Nixius
/
hastebin
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
hastebin/scripts/scan-sbom.sh

49 lines
1.3 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Generate SBOM (Software Bill of Materials) for source code
# Uses Syft to generate SBOM in multiple formats
set -e
echo "🔍 Generating SBOM for source code..."
# Check if syft is installed
if ! command -v syft &> /dev/null; then
echo "Syft not found. Attempting to install to ./bin..."
mkdir -p ./bin
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b ./bin
export PATH="./bin:$PATH"
# Verify installation
if ! command -v syft &> /dev/null; then
echo "❌ Failed to install syft automatically."
echo "Please install manually:"
echo " brew install syft"
echo " or visit: https://github.com/anchore/syft#installation"
exit 1
fi
fi
# Show version
syft version
# Generate SBOM in table format
echo ""
echo "📋 Generating SBOM table..."
syft dir:. -o table | tee sbom.txt
# Generate SBOM in SPDX JSON format
echo ""
echo "📦 Generating SBOM in SPDX JSON format..."
syft dir:. -o spdx-json > sbom.spdx.json
# Generate SBOM in CycloneDX JSON format
echo ""
echo "🌀 Generating SBOM in CycloneDX JSON format..."
syft dir:. -o cyclonedx-json > sbom.cyclonedx.json
echo ""
echo "✅ SBOM generated successfully!"
echo ""
echo "Generated files:"
ls -lh sbom.* | cat
Reference in New Issue View Git Blame Copy Permalink