Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sangam14/containerbom

Container Supply Chain Security with ContainerBOM written in Rust
https://github.com/sangam14/containerbom

Last synced: 9 days ago
JSON representation

Container Supply Chain Security with ContainerBOM written in Rust

Host: GitHub
URL: https://github.com/sangam14/containerbom
Owner: sangam14
Created: 2024-07-02T16:46:26.000Z (4 months ago)
Default Branch: main
Last Pushed: 2024-07-10T13:03:16.000Z (4 months ago)
Last Synced: 2024-10-12T06:14:25.371Z (26 days ago)
Language: Rust
Size: 262 MB
Stars: 3
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# ContainerBOM

Container Supply Chain Security with ContainerBOM written in Rust

> this tool is under developement don't use in production

```
Container Software Bill of Materials (SBOM) generator

Usage: cbom [COMMAND]

Commands:
generate-key Generate a new Ed25519 keypair
analyze Analyze a Docker image and generate SBOM
help Print this message or the help of the given subcommand(s)

Options:
-h, --help Print help
-V, --version Print version
```

#### Analyze a Docker image and generate SBOM
```
Usage: cbom analyze [OPTIONS]

Arguments:
Docker image to analyze

Options:
-o, --output Output file for the SBOM
-d, --dockerfile Dockerfile to analyze and build
-b, --build Build Docker image from Dockerfile
-t, --tag Tag for the Docker image
-s, --sign Sign the SBOM with the given key
-v, --verify Verify the SBOM with the given key
-h, --help Print help
```

#### Generate a new Ed25519 keypair

```
cargo run -- generate-key -o sangam.pem
```

#### Dockefile to SBOM with Customtag

```
cargo run -- analyze -d ./Dockerfile -b -t customtag -o sbom_with_customtag.json mydockerimagename
```
#### Docker image to SBOM
```
cargo run -- analyze busybox:latest
```
#### Signing an SBOM
```
cargo run -- generate-key -o mykeypair.pem
Generate and Sign the SBOM:

cargo run -- analyze -d ./example/Dockerfile -b -t customtag -o sbom_with_customtag.json -s mykeypair.pem mydockerimagename

cargo run -- verify -i sbom_with_customtag.json -k mykeypair.pem
```