https://github.com/chains-project/sbom-orchestra
playing sboms on stage
https://github.com/chains-project/sbom-orchestra
Last synced: 5 months ago
JSON representation
playing sboms on stage
- Host: GitHub
- URL: https://github.com/chains-project/sbom-orchestra
- Owner: chains-project
- Created: 2023-11-14T18:47:19.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-03-27T12:44:47.000Z (about 2 years ago)
- Last Synced: 2025-09-10T00:39:21.546Z (9 months ago)
- Homepage:
- Size: 245 KB
- Stars: 1
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# The Chains SBOM Orchestra
The Chains SBOM Orchestra is a chamber ensemble playing different SBOM tools.
It first performed at SCORED 2023 in Copenhagen on Nov 26 2023.
## SCORED 2023 Performance
* Prelude: presentation of the orchestra / team and the project (@Benoit)
* Git clone of https://github.com/xwiki/xwiki-rendering (@Benoit)
* Demo of GitHub SBOM (@MartinWitt)
* Demo of cdxgen 1.5 on project X (@Frank)
* Demo of syft (@Eric)
* Demo of tool CycloneDX-maven-plugin on project X (@Aman)
* Demo of tool build-info-go on project X (@Yogya)
* Conclusion: credits (@Martin M.)
- Audio mixing (@Musard)
## Data
You only need to care about two files in each folder:
1. `sbom.json`: actual SBOM generated for the project and commit hash.
2. `result.json`: comparison result between the SBOM and maven dependency tree.
- true positive: the dependency is in the SBOM and the dependency tree.
- false positive: the dependency is in the SBOM but not in the dependency tree.
- false negative: the dependency is not in the SBOM but in the dependency tree.