https://github.com/project-stacker/stacker-bom

A stacker companion SBOM generator library and tool
https://github.com/project-stacker/stacker-bom

Last synced: 5 months ago
JSON representation

A stacker companion SBOM generator library and tool

• Host: GitHub
• URL: https://github.com/project-stacker/stacker-bom
• Owner: project-stacker
• License: apache-2.0
• Created: 2023-02-09T19:02:46.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2024-05-09T20:35:13.000Z (about 2 years ago)
• Last Synced: 2024-06-21T15:37:16.083Z (almost 2 years ago)
• Language: Go
• Homepage: https://github.com/project-stacker/sbom
• Size: 227 KB
• Stars: 0
• Watchers: 2
• Forks: 1
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# stacker-bom: a SBOM workflow tool/library for container image builds

[![build-test](https://github.com/project-stacker/stacker-bom/actions/workflows/ci.yaml/badge.svg?branch=main)](https://github.com/project-stacker/stacker-bom/actions/workflows/ci.yaml) [![CodeQL](https://github.com/project-zot/zot/workflows/CodeQL/badge.svg)](https://github.com/project-zot/zot/actions?query=workflow%3ACodeQL)

Originally intended as a [stacker](https://stackerbuild.io) companion tool to

help with container image builds but anyone should be able to use it.

It uses

[https://github.com/kubernetes-sigs/bom](https://github.com/kubernetes-sigs/bom)

and [https://github.com/anchore/syft](https://github.com/anchore/syft) as its core BOM

libraries.

## Rationale

* Every component of a container image must be accounted for

* Source/build time tooling since most context is available at this time

* Easily integrate with [`stacker`](https://github.com/project-stacker/stacker)