list, that project will be automatically skipped during fetching.\n\n## Environment Variables\n\n- `SBOMER_GITLAB_TOKEN`: GitLab API token\n- `SBOMER_DB_URL`: Database connection string\n- `SBOMER_GITLAB_HOST`: GitLab host (default: gitlab.com)\n- `SBOMER_GITLAB_SCHEME`: GitLab scheme (default: https)\n- `SBOMER_FETCHER_EXCLUDE_TOPICS`: Comma-separated list of topics to exclude\n\n## Getting Started\n\n1. Set up PostgreSQL database\n2. Configure RabbitMQ\n3. Set environment variables\n4. Run the fetcher service:\n   ```bash\n   go run cmd/fetcher/main.go\n   ```\n5. Run the processor service:\n   ```bash\n   go run cmd/processor/main.go\n   ```\n\n## License\n\nThis project is licensed under the MIT License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzcubbs%2Fsbomer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzcubbs%2Fsbomer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzcubbs%2Fsbomer/lists"}