README
¶
SBOM Collection Package
This package provides a unified interface for collecting Software Bill of Materials (SBOM) documents from various sources including files, folders, GitHub repositories, AWS S3 buckets, and the Interlynk platform.
Features
-
Multiple source adapters:
- File/Directory: Read SBOMs from local files or scan directories
- GitHub: Retrieve SBOMs from releases, API, or generate them
- AWS S3: Scan S3 buckets for SBOM files
- Interlynk: Integration with the Interlynk platform
-
Supported SBOM formats:
- CycloneDX
- SPDX
- Auto-format detection
Installation
go get github.com/yourusername/sbom-collector
Usage Examples
Reading from Files
// Read a single SBOM file
adapter, err := pkg.NewFileAdapter("path/to/sbom.json", pkg.InputOptions{})
if err != nil {
log.Fatal(err)
}
sboms, err := adapter.GetSBOMs(context.Background())
if err != nil {
log.Fatal(err)
}
// Read all SBOMs from a directory
adapter, err = pkg.NewFileAdapter("path/to/sboms/", pkg.InputOptions{
IncludeFormats: []pkg.SBOMFormat{pkg.FormatCycloneDX},
})
Using GitHub
adapter := pkg.NewGitHubAdapter(
"owner",
"repo",
"github-token",
pkg.MethodReleases,
pkg.InputOptions{},
)
sboms, err := adapter.GetSBOMs(context.Background())
Using AWS S3
adapter, err := pkg.NewS3Adapter(
"my-bucket",
"sboms/",
pkg.InputOptions{
MaxConcurrent: 5,
},
)
if err != nil {
log.Fatal(err)
}
sboms, err := adapter.GetSBOMs(context.Background())
Using Interlynk
adapter := pkg.NewInterlynkAdapter(
"project-id",
"https://api.interlynk.io",
"api-key",
pkg.InputOptions{},
)
sboms, err := adapter.GetSBOMs(context.Background())
Input Options
The InputOptions struct allows you to configure how adapters operate:
opts := pkg.InputOptions{
// Maximum number of concurrent operations
MaxConcurrent: 5,
// Only include specific formats
IncludeFormats: []pkg.SBOMFormat{
pkg.FormatCycloneDX,
pkg.FormatSPDX,
},
// Exclude specific formats
ExcludeFormats: []pkg.SBOMFormat{
pkg.FormatUnknown,
},
}
Error Handling
All adapters implement robust error handling and will return detailed error messages when operations fail:
sboms, err := adapter.GetSBOMs(context.Background())
if err != nil {
switch {
case errors.Is(err, os.ErrNotExist):
// Handle file not found
case errors.Is(err, context.DeadlineExceeded):
// Handle timeout
default:
// Handle other errors
}
}
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAdapter ¶
func NewAdapter(ctx tcontext.TransferMetadata, config types.Config) (map[types.AdapterRole]Adapter, string, string, error)
NewAdapter initializes and returns the correct adapters (both input & output)
Types ¶
type Adapter ¶
type Adapter interface {
// Adds CLI flags to the commands
AddCommandParams(cmd *cobra.Command)
// Parses & validates input params
ParseAndValidateParams(cmd *cobra.Command) error
// Fetch SBOMs lazily using iterator
FetchSBOMs(ctx tcontext.TransferMetadata) (iterator.SBOMIterator, error)
// Outputs SBOMs (uploading)
UploadSBOMs(ctx tcontext.TransferMetadata, iterator iterator.SBOMIterator) error
// Dry-Run: to be used to display fetched and uploaded SBOMs by input and output adapter respectively.
DryRun(ctx tcontext.TransferMetadata, iterator iterator.SBOMIterator) error
}
Adapter defines the interface for all adapters
Source Files
Click to show internal directories.
Click to hide internal directories.